Daily Prune
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
717e9216ea
commit
c0797f1e67
|
@ -1,99 +0,0 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.44"></a>
|
||||
### [k8s-gateway-4.0.44](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.43...k8s-gateway-4.0.44) (2022-03-02)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1999](https://github.com/truecharts/apps/issues/1999))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.43"></a>
|
||||
### [k8s-gateway-4.0.43](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.42...k8s-gateway-4.0.43) (2022-02-21)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1927](https://github.com/truecharts/apps/issues/1927))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.42"></a>
|
||||
### [k8s-gateway-4.0.42](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.41...k8s-gateway-4.0.42) (2022-02-15)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1901](https://github.com/truecharts/apps/issues/1901))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.41"></a>
|
||||
### [k8s-gateway-4.0.41](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.40...k8s-gateway-4.0.41) (2022-02-08)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1871](https://github.com/truecharts/apps/issues/1871))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.40"></a>
|
||||
### [k8s-gateway-4.0.40](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.39...k8s-gateway-4.0.40) (2022-02-06)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm chart common to v8.15.0 ([#1859](https://github.com/truecharts/apps/issues/1859))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.39"></a>
|
||||
### [k8s-gateway-4.0.39](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.38...k8s-gateway-4.0.39) (2022-02-05)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1852](https://github.com/truecharts/apps/issues/1852))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.38"></a>
|
||||
### [k8s-gateway-4.0.38](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.37...k8s-gateway-4.0.38) (2022-02-02)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1828](https://github.com/truecharts/apps/issues/1828))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.37"></a>
|
||||
### [k8s-gateway-4.0.37](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.36...k8s-gateway-4.0.37) (2022-01-25)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1791](https://github.com/truecharts/apps/issues/1791))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.36"></a>
|
||||
### [k8s-gateway-4.0.36](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.35...k8s-gateway-4.0.36) (2022-01-24)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#1786](https://github.com/truecharts/apps/issues/1786))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.35"></a>
|
||||
### [k8s-gateway-4.0.35](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.34...k8s-gateway-4.0.35) (2022-01-22)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1766](https://github.com/truecharts/apps/issues/1766))
|
||||
|
||||
|
||||
|
||||
<a name="k8s-gateway-4.0.34"></a>
|
||||
### [k8s-gateway-4.0.34](https://github.com/truecharts/apps/compare/k8s-gateway-4.0.33...k8s-gateway-4.0.34) (2022-01-21)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1759](https://github.com/truecharts/apps/issues/1759))
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.17.2
|
||||
digest: sha256:ec244e1ae6bbf6b235c250bfb74967efb1622373c757cabdcc844d3b21590316
|
||||
generated: "2022-03-02T11:42:27.946049315Z"
|
|
@ -1,28 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: "0.2.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.17.2
|
||||
deprecated: false
|
||||
description: A Helm chart for the k8s_gateway CoreDNS plugin
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/k8s-gateway
|
||||
icon: https://truecharts.org/_static/img/appicons/k8s-gateway-icon.png
|
||||
keywords:
|
||||
- DNS
|
||||
- networking
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: k8s-gateway
|
||||
sources:
|
||||
- https://github.com/ori-edge/k8s_gateway
|
||||
type: application
|
||||
version: 4.0.44
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- networking
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -1,37 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
A Helm chart for the k8s_gateway CoreDNS plugin
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/ori-edge/k8s_gateway>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org | common | 8.17.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,3 +0,0 @@
|
|||
A Helm chart for the k8s_gateway CoreDNS plugin
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
Binary file not shown.
|
@ -1,66 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| apex | string | `""` | Override the default `serviceName.namespace` domain apex |
|
||||
| args[0] | string | `"-conf"` | |
|
||||
| args[1] | string | `"/etc/coredns/Corefile"` | |
|
||||
| domains | list | `[{"dnsChallenge":{"domain":"dns01.clouddns.com","enabled":false},"domain":"example.com"}]` | list of processed domains |
|
||||
| domains[0] | object | `{"dnsChallenge":{"domain":"dns01.clouddns.com","enabled":false},"domain":"example.com"}` | Delegated domain |
|
||||
| domains[0].dnsChallenge | object | `{"domain":"dns01.clouddns.com","enabled":false}` | Optional configuration option for DNS01 challenge that will redirect all acme challenge requests to external cloud domain (e.g. managed by cert-manager) See: https://cert-manager.io/docs/configuration/acme/dns01/ |
|
||||
| forward.enabled | bool | `true` | |
|
||||
| forward.options[0].name | string | `"tls_servername"` | |
|
||||
| forward.options[0].value | string | `"cloudflare-dns.com"` | |
|
||||
| forward.primary | string | `"tls://1.1.1.1"` | |
|
||||
| forward.secondary | string | `"tls://1.0.0.1"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"tccr.io/truecharts/k8s_gateway"` | |
|
||||
| image.tag | string | `"v0.2.2@sha256:008cb572d83e84c74c554bf6e29614aee42d057f3e1fb09c37ec7ca1bc3ec7fd"` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| probes.liveness.custom | bool | `true` | |
|
||||
| probes.liveness.spec.failureThreshold | int | `5` | |
|
||||
| probes.liveness.spec.httpGet.path | string | `"/health"` | |
|
||||
| probes.liveness.spec.httpGet.port | int | `8080` | |
|
||||
| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.liveness.spec.initialDelaySeconds | int | `60` | |
|
||||
| probes.liveness.spec.successThreshold | int | `1` | |
|
||||
| probes.liveness.spec.timeoutSeconds | int | `5` | |
|
||||
| probes.readiness.custom | bool | `true` | |
|
||||
| probes.readiness.spec.failureThreshold | int | `5` | |
|
||||
| probes.readiness.spec.httpGet.path | string | `"/ready"` | |
|
||||
| probes.readiness.spec.httpGet.port | int | `8181` | |
|
||||
| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.readiness.spec.initialDelaySeconds | int | `10` | |
|
||||
| probes.readiness.spec.successThreshold | int | `1` | |
|
||||
| probes.readiness.spec.timeoutSeconds | int | `5` | |
|
||||
| probes.startup.custom | bool | `true` | |
|
||||
| probes.startup.spec.failureThreshold | int | `60` | |
|
||||
| probes.startup.spec.httpGet.path | string | `"/ready"` | |
|
||||
| probes.startup.spec.httpGet.port | int | `8181` | |
|
||||
| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.startup.spec.initialDelaySeconds | int | `3` | |
|
||||
| probes.startup.spec.periodSeconds | int | `5` | |
|
||||
| probes.startup.spec.timeoutSeconds | int | `2` | |
|
||||
| rbac | object | See below | Create a ClusterRole and ClusterRoleBinding |
|
||||
| rbac.enabled | bool | `true` | Enables or disables the ClusterRole and ClusterRoleBinding |
|
||||
| rbac.rules | list | `[{"apiGroups":[""],"resources":["services","namespaces"],"verbs":["list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses"],"verbs":["list","watch"]}]` | Set Rules on the ClusterRole |
|
||||
| secondary | string | `""` | Service name of a secondary DNS server (should be `serviceName.namespace`) |
|
||||
| securityContext.runAsNonRoot | bool | `false` | |
|
||||
| service.main.ports.main.port | int | `53` | |
|
||||
| service.main.ports.main.protocol | string | `"UDP"` | |
|
||||
| service.main.ports.main.targetPort | int | `53` | |
|
||||
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
|
||||
| ttl | int | `300` | TTL for non-apex responses (in seconds) |
|
||||
| watchedResources | list | `[]` | Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"] |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,118 +0,0 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/k8s_gateway
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.2.2@sha256:008cb572d83e84c74c554bf6e29614aee42d057f3e1fb09c37ec7ca1bc3ec7fd
|
||||
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
args: ["-conf", "/etc/coredns/Corefile"]
|
||||
|
||||
# -- TTL for non-apex responses (in seconds)
|
||||
ttl: 300
|
||||
|
||||
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
|
||||
watchedResources: []
|
||||
|
||||
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
|
||||
secondary: ""
|
||||
|
||||
# -- Override the default `serviceName.namespace` domain apex
|
||||
apex: ""
|
||||
|
||||
# -- list of processed domains
|
||||
domains:
|
||||
# -- Delegated domain
|
||||
- domain: "example.com"
|
||||
# -- Optional configuration option for DNS01 challenge that will redirect all acme
|
||||
# challenge requests to external cloud domain (e.g. managed by cert-manager)
|
||||
# See: https://cert-manager.io/docs/configuration/acme/dns01/
|
||||
dnsChallenge:
|
||||
enabled: false
|
||||
domain: dns01.clouddns.com
|
||||
|
||||
forward:
|
||||
enabled: true
|
||||
primary: tls://1.1.1.1
|
||||
secondary: tls://1.0.0.1
|
||||
options:
|
||||
- name: tls_servername
|
||||
value: cloudflare-dns.com
|
||||
|
||||
serviceAccount:
|
||||
# -- Specifies whether a service account should be created
|
||||
create: true
|
||||
|
||||
# -- Create a ClusterRole and ClusterRoleBinding
|
||||
# @default -- See below
|
||||
rbac:
|
||||
# -- Enables or disables the ClusterRole and ClusterRoleBinding
|
||||
enabled: true
|
||||
|
||||
# -- Set Rules on the ClusterRole
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- namespaces
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: UDP
|
||||
port: 53
|
||||
targetPort: 53
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 60
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 5
|
||||
|
||||
readiness:
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: 8181
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 5
|
||||
|
||||
startup:
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: 8181
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 3
|
||||
timeoutSeconds: 2
|
||||
periodSeconds: 5
|
||||
failureThreshold: 60
|
File diff suppressed because it is too large
Load Diff
|
@ -1,126 +0,0 @@
|
|||
---
|
||||
hide:
|
||||
- toc
|
||||
---
|
||||
|
||||
# Security Overview
|
||||
|
||||
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
|
||||
|
||||
## Helm-Chart
|
||||
|
||||
##### Scan Results
|
||||
|
||||
#### Chart Object: k8s-gateway/templates/common.yaml
|
||||
|
||||
|
||||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-k8s-gateway' of Deployment 'RELEASE-NAME-k8s-gateway' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-k8s-gateway' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'resources.requests.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
|
||||
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'resources.requests.memory' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
|
||||
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.privileged' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
|
||||
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'resources.limits.memory' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
|
||||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'RELEASE-NAME-k8s-gateway' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'RELEASE-NAME-k8s-gateway' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-k8s-gateway' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||||
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | <details><summary>Expand...</summary> HostPath volumes must be forbidden. <br> <hr> <br> Deployment 'RELEASE-NAME-k8s-gateway' should not set 'spec.template.volumes.hostPath' </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv023">https://avd.aquasec.com/appshield/ksv023</a><br></details> |
|
||||
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment 'RELEASE-NAME-k8s-gateway' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
|
||||
|
||||
## Containers
|
||||
|
||||
##### Detected Containers
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/k8s_gateway:v0.2.2@sha256:008cb572d83e84c74c554bf6e29614aee42d057f3e1fb09c37ec7ca1bc3ec7fd
|
||||
|
||||
##### Scan Results
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
|
||||
|
||||
#### Container: coredns
|
||||
|
||||
|
||||
**gobinary**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.6 | 0.3.7 | <details><summary>Expand...</summary></details> |
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
{{/*
|
||||
Create the matchable regex from domain
|
||||
*/}}
|
||||
{{- define "k8s-gateway.configmap.regex" -}}
|
||||
{{- if .Values.domain }}
|
||||
{{- .Values.domain | replace "." "[.]" -}}
|
||||
{{- else -}}
|
||||
{{ "unset" }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Define the configmap */}}
|
||||
{{- define "k8s-gateway.configmap" -}}
|
||||
{{- $values := .Values }}
|
||||
{{- $fqdn := ( include "common.names.fqdn" . ) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}-corefile
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
data:
|
||||
Corefile: |-
|
||||
.:53 {
|
||||
errors
|
||||
log
|
||||
health {
|
||||
lameduck 5s
|
||||
}
|
||||
ready
|
||||
{{- range .Values.domains }}
|
||||
{{- if .dnsChallenge.enabled }}
|
||||
template IN ANY {{ required "Delegated domain ('domain') is mandatory " .domain }} {
|
||||
match "_acme-challenge[.](.*)[.]{{ include "k8s-gateway.configmap.regex" . }}"
|
||||
answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }} index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory " $values.dnsChallenge.domain }}"
|
||||
fallthrough
|
||||
}
|
||||
{{- end }}
|
||||
k8s_gateway "{{ required "Delegated domain ('domain') is mandatory " .domain }}" {
|
||||
apex {{ $values.apex | default $fqdn }}
|
||||
ttl {{ $values.ttl }}
|
||||
{{- if $values.secondary }}
|
||||
secondary {{ $values.secondary }}
|
||||
{{- end }}
|
||||
{{- if $values.watchedResources }}
|
||||
resources {{ join " " $values.watchedResources }}
|
||||
{{- end }}
|
||||
fallthrough
|
||||
}
|
||||
{{- end }}
|
||||
prometheus 0.0.0.0:9153
|
||||
{{- if .Values.forward.enabled }}
|
||||
forward . {{ .Values.forward.primary }} {{ .Values.forward.secondary }} {
|
||||
{{- range .Values.forward.options }}
|
||||
{{ .name }} {{ .value }}
|
||||
{{- end }}
|
||||
}
|
||||
{{- end }}
|
||||
loop
|
||||
reload
|
||||
loadbalance
|
||||
}
|
||||
{{- end -}}
|
|
@ -1,24 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.setup" . }}
|
||||
|
||||
|
||||
{{/* Render configmap for nextcloud */}}
|
||||
{{- include "k8s-gateway.configmap" . }}
|
||||
|
||||
{{/* Append the general configMap volume to the volumes */}}
|
||||
{{- define "k8s-gateway.configvolume" -}}
|
||||
enabled: "true"
|
||||
mountPath: "/etc/coredns"
|
||||
readOnly: true
|
||||
type: "custom"
|
||||
volumeSpec:
|
||||
configMap:
|
||||
name: {{ include "common.names.fullname" . }}-corefile
|
||||
items:
|
||||
- key: Corefile
|
||||
path: Corefile
|
||||
{{- end -}}
|
||||
|
||||
{{- $_ := set .Values.persistence "config-volume" (include "k8s-gateway.configvolume" . | fromYaml) -}}
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
|
@ -1,99 +0,0 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="prometheus-1.1.73"></a>
|
||||
### [prometheus-1.1.73](https://github.com/truecharts/apps/compare/uptimerobot-prometheus-2.0.23...prometheus-1.1.73) (2022-03-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#2006](https://github.com/truecharts/apps/issues/2006))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.72"></a>
|
||||
### [prometheus-1.1.72](https://github.com/truecharts/apps/compare/prometheus-1.1.71...prometheus-1.1.72) (2022-03-02)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1999](https://github.com/truecharts/apps/issues/1999))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.71"></a>
|
||||
### [prometheus-1.1.71](https://github.com/truecharts/apps/compare/prometheus-1.1.70...prometheus-1.1.71) (2022-02-28)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#1983](https://github.com/truecharts/apps/issues/1983))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.70"></a>
|
||||
### [prometheus-1.1.70](https://github.com/truecharts/apps/compare/prometheus-1.1.69...prometheus-1.1.70) (2022-02-28)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#1980](https://github.com/truecharts/apps/issues/1980))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.69"></a>
|
||||
### [prometheus-1.1.69](https://github.com/truecharts/apps/compare/prometheus-1.1.68...prometheus-1.1.69) (2022-02-26)
|
||||
|
||||
#### Fix
|
||||
|
||||
* enable hostNetworking and change port ([#1969](https://github.com/truecharts/apps/issues/1969))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.68"></a>
|
||||
### [prometheus-1.1.68](https://github.com/truecharts/apps/compare/prometheus-1.1.67...prometheus-1.1.68) (2022-02-26)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
|
||||
#### Fix
|
||||
|
||||
* don't export node-exporter on host
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.67"></a>
|
||||
### [prometheus-1.1.67](https://github.com/truecharts/apps/compare/prometheus-1.1.66...prometheus-1.1.67) (2022-02-22)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1932](https://github.com/truecharts/apps/issues/1932))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.66"></a>
|
||||
### [prometheus-1.1.66](https://github.com/truecharts/apps/compare/prometheus-1.1.65...prometheus-1.1.66) (2022-02-21)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1927](https://github.com/truecharts/apps/issues/1927))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.65"></a>
|
||||
### [prometheus-1.1.65](https://github.com/truecharts/apps/compare/prometheus-1.1.64...prometheus-1.1.65) (2022-02-21)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#1924](https://github.com/truecharts/apps/issues/1924))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.64"></a>
|
||||
### [prometheus-1.1.64](https://github.com/truecharts/apps/compare/prometheus-1.1.63...prometheus-1.1.64) (2022-02-15)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1901](https://github.com/truecharts/apps/issues/1901))
|
||||
|
||||
|
||||
|
||||
<a name="prometheus-1.1.63"></a>
|
||||
### [prometheus-1.1.63](https://github.com/truecharts/apps/compare/prometheus-1.1.62...prometheus-1.1.63) (2022-02-14)
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,12 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.17.2
|
||||
- name: node-exporter
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.4.4
|
||||
- name: kube-state-metrics
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.2.11
|
||||
digest: sha256:29d62ab2566111ea70030a95b4b20585f9b86fc062aaf073b320ff442ade87c8
|
||||
generated: "2022-03-03T11:45:35.882042522Z"
|
|
@ -1,36 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: "0.54.1"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.17.2
|
||||
- condition: exporters.enabled,exporters.node-exporter.enabled
|
||||
name: node-exporter
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.4.4
|
||||
- condition: exporters.enabled,exporters.kube-state-metrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.2.11
|
||||
deprecated: false
|
||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
|
||||
icon: https://truecharts.org/_static/img/appicons/prometheus-icon.png
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/prometheus
|
||||
keywords:
|
||||
- metrics
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: prometheus
|
||||
sources:
|
||||
- https://github.com/prometheus-community/helm-charts
|
||||
- https://github.com/prometheus-operator/kube-prometheus
|
||||
type: application
|
||||
version: 1.1.73
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- metrics
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -1,40 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/prometheus-community/helm-charts>
|
||||
* <https://github.com/prometheus-operator/kube-prometheus>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://charts.bitnami.com/bitnami | kube-state-metrics | 2.2.11 |
|
||||
| https://charts.bitnami.com/bitnami | node-exporter | 2.4.4 |
|
||||
| https://truecharts.org | common | 8.17.2 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,3 +0,0 @@
|
|||
kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,583 +0,0 @@
|
|||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: podmonitors.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
categories:
|
||||
- prometheus-operator
|
||||
kind: PodMonitor
|
||||
listKind: PodMonitorList
|
||||
plural: podmonitors
|
||||
singular: podmonitor
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: PodMonitor defines monitoring for a set of pods.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired Pod selection for target discovery
|
||||
by Prometheus.
|
||||
properties:
|
||||
jobLabel:
|
||||
description: The label to use to retrieve the job name from.
|
||||
type: string
|
||||
labelLimit:
|
||||
description: Per-scrape limit on number of labels that will be accepted
|
||||
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
labelNameLengthLimit:
|
||||
description: Per-scrape limit on length of labels name that will be
|
||||
accepted for a sample. Only valid in Prometheus versions 2.27.0
|
||||
and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
labelValueLengthLimit:
|
||||
description: Per-scrape limit on length of labels value that will
|
||||
be accepted for a sample. Only valid in Prometheus versions 2.27.0
|
||||
and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
namespaceSelector:
|
||||
description: Selector to select which namespaces the Endpoints objects
|
||||
are discovered from.
|
||||
properties:
|
||||
any:
|
||||
description: Boolean describing whether all namespaces are selected
|
||||
in contrast to a list restricting them.
|
||||
type: boolean
|
||||
matchNames:
|
||||
description: List of namespace names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podMetricsEndpoints:
|
||||
description: A list of endpoints allowed as part of this PodMonitor.
|
||||
items:
|
||||
description: PodMetricsEndpoint defines a scrapeable endpoint of
|
||||
a Kubernetes Pod serving Prometheus metrics.
|
||||
properties:
|
||||
authorization:
|
||||
description: Authorization section for this endpoint
|
||||
properties:
|
||||
credentials:
|
||||
description: The secret's key that contains the credentials
|
||||
of the request
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type:
|
||||
description: Set the authentication type. Defaults to Bearer,
|
||||
Basic will cause an error
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: 'BasicAuth allow an endpoint to authenticate over
|
||||
basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
|
||||
properties:
|
||||
password:
|
||||
description: The secret in the service monitor namespace
|
||||
that contains the password for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
username:
|
||||
description: The secret in the service monitor namespace
|
||||
that contains the username for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
bearerTokenSecret:
|
||||
description: Secret to mount to read bearer token for scraping
|
||||
targets. The secret needs to be in the same namespace as the
|
||||
pod monitor and accessible by the Prometheus Operator.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
honorLabels:
|
||||
description: HonorLabels chooses the metric's labels on collisions
|
||||
with target labels.
|
||||
type: boolean
|
||||
honorTimestamps:
|
||||
description: HonorTimestamps controls whether Prometheus respects
|
||||
the timestamps present in scraped data.
|
||||
type: boolean
|
||||
interval:
|
||||
description: Interval at which metrics should be scraped
|
||||
type: string
|
||||
metricRelabelings:
|
||||
description: MetricRelabelConfigs to apply to samples before
|
||||
ingestion.
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the
|
||||
label set, being applied to samples before ingestion. It
|
||||
defines `<metric_relabel_configs>`-section of Prometheus
|
||||
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching.
|
||||
Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source
|
||||
label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted
|
||||
value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace
|
||||
is performed if the regular expression matches. Regex
|
||||
capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source
|
||||
label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing
|
||||
labels. Their content is concatenated using the configured
|
||||
separator and matched against the configured regular
|
||||
expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written
|
||||
in a replace action. It is mandatory for replace actions.
|
||||
Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
oauth2:
|
||||
description: OAuth2 for the URL. Only valid in Prometheus versions
|
||||
2.27.0 and newer.
|
||||
properties:
|
||||
clientId:
|
||||
description: The secret or configmap containing the OAuth2
|
||||
client id
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its
|
||||
key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
clientSecret:
|
||||
description: The secret containing the OAuth2 client secret
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
endpointParams:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Parameters to append to the token URL
|
||||
type: object
|
||||
scopes:
|
||||
description: OAuth2 scopes used for the token request
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
tokenUrl:
|
||||
description: The URL to fetch the token from
|
||||
minLength: 1
|
||||
type: string
|
||||
required:
|
||||
- clientId
|
||||
- clientSecret
|
||||
- tokenUrl
|
||||
type: object
|
||||
params:
|
||||
additionalProperties:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: Optional HTTP URL parameters
|
||||
type: object
|
||||
path:
|
||||
description: HTTP path to scrape for metrics.
|
||||
type: string
|
||||
port:
|
||||
description: Name of the pod port this endpoint refers to. Mutually
|
||||
exclusive with targetPort.
|
||||
type: string
|
||||
proxyUrl:
|
||||
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
|
||||
to proxy through this endpoint.
|
||||
type: string
|
||||
relabelings:
|
||||
description: 'RelabelConfigs to apply to samples before scraping.
|
||||
Prometheus Operator automatically adds relabelings for a few
|
||||
standard Kubernetes fields and replaces original scrape job
|
||||
name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the
|
||||
label set, being applied to samples before ingestion. It
|
||||
defines `<metric_relabel_configs>`-section of Prometheus
|
||||
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching.
|
||||
Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source
|
||||
label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted
|
||||
value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace
|
||||
is performed if the regular expression matches. Regex
|
||||
capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source
|
||||
label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing
|
||||
labels. Their content is concatenated using the configured
|
||||
separator and matched against the configured regular
|
||||
expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written
|
||||
in a replace action. It is mandatory for replace actions.
|
||||
Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
scheme:
|
||||
description: HTTP scheme to use for scraping.
|
||||
type: string
|
||||
scrapeTimeout:
|
||||
description: Timeout after which the scrape is ended
|
||||
type: string
|
||||
targetPort:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: 'Deprecated: Use ''port'' instead.'
|
||||
x-kubernetes-int-or-string: true
|
||||
tlsConfig:
|
||||
description: TLS configuration to use when scraping the endpoint.
|
||||
properties:
|
||||
ca:
|
||||
description: Struct containing the CA cert to use for the
|
||||
targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its
|
||||
key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
cert:
|
||||
description: Struct containing the client cert file for
|
||||
the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its
|
||||
key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
insecureSkipVerify:
|
||||
description: Disable target certificate validation.
|
||||
type: boolean
|
||||
keySecret:
|
||||
description: Secret containing the client key file for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
serverName:
|
||||
description: Used to verify the hostname for the targets.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
podTargetLabels:
|
||||
description: PodTargetLabels transfers labels on the Kubernetes Pod
|
||||
onto the target.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
sampleLimit:
|
||||
description: SampleLimit defines per-scrape limit on number of scraped
|
||||
samples that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
selector:
|
||||
description: Selector to select Pod objects.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements.
|
||||
The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that
|
||||
contains values, a key, and an operator that relates the key
|
||||
and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to
|
||||
a set of values. Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the
|
||||
operator is In or NotIn, the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist, the values
|
||||
array must be empty. This array is replaced during a strategic
|
||||
merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single
|
||||
{key,value} in the matchLabels map is equivalent to an element
|
||||
of matchExpressions, whose key field is "key", the operator
|
||||
is "In", and the values array contains only "value". The requirements
|
||||
are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
targetLimit:
|
||||
description: TargetLimit defines a limit on the number of scraped
|
||||
targets that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
required:
|
||||
- podMetricsEndpoints
|
||||
- selector
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,613 +0,0 @@
|
|||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: probes.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
categories:
|
||||
- prometheus-operator
|
||||
kind: Probe
|
||||
listKind: ProbeList
|
||||
plural: probes
|
||||
singular: probe
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Probe defines monitoring for a set of static targets or ingresses.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired Ingress selection for target discovery
|
||||
by Prometheus.
|
||||
properties:
|
||||
authorization:
|
||||
description: Authorization section for this endpoint
|
||||
properties:
|
||||
credentials:
|
||||
description: The secret's key that contains the credentials of
|
||||
the request
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be
|
||||
a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be
|
||||
defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type:
|
||||
description: Set the authentication type. Defaults to Bearer,
|
||||
Basic will cause an error
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: 'BasicAuth allow an endpoint to authenticate over basic
|
||||
authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
|
||||
properties:
|
||||
password:
|
||||
description: The secret in the service monitor namespace that
|
||||
contains the password for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be
|
||||
a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be
|
||||
defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
username:
|
||||
description: The secret in the service monitor namespace that
|
||||
contains the username for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be
|
||||
a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be
|
||||
defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
bearerTokenSecret:
|
||||
description: Secret to mount to read bearer token for scraping targets.
|
||||
The secret needs to be in the same namespace as the probe and accessible
|
||||
by the Prometheus Operator.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be a
|
||||
valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
interval:
|
||||
description: Interval at which targets are probed using the configured
|
||||
prober. If not specified Prometheus' global scrape interval is used.
|
||||
type: string
|
||||
jobName:
|
||||
description: The job name assigned to scraped metrics by default.
|
||||
type: string
|
||||
labelLimit:
|
||||
description: Per-scrape limit on number of labels that will be accepted
|
||||
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
labelNameLengthLimit:
|
||||
description: Per-scrape limit on length of labels name that will be
|
||||
accepted for a sample. Only valid in Prometheus versions 2.27.0
|
||||
and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
labelValueLengthLimit:
|
||||
description: Per-scrape limit on length of labels value that will
|
||||
be accepted for a sample. Only valid in Prometheus versions 2.27.0
|
||||
and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
metricRelabelings:
|
||||
description: MetricRelabelConfigs to apply to samples before ingestion.
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the label
|
||||
set, being applied to samples before ingestion. It defines `<metric_relabel_configs>`-section
|
||||
of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching. Default
|
||||
is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source label
|
||||
values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted
|
||||
value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace
|
||||
is performed if the regular expression matches. Regex capture
|
||||
groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source label
|
||||
values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing labels.
|
||||
Their content is concatenated using the configured separator
|
||||
and matched against the configured regular expression for
|
||||
the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written in
|
||||
a replace action. It is mandatory for replace actions. Regex
|
||||
capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
module:
|
||||
description: 'The module to use for probing specifying how to probe
|
||||
the target. Example module configuring in the blackbox exporter:
|
||||
https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
|
||||
type: string
|
||||
oauth2:
|
||||
description: OAuth2 for the URL. Only valid in Prometheus versions
|
||||
2.27.0 and newer.
|
||||
properties:
|
||||
clientId:
|
||||
description: The secret or configmap containing the OAuth2 client
|
||||
id
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
clientSecret:
|
||||
description: The secret containing the OAuth2 client secret
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be
|
||||
a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be
|
||||
defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
endpointParams:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Parameters to append to the token URL
|
||||
type: object
|
||||
scopes:
|
||||
description: OAuth2 scopes used for the token request
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
tokenUrl:
|
||||
description: The URL to fetch the token from
|
||||
minLength: 1
|
||||
type: string
|
||||
required:
|
||||
- clientId
|
||||
- clientSecret
|
||||
- tokenUrl
|
||||
type: object
|
||||
prober:
|
||||
description: Specification for the prober to use for probing targets.
|
||||
The prober.URL parameter is required. Targets cannot be probed if
|
||||
left empty.
|
||||
properties:
|
||||
path:
|
||||
description: Path to collect metrics from. Defaults to `/probe`.
|
||||
type: string
|
||||
proxyUrl:
|
||||
description: Optional ProxyURL.
|
||||
type: string
|
||||
scheme:
|
||||
description: HTTP scheme to use for scraping. Defaults to `http`.
|
||||
type: string
|
||||
url:
|
||||
description: Mandatory URL of the prober.
|
||||
type: string
|
||||
required:
|
||||
- url
|
||||
type: object
|
||||
sampleLimit:
|
||||
description: SampleLimit defines per-scrape limit on number of scraped
|
||||
samples that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
scrapeTimeout:
|
||||
description: Timeout for scraping metrics from the Prometheus exporter.
|
||||
type: string
|
||||
targetLimit:
|
||||
description: TargetLimit defines a limit on the number of scraped
|
||||
targets that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
targets:
|
||||
description: Targets defines a set of static and/or dynamically discovered
|
||||
targets to be probed using the prober.
|
||||
properties:
|
||||
ingress:
|
||||
description: Ingress defines the set of dynamically discovered
|
||||
ingress objects which hosts are considered for probing.
|
||||
properties:
|
||||
namespaceSelector:
|
||||
description: Select Ingress objects by namespace.
|
||||
properties:
|
||||
any:
|
||||
description: Boolean describing whether all namespaces
|
||||
are selected in contrast to a list restricting them.
|
||||
type: boolean
|
||||
matchNames:
|
||||
description: List of namespace names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
relabelingConfigs:
|
||||
description: 'RelabelConfigs to apply to samples before ingestion.
|
||||
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of
|
||||
the label set, being applied to samples before ingestion.
|
||||
It defines `<metric_relabel_configs>`-section of Prometheus
|
||||
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching.
|
||||
Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source
|
||||
label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted
|
||||
value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex
|
||||
replace is performed if the regular expression matches.
|
||||
Regex capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source
|
||||
label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing
|
||||
labels. Their content is concatenated using the configured
|
||||
separator and matched against the configured regular
|
||||
expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written
|
||||
in a replace action. It is mandatory for replace actions.
|
||||
Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
selector:
|
||||
description: Select Ingress objects by labels.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector
|
||||
requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector
|
||||
that contains values, a key, and an operator that
|
||||
relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector
|
||||
applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship
|
||||
to a set of values. Valid operators are In, NotIn,
|
||||
Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values.
|
||||
If the operator is In or NotIn, the values array
|
||||
must be non-empty. If the operator is Exists or
|
||||
DoesNotExist, the values array must be empty.
|
||||
This array is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs.
|
||||
A single {key,value} in the matchLabels map is equivalent
|
||||
to an element of matchExpressions, whose key field is
|
||||
"key", the operator is "In", and the values array contains
|
||||
only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
staticConfig:
|
||||
description: 'StaticConfig defines static targets which are considers
|
||||
for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
|
||||
properties:
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Labels assigned to all metrics scraped from the
|
||||
targets.
|
||||
type: object
|
||||
relabelingConfigs:
|
||||
description: 'RelabelConfigs to apply to samples before ingestion.
|
||||
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of
|
||||
the label set, being applied to samples before ingestion.
|
||||
It defines `<metric_relabel_configs>`-section of Prometheus
|
||||
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching.
|
||||
Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source
|
||||
label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted
|
||||
value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex
|
||||
replace is performed if the regular expression matches.
|
||||
Regex capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source
|
||||
label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing
|
||||
labels. Their content is concatenated using the configured
|
||||
separator and matched against the configured regular
|
||||
expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written
|
||||
in a replace action. It is mandatory for replace actions.
|
||||
Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
static:
|
||||
description: Targets is a list of URLs to probe using the
|
||||
configured prober.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
tlsConfig:
|
||||
description: TLS configuration to use when scraping the endpoint.
|
||||
properties:
|
||||
ca:
|
||||
description: Struct containing the CA cert to use for the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
cert:
|
||||
description: Struct containing the client cert file for the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
insecureSkipVerify:
|
||||
description: Disable target certificate validation.
|
||||
type: boolean
|
||||
keySecret:
|
||||
description: Secret containing the client key file for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must be
|
||||
a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must be
|
||||
defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
serverName:
|
||||
description: Used to verify the hostname for the targets.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
File diff suppressed because it is too large
Load Diff
|
@ -1,103 +0,0 @@
|
|||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: prometheusrules.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
categories:
|
||||
- prometheus-operator
|
||||
kind: PrometheusRule
|
||||
listKind: PrometheusRuleList
|
||||
plural: prometheusrules
|
||||
singular: prometheusrule
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: PrometheusRule defines recording and alerting rules for a Prometheus
|
||||
instance
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired alerting rule definitions for Prometheus.
|
||||
properties:
|
||||
groups:
|
||||
description: Content of Prometheus rule file
|
||||
items:
|
||||
description: 'RuleGroup is a list of sequentially evaluated recording
|
||||
and alerting rules. Note: PartialResponseStrategy is only used
|
||||
by ThanosRuler and will be ignored by Prometheus instances. Valid
|
||||
values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response'
|
||||
properties:
|
||||
interval:
|
||||
type: string
|
||||
name:
|
||||
type: string
|
||||
partial_response_strategy:
|
||||
type: string
|
||||
rules:
|
||||
items:
|
||||
description: 'Rule describes an alerting or recording rule
|
||||
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
|
||||
or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules)
|
||||
rule'
|
||||
properties:
|
||||
alert:
|
||||
type: string
|
||||
annotations:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
expr:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
for:
|
||||
type: string
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
record:
|
||||
type: string
|
||||
required:
|
||||
- expr
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- name
|
||||
- rules
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,610 +0,0 @@
|
|||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.6.2
|
||||
creationTimestamp: null
|
||||
name: servicemonitors.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
names:
|
||||
categories:
|
||||
- prometheus-operator
|
||||
kind: ServiceMonitor
|
||||
listKind: ServiceMonitorList
|
||||
plural: servicemonitors
|
||||
singular: servicemonitor
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: ServiceMonitor defines monitoring for a set of services.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: Specification of desired Service selection for target discovery
|
||||
by Prometheus.
|
||||
properties:
|
||||
endpoints:
|
||||
description: A list of endpoints allowed as part of this ServiceMonitor.
|
||||
items:
|
||||
description: Endpoint defines a scrapeable endpoint serving Prometheus
|
||||
metrics.
|
||||
properties:
|
||||
authorization:
|
||||
description: Authorization section for this endpoint
|
||||
properties:
|
||||
credentials:
|
||||
description: The secret's key that contains the credentials
|
||||
of the request
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type:
|
||||
description: Set the authentication type. Defaults to Bearer,
|
||||
Basic will cause an error
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: 'BasicAuth allow an endpoint to authenticate over
|
||||
basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
|
||||
properties:
|
||||
password:
|
||||
description: The secret in the service monitor namespace
|
||||
that contains the password for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
username:
|
||||
description: The secret in the service monitor namespace
|
||||
that contains the username for authentication.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
bearerTokenFile:
|
||||
description: File to read bearer token for scraping targets.
|
||||
type: string
|
||||
bearerTokenSecret:
|
||||
description: Secret to mount to read bearer token for scraping
|
||||
targets. The secret needs to be in the same namespace as the
|
||||
service monitor and accessible by the Prometheus Operator.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
honorLabels:
|
||||
description: HonorLabels chooses the metric's labels on collisions
|
||||
with target labels.
|
||||
type: boolean
|
||||
honorTimestamps:
|
||||
description: HonorTimestamps controls whether Prometheus respects
|
||||
the timestamps present in scraped data.
|
||||
type: boolean
|
||||
interval:
|
||||
description: Interval at which metrics should be scraped
|
||||
type: string
|
||||
metricRelabelings:
|
||||
description: MetricRelabelConfigs to apply to samples before
|
||||
ingestion.
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the
|
||||
label set, being applied to samples before ingestion. It
|
||||
defines `<metric_relabel_configs>`-section of Prometheus
|
||||
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching.
|
||||
Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source
|
||||
label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted
|
||||
value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace
|
||||
is performed if the regular expression matches. Regex
|
||||
capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source
|
||||
label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing
|
||||
labels. Their content is concatenated using the configured
|
||||
separator and matched against the configured regular
|
||||
expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written
|
||||
in a replace action. It is mandatory for replace actions.
|
||||
Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
oauth2:
|
||||
description: OAuth2 for the URL. Only valid in Prometheus versions
|
||||
2.27.0 and newer.
|
||||
properties:
|
||||
clientId:
|
||||
description: The secret or configmap containing the OAuth2
|
||||
client id
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its
|
||||
key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
clientSecret:
|
||||
description: The secret containing the OAuth2 client secret
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
endpointParams:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Parameters to append to the token URL
|
||||
type: object
|
||||
scopes:
|
||||
description: OAuth2 scopes used for the token request
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
tokenUrl:
|
||||
description: The URL to fetch the token from
|
||||
minLength: 1
|
||||
type: string
|
||||
required:
|
||||
- clientId
|
||||
- clientSecret
|
||||
- tokenUrl
|
||||
type: object
|
||||
params:
|
||||
additionalProperties:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: Optional HTTP URL parameters
|
||||
type: object
|
||||
path:
|
||||
description: HTTP path to scrape for metrics.
|
||||
type: string
|
||||
port:
|
||||
description: Name of the service port this endpoint refers to.
|
||||
Mutually exclusive with targetPort.
|
||||
type: string
|
||||
proxyUrl:
|
||||
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
|
||||
to proxy through this endpoint.
|
||||
type: string
|
||||
relabelings:
|
||||
description: 'RelabelConfigs to apply to samples before scraping.
|
||||
Prometheus Operator automatically adds relabelings for a few
|
||||
standard Kubernetes fields and replaces original scrape job
|
||||
name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
|
||||
items:
|
||||
description: 'RelabelConfig allows dynamic rewriting of the
|
||||
label set, being applied to samples before ingestion. It
|
||||
defines `<metric_relabel_configs>`-section of Prometheus
|
||||
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
|
||||
properties:
|
||||
action:
|
||||
description: Action to perform based on regex matching.
|
||||
Default is 'replace'
|
||||
type: string
|
||||
modulus:
|
||||
description: Modulus to take of the hash of the source
|
||||
label values.
|
||||
format: int64
|
||||
type: integer
|
||||
regex:
|
||||
description: Regular expression against which the extracted
|
||||
value is matched. Default is '(.*)'
|
||||
type: string
|
||||
replacement:
|
||||
description: Replacement value against which a regex replace
|
||||
is performed if the regular expression matches. Regex
|
||||
capture groups are available. Default is '$1'
|
||||
type: string
|
||||
separator:
|
||||
description: Separator placed between concatenated source
|
||||
label values. default is ';'.
|
||||
type: string
|
||||
sourceLabels:
|
||||
description: The source labels select values from existing
|
||||
labels. Their content is concatenated using the configured
|
||||
separator and matched against the configured regular
|
||||
expression for the replace, keep, and drop actions.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLabel:
|
||||
description: Label to which the resulting value is written
|
||||
in a replace action. It is mandatory for replace actions.
|
||||
Regex capture groups are available.
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
scheme:
|
||||
description: HTTP scheme to use for scraping.
|
||||
type: string
|
||||
scrapeTimeout:
|
||||
description: Timeout after which the scrape is ended
|
||||
type: string
|
||||
targetPort:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: Name or number of the target port of the Pod behind
|
||||
the Service, the port must be specified with container port
|
||||
property. Mutually exclusive with port.
|
||||
x-kubernetes-int-or-string: true
|
||||
tlsConfig:
|
||||
description: TLS configuration to use when scraping the endpoint
|
||||
properties:
|
||||
ca:
|
||||
description: Struct containing the CA cert to use for the
|
||||
targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its
|
||||
key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
caFile:
|
||||
description: Path to the CA cert in the Prometheus container
|
||||
to use for the targets.
|
||||
type: string
|
||||
cert:
|
||||
description: Struct containing the client cert file for
|
||||
the targets.
|
||||
properties:
|
||||
configMap:
|
||||
description: ConfigMap containing data to use for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the ConfigMap or its
|
||||
key must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
secret:
|
||||
description: Secret containing data to use for the targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind,
|
||||
uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key
|
||||
must be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
type: object
|
||||
certFile:
|
||||
description: Path to the client cert file in the Prometheus
|
||||
container for the targets.
|
||||
type: string
|
||||
insecureSkipVerify:
|
||||
description: Disable target certificate validation.
|
||||
type: boolean
|
||||
keyFile:
|
||||
description: Path to the client key file in the Prometheus
|
||||
container for the targets.
|
||||
type: string
|
||||
keySecret:
|
||||
description: Secret containing the client key file for the
|
||||
targets.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from. Must
|
||||
be a valid secret key.
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
optional:
|
||||
description: Specify whether the Secret or its key must
|
||||
be defined
|
||||
type: boolean
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
serverName:
|
||||
description: Used to verify the hostname for the targets.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
type: array
|
||||
jobLabel:
|
||||
description: "Chooses the label of the Kubernetes `Endpoints`. Its
|
||||
value will be used for the `job`-label's value of the created metrics.
|
||||
\n Default & fallback value: the name of the respective Kubernetes
|
||||
`Endpoint`."
|
||||
type: string
|
||||
labelLimit:
|
||||
description: Per-scrape limit on number of labels that will be accepted
|
||||
for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
labelNameLengthLimit:
|
||||
description: Per-scrape limit on length of labels name that will be
|
||||
accepted for a sample. Only valid in Prometheus versions 2.27.0
|
||||
and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
labelValueLengthLimit:
|
||||
description: Per-scrape limit on length of labels value that will
|
||||
be accepted for a sample. Only valid in Prometheus versions 2.27.0
|
||||
and newer.
|
||||
format: int64
|
||||
type: integer
|
||||
namespaceSelector:
|
||||
description: Selector to select which namespaces the Kubernetes Endpoints
|
||||
objects are discovered from.
|
||||
properties:
|
||||
any:
|
||||
description: Boolean describing whether all namespaces are selected
|
||||
in contrast to a list restricting them.
|
||||
type: boolean
|
||||
matchNames:
|
||||
description: List of namespace names.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
podTargetLabels:
|
||||
description: PodTargetLabels transfers labels on the Kubernetes `Pod`
|
||||
onto the created metrics.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
sampleLimit:
|
||||
description: SampleLimit defines per-scrape limit on number of scraped
|
||||
samples that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
selector:
|
||||
description: Selector to select Endpoints objects.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector requirements.
|
||||
The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector that
|
||||
contains values, a key, and an operator that relates the key
|
||||
and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship to
|
||||
a set of values. Valid operators are In, NotIn, Exists
|
||||
and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values. If the
|
||||
operator is In or NotIn, the values array must be non-empty.
|
||||
If the operator is Exists or DoesNotExist, the values
|
||||
array must be empty. This array is replaced during a strategic
|
||||
merge patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs. A single
|
||||
{key,value} in the matchLabels map is equivalent to an element
|
||||
of matchExpressions, whose key field is "key", the operator
|
||||
is "In", and the values array contains only "value". The requirements
|
||||
are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
targetLabels:
|
||||
description: TargetLabels transfers labels from the Kubernetes `Service`
|
||||
onto the created metrics. All labels set in `selector.matchLabels`
|
||||
are automatically transferred.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
targetLimit:
|
||||
description: TargetLimit defines a limit on the number of scraped
|
||||
targets that will be accepted.
|
||||
format: int64
|
||||
type: integer
|
||||
required:
|
||||
- endpoints
|
||||
- selector
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
File diff suppressed because it is too large
Load Diff
|
@ -1,353 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| alertmanager.additionalPeers | list | `[]` | |
|
||||
| alertmanager.affinity | object | `{}` | |
|
||||
| alertmanager.config.global.resolve_timeout | string | `"5m"` | |
|
||||
| alertmanager.config.receivers[0].name | string | `"null"` | |
|
||||
| alertmanager.config.route.group_by[0] | string | `"job"` | |
|
||||
| alertmanager.config.route.group_interval | string | `"5m"` | |
|
||||
| alertmanager.config.route.group_wait | string | `"30s"` | |
|
||||
| alertmanager.config.route.receiver | string | `"null"` | |
|
||||
| alertmanager.config.route.repeat_interval | string | `"12h"` | |
|
||||
| alertmanager.config.route.routes[0].match.alertname | string | `"Watchdog"` | |
|
||||
| alertmanager.config.route.routes[0].receiver | string | `"null"` | |
|
||||
| alertmanager.configMaps | list | `[]` | |
|
||||
| alertmanager.configNamespaceSelector | object | `{}` | |
|
||||
| alertmanager.configSelector | object | `{}` | |
|
||||
| alertmanager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| alertmanager.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||
| alertmanager.containerSecurityContext.enabled | bool | `true` | |
|
||||
| alertmanager.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| alertmanager.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| alertmanager.containers | list | `[]` | |
|
||||
| alertmanager.enabled | bool | `true` | |
|
||||
| alertmanager.externalConfig | bool | `false` | |
|
||||
| alertmanager.externalUrl | string | `""` | |
|
||||
| alertmanager.listenLocal | bool | `false` | |
|
||||
| alertmanager.livenessProbe.enabled | bool | `true` | |
|
||||
| alertmanager.livenessProbe.failureThreshold | int | `120` | |
|
||||
| alertmanager.livenessProbe.initialDelaySeconds | int | `0` | |
|
||||
| alertmanager.livenessProbe.path | string | `"/-/healthy"` | |
|
||||
| alertmanager.livenessProbe.periodSeconds | int | `5` | |
|
||||
| alertmanager.livenessProbe.successThreshold | int | `1` | |
|
||||
| alertmanager.livenessProbe.timeoutSeconds | int | `3` | |
|
||||
| alertmanager.logFormat | string | `"logfmt"` | |
|
||||
| alertmanager.logLevel | string | `"info"` | |
|
||||
| alertmanager.nodeAffinityPreset.key | string | `""` | |
|
||||
| alertmanager.nodeAffinityPreset.type | string | `""` | |
|
||||
| alertmanager.nodeAffinityPreset.values | list | `[]` | |
|
||||
| alertmanager.nodeSelector | object | `{}` | |
|
||||
| alertmanager.paused | bool | `false` | |
|
||||
| alertmanager.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
|
||||
| alertmanager.persistence.enabled | bool | `true` | |
|
||||
| alertmanager.persistence.size | string | `"999Gi"` | |
|
||||
| alertmanager.persistence.storageClass | string | `""` | |
|
||||
| alertmanager.podAffinityPreset | string | `""` | |
|
||||
| alertmanager.podAntiAffinityPreset | string | `"soft"` | |
|
||||
| alertmanager.podDisruptionBudget.enabled | bool | `false` | |
|
||||
| alertmanager.podDisruptionBudget.maxUnavailable | string | `""` | |
|
||||
| alertmanager.podDisruptionBudget.minAvailable | int | `1` | |
|
||||
| alertmanager.podMetadata.annotations | object | `{}` | |
|
||||
| alertmanager.podMetadata.labels | object | `{}` | |
|
||||
| alertmanager.podSecurityContext.enabled | bool | `true` | |
|
||||
| alertmanager.podSecurityContext.fsGroup | int | `1001` | |
|
||||
| alertmanager.podSecurityContext.runAsUser | int | `1001` | |
|
||||
| alertmanager.portName | string | `"alertmanager"` | |
|
||||
| alertmanager.priorityClassName | string | `""` | |
|
||||
| alertmanager.readinessProbe.enabled | bool | `true` | |
|
||||
| alertmanager.readinessProbe.failureThreshold | int | `120` | |
|
||||
| alertmanager.readinessProbe.initialDelaySeconds | int | `0` | |
|
||||
| alertmanager.readinessProbe.path | string | `"/-/ready"` | |
|
||||
| alertmanager.readinessProbe.periodSeconds | int | `5` | |
|
||||
| alertmanager.readinessProbe.successThreshold | int | `1` | |
|
||||
| alertmanager.readinessProbe.timeoutSeconds | int | `3` | |
|
||||
| alertmanager.replicaCount | int | `1` | |
|
||||
| alertmanager.resources | object | `{}` | |
|
||||
| alertmanager.retention | string | `"240h"` | |
|
||||
| alertmanager.routePrefix | string | `"/"` | |
|
||||
| alertmanager.secrets | list | `[]` | |
|
||||
| alertmanager.serviceAccount.create | bool | `true` | |
|
||||
| alertmanager.serviceAccount.name | string | `""` | |
|
||||
| alertmanager.serviceMonitor.enabled | bool | `true` | |
|
||||
| alertmanager.serviceMonitor.interval | string | `""` | |
|
||||
| alertmanager.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| alertmanager.serviceMonitor.relabelings | list | `[]` | |
|
||||
| alertmanager.storageSpec | object | `{}` | |
|
||||
| alertmanager.tolerations | list | `[]` | |
|
||||
| alertmanager.volumeMounts | list | `[]` | |
|
||||
| alertmanager.volumes | list | `[]` | |
|
||||
| alertmanagerImage.repository | string | `"tccr.io/truecharts/alertmanager"` | |
|
||||
| alertmanagerImage.tag | string | `"v0.23.0@sha256:15bc2c7be2c7c4ad497849abb0e95c30804727de68a0e9c93597b01aaf79b8bc"` | |
|
||||
| coreDns.enabled | bool | `true` | |
|
||||
| coreDns.namespace | string | `"kube-system"` | |
|
||||
| coreDns.service.enabled | bool | `true` | |
|
||||
| coreDns.service.port | int | `9153` | |
|
||||
| coreDns.service.selector | object | `{}` | |
|
||||
| coreDns.service.targetPort | int | `9153` | |
|
||||
| coreDns.serviceMonitor.interval | string | `""` | |
|
||||
| coreDns.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| coreDns.serviceMonitor.relabelings | list | `[]` | |
|
||||
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.key | string | `"prometheus-config-reloader"` | |
|
||||
| envValueFrom.PROMETHEUS_CONFIG_RELOADER.configMapKeyRef.name | string | `"prometheus-operator-config"` | |
|
||||
| exporters.kube-state-metrics.enabled | bool | `true` | |
|
||||
| exporters.node-exporter.enabled | bool | `true` | |
|
||||
| global.labels | object | `{}` | |
|
||||
| image.repository | string | `"tccr.io/truecharts/prometheus-operator"` | |
|
||||
| image.tag | string | `"v0.54.1@sha256:7e13e152e1cc2bf2d7067d232fe1eb10087ba4471a70637fa7082839d2118e6c"` | |
|
||||
| ingress.alertmanager.enabled | bool | `false` | |
|
||||
| ingress.main.enabled | bool | `false` | |
|
||||
| ingress.thanos.enabled | bool | `false` | |
|
||||
| kube-state-metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| kube-state-metrics.serviceMonitor.honorLabels | bool | `true` | |
|
||||
| kubeApiServer.enabled | bool | `true` | |
|
||||
| kubeApiServer.serviceMonitor.interval | string | `""` | |
|
||||
| kubeApiServer.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| kubeApiServer.serviceMonitor.relabelings | list | `[]` | |
|
||||
| kubeControllerManager.enabled | bool | `false` | |
|
||||
| kubeControllerManager.endpoints | list | `[]` | |
|
||||
| kubeControllerManager.namespace | string | `"kube-system"` | |
|
||||
| kubeControllerManager.service.enabled | bool | `true` | |
|
||||
| kubeControllerManager.service.port | int | `10252` | |
|
||||
| kubeControllerManager.service.selector | object | `{}` | |
|
||||
| kubeControllerManager.service.targetPort | int | `10252` | |
|
||||
| kubeControllerManager.serviceMonitor.https | bool | `false` | |
|
||||
| kubeControllerManager.serviceMonitor.insecureSkipVerify | string | `""` | |
|
||||
| kubeControllerManager.serviceMonitor.interval | string | `""` | |
|
||||
| kubeControllerManager.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| kubeControllerManager.serviceMonitor.relabelings | list | `[]` | |
|
||||
| kubeControllerManager.serviceMonitor.serverName | string | `""` | |
|
||||
| kubeProxy.enabled | bool | `false` | |
|
||||
| kubeScheduler.enabled | bool | `false` | |
|
||||
| kubeScheduler.endpoints | list | `[]` | |
|
||||
| kubeScheduler.namespace | string | `"kube-system"` | |
|
||||
| kubeScheduler.service.enabled | bool | `true` | |
|
||||
| kubeScheduler.service.port | int | `10251` | |
|
||||
| kubeScheduler.service.selector | object | `{}` | |
|
||||
| kubeScheduler.service.targetPort | int | `10251` | |
|
||||
| kubeScheduler.serviceMonitor.https | bool | `false` | |
|
||||
| kubeScheduler.serviceMonitor.insecureSkipVerify | string | `""` | |
|
||||
| kubeScheduler.serviceMonitor.interval | string | `""` | |
|
||||
| kubeScheduler.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| kubeScheduler.serviceMonitor.relabelings | list | `[]` | |
|
||||
| kubeScheduler.serviceMonitor.serverName | string | `""` | |
|
||||
| kubelet.enabled | bool | `true` | |
|
||||
| kubelet.namespace | string | `"kube-system"` | |
|
||||
| kubelet.serviceMonitor.cAdvisorMetricRelabelings | list | `[]` | |
|
||||
| kubelet.serviceMonitor.cAdvisorRelabelings | list | `[]` | |
|
||||
| kubelet.serviceMonitor.https | bool | `true` | |
|
||||
| kubelet.serviceMonitor.interval | string | `""` | |
|
||||
| kubelet.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| kubelet.serviceMonitor.relabelings | list | `[]` | |
|
||||
| node-exporter.extraArgs."collector.filesystem.ignored-fs-types" | string | `"^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"` | |
|
||||
| node-exporter.extraArgs."collector.filesystem.ignored-mount-points" | string | `"^/(dev|proc|sys|var/lib/docker/.+)($|/)"` | |
|
||||
| node-exporter.service.labels.jobLabel | string | `"node-exporter"` | |
|
||||
| node-exporter.service.port | int | `9910` | |
|
||||
| node-exporter.service.targetPort | int | `9910` | |
|
||||
| node-exporter.serviceMonitor.enabled | bool | `true` | |
|
||||
| node-exporter.serviceMonitor.jobLabel | string | `"jobLabel"` | |
|
||||
| operator.configReloaderResources | object | `{}` | |
|
||||
| operator.enabled | bool | `true` | |
|
||||
| operator.kubeletService.enabled | bool | `true` | |
|
||||
| operator.kubeletService.namespace | string | `"kube-system"` | |
|
||||
| operator.logFormat | string | `"logfmt"` | |
|
||||
| operator.logLevel | string | `"info"` | |
|
||||
| operator.prometheusConfigReloader.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| operator.prometheusConfigReloader.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||
| operator.prometheusConfigReloader.containerSecurityContext.enabled | bool | `true` | |
|
||||
| operator.prometheusConfigReloader.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| operator.prometheusConfigReloader.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| operator.prometheusConfigReloader.livenessProbe.enabled | bool | `true` | |
|
||||
| operator.prometheusConfigReloader.livenessProbe.failureThreshold | int | `6` | |
|
||||
| operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds | int | `10` | |
|
||||
| operator.prometheusConfigReloader.livenessProbe.periodSeconds | int | `10` | |
|
||||
| operator.prometheusConfigReloader.livenessProbe.successThreshold | int | `1` | |
|
||||
| operator.prometheusConfigReloader.livenessProbe.timeoutSeconds | int | `5` | |
|
||||
| operator.prometheusConfigReloader.readinessProbe.enabled | bool | `true` | |
|
||||
| operator.prometheusConfigReloader.readinessProbe.failureThreshold | int | `6` | |
|
||||
| operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds | int | `15` | |
|
||||
| operator.prometheusConfigReloader.readinessProbe.periodSeconds | int | `20` | |
|
||||
| operator.prometheusConfigReloader.readinessProbe.successThreshold | int | `1` | |
|
||||
| operator.prometheusConfigReloader.readinessProbe.timeoutSeconds | int | `5` | |
|
||||
| operator.serviceMonitor.enabled | bool | `true` | |
|
||||
| operator.serviceMonitor.interval | string | `""` | |
|
||||
| operator.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| operator.serviceMonitor.relabelings | list | `[]` | |
|
||||
| probes.liveness | object | See below | Liveness probe configuration |
|
||||
| probes.readiness | object | See below | Redainess probe configuration |
|
||||
| probes.startup | object | See below | Startup probe configuration |
|
||||
| prometheus.additionalAlertRelabelConfigsExternal.enabled | bool | `false` | |
|
||||
| prometheus.additionalAlertRelabelConfigsExternal.key | string | `""` | |
|
||||
| prometheus.additionalAlertRelabelConfigsExternal.name | string | `""` | |
|
||||
| prometheus.additionalPrometheusRules | list | `[]` | |
|
||||
| prometheus.additionalScrapeConfigs.enabled | bool | `false` | |
|
||||
| prometheus.additionalScrapeConfigs.external.key | string | `""` | |
|
||||
| prometheus.additionalScrapeConfigs.external.name | string | `""` | |
|
||||
| prometheus.additionalScrapeConfigs.internal.jobList | list | `[]` | |
|
||||
| prometheus.additionalScrapeConfigs.type | string | `"external"` | |
|
||||
| prometheus.additionalScrapeConfigsExternal.enabled | bool | `false` | |
|
||||
| prometheus.additionalScrapeConfigsExternal.key | string | `""` | |
|
||||
| prometheus.additionalScrapeConfigsExternal.name | string | `""` | |
|
||||
| prometheus.affinity | object | `{}` | |
|
||||
| prometheus.alertingEndpoints | list | `[]` | |
|
||||
| prometheus.configMaps | list | `[]` | |
|
||||
| prometheus.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| prometheus.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||
| prometheus.containerSecurityContext.enabled | bool | `true` | |
|
||||
| prometheus.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| prometheus.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| prometheus.containers | list | `[]` | |
|
||||
| prometheus.disableCompaction | bool | `false` | |
|
||||
| prometheus.enableAdminAPI | bool | `false` | |
|
||||
| prometheus.enableFeatures | list | `[]` | |
|
||||
| prometheus.enabled | bool | `true` | |
|
||||
| prometheus.evaluationInterval | string | `""` | |
|
||||
| prometheus.externalLabels | object | `{}` | |
|
||||
| prometheus.externalUrl | string | `""` | |
|
||||
| prometheus.listenLocal | bool | `false` | |
|
||||
| prometheus.livenessProbe.enabled | bool | `true` | |
|
||||
| prometheus.livenessProbe.failureThreshold | int | `10` | |
|
||||
| prometheus.livenessProbe.initialDelaySeconds | int | `0` | |
|
||||
| prometheus.livenessProbe.path | string | `"/-/healthy"` | |
|
||||
| prometheus.livenessProbe.periodSeconds | int | `10` | |
|
||||
| prometheus.livenessProbe.successThreshold | int | `1` | |
|
||||
| prometheus.livenessProbe.timeoutSeconds | int | `3` | |
|
||||
| prometheus.logFormat | string | `"logfmt"` | |
|
||||
| prometheus.logLevel | string | `"info"` | |
|
||||
| prometheus.matchLabels | object | `{}` | |
|
||||
| prometheus.nodeAffinityPreset.key | string | `""` | |
|
||||
| prometheus.nodeAffinityPreset.type | string | `""` | |
|
||||
| prometheus.nodeAffinityPreset.values | list | `[]` | |
|
||||
| prometheus.nodeSelector | object | `{}` | |
|
||||
| prometheus.paused | bool | `false` | |
|
||||
| prometheus.persistence.accessModes[0] | string | `"ReadWriteOnce"` | |
|
||||
| prometheus.persistence.enabled | bool | `true` | |
|
||||
| prometheus.persistence.size | string | `"999Gi"` | |
|
||||
| prometheus.persistence.storageClass | string | `""` | |
|
||||
| prometheus.podAffinityPreset | string | `""` | |
|
||||
| prometheus.podAntiAffinityPreset | string | `"soft"` | |
|
||||
| prometheus.podMetadata.annotations | object | `{}` | |
|
||||
| prometheus.podMetadata.labels | object | `{}` | |
|
||||
| prometheus.podMonitorNamespaceSelector | object | `{}` | |
|
||||
| prometheus.podMonitorSelector | object | `{}` | |
|
||||
| prometheus.podSecurityContext.enabled | bool | `true` | |
|
||||
| prometheus.podSecurityContext.fsGroup | int | `1001` | |
|
||||
| prometheus.podSecurityContext.runAsUser | int | `1001` | |
|
||||
| prometheus.portName | string | `"main"` | |
|
||||
| prometheus.priorityClassName | string | `""` | |
|
||||
| prometheus.probeNamespaceSelector | object | `{}` | |
|
||||
| prometheus.probeSelector | object | `{}` | |
|
||||
| prometheus.prometheusExternalLabelName | string | `""` | |
|
||||
| prometheus.prometheusExternalLabelNameClear | bool | `false` | |
|
||||
| prometheus.querySpec | object | `{}` | |
|
||||
| prometheus.readinessProbe.enabled | bool | `true` | |
|
||||
| prometheus.readinessProbe.failureThreshold | int | `10` | |
|
||||
| prometheus.readinessProbe.initialDelaySeconds | int | `0` | |
|
||||
| prometheus.readinessProbe.path | string | `"/-/ready"` | |
|
||||
| prometheus.readinessProbe.periodSeconds | int | `10` | |
|
||||
| prometheus.readinessProbe.successThreshold | int | `1` | |
|
||||
| prometheus.readinessProbe.timeoutSeconds | int | `3` | |
|
||||
| prometheus.remoteRead | list | `[]` | |
|
||||
| prometheus.remoteWrite | list | `[]` | |
|
||||
| prometheus.replicaCount | int | `1` | |
|
||||
| prometheus.replicaExternalLabelName | string | `""` | |
|
||||
| prometheus.replicaExternalLabelNameClear | bool | `false` | |
|
||||
| prometheus.resources | object | `{}` | |
|
||||
| prometheus.retention | string | `"31d"` | |
|
||||
| prometheus.retentionSize | string | `""` | |
|
||||
| prometheus.routePrefix | string | `"/"` | |
|
||||
| prometheus.ruleNamespaceSelector | object | `{}` | |
|
||||
| prometheus.ruleSelector | object | `{}` | |
|
||||
| prometheus.scrapeInterval | string | `""` | |
|
||||
| prometheus.secrets | list | `[]` | |
|
||||
| prometheus.serviceAccount.annotations | object | `{}` | |
|
||||
| prometheus.serviceAccount.create | bool | `true` | |
|
||||
| prometheus.serviceAccount.name | string | `""` | |
|
||||
| prometheus.serviceMonitor.enabled | bool | `true` | |
|
||||
| prometheus.serviceMonitor.interval | string | `""` | |
|
||||
| prometheus.serviceMonitor.metricRelabelings | list | `[]` | |
|
||||
| prometheus.serviceMonitor.relabelings | list | `[]` | |
|
||||
| prometheus.serviceMonitorNamespaceSelector | object | `{}` | |
|
||||
| prometheus.serviceMonitorSelector | object | `{}` | |
|
||||
| prometheus.storageSpec | object | `{}` | |
|
||||
| prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
|
||||
| prometheus.thanos.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
|
||||
| prometheus.thanos.containerSecurityContext.enabled | bool | `true` | |
|
||||
| prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| prometheus.thanos.containerSecurityContext.runAsNonRoot | bool | `true` | |
|
||||
| prometheus.thanos.create | bool | `false` | |
|
||||
| prometheus.thanos.extraArgs | list | `[]` | |
|
||||
| prometheus.thanos.extraVolumeMounts | list | `[]` | |
|
||||
| prometheus.thanos.livenessProbe.enabled | bool | `true` | |
|
||||
| prometheus.thanos.livenessProbe.failureThreshold | int | `120` | |
|
||||
| prometheus.thanos.livenessProbe.initialDelaySeconds | int | `0` | |
|
||||
| prometheus.thanos.livenessProbe.path | string | `"/-/healthy"` | |
|
||||
| prometheus.thanos.livenessProbe.periodSeconds | int | `5` | |
|
||||
| prometheus.thanos.livenessProbe.successThreshold | int | `1` | |
|
||||
| prometheus.thanos.livenessProbe.timeoutSeconds | int | `3` | |
|
||||
| prometheus.thanos.objectStorageConfig | object | `{}` | |
|
||||
| prometheus.thanos.prometheusUrl | string | `""` | |
|
||||
| prometheus.thanos.readinessProbe.enabled | bool | `true` | |
|
||||
| prometheus.thanos.readinessProbe.failureThreshold | int | `120` | |
|
||||
| prometheus.thanos.readinessProbe.initialDelaySeconds | int | `0` | |
|
||||
| prometheus.thanos.readinessProbe.path | string | `"/-/ready"` | |
|
||||
| prometheus.thanos.readinessProbe.periodSeconds | int | `5` | |
|
||||
| prometheus.thanos.readinessProbe.successThreshold | int | `1` | |
|
||||
| prometheus.thanos.readinessProbe.timeoutSeconds | int | `3` | |
|
||||
| prometheus.thanos.resources.limits | object | `{}` | |
|
||||
| prometheus.thanos.resources.requests | object | `{}` | |
|
||||
| prometheus.thanos.service.annotations | object | `{}` | |
|
||||
| prometheus.thanos.service.clusterIP | string | `"None"` | |
|
||||
| prometheus.thanos.service.extraPorts | list | `[]` | |
|
||||
| prometheus.thanos.service.loadBalancerIP | string | `""` | |
|
||||
| prometheus.thanos.service.loadBalancerSourceRanges | list | `[]` | |
|
||||
| prometheus.thanos.service.nodePort | string | `""` | |
|
||||
| prometheus.thanos.service.port | int | `10901` | |
|
||||
| prometheus.thanos.service.type | string | `"ClusterIP"` | |
|
||||
| prometheus.tolerations | list | `[]` | |
|
||||
| prometheus.volumeMounts | list | `[]` | |
|
||||
| prometheus.volumes | list | `[]` | |
|
||||
| prometheus.walCompression | bool | `false` | |
|
||||
| prometheusImage.repository | string | `"tccr.io/truecharts/prometheus"` | |
|
||||
| prometheusImage.tag | string | `"v2.33.4@sha256:da73415d33ce2c2c653ac96737b48b4cf3a357d6b8655fd35b89438357e56b3a"` | |
|
||||
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"],"verbs":["create"]},{"apiGroups":["apiextensions.k8s.io"],"resourceNames":["alertmanagers.monitoring.coreos.com","podmonitors.monitoring.coreos.com","prometheuses.monitoring.coreos.com","prometheusrules.monitoring.coreos.com","servicemonitors.monitoring.coreos.com","thanosrulers.monitoring.coreos.com","probes.monitoring.coreos.com"],"resources":["customresourcedefinitions"],"verbs":["get","update"]},{"apiGroups":["monitoring.coreos.com"],"resources":["alertmanagers","alertmanagers/finalizers","alertmanagerconfigs","prometheuses","prometheuses/finalizers","thanosrulers","thanosrulers/finalizers","servicemonitors","podmonitors","probes","prometheusrules"],"verbs":["*"]},{"apiGroups":["apps"],"resources":["statefulsets"],"verbs":["*"]},{"apiGroups":[""],"resources":["configmaps","secrets"],"verbs":["*"]},{"apiGroups":[""],"resources":["pods"],"verbs":["list","delete"]},{"apiGroups":[""],"resources":["services","services/finalizers","endpoints"],"verbs":["get","create","update","delete"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["list","watch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list","watch"]},{"apiGroups":["networking.k8s.io"],"resources":["ingresses"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
|
||||
| securityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| service.alertmanager.enabled | bool | `true` | |
|
||||
| service.alertmanager.ports.alertmanager.enabled | bool | `true` | |
|
||||
| service.alertmanager.ports.alertmanager.port | int | `10087` | |
|
||||
| service.alertmanager.ports.alertmanager.protocol | string | `"HTTP"` | |
|
||||
| service.alertmanager.ports.alertmanager.targetPort | int | `9093` | |
|
||||
| service.alertmanager.selector."app.kubernetes.io/name" | string | `"alertmanager"` | |
|
||||
| service.alertmanager.selector.alertmanager | string | `"{{ template \"kube-prometheus.alertmanager.fullname\" . }}"` | |
|
||||
| service.main.ports.main.port | int | `10086` | |
|
||||
| service.main.ports.main.protocol | string | `"HTTP"` | |
|
||||
| service.main.ports.main.targetPort | int | `9090` | |
|
||||
| service.main.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
|
||||
| service.main.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
|
||||
| service.promop.enabled | bool | `true` | |
|
||||
| service.promop.ports.promop.enabled | bool | `true` | |
|
||||
| service.promop.ports.promop.port | int | `10089` | |
|
||||
| service.promop.ports.promop.protocol | string | `"HTTP"` | |
|
||||
| service.promop.ports.promop.targetPort | int | `8080` | |
|
||||
| service.thanos.enabled | bool | `true` | |
|
||||
| service.thanos.ports.thanos.enabled | bool | `true` | |
|
||||
| service.thanos.ports.thanos.port | int | `10901` | |
|
||||
| service.thanos.ports.thanos.protocol | string | `"HTTP"` | |
|
||||
| service.thanos.ports.thanos.targetPort | int | `10901` | |
|
||||
| service.thanos.selector."app.kubernetes.io/name" | string | `"prometheus"` | |
|
||||
| service.thanos.selector.prometheus | string | `"{{ template \"kube-prometheus.prometheus.fullname\" . }}"` | |
|
||||
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
|
||||
| thanosImage.repository | string | `"tccr.io/truecharts/thanos"` | |
|
||||
| thanosImage.tag | string | `"v0.24.0@sha256:876fbb5c2c5a24a04081d44af2bd9ef5a276f82c95081f6ab57d121a4a93c8a9"` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because one or more lines are too long
|
@ -1,198 +0,0 @@
|
|||
{{/* Name suffixed with operator */}}
|
||||
{{- define "kube-prometheus.fullname" -}}
|
||||
{{- printf "%s" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Name suffixed with operator */}}
|
||||
{{- define "kube-prometheus.name" -}}
|
||||
{{- printf "%s" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Name suffixed with operator */}}
|
||||
{{- define "kube-prometheus.operator.name" -}}
|
||||
{{- printf "%s-operator" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Name suffixed with prometheus */}}
|
||||
{{- define "kube-prometheus.prometheus.name" -}}
|
||||
{{- printf "%s-prometheus" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Name suffixed with alertmanager */}}
|
||||
{{- define "kube-prometheus.alertmanager.name" -}}
|
||||
{{- printf "%s-alertmanager" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Name suffixed with thanos */}}
|
||||
{{- define "kube-prometheus.thanos.name" -}}
|
||||
{{- printf "%s-thanos" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Fullname suffixed with operator */}}
|
||||
{{- define "kube-prometheus.operator.fullname" -}}
|
||||
{{- printf "%s-operator" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Fullname suffixed with prometheus */}}
|
||||
{{- define "kube-prometheus.prometheus.fullname" -}}
|
||||
{{- printf "%s-prometheus" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Fullname suffixed with alertmanager */}}
|
||||
{{- define "kube-prometheus.alertmanager.fullname" -}}
|
||||
{{- printf "%s-alertmanager" (include "common.names.fullname" . ) -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Fullname suffixed with thanos */}}
|
||||
{{- define "kube-prometheus.thanos.fullname" -}}
|
||||
{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}}
|
||||
{{- end }}
|
||||
|
||||
{{- define "kube-prometheus.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common Labels
|
||||
*/}}
|
||||
{{- define "kube-prometheus.labels" -}}
|
||||
{{ include "common.labels" . }}
|
||||
{{- if .Values.global.labels }}
|
||||
{{ toYaml .Values.global.labels }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Labels for operator
|
||||
*/}}
|
||||
{{- define "kube-prometheus.operator.labels" -}}
|
||||
{{ include "common.labels" . }}
|
||||
app.kubernetes.io/component: operator
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Labels for prometheus
|
||||
*/}}
|
||||
{{- define "kube-prometheus.prometheus.labels" -}}
|
||||
{{ include "common.labels" . }}
|
||||
app.kubernetes.io/component: prometheus
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Labels for alertmanager
|
||||
*/}}
|
||||
{{- define "kube-prometheus.alertmanager.labels" -}}
|
||||
{{ include "common.labels" . }}
|
||||
app.kubernetes.io/component: alertmanager
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
matchLabels for operator
|
||||
*/}}
|
||||
{{- define "kube-prometheus.operator.matchLabels" -}}
|
||||
{{ include "common.labels.selectorLabels" . }}
|
||||
app.kubernetes.io/component: operator
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
matchLabels for prometheus
|
||||
*/}}
|
||||
{{- define "kube-prometheus.prometheus.matchLabels" -}}
|
||||
{{ include "common.labels.selectorLabels" . }}
|
||||
app.kubernetes.io/component: prometheus
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
matchLabels for alertmanager
|
||||
*/}}
|
||||
{{- define "kube-prometheus.alertmanager.matchLabels" -}}
|
||||
{{ include "common.labels.selectorLabels" . }}
|
||||
app.kubernetes.io/component: alertmanager
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Prometheus Operator image name
|
||||
*/}}
|
||||
{{- define "kube-prometheus.image" -}}
|
||||
{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Prometheus Operator Reloader image name
|
||||
*/}}
|
||||
{{- define "kube-prometheus.prometheusConfigReloader.image" -}}
|
||||
{{- include "kube-prometheus.image" . -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Prometheus Image name
|
||||
*/}}
|
||||
{{- define "kube-prometheus.prometheus.image" -}}
|
||||
{{ printf "%s:%s" .Values.prometheusImage.repository (default .Chart.AppVersion .Values.prometheusImage.tag) | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Thanos Image name
|
||||
*/}}
|
||||
{{- define "kube-prometheus.prometheus.thanosImage" -}}
|
||||
{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Alertmanager Image name
|
||||
*/}}
|
||||
{{- define "kube-prometheus.alertmanager.image" -}}
|
||||
{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "kube-prometheus.imagePullSecrets" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the operator service account to use
|
||||
*/}}
|
||||
{{- define "kube-prometheus.operator.serviceAccountName" -}}
|
||||
{{- if .Values.operator.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.operator.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the prometheus service account to use
|
||||
*/}}
|
||||
{{- define "kube-prometheus.prometheus.serviceAccountName" -}}
|
||||
{{- if .Values.prometheus.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheus.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the alertmanager service account to use
|
||||
*/}}
|
||||
{{- define "kube-prometheus.alertmanager.serviceAccountName" -}}
|
||||
{{- if .Values.alertmanager.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.alertmanager.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Compile all warnings into a single message, and call fail.
|
||||
*/}}
|
||||
{{- define "kube-prometheus.validateValues" -}}
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
{{- $message := join "\n" $messages -}}
|
||||
|
||||
{{- if $message -}}
|
||||
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,183 +0,0 @@
|
|||
{{- define "prometheus.alertmanager.alertmanager" -}}
|
||||
{{- if .Values.alertmanager.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Alertmanager
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.alertmanager.replicaCount }}
|
||||
serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
|
||||
{{- if .Values.alertmanager.image }}
|
||||
image: {{ template "kube-prometheus.alertmanager.image" . }}
|
||||
{{- end }}
|
||||
listenLocal: {{ .Values.alertmanager.listenLocal }}
|
||||
{{- if index .Values.alertmanager "externalUrl" }}
|
||||
externalUrl: "{{ .Values.alertmanager.externalUrl }}"
|
||||
{{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }}
|
||||
externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }}
|
||||
{{- else }}
|
||||
externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }}
|
||||
{{- end }}
|
||||
portName: "{{ .Values.alertmanager.portName }}"
|
||||
paused: {{ .Values.alertmanager.paused }}
|
||||
logFormat: {{ .Values.alertmanager.logFormat }}
|
||||
logLevel: {{ .Values.alertmanager.logLevel }}
|
||||
retention: {{ .Values.alertmanager.retention }}
|
||||
{{- if .Values.alertmanager.secrets }}
|
||||
secrets: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.configMaps }}
|
||||
configMaps: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }}
|
||||
routePrefix: "{{ .Values.alertmanager.routePrefix }}"
|
||||
{{- if .Values.alertmanager.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.storageSpec }}
|
||||
storage: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
{{- if .Values.alertmanager.persistence.enabled }}
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.alertmanager.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.alertmanager.persistence.size | quote }}
|
||||
{{- include "common.storage.class" (dict "persistence" .Values.alertmanager.persistence "global" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
|
||||
podMetadata:
|
||||
labels:
|
||||
{{- if .Values.alertmanager.podMetadata.labels }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
|
||||
{{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.podMetadata.annotations }}
|
||||
annotations:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
{{- if not (empty .Values.alertmanager.podAffinityPreset) }}
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.alertmanager.podAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.alertmanager.podAntiAffinityPreset) }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.alertmanager.podAntiAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.alertmanager.nodeAffinityPreset.values) }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.alertmanager.nodeAffinityPreset.type "key" .Values.alertmanager.nodeAffinityPreset.key "values" .Values.alertmanager.nodeAffinityPreset.values) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.volumes }}
|
||||
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.volumeMounts }}
|
||||
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
|
||||
{{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
|
||||
containers:
|
||||
{{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }}
|
||||
## This monkey patching is needed until the securityContexts are
|
||||
## directly patchable via the CRD.
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
|
||||
## currently implemented with strategic merge
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
|
||||
- name: alertmanager
|
||||
{{- if .Values.alertmanager.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.alertmanager.livenessProbe.path }}
|
||||
port: alertmanager
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.alertmanager.readinessProbe.path }}
|
||||
port: alertmanager
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
|
||||
## This monkey patching is needed until the securityContexts are
|
||||
## directly patchable via the CRD.
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
|
||||
## currently implemented with strategic merge
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
|
||||
- name: config-reloader
|
||||
{{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: reloader-web
|
||||
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: reloader-web
|
||||
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.containers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.priorityClassName }}
|
||||
priorityClassName: {{ .Values.alertmanager.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.additionalPeers }}
|
||||
additionalPeers: {{ .Values.alertmanager.additionalPeers }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.configNamespaceSelector }}
|
||||
alertmanagerConfigNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.configSelector }}
|
||||
alertmanagerConfigSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,13 +0,0 @@
|
|||
{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
data:
|
||||
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
|
||||
{{- range $key, $val := .Values.alertmanager.templateFiles }}
|
||||
{{ $key }}: {{ $val | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,12 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
{{- if index .Values.alertmanager.serviceAccount "annotations" }}
|
||||
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus.imagePullSecrets" . }}
|
||||
{{- end }}
|
|
@ -1,26 +0,0 @@
|
|||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
endpoints:
|
||||
- port: http
|
||||
{{- if .Values.alertmanager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics
|
||||
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,18 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.setup" . }}
|
||||
|
||||
{{- $newArgs := (include "prometheus.operator.args" . | fromYaml) }}
|
||||
{{- $_ := set .Values "newArgs" $newArgs -}}
|
||||
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
|
||||
{{- $_ := set .Values "args" $mergedargs -}}
|
||||
|
||||
{{- include "prometheus.prometheus.prometheus" . }}
|
||||
{{- include "prometheus.prometheus.additionalprometheusrules" . }}
|
||||
{{- include "prometheus.prometheus.additionalscrapejobs" . }}
|
||||
{{- include "prometheus.prometheus.servicemonitor" . }}
|
||||
|
||||
{{- include "prometheus.alertmanager.alertmanager" . }}
|
||||
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
|
@ -1,22 +0,0 @@
|
|||
{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-coredns
|
||||
namespace: {{ .Values.coreDns.namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: http-metrics
|
||||
port: {{ .Values.coreDns.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.coreDns.service.targetPort }}
|
||||
selector:
|
||||
{{- if .Values.coreDns.service.selector }}
|
||||
{{ toYaml .Values.coreDns.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
k8s-app: kube-dns
|
||||
{{- end}}
|
||||
{{- end }}
|
|
@ -1,29 +0,0 @@
|
|||
{{- if .Values.coreDns.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-coredns
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
|
||||
spec:
|
||||
jobLabel: k8s-app
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Values.coreDns.namespace }}
|
||||
endpoints:
|
||||
- port: http-metrics
|
||||
{{- if .Values.coreDns.serviceMonitor.interval}}
|
||||
interval: {{ .Values.coreDns.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.relabelings }}
|
||||
relabelings: {{- include "common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,35 +0,0 @@
|
|||
{{- if .Values.kubeApiServer.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-apiserver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: apiserver
|
||||
spec:
|
||||
jobLabel: component
|
||||
selector:
|
||||
matchLabels:
|
||||
component: apiserver
|
||||
provider: kubernetes
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- default
|
||||
endpoints:
|
||||
- port: https
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
serverName: kubernetes
|
||||
insecureSkipVerify: true
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,18 +0,0 @@
|
|||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
|
||||
namespace: {{ .Values.kubeControllerManager.namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: kube-controller-manager
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeControllerManager.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http-metrics
|
||||
port: {{ .Values.kubeControllerManager.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
|
@ -1,25 +0,0 @@
|
|||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
|
||||
namespace: {{ .Values.kubeControllerManager.namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: http-metrics
|
||||
port: {{ .Values.kubeControllerManager.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeControllerManager.service.targetPort }}
|
||||
{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeControllerManager.service.selector }}
|
||||
{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: kube-controller-manager
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end }}
|
|
@ -1,40 +0,0 @@
|
|||
{{- if .Values.kubeControllerManager.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
|
||||
spec:
|
||||
jobLabel: component
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Values.kubeControllerManager.namespace }}
|
||||
endpoints:
|
||||
- port: http-metrics
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.https }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
|
||||
insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
|
||||
relabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,18 +0,0 @@
|
|||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
|
||||
namespace: {{ .Values.kubeScheduler.namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: kube-scheduler
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeScheduler.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http-metrics
|
||||
port: {{ .Values.kubeScheduler.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
|
@ -1,25 +0,0 @@
|
|||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
|
||||
namespace: {{ .Values.kubeScheduler.namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: http-metrics
|
||||
port: {{ .Values.kubeScheduler.service.port}}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeScheduler.service.targetPort}}
|
||||
{{- if .Values.kubeScheduler.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeScheduler.service.selector }}
|
||||
{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: kube-scheduler
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end -}}
|
|
@ -1,40 +0,0 @@
|
|||
{{- if .Values.kubeScheduler.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
|
||||
spec:
|
||||
jobLabel: component
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Values.kubeScheduler.namespace }}
|
||||
endpoints:
|
||||
- port: http-metrics
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.https }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
|
||||
insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
|
||||
{{- end}}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,85 +0,0 @@
|
|||
{{- if .Values.kubelet.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.fullname" . }}-kubelet
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/component: kubelet
|
||||
spec:
|
||||
jobLabel: k8s-app
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: kubelet
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Values.kubelet.namespace }}
|
||||
endpoints:
|
||||
{{- if .Values.kubelet.serviceMonitor.https }}
|
||||
- port: https-metrics
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
serverName: kubernetes
|
||||
insecureSkipVerify: true
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
honorLabels: true
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
- port: https-metrics
|
||||
path: /metrics/cadvisor
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
serverName: kubernetes
|
||||
insecureSkipVerify: true
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
honorLabels: true
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
|
||||
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- port: http-metrics
|
||||
scheme: http
|
||||
tlsConfig:
|
||||
insecureSkipVerify: false
|
||||
honorLabels: true
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
- port: http-metrics
|
||||
path: /metrics/cadvisor
|
||||
scheme: http
|
||||
tlsConfig:
|
||||
insecureSkipVerify: false
|
||||
honorLabels: true
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
|
||||
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,31 +0,0 @@
|
|||
{{/* Define the args */}}
|
||||
{{- define "prometheus.operator.args" -}}
|
||||
args:
|
||||
{{- if .Values.operator.kubeletService.enabled }}
|
||||
- --kubelet-service={{ .Values.operator.kubeletService.namespace }}/{{ template "kube-prometheus.fullname" . }}-kubelet
|
||||
{{- end }}
|
||||
{{- if .Values.operator.logFormat }}
|
||||
- --log-format={{ .Values.operator.logFormat }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.logLevel }}
|
||||
- --log-level={{ .Values.operator.logLevel }}
|
||||
{{- end }}
|
||||
- --localhost=127.0.0.1
|
||||
- --prometheus-config-reloader=$(PROMETHEUS_CONFIG_RELOADER)
|
||||
{{- if .Values.operator.configReloaderResources.requests }}
|
||||
{{- if .Values.operator.configReloaderResources.requests.cpu }}
|
||||
- --config-reloader-cpu-request={{ .Values.operator.configReloaderResources.requests.cpu }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.configReloaderResources.requests.memory }}
|
||||
- --config-reloader-memory-request={{ .Values.operator.configReloaderResources.requests.memory }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.configReloaderResources.limits }}
|
||||
{{- if .Values.operator.configReloaderResources.limits.cpu }}
|
||||
- --config-reloader-cpu-limit={{ .Values.operator.configReloaderResources.limits.cpu }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.configReloaderResources.limits.memory }}
|
||||
- --config-reloader-memory-limit={{ .Values.operator.configReloaderResources.limits.memory }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,9 +0,0 @@
|
|||
{{- if .Values.operator.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: prometheus-operator-config
|
||||
labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }}
|
||||
data:
|
||||
prometheus-config-reloader: {{ template "kube-prometheus.prometheusConfigReloader.image" . }}
|
||||
{{- end }}
|
|
@ -1,25 +0,0 @@
|
|||
{{- if and .Values.operator.enabled .Values.operator.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.operator.fullname" . }}
|
||||
labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: http
|
||||
honorLabels: true
|
||||
{{- if .Values.operator.serviceMonitor.interval }}
|
||||
interval: {{ .Values.operator.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.operator.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.operator.serviceMonitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels: {{- include "kube-prometheus.operator.matchLabels" . | nindent 6 }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||
{{- define "prometheus.prometheus.additionalprometheusrules" -}}
|
||||
{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}}
|
||||
{{- range .Values.prometheus.additionalPrometheusRules }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.name" $ }}-{{ .name }}
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
groups: {{- toYaml .groups | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,13 +0,0 @@
|
|||
{{- define "prometheus.prometheus.additionalscrapejobs" -}}
|
||||
{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }}
|
||||
--
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
|
||||
data:
|
||||
scrape-jobs.yaml: {{ include "common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,361 +0,0 @@
|
|||
{{- define "prometheus.prometheus.prometheus" -}}
|
||||
{{- if .Values.prometheus.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Prometheus
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.prometheus.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.prometheus.replicaCount }}
|
||||
serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
|
||||
{{- if .Values.prometheus.serviceMonitorSelector }}
|
||||
serviceMonitorSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
serviceMonitorSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.podMonitorSelector }}
|
||||
podMonitorSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
podMonitorSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.probeSelector }}
|
||||
probeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
probeSelector: {}
|
||||
{{- end }}
|
||||
alerting:
|
||||
alertmanagers:
|
||||
{{- if .Values.prometheus.alertingEndpoints }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }}
|
||||
{{- else if .Values.alertmanager.enabled }}
|
||||
- namespace: {{ .Release.Namespace }}
|
||||
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
|
||||
port: http
|
||||
pathPrefix: "{{ .Values.alertmanager.routePrefix }}"
|
||||
{{- else }}
|
||||
[]
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.image }}
|
||||
image: {{ template "kube-prometheus.prometheus.image" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.externalLabels }}
|
||||
externalLabels: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.prometheusExternalLabelNameClear }}
|
||||
prometheusExternalLabelName: ""
|
||||
{{- else if .Values.prometheus.prometheusExternalLabelName }}
|
||||
prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}"
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.replicaExternalLabelNameClear }}
|
||||
replicaExternalLabelName: ""
|
||||
{{- else if .Values.prometheus.replicaExternalLabelName }}
|
||||
replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}"
|
||||
{{- end }}
|
||||
{{- if index .Values.prometheus "externalUrl" }}
|
||||
externalUrl: "{{ .Values.prometheus.externalUrl }}"
|
||||
{{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }}
|
||||
externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }}
|
||||
{{- else }}
|
||||
externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }}
|
||||
{{- end }}
|
||||
paused: {{ .Values.prometheus.paused }}
|
||||
logLevel: {{ .Values.prometheus.logLevel }}
|
||||
logFormat: {{ .Values.prometheus.logFormat }}
|
||||
listenLocal: {{ .Values.prometheus.listenLocal }}
|
||||
enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }}
|
||||
{{- if .Values.prometheus.enableFeatures }}
|
||||
enableFeatures:
|
||||
{{- range .Values.prometheus.enableFeatures }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.scrapeInterval }}
|
||||
scrapeInterval: {{ .Values.prometheus.scrapeInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.evaluationInterval }}
|
||||
evaluationInterval: {{ .Values.prometheus.evaluationInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.resources }}
|
||||
resources: {{- toYaml .Values.prometheus.resources | nindent 4 }}
|
||||
{{- end }}
|
||||
retention: {{ .Values.prometheus.retention }}
|
||||
{{- if .Values.prometheus.retentionSize }}
|
||||
retentionSize: {{ .Values.prometheus.retentionSize }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.disableCompaction }}
|
||||
disableCompaction: {{ .Values.prometheus.disableCompaction }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.walCompression }}
|
||||
walCompression: {{ .Values.prometheus.walCompression }}
|
||||
{{- end }}
|
||||
portName: "{{ .Values.prometheus.portName }}"
|
||||
routePrefix: "{{ .Values.prometheus.routePrefix }}"
|
||||
{{- if .Values.prometheus.secrets }}
|
||||
secrets: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.configMaps }}
|
||||
configMaps: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.serviceMonitorNamespaceSelector }}
|
||||
serviceMonitorNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
serviceMonitorNamespaceSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.podMonitorNamespaceSelector }}
|
||||
podMonitorNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
podMonitorNamespaceSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.probeNamespaceSelector }}
|
||||
probeNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
probeNamespaceSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.remoteRead }}
|
||||
remoteRead: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.remoteWrite }}
|
||||
remoteWrite: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.ruleNamespaceSelector }}
|
||||
ruleNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
ruleNamespaceSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.ruleSelector }}
|
||||
ruleSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
ruleSelector: {}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.storageSpec }}
|
||||
storage: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }}
|
||||
{{- else if .Values.prometheus.persistence.enabled }}
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes:
|
||||
{{- range .Values.prometheus.persistence.accessModes }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.prometheus.persistence.size | quote }}
|
||||
{{- include "common.storage.class" (dict "persistence" .Values.prometheus.persistence "global" $ ) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
|
||||
podMetadata:
|
||||
labels:
|
||||
{{- if .Values.prometheus.podMetadata.labels }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
|
||||
{{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.podMetadata.annotations }}
|
||||
annotations:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.querySpec }}
|
||||
query: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.affinity }}
|
||||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
{{- if not (empty .Values.prometheus.podAffinityPreset) }}
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.prometheus.podAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.prometheus.podAntiAffinityPreset) }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.prometheus.podAntiAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if not (empty .Values.prometheus.nodeAffinityPreset.values) }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.prometheus.nodeAffinityPreset.type "key" .Values.prometheus.nodeAffinityPreset.key "values" .Values.prometheus.nodeAffinityPreset.values) | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.nodeSelector }}
|
||||
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.tolerations }}
|
||||
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.volumes }}
|
||||
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.volumeMounts }}
|
||||
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
|
||||
additionalScrapeConfigs:
|
||||
{{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }}
|
||||
name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }}
|
||||
key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }}
|
||||
{{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }}
|
||||
name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
|
||||
key: scrape-jobs.yaml
|
||||
{{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
|
||||
name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }}
|
||||
key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }}
|
||||
additionalAlertRelabelConfigs:
|
||||
name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }}
|
||||
key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
|
||||
{{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
|
||||
containers:
|
||||
{{- if .Values.prometheus.thanos.create }}
|
||||
- name: thanos-sidecar
|
||||
image: {{ template "kube-prometheus.prometheus.thanosImage" . }}
|
||||
imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }}
|
||||
args:
|
||||
- sidecar
|
||||
- --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }}
|
||||
- --grpc-address=0.0.0.0:10901
|
||||
- --http-address=0.0.0.0:10902
|
||||
- --tsdb.path=/prometheus/
|
||||
{{- if .Values.prometheus.thanos.objectStorageConfig }}
|
||||
- --objstore.config=$(OBJSTORE_CONFIG)
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.thanos.extraArgs }}
|
||||
{{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.thanos.objectStorageConfig }}
|
||||
env:
|
||||
- name: OBJSTORE_CONFIG
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }}
|
||||
key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.thanos.resources }}
|
||||
resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: thanos
|
||||
containerPort: 10901
|
||||
protocol: TCP
|
||||
- name: http
|
||||
containerPort: 10902
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /prometheus
|
||||
name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db
|
||||
{{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }}
|
||||
subPath: prometheus-db
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.thanos.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.thanos.containerSecurityContext.enabled }}
|
||||
# yamllint disable rule:indentation
|
||||
securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
# yamllint enable rule:indentation
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.thanos.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.prometheus.thanos.livenessProbe.path }}
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.thanos.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.prometheus.thanos.readinessProbe.path }}
|
||||
port: http
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }}
|
||||
## This monkey patching is needed until the securityContexts are
|
||||
## directly patchable via the CRD.
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
|
||||
## currently implemented with strategic merge
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
|
||||
- name: prometheus
|
||||
{{- if .Values.prometheus.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.prometheus.livenessProbe.path }}
|
||||
port: main
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: {{ .Values.prometheus.readinessProbe.path }}
|
||||
port: main
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
|
||||
## This monkey patching is needed until the securityContexts are
|
||||
## directly patchable via the CRD.
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
|
||||
## currently implemented with strategic merge
|
||||
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
|
||||
- name: config-reloader
|
||||
{{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: reloader-web
|
||||
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: reloader-web
|
||||
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
|
||||
failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
|
||||
successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.containers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheus.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,29 +0,0 @@
|
|||
{{- define "prometheus.prometheus.servicemonitor" -}}
|
||||
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.prometheus.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
endpoints:
|
||||
- port: http
|
||||
{{- if .Values.prometheus.serviceMonitor.interval }}
|
||||
interval: {{ .Values.prometheus.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics
|
||||
{{- if .Values.prometheus.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheus.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,41 +0,0 @@
|
|||
{{- if .Values.prometheus.enabled -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.prometheus.fullname" . }}
|
||||
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/metrics
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- nodes/proxy
|
||||
- services
|
||||
- endpoints
|
||||
- pods
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- "watch"
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- "networking.k8s.io"
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- nonResourceURLs:
|
||||
- "/metrics"
|
||||
verbs:
|
||||
- "get"
|
||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||
{{- if .Values.prometheus.enabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.prometheus.fullname" . }}
|
||||
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "kube-prometheus.prometheus.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
|
@ -1,12 +0,0 @@
|
|||
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
|
||||
{{- if index .Values.prometheus.serviceAccount "annotations" }}
|
||||
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus.imagePullSecrets" . }}
|
||||
{{- end }}
|
|
@ -1,99 +0,0 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="traefik-10.0.10"></a>
|
||||
### [traefik-10.0.10](https://github.com/truecharts/apps/compare/traefik-10.0.9...traefik-10.0.10) (2021-11-14)
|
||||
|
||||
#### Chore
|
||||
|
||||
* move traefik and k8s gateway to core train
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.9"></a>
|
||||
### [traefik-10.0.9](https://github.com/truecharts/apps/compare/traefik-10.0.8...traefik-10.0.9) (2021-11-09)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1297](https://github.com/truecharts/apps/issues/1297))
|
||||
* update non-major ([#1296](https://github.com/truecharts/apps/issues/1296))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.8"></a>
|
||||
### [traefik-10.0.8](https://github.com/truecharts/apps/compare/traefik-10.0.7...traefik-10.0.8) (2021-11-07)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1295](https://github.com/truecharts/apps/issues/1295))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.6"></a>
|
||||
### [traefik-10.0.6](https://github.com/truecharts/apps/compare/traefik-10.0.5...traefik-10.0.6) (2021-11-07)
|
||||
|
||||
#### Fix
|
||||
|
||||
* Don't try to run udp services under SCALE (we don't actively test it anyway)
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.5"></a>
|
||||
### [traefik-10.0.5](https://github.com/truecharts/apps/compare/traefik-10.0.4...traefik-10.0.5) (2021-11-07)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1291](https://github.com/truecharts/apps/issues/1291))
|
||||
|
||||
#### Chore
|
||||
|
||||
* Simplify GUI for deployment, persistence and securityContext ([#1289](https://github.com/truecharts/apps/issues/1289))
|
||||
|
||||
#### Feat
|
||||
|
||||
* Simplify the Services GUI ([#1290](https://github.com/truecharts/apps/issues/1290))
|
||||
|
||||
#### Fix
|
||||
|
||||
* prevent duplicate port use and fix some questions.yaml mistakes
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.4"></a>
|
||||
### [traefik-10.0.4](https://github.com/truecharts/apps/compare/traefik-10.0.3...traefik-10.0.4) (2021-11-02)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1267](https://github.com/truecharts/apps/issues/1267))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.3"></a>
|
||||
### [traefik-10.0.3](https://github.com/truecharts/apps/compare/traefik-10.0.2...traefik-10.0.3) (2021-11-01)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1264](https://github.com/truecharts/apps/issues/1264))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.2"></a>
|
||||
### [traefik-10.0.2](https://github.com/truecharts/apps/compare/traefik-10.0.1...traefik-10.0.2) (2021-10-26)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1245](https://github.com/truecharts/apps/issues/1245))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.1"></a>
|
||||
### [traefik-10.0.1](https://github.com/truecharts/apps/compare/traefik-10.0.0...traefik-10.0.1) (2021-10-26)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm chart common to v8.3.15 ([#1240](https://github.com/truecharts/apps/issues/1240))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.0"></a>
|
||||
### [traefik-10.0.0](https://github.com/truecharts/apps/compare/traefik-9.0.19...traefik-10.0.0) (2021-10-25)
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.5.6
|
||||
digest: sha256:c711d63142ad5cb07c166f67914dfd8af0624873e5b4a28e06a758fca11525e8
|
||||
generated: "2021-11-14T10:46:16.319201197Z"
|
|
@ -1,30 +0,0 @@
|
|||
apiVersion: v2
|
||||
appVersion: "2.5.4"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.5.6
|
||||
deprecated: false
|
||||
description: Test App for Traefik
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/traefik
|
||||
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
|
||||
keywords:
|
||||
- traefik
|
||||
- ingress
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: truecharts.org
|
||||
name: traefik
|
||||
sources:
|
||||
- https://github.com/traefik/traefik
|
||||
- https://github.com/traefik/traefik-helm-chart
|
||||
- https://traefik.io/
|
||||
type: application
|
||||
version: 10.0.10
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- network
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -1,39 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
Test App for Traefik
|
||||
|
||||
TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation.
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/traefik/traefik>
|
||||
* <https://github.com/traefik/traefik-helm-chart>
|
||||
* <https://traefik.io/>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org | common | 8.5.6 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/03-Installing-an-App/).
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To remove this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/07-Deleting-an-App/).
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Open-Apps/) first.
|
||||
- See the [Wiki](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
---
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,3 +0,0 @@
|
|||
Test App for Traefik
|
||||
|
||||
This App is supplied by TrueCharts, for more information please visit https://truecharts.org
|
Binary file not shown.
|
@ -1,198 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: ingressroutes.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRoute
|
||||
listKind: IngressRouteList
|
||||
plural: ingressroutes
|
||||
singular: ingressroute
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRoute is an Ingress CRD specification.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteSpec is a specification for a IngressRouteSpec
|
||||
resource.
|
||||
properties:
|
||||
entryPoints:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
items:
|
||||
description: Route contains the set of routes.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Rule
|
||||
type: string
|
||||
match:
|
||||
type: string
|
||||
middlewares:
|
||||
items:
|
||||
description: MiddlewareRef is a ref to the Middleware resources.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
priority:
|
||||
type: integer
|
||||
services:
|
||||
items:
|
||||
description: Service defines an upstream to proxy traffic.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service
|
||||
object (for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The
|
||||
differentiation between the two is specified in the
|
||||
Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for
|
||||
the forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration
|
||||
based on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name
|
||||
references a TraefikService object (and to be precise,
|
||||
one that embeds a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- kind
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: "TLS contains the TLS certificates configuration of the
|
||||
routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
|
||||
YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
|
||||
# block format"
|
||||
properties:
|
||||
certResolver:
|
||||
type: string
|
||||
domains:
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
type: string
|
||||
sans:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: Options is a reference to a TLSOption, that specifies
|
||||
the parameters of the TLS connection.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store is a reference to a TLSStore, that specifies
|
||||
the parameters of the TLS store.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,160 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRouteTCP
|
||||
listKind: IngressRouteTCPList
|
||||
plural: ingressroutetcps
|
||||
singular: ingressroutetcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteTCP is an Ingress CRD specification.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
|
||||
resource.
|
||||
properties:
|
||||
entryPoints:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
items:
|
||||
description: RouteTCP contains the set of routes.
|
||||
properties:
|
||||
match:
|
||||
type: string
|
||||
middlewares:
|
||||
description: Middlewares contains references to MiddlewareTCP
|
||||
resources.
|
||||
items:
|
||||
description: ObjectReference is a generic reference to a Traefik
|
||||
resource.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
services:
|
||||
items:
|
||||
description: ServiceTCP defines an upstream to proxy traffic.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
proxyProtocol:
|
||||
description: ProxyProtocol holds the ProxyProtocol configuration.
|
||||
properties:
|
||||
version:
|
||||
type: integer
|
||||
type: object
|
||||
terminationDelay:
|
||||
type: integer
|
||||
weight:
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- match
|
||||
type: object
|
||||
type: array
|
||||
tls:
|
||||
description: "TLSTCP contains the TLS certificates configuration of
|
||||
the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
|
||||
in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
|
||||
# block format"
|
||||
properties:
|
||||
certResolver:
|
||||
type: string
|
||||
domains:
|
||||
items:
|
||||
description: Domain holds a domain name with SANs.
|
||||
properties:
|
||||
main:
|
||||
type: string
|
||||
sans:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
options:
|
||||
description: Options is a reference to a TLSOption, that specifies
|
||||
the parameters of the TLS connection.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
passthrough:
|
||||
type: boolean
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
store:
|
||||
description: Store is a reference to a TLSStore, that specifies
|
||||
the parameters of the TLS store.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,84 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: IngressRouteUDP
|
||||
listKind: IngressRouteUDPList
|
||||
plural: ingressrouteudps
|
||||
singular: ingressrouteudp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: IngressRouteUDP is an Ingress CRD specification.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
|
||||
resource.
|
||||
properties:
|
||||
entryPoints:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
routes:
|
||||
items:
|
||||
description: RouteUDP contains the set of routes.
|
||||
properties:
|
||||
services:
|
||||
items:
|
||||
description: ServiceUDP defines an upstream to proxy traffic.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
weight:
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
- port
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- routes
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,563 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: middlewares.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: Middleware
|
||||
listKind: MiddlewareList
|
||||
plural: middlewares
|
||||
singular: middleware
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Middleware is a specification for a Middleware resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareSpec holds the Middleware configuration.
|
||||
properties:
|
||||
addPrefix:
|
||||
description: AddPrefix holds the AddPrefix configuration.
|
||||
properties:
|
||||
prefix:
|
||||
type: string
|
||||
type: object
|
||||
basicAuth:
|
||||
description: BasicAuth holds the HTTP basic authentication configuration.
|
||||
properties:
|
||||
headerField:
|
||||
type: string
|
||||
realm:
|
||||
type: string
|
||||
removeHeader:
|
||||
type: boolean
|
||||
secret:
|
||||
type: string
|
||||
type: object
|
||||
buffering:
|
||||
description: Buffering holds the request/response buffering configuration.
|
||||
properties:
|
||||
maxRequestBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
maxResponseBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
memRequestBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
memResponseBodyBytes:
|
||||
format: int64
|
||||
type: integer
|
||||
retryExpression:
|
||||
type: string
|
||||
type: object
|
||||
chain:
|
||||
description: Chain holds a chain of middlewares.
|
||||
properties:
|
||||
middlewares:
|
||||
items:
|
||||
description: MiddlewareRef is a ref to the Middleware resources.
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
circuitBreaker:
|
||||
description: CircuitBreaker holds the circuit breaker configuration.
|
||||
properties:
|
||||
expression:
|
||||
type: string
|
||||
type: object
|
||||
compress:
|
||||
description: Compress holds the compress configuration.
|
||||
properties:
|
||||
excludedContentTypes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
contentType:
|
||||
description: ContentType middleware - or rather its unique `autoDetect`
|
||||
option - specifies whether to let the `Content-Type` header, if
|
||||
it has not been set by the backend, be automatically set to a value
|
||||
derived from the contents of the response. As a proxy, the default
|
||||
behavior should be to leave the header alone, regardless of what
|
||||
the backend did with it. However, the historic default was to always
|
||||
auto-detect and set the header if it was nil, and it is going to
|
||||
be kept that way in order to support users currently relying on
|
||||
it. This middleware exists to enable the correct behavior until
|
||||
at least the default one can be changed in a future version.
|
||||
properties:
|
||||
autoDetect:
|
||||
type: boolean
|
||||
type: object
|
||||
digestAuth:
|
||||
description: DigestAuth holds the Digest HTTP authentication configuration.
|
||||
properties:
|
||||
headerField:
|
||||
type: string
|
||||
realm:
|
||||
type: string
|
||||
removeHeader:
|
||||
type: boolean
|
||||
secret:
|
||||
type: string
|
||||
type: object
|
||||
errors:
|
||||
description: ErrorPage holds the custom error page configuration.
|
||||
properties:
|
||||
query:
|
||||
type: string
|
||||
service:
|
||||
description: Service defines an upstream to proxy traffic.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service object
|
||||
(for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for the
|
||||
forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based
|
||||
on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
status:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
forwardAuth:
|
||||
description: ForwardAuth holds the http forward authentication configuration.
|
||||
properties:
|
||||
address:
|
||||
type: string
|
||||
authRequestHeaders:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeaders:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
authResponseHeadersRegex:
|
||||
type: string
|
||||
tls:
|
||||
description: ClientTLS holds TLS specific configurations as client.
|
||||
properties:
|
||||
caOptional:
|
||||
type: boolean
|
||||
caSecret:
|
||||
type: string
|
||||
certSecret:
|
||||
type: string
|
||||
insecureSkipVerify:
|
||||
type: boolean
|
||||
type: object
|
||||
trustForwardHeader:
|
||||
type: boolean
|
||||
type: object
|
||||
headers:
|
||||
description: Headers holds the custom header configuration.
|
||||
properties:
|
||||
accessControlAllowCredentials:
|
||||
description: AccessControlAllowCredentials is only valid if true.
|
||||
false is ignored.
|
||||
type: boolean
|
||||
accessControlAllowHeaders:
|
||||
description: AccessControlAllowHeaders must be used in response
|
||||
to a preflight request with Access-Control-Request-Headers set.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowMethods:
|
||||
description: AccessControlAllowMethods must be used in response
|
||||
to a preflight request with Access-Control-Request-Method set.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginList:
|
||||
description: AccessControlAllowOriginList is a list of allowable
|
||||
origins. Can also be a wildcard origin "*".
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlAllowOriginListRegex:
|
||||
description: AccessControlAllowOriginListRegex is a list of allowable
|
||||
origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlExposeHeaders:
|
||||
description: AccessControlExposeHeaders sets valid headers for
|
||||
the response.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
accessControlMaxAge:
|
||||
description: AccessControlMaxAge sets the time that a preflight
|
||||
request may be cached.
|
||||
format: int64
|
||||
type: integer
|
||||
addVaryHeader:
|
||||
description: AddVaryHeader controls if the Vary header is automatically
|
||||
added/updated when the AccessControlAllowOriginList is set.
|
||||
type: boolean
|
||||
allowedHosts:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
browserXssFilter:
|
||||
type: boolean
|
||||
contentSecurityPolicy:
|
||||
type: string
|
||||
contentTypeNosniff:
|
||||
type: boolean
|
||||
customBrowserXSSValue:
|
||||
type: string
|
||||
customFrameOptionsValue:
|
||||
type: string
|
||||
customRequestHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
customResponseHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
featurePolicy:
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
type: boolean
|
||||
frameDeny:
|
||||
type: boolean
|
||||
hostsProxyHeaders:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
isDevelopment:
|
||||
type: boolean
|
||||
publicKey:
|
||||
type: string
|
||||
referrerPolicy:
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
type: boolean
|
||||
stsPreload:
|
||||
type: boolean
|
||||
stsSeconds:
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
inFlightReq:
|
||||
description: InFlightReq limits the number of requests being processed
|
||||
and served concurrently.
|
||||
properties:
|
||||
amount:
|
||||
format: int64
|
||||
type: integer
|
||||
sourceCriterion:
|
||||
description: SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If none
|
||||
are set, the default is to use the request's remote address
|
||||
field. All fields are mutually exclusive.
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: IPStrategy holds the ip strategy configuration.
|
||||
properties:
|
||||
depth:
|
||||
type: integer
|
||||
excludedIPs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
type: string
|
||||
requestHost:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
ipWhiteList:
|
||||
description: IPWhiteList holds the ip white list configuration.
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: IPStrategy holds the ip strategy configuration.
|
||||
properties:
|
||||
depth:
|
||||
type: integer
|
||||
excludedIPs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
sourceRange:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
passTLSClientCert:
|
||||
description: PassTLSClientCert holds the TLS client cert headers configuration.
|
||||
properties:
|
||||
info:
|
||||
description: TLSClientCertificateInfo holds the client TLS certificate
|
||||
info configuration.
|
||||
properties:
|
||||
issuer:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
type: boolean
|
||||
country:
|
||||
type: boolean
|
||||
domainComponent:
|
||||
type: boolean
|
||||
locality:
|
||||
type: boolean
|
||||
organization:
|
||||
type: boolean
|
||||
province:
|
||||
type: boolean
|
||||
serialNumber:
|
||||
type: boolean
|
||||
type: object
|
||||
notAfter:
|
||||
type: boolean
|
||||
notBefore:
|
||||
type: boolean
|
||||
sans:
|
||||
type: boolean
|
||||
serialNumber:
|
||||
type: boolean
|
||||
subject:
|
||||
description: TLSCLientCertificateDNInfo holds the client TLS
|
||||
certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739
|
||||
properties:
|
||||
commonName:
|
||||
type: boolean
|
||||
country:
|
||||
type: boolean
|
||||
domainComponent:
|
||||
type: boolean
|
||||
locality:
|
||||
type: boolean
|
||||
organization:
|
||||
type: boolean
|
||||
province:
|
||||
type: boolean
|
||||
serialNumber:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
pem:
|
||||
type: boolean
|
||||
type: object
|
||||
plugin:
|
||||
additionalProperties:
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
type: object
|
||||
rateLimit:
|
||||
description: RateLimit holds the rate limiting configuration for a
|
||||
given router.
|
||||
properties:
|
||||
average:
|
||||
format: int64
|
||||
type: integer
|
||||
burst:
|
||||
format: int64
|
||||
type: integer
|
||||
period:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
sourceCriterion:
|
||||
description: SourceCriterion defines what criterion is used to
|
||||
group requests as originating from a common source. If none
|
||||
are set, the default is to use the request's remote address
|
||||
field. All fields are mutually exclusive.
|
||||
properties:
|
||||
ipStrategy:
|
||||
description: IPStrategy holds the ip strategy configuration.
|
||||
properties:
|
||||
depth:
|
||||
type: integer
|
||||
excludedIPs:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
requestHeaderName:
|
||||
type: string
|
||||
requestHost:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
redirectRegex:
|
||||
description: RedirectRegex holds the redirection configuration.
|
||||
properties:
|
||||
permanent:
|
||||
type: boolean
|
||||
regex:
|
||||
type: string
|
||||
replacement:
|
||||
type: string
|
||||
type: object
|
||||
redirectScheme:
|
||||
description: RedirectScheme holds the scheme redirection configuration.
|
||||
properties:
|
||||
permanent:
|
||||
type: boolean
|
||||
port:
|
||||
type: string
|
||||
scheme:
|
||||
type: string
|
||||
type: object
|
||||
replacePath:
|
||||
description: ReplacePath holds the ReplacePath configuration.
|
||||
properties:
|
||||
path:
|
||||
type: string
|
||||
type: object
|
||||
replacePathRegex:
|
||||
description: ReplacePathRegex holds the ReplacePathRegex configuration.
|
||||
properties:
|
||||
regex:
|
||||
type: string
|
||||
replacement:
|
||||
type: string
|
||||
type: object
|
||||
retry:
|
||||
description: Retry holds the retry configuration.
|
||||
properties:
|
||||
attempts:
|
||||
type: integer
|
||||
initialInterval:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
stripPrefix:
|
||||
description: StripPrefix holds the StripPrefix configuration.
|
||||
properties:
|
||||
forceSlash:
|
||||
type: boolean
|
||||
prefixes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
stripPrefixRegex:
|
||||
description: StripPrefixRegex holds the StripPrefixRegex configuration.
|
||||
properties:
|
||||
regex:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,59 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: middlewaretcps.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: MiddlewareTCP
|
||||
listKind: MiddlewareTCPList
|
||||
plural: middlewaretcps
|
||||
singular: middlewaretcp
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
|
||||
properties:
|
||||
ipWhiteList:
|
||||
description: TCPIPWhiteList holds the TCP ip white list configuration.
|
||||
properties:
|
||||
sourceRange:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,101 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: serverstransports.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: ServersTransport
|
||||
listKind: ServersTransportList
|
||||
plural: serverstransports
|
||||
singular: serverstransport
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: ServersTransport is a specification for a ServersTransport resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: ServersTransportSpec options to configure communication between
|
||||
Traefik and the servers.
|
||||
properties:
|
||||
certificatesSecrets:
|
||||
description: Certificates for mTLS.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
disableHTTP2:
|
||||
description: Disable HTTP/2 for connections with backend servers.
|
||||
type: boolean
|
||||
forwardingTimeouts:
|
||||
description: Timeouts for requests forwarded to the backend servers.
|
||||
properties:
|
||||
dialTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: The amount of time to wait until a connection to
|
||||
a backend server can be established. If zero, no timeout exists.
|
||||
x-kubernetes-int-or-string: true
|
||||
idleConnTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: The maximum period for which an idle HTTP keep-alive
|
||||
connection will remain open before closing itself.
|
||||
x-kubernetes-int-or-string: true
|
||||
responseHeaderTimeout:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: The amount of time to wait for a server's response
|
||||
headers after fully writing the request (including its body,
|
||||
if any). If zero, no timeout exists.
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
insecureSkipVerify:
|
||||
description: Disable SSL certificate verification.
|
||||
type: boolean
|
||||
maxIdleConnsPerHost:
|
||||
description: If non-zero, controls the maximum idle (keep-alive) to
|
||||
keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
|
||||
type: integer
|
||||
rootCAsSecrets:
|
||||
description: Add cert file for self-signed certificate.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
serverName:
|
||||
description: ServerName used to contact the server.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,87 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TLSOption
|
||||
listKind: TLSOptionList
|
||||
plural: tlsoptions
|
||||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TLSOption is a specification for a TLSOption resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSOptionSpec configures TLS for an entry point.
|
||||
properties:
|
||||
cipherSuites:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clientAuth:
|
||||
description: ClientAuth defines the parameters of the client authentication
|
||||
part of the TLS connection, if any.
|
||||
properties:
|
||||
clientAuthType:
|
||||
description: ClientAuthType defines the client authentication
|
||||
type to apply.
|
||||
enum:
|
||||
- NoClientCert
|
||||
- RequestClientCert
|
||||
- VerifyClientCertIfGiven
|
||||
- RequireAndVerifyClientCert
|
||||
type: string
|
||||
secretNames:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
curvePreferences:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
maxVersion:
|
||||
type: string
|
||||
minVersion:
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
type: boolean
|
||||
sniStrict:
|
||||
type: boolean
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,64 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: tlsstores.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TLSStore
|
||||
listKind: TLSStoreList
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TLSStore is a specification for a TLSStore resource.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSStoreSpec configures a TLSStore resource.
|
||||
properties:
|
||||
defaultCertificate:
|
||||
description: DefaultCertificate holds a secret name for the TLSOption
|
||||
resource.
|
||||
properties:
|
||||
secretName:
|
||||
description: SecretName is the name of the referenced Kubernetes
|
||||
Secret to specify the certificate details.
|
||||
type: string
|
||||
required:
|
||||
- secretName
|
||||
type: object
|
||||
required:
|
||||
- defaultCertificate
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,270 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
"helm.sh/hook": pre-install,pre-upgrade,pre-rollback
|
||||
controller-gen.kubebuilder.io/version: v0.4.1
|
||||
creationTimestamp: null
|
||||
name: traefikservices.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TraefikService
|
||||
listKind: TraefikServiceList
|
||||
plural: traefikservices
|
||||
singular: traefikservice
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: TraefikService is the specification for a service (that an IngressRoute
|
||||
refers to) that is usually not a terminal service (i.e. not a pod of servers),
|
||||
as opposed to a Kubernetes Service. That is to say, it usually refers to
|
||||
other (children) services, which themselves can be TraefikServices or Services.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: ServiceSpec defines whether a TraefikService is a load-balancer
|
||||
of services or a mirroring service.
|
||||
properties:
|
||||
mirroring:
|
||||
description: Mirroring defines a mirroring service, which is composed
|
||||
of a main load-balancer, and a list of mirrors.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
maxBodySize:
|
||||
format: int64
|
||||
type: integer
|
||||
mirrors:
|
||||
items:
|
||||
description: MirrorService defines one of the mirrors of a Mirroring
|
||||
service.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service
|
||||
object (for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
percent:
|
||||
type: integer
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for
|
||||
the forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based
|
||||
on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service object
|
||||
(for a load-balancer of servers), or to a TraefikService object
|
||||
(service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for the forward
|
||||
of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based on
|
||||
cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
weighted:
|
||||
description: WeightedRoundRobin defines a load-balancer of services.
|
||||
properties:
|
||||
services:
|
||||
items:
|
||||
description: Service defines an upstream to proxy traffic.
|
||||
properties:
|
||||
kind:
|
||||
enum:
|
||||
- Service
|
||||
- TraefikService
|
||||
type: string
|
||||
name:
|
||||
description: Name is a reference to a Kubernetes Service
|
||||
object (for a load-balancer of servers), or to a TraefikService
|
||||
object (service load-balancer, mirroring, etc). The differentiation
|
||||
between the two is specified in the Kind field.
|
||||
type: string
|
||||
namespace:
|
||||
type: string
|
||||
passHostHeader:
|
||||
type: boolean
|
||||
port:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
responseForwarding:
|
||||
description: ResponseForwarding holds configuration for
|
||||
the forward of the response.
|
||||
properties:
|
||||
flushInterval:
|
||||
type: string
|
||||
type: object
|
||||
scheme:
|
||||
type: string
|
||||
serversTransport:
|
||||
type: string
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based
|
||||
on cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
strategy:
|
||||
type: string
|
||||
weight:
|
||||
description: Weight should only be specified when Name references
|
||||
a TraefikService object (and to be precise, one that embeds
|
||||
a Weighted Round Robin).
|
||||
type: integer
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
sticky:
|
||||
description: Sticky holds the sticky configuration.
|
||||
properties:
|
||||
cookie:
|
||||
description: Cookie holds the sticky configuration based on
|
||||
cookie.
|
||||
properties:
|
||||
httpOnly:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
sameSite:
|
||||
type: string
|
||||
secure:
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
|
@ -1,48 +0,0 @@
|
|||
# Default Helm-Values
|
||||
|
||||
TrueCharts is primarily build to supply TrueNAS SCALE Apps.
|
||||
However, we also supply all Apps as standard Helm-Charts. In this document we aim to document the default values in our values.yaml file.
|
||||
|
||||
Most of our Apps also consume our "common" Helm Chart.
|
||||
If this is the case, this means that all values.yaml values are set to the common chart values.yaml by default. This values.yaml file will only contain values that deviate from the common chart.
|
||||
You will, however, be able to use all values referenced in the common chart here, besides the values listed in this document.
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| additionalArguments[0] | string | `"--metrics.prometheus"` | |
|
||||
| additionalArguments[1] | string | `"--ping"` | |
|
||||
| additionalArguments[2] | string | `"--serverstransport.insecureskipverify=true"` | |
|
||||
| additionalArguments[3] | string | `"--providers.kubernetesingress.allowexternalnameservices=true"` | |
|
||||
| globalArguments[0] | string | `"--global.checknewversion"` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"traefik"` | |
|
||||
| image.tag | string | `"v2.5.4@sha256:87863e384e0a6466bd88fe6295b5d76d26f4280d95cb58af91d8fc7160e35a50"` | |
|
||||
| ingressClass | object | `{"enabled":false,"fallbackApiVersion":"","isDefaultClass":false}` | Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x |
|
||||
| ingressRoute | object | `{"dashboard":{"annotations":{},"enabled":true,"labels":{}}}` | Create an IngressRoute for the dashboard |
|
||||
| logs | object | `{"access":{"enabled":false,"fields":{"general":{"defaultmode":"keep","names":{}},"headers":{"defaultmode":"drop","names":{}}},"filters":{}},"general":{"level":"ERROR"}}` | Logs https://docs.traefik.io/observability/logs/ |
|
||||
| metrics.prometheus.entryPoint | string | `"metrics"` | |
|
||||
| middlewares | object | `{"basicAuth":[],"chain":[],"forwardAuth":[],"ipWhiteList":[],"rateLimit":[],"redirectRegex":[],"redirectScheme":[]}` | SCALE Middleware Handlers |
|
||||
| pilot | object | `{"enabled":false,"token":""}` | Activate Pilot integration |
|
||||
| portalhook.enabled | bool | `true` | |
|
||||
| probes.liveness | object | See below | Liveness probe configuration |
|
||||
| probes.liveness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
|
||||
| probes.liveness.type | string | "TCP" | sets the probe type when not using a custom probe |
|
||||
| probes.readiness | object | See below | Redainess probe configuration |
|
||||
| probes.readiness.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
|
||||
| probes.readiness.type | string | "TCP" | sets the probe type when not using a custom probe |
|
||||
| probes.startup | object | See below | Startup probe configuration |
|
||||
| probes.startup.path | string | "/" | If a HTTP probe is used (default for HTTP/HTTPS services) this path is used |
|
||||
| probes.startup.type | string | "TCP" | sets the probe type when not using a custom probe |
|
||||
| providers.kubernetesCRD.enabled | bool | `true` | |
|
||||
| providers.kubernetesCRD.namespaces | list | `[]` | |
|
||||
| providers.kubernetesIngress.enabled | bool | `true` | |
|
||||
| providers.kubernetesIngress.namespaces | list | `[]` | |
|
||||
| providers.kubernetesIngress.publishedService.enabled | bool | `true` | |
|
||||
| rbac | object | `{"enabled":true,"rules":[{"apiGroups":[""],"resources":["services","endpoints","secrets"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses","ingressclasses"],"verbs":["get","list","watch"]},{"apiGroups":["extensions","networking.k8s.io"],"resources":["ingresses/status"],"verbs":["update"]},{"apiGroups":["traefik.containo.us"],"resources":["ingressroutes","ingressroutetcps","ingressrouteudps","middlewares","middlewaretcps","tlsoptions","tlsstores","traefikservices","serverstransports"],"verbs":["get","list","watch"]}]}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
|
||||
| service | object | `{"main":{"enabled":true,"ports":{"main":{"enabled":true,"port":9000,"protocol":"HTTP","targetPort":9000}},"type":"LoadBalancer"},"metrics":{"enabled":true,"ports":{"metrics":{"enabled":true,"port":9100,"protocol":"HTTP","targetPort":9100}},"type":"LoadBalancer"},"tcp":{"enabled":true,"ports":{"web":{"enabled":true,"port":9080,"protocol":"HTTP","redirectTo":"websecure"},"websecure":{"enabled":true,"port":9443,"protocol":"HTTPS"}},"type":"LoadBalancer"},"udp":{"enabled":false}}` | Options for the main traefik service, where the entrypoints traffic comes from from. |
|
||||
| serviceAccount | object | `{"create":true}` | The service account the pods will use to interact with the Kubernetes API |
|
||||
| tlsOptions | object | `{"default":{"cipherSuites":["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305","TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_CHACHA20_POLY1305_SHA256"],"curvePreferences":["CurveP521","CurveP384"],"minVersion":"VersionTLS12","sniStrict":false}}` | TLS Options to be created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options Example: |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -1,312 +0,0 @@
|
|||
# Default values for Traefik
|
||||
image:
|
||||
repository: traefik
|
||||
# defaults to appVersion
|
||||
tag: v2.5.4@sha256:87863e384e0a6466bd88fe6295b5d76d26f4280d95cb58af91d8fc7160e35a50
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||
ingressClass:
|
||||
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||
enabled: false
|
||||
isDefaultClass: false
|
||||
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||
fallbackApiVersion: ""
|
||||
|
||||
# -- Activate Pilot integration
|
||||
pilot:
|
||||
enabled: false
|
||||
token: ""
|
||||
# Toggle Pilot Dashboard
|
||||
# dashboard: false
|
||||
|
||||
# -- Create an IngressRoute for the dashboard
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: true
|
||||
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||
annotations: {}
|
||||
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||
labels: {}
|
||||
|
||||
#
|
||||
# -- Configure providers
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
namespaces: []
|
||||
# - "default"
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
# labelSelector: environment=production,method=traefik
|
||||
namespaces: []
|
||||
# - "default"
|
||||
# IP used for Kubernetes Ingress endpoints
|
||||
publishedService:
|
||||
enabled: true
|
||||
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||
# By default this Traefik service
|
||||
# pathOverride: ""
|
||||
|
||||
# -- Logs
|
||||
# https://docs.traefik.io/observability/logs/
|
||||
logs:
|
||||
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
||||
general:
|
||||
# By default, the logs use a text format (common), but you can
|
||||
# also ask for the json format in the format option
|
||||
# format: json
|
||||
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
|
||||
level: ERROR
|
||||
access:
|
||||
# To enable access logs
|
||||
enabled: false
|
||||
# By default, logs are written using the Common Log Format (CLF).
|
||||
# To write logs in JSON, use json in the format option.
|
||||
# If the given format is unsupported, the default (CLF) is used instead.
|
||||
# format: json
|
||||
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
|
||||
# This option represents the number of log lines Traefik will keep in memory before writing
|
||||
# them to the selected output. In some cases, this option can greatly help performances.
|
||||
# bufferingSize: 100
|
||||
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
||||
filters: {}
|
||||
# statuscodes: "200,300-302"
|
||||
# retryattempts: true
|
||||
# minduration: 10ms
|
||||
# Fields
|
||||
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||
fields:
|
||||
general:
|
||||
defaultmode: keep
|
||||
names: {}
|
||||
# Examples:
|
||||
# ClientUsername: drop
|
||||
headers:
|
||||
defaultmode: drop
|
||||
names: {}
|
||||
# Examples:
|
||||
# User-Agent: redact
|
||||
# Authorization: drop
|
||||
# Content-Type: keep
|
||||
|
||||
metrics:
|
||||
# datadog:
|
||||
# address: 127.0.0.1:8125
|
||||
# influxdb:
|
||||
# address: localhost:8089
|
||||
# protocol: udp
|
||||
prometheus:
|
||||
entryPoint: metrics
|
||||
# statsd:
|
||||
# address: localhost:8125
|
||||
|
||||
globalArguments:
|
||||
- "--global.checknewversion"
|
||||
|
||||
##
|
||||
# -- Additional arguments to be passed at Traefik's binary
|
||||
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||||
additionalArguments:
|
||||
- "--metrics.prometheus"
|
||||
- "--ping"
|
||||
- "--serverstransport.insecureskipverify=true"
|
||||
- "--providers.kubernetesingress.allowexternalnameservices=true"
|
||||
|
||||
# -- TLS Options to be created as TLSOption CRDs
|
||||
# https://doc.traefik.io/traefik/https/tls/#tls-options
|
||||
# Example:
|
||||
tlsOptions:
|
||||
default:
|
||||
sniStrict: false
|
||||
minVersion: VersionTLS12
|
||||
curvePreferences:
|
||||
- CurveP521
|
||||
- CurveP384
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
|
||||
# -- Options for the main traefik service, where the entrypoints traffic comes from
|
||||
# from.
|
||||
service:
|
||||
main:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
main:
|
||||
enabled: true
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
protocol: HTTP
|
||||
tcp:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
web:
|
||||
enabled: true
|
||||
port: 9080
|
||||
protocol: HTTP
|
||||
redirectTo: websecure
|
||||
websecure:
|
||||
enabled: true
|
||||
port: 9443
|
||||
protocol: HTTPS
|
||||
# tcpexample:
|
||||
# enabled: true
|
||||
# targetPort: 9443
|
||||
# protocol: TCP
|
||||
# tls:
|
||||
# enabled: false
|
||||
# # this is the name of a TLSOption definition
|
||||
# options: ""
|
||||
# certResolver: ""
|
||||
# domains: []
|
||||
# # - main: example.com
|
||||
# # sans:
|
||||
# # - foo.example.com
|
||||
# # - bar.example.com
|
||||
metrics:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 9100
|
||||
targetPort: 9100
|
||||
protocol: HTTP
|
||||
udp:
|
||||
enabled: false
|
||||
|
||||
probes:
|
||||
# -- Liveness probe configuration
|
||||
# @default -- See below
|
||||
liveness:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: HTTP
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
path: "/ping"
|
||||
|
||||
# -- Redainess probe configuration
|
||||
# @default -- See below
|
||||
readiness:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: HTTP
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
path: "/ping"
|
||||
|
||||
# -- Startup probe configuration
|
||||
# @default -- See below
|
||||
startup:
|
||||
# -- sets the probe type when not using a custom probe
|
||||
# @default -- "TCP"
|
||||
type: HTTP
|
||||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
path: "/ping"
|
||||
|
||||
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||
rbac:
|
||||
enabled: true
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
- ingressclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- traefik.containo.us
|
||||
resources:
|
||||
- ingressroutes
|
||||
- ingressroutetcps
|
||||
- ingressrouteudps
|
||||
- middlewares
|
||||
- middlewaretcps
|
||||
- tlsoptions
|
||||
- tlsstores
|
||||
- traefikservices
|
||||
- serverstransports
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# -- The service account the pods will use to interact with the Kubernetes API
|
||||
serviceAccount:
|
||||
create: true
|
||||
|
||||
# -- SCALE Middleware Handlers
|
||||
middlewares:
|
||||
basicAuth: []
|
||||
# - name: basicauthexample
|
||||
# users:
|
||||
# - username: testuser
|
||||
# password: testpassword
|
||||
forwardAuth: []
|
||||
# - name: forwardAuthexample
|
||||
# address: https://auth.example.com/
|
||||
# authResponseHeaders:
|
||||
# - X-Secret
|
||||
# - X-Auth-User
|
||||
# authRequestHeaders:
|
||||
# - "Accept"
|
||||
# - "X-CustomHeader"
|
||||
# authResponseHeadersRegex: "^X-"
|
||||
# trustForwardHeader: true
|
||||
chain: []
|
||||
# - name: chainname
|
||||
# middlewares:
|
||||
# - name: compress
|
||||
redirectScheme: []
|
||||
# - name: redirectSchemeName
|
||||
# scheme: https
|
||||
# permanent: true
|
||||
rateLimit: []
|
||||
# - name: rateLimitName
|
||||
# average: 300
|
||||
# burst: 200
|
||||
redirectRegex: []
|
||||
# - name: redirectRegexName
|
||||
# regex: putregexhere
|
||||
# replacement: replacementurlhere
|
||||
# permanent: false
|
||||
ipWhiteList: []
|
||||
# - name: ipWhiteListName
|
||||
# sourceRange: []
|
||||
# ipStrategy:
|
||||
# depth: 2
|
||||
# excludedIPs: []
|
||||
|
||||
portalhook:
|
||||
enabled: true
|
File diff suppressed because it is too large
Load Diff
|
@ -1,141 +0,0 @@
|
|||
{{/* Define the args */}}
|
||||
{{- define "traefik.args" -}}
|
||||
args:
|
||||
{{/* merge all ports */}}
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* start of actual arguments */}}
|
||||
{{- with .Values.globalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $config := $ports }}
|
||||
{{- if $config }}
|
||||
{{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
|
||||
{{- $_ := set $config "protocol" "TCP" }}
|
||||
{{- end }}
|
||||
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--api.dashboard=true"
|
||||
- "--ping=true"
|
||||
{{- if .Values.metrics }}
|
||||
{{- if .Values.metrics.datadog }}
|
||||
- "--metrics.datadog=true"
|
||||
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.influxdb }}
|
||||
- "--metrics.influxdb=true"
|
||||
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
|
||||
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.prometheus }}
|
||||
- "--metrics.prometheus=true"
|
||||
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.statsd }}
|
||||
- "--metrics.statsd=true"
|
||||
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress"
|
||||
{{- if and .Values.providers.kubernetesIngress.publishedService.enabled }}
|
||||
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.labelSelector }}
|
||||
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $entrypoint, $config := $ports }}
|
||||
{{- if $config.redirectTo }}
|
||||
{{- $toPort := index $ports $config.redirectTo }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||
{{- end }}
|
||||
{{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
|
||||
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
|
||||
{{- if $config.tls.options }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.certResolver }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.domains }}
|
||||
{{- range $index, $domain := $config.tls.domains }}
|
||||
{{- if $domain.main }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
|
||||
{{- end }}
|
||||
{{- if $domain.sans }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.logs }}
|
||||
{{- if .general.format }}
|
||||
- "--log.format={{ .general.format }}"
|
||||
{{- end }}
|
||||
{{- if ne .general.level "ERROR" }}
|
||||
- "--log.level={{ .general.level | upper }}"
|
||||
{{- end }}
|
||||
{{- if .access.enabled }}
|
||||
- "--accesslog=true"
|
||||
{{- if .access.format }}
|
||||
- "--accesslog.format={{ .access.format }}"
|
||||
{{- end }}
|
||||
{{- if .access.bufferingsize }}
|
||||
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters }}
|
||||
{{- if .access.filters.statuscodes }}
|
||||
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters.retryattempts }}
|
||||
- "--accesslog.filters.retryattempts"
|
||||
{{- end }}
|
||||
{{- if .access.filters.minduration }}
|
||||
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
|
||||
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
|
||||
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.pilot.enabled }}
|
||||
- "--pilot.token={{ .Values.pilot.token }}"
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.pilot "dashboard" }}
|
||||
- "--pilot.dashboard={{ .Values.pilot.dashboard }}"
|
||||
{{- end }}
|
||||
{{- with .Values.additionalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,22 +0,0 @@
|
|||
{{/*
|
||||
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
|
||||
By convention this will simply use the <namespace>/<service-name> to match the name of the
|
||||
service generated.
|
||||
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
|
||||
{{- $fullName := include "common.names.fullname" . -}}
|
||||
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
|
||||
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
|
||||
{{- print $servicePath | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Construct a comma-separated list of whitelisted namespaces
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
|
||||
{{- end -}}
|
||||
{{- define "providers.kubernetesCRD.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
|
||||
{{- end -}}
|
|
@ -1,24 +0,0 @@
|
|||
{{/* Define the ingressClass */}}
|
||||
{{- define "traefik.ingressClass" -}}
|
||||
{{- if .Values.ingressClass.enabled }}
|
||||
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
|
||||
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
|
||||
{{- else }}
|
||||
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
|
||||
{{- end }}
|
||||
---
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
annotations:
|
||||
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
name: {{ .Release.Name }}
|
||||
spec:
|
||||
controller: traefik.io/ingress-controller
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,25 +0,0 @@
|
|||
{{/* Define the ingressRoute */}}
|
||||
{{- define "traefik.ingressRoute" -}}
|
||||
{{- if .Values.ingressRoute.dashboard.enabled }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}-dashboard
|
||||
annotations:
|
||||
{{- with .Values.ingressRoute.dashboard.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
spec:
|
||||
entryPoints:
|
||||
- main
|
||||
routes:
|
||||
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: api@internal
|
||||
kind: TraefikService
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,26 +0,0 @@
|
|||
{{/* Define the portalHook */}}
|
||||
{{- define "traefik.portalhook" -}}
|
||||
{{- if .Values.portalhook.enabled }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: portalhook
|
||||
namespace: {{ $namespace }}
|
||||
data:
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $value := $ports }}
|
||||
{{ $name }}: {{ $value.port | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,12 +0,0 @@
|
|||
{{/* Define the tlsOptions */}}
|
||||
{{- define "traefik.tlsOptions" -}}
|
||||
{{- range $name, $config := .Values.tlsOptions }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
spec:
|
||||
{{- toYaml $config | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -1,24 +0,0 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "common.setup" . }}
|
||||
|
||||
{{- if .Values.metrics }}
|
||||
{{- if .Values.metrics.prometheus }}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "9100" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
|
||||
{{- $_ := set .Values "newArgs" $newArgs -}}
|
||||
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
|
||||
{{- $_ := set .Values "args" $mergedargs -}}
|
||||
|
||||
{{- include "traefik.portalhook" . }}
|
||||
{{- include "traefik.tlsOptions" . }}
|
||||
{{- include "traefik.ingressRoute" . }}
|
||||
{{- include "traefik.ingressClass" . }}
|
||||
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
|
@ -1,65 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: compress
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
compress: {}
|
||||
---
|
||||
# Here, an average of 300 requests per second is allowed.
|
||||
# In addition, a burst of 200 requests is allowed.
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-ratelimit
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: 300
|
||||
burst: 200
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-secure-headers
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
accessControlMaxAge: 100
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
# stsIncludeSubdomains: false
|
||||
# stsPreload: false
|
||||
forceSTSHeader: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
sslForceHost: true
|
||||
referrerPolicy: same-origin
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
customResponseHeaders:
|
||||
X-Robots-Tag: 'none'
|
||||
server: ''
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: chain-basic
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: basic-ratelimit
|
||||
- name: basic-secure-headers
|
||||
- name: compress
|
|
@ -1,34 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
|
||||
---
|
||||
{{- $users := list }}
|
||||
{{ range $index, $userdata := $middlewareData.users }}
|
||||
{{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }}
|
||||
{{ end }}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{printf "%v-%v" $middlewareData.name "secret" }}
|
||||
namespace: {{ $namespace }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
users: |
|
||||
{{- range $index, $user := $users }}
|
||||
{{ printf "%s" $user }}
|
||||
{{- end }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: {{printf "%v-%v" $middlewareData.name "secret" }}
|
||||
{{ end }}
|
|
@ -1,21 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.chain }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
{{ range $index, $chainData := . }}
|
||||
- name: {{ printf "%v-%v@%v" $namespace $chainData.name "kubernetescrd" }}
|
||||
{{ end }}
|
||||
{{ end }}
|
|
@ -1,30 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: {{ $middlewareData.address }}
|
||||
{{- with $middlewareData.authResponseHeaders }}
|
||||
authResponseHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $middlewareData.authRequestHeaders }}
|
||||
authRequestHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.authResponseHeadersRegex }}
|
||||
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.trustForwardHeader }}
|
||||
trustForwardHeader: true
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -1,33 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
{{- range $middlewareData.sourceRange }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.ipStrategy }}
|
||||
ipStrategy:
|
||||
{{- if $middlewareData.ipStrategy.depth }}
|
||||
depth: {{ $middlewareData.ipStrategy.depth }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.ipStrategy.excludedIPs }}
|
||||
excludedIPs:
|
||||
{{- range $middlewareData.ipStrategy.excludedIPs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -1,19 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: {{ $middlewareData.average }}
|
||||
burst: {{ $middlewareData.burst }}
|
||||
{{ end }}
|
|
@ -1,19 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectScheme:
|
||||
scheme: {{ $middlewareData.scheme }}
|
||||
permanent: {{ $middlewareData.permanent }}
|
||||
{{ end }}
|
|
@ -1,20 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: {{ $middlewareData.regex | quote }}
|
||||
replacement: {{ $middlewareData.replacement | quote }}
|
||||
permanent: {{ $middlewareData.replacement }}
|
||||
{{ end }}
|
|
@ -1,25 +0,0 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-nextcloud-redirectregex-dav
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: "https://(.*)/.well-known/(card|cal)dav"
|
||||
replacement: "https://${1}/remote.php/dav/"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-nextcloud-chain
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: tc-nextcloud-redirectregex-dav
|
|
@ -1,99 +0,0 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="traefik-10.0.11"></a>
|
||||
### [traefik-10.0.11](https://github.com/truecharts/apps/compare/traefik-10.0.10...traefik-10.0.11) (2021-11-14)
|
||||
|
||||
#### Chore
|
||||
|
||||
* move port above advanced in GUI ([#1326](https://github.com/truecharts/apps/issues/1326))
|
||||
* clean up Chart.yaml ([#1322](https://github.com/truecharts/apps/issues/1322))
|
||||
* update non-major deps helm releases ([#1328](https://github.com/truecharts/apps/issues/1328))
|
||||
* update non-major ([#1327](https://github.com/truecharts/apps/issues/1327))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.10"></a>
|
||||
### [traefik-10.0.10](https://github.com/truecharts/apps/compare/traefik-10.0.9...traefik-10.0.10) (2021-11-14)
|
||||
|
||||
#### Chore
|
||||
|
||||
* move traefik and k8s gateway to core train
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.9"></a>
|
||||
### [traefik-10.0.9](https://github.com/truecharts/apps/compare/traefik-10.0.8...traefik-10.0.9) (2021-11-09)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1297](https://github.com/truecharts/apps/issues/1297))
|
||||
* update non-major ([#1296](https://github.com/truecharts/apps/issues/1296))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.8"></a>
|
||||
### [traefik-10.0.8](https://github.com/truecharts/apps/compare/traefik-10.0.7...traefik-10.0.8) (2021-11-07)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1295](https://github.com/truecharts/apps/issues/1295))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.6"></a>
|
||||
### [traefik-10.0.6](https://github.com/truecharts/apps/compare/traefik-10.0.5...traefik-10.0.6) (2021-11-07)
|
||||
|
||||
#### Fix
|
||||
|
||||
* Don't try to run udp services under SCALE (we don't actively test it anyway)
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.5"></a>
|
||||
### [traefik-10.0.5](https://github.com/truecharts/apps/compare/traefik-10.0.4...traefik-10.0.5) (2021-11-07)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1291](https://github.com/truecharts/apps/issues/1291))
|
||||
|
||||
#### Chore
|
||||
|
||||
* Simplify GUI for deployment, persistence and securityContext ([#1289](https://github.com/truecharts/apps/issues/1289))
|
||||
|
||||
#### Feat
|
||||
|
||||
* Simplify the Services GUI ([#1290](https://github.com/truecharts/apps/issues/1290))
|
||||
|
||||
#### Fix
|
||||
|
||||
* prevent duplicate port use and fix some questions.yaml mistakes
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.4"></a>
|
||||
### [traefik-10.0.4](https://github.com/truecharts/apps/compare/traefik-10.0.3...traefik-10.0.4) (2021-11-02)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1267](https://github.com/truecharts/apps/issues/1267))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.3"></a>
|
||||
### [traefik-10.0.3](https://github.com/truecharts/apps/compare/traefik-10.0.2...traefik-10.0.3) (2021-11-01)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1264](https://github.com/truecharts/apps/issues/1264))
|
||||
|
||||
|
||||
|
||||
<a name="traefik-10.0.2"></a>
|
||||
### [traefik-10.0.2](https://github.com/truecharts/apps/compare/traefik-10.0.1...traefik-10.0.2) (2021-10-26)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major deps helm releases ([#1245](https://github.com/truecharts/apps/issues/1245))
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# Configuration Options
|
||||
|
||||
##### Connecting to other apps
|
||||
If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our "Linking Apps Internally" quick-start guide:
|
||||
https://truecharts.org/manual/Quick-Start%20Guides/14-linking-apps/
|
||||
|
||||
##### Available config options
|
||||
In the future this page is going to contain an automated list of options available in the installation/edit UI.
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue