truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
catalog/operators/prometheus-operator/3.1.7/ix_values.yaml

303 lines
9.5 KiB
YAML
Raw Blame History

image:
repository: quay.io/prometheus-operator/prometheus-operator
tag: "v0.70.0@sha256:e76d06ac84abeb466feb9682e1d0385c4e5a463bc023b32446916b640546a289"
pullPolicy:
configReloaderImage:
repository: quay.io/prometheus-operator/prometheus-config-reloader
tag: "v0.70.0@sha256:411cec4bc5e6306804c2d5939c165411a88fb7991c2bd0c3ef4866387f683374"
pullPolicy:
thanosImage:
repository: quay.io/thanos/thanos
tag: "v0.33.0@sha256:70d2ea73792e2d26a6eb45e0c999fc88e8cebc1ba443ca059e19715231365cc8"
pullPolicy:
patchImage:
repository: registry.k8s.io/ingress-nginx/kube-webhook-certgen
tag: v20221220-controller-v1.5.1-58-g787ea74b6@sha256:4d99688e557396f5baa150e019ff7d5b7334f9b9f9a8dab64038c5c2a006f6b5
pullPolicy:
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
args:
- --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ include "tc.v1.common.lib.chart.names.fullname" $ }}-kubelet
- --log-format={{ .Values.prometheusOperator.logFormat }}
- --log-level={{ .Values.prometheusOperator.logLevel }}
# - --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }}
- --localhost=127.0.0.1
# - --prometheus-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
# - --alertmanager-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
- --prometheus-config-reloader={{ .Values.configReloaderImage.repository }}:{{ .Values.configReloaderImage.tag }}
- --config-reloader-cpu-request={{ .Values.resources.requests.cpu }}
- --config-reloader-cpu-limit={{ .Values.resources.limits.cpu }}
- --config-reloader-memory-request={{ .Values.resources.requests.memory }}
- --config-reloader-memory-limit={{ .Values.resources.limits.memory }}
- --enable-config-reloader-probes={{ .Values.prometheusOperator.prometheusConfigReloader.probes.enabled }}
# - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
# - --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }}
# - --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
# - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
# - --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }}
# - --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}
# - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
# - --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }}
- --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }}
# - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
createsecret:
type: Job
enabled: true
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
podSpec:
restartPolicy: Never
containers:
main:
enabled: true
primary: true
imageSelector: patchImage
args:
- create
- --host={{ include "tc.v1.common.lib.chart.names.fullname" $ }},{{ include "tc.v1.common.lib.chart.names.fullname" $ }}.{{ .Release.Namespace }}.svc
- --namespace={{ .Release.Namespace }}
- --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
patchwebhook:
type: Job
enabled: true
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
podSpec:
restartPolicy: Never
containers:
main:
enabled: true
primary: true
imageSelector: patchImage
args:
- patch
- --webhook-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
- --namespace={{ .Release.Namespace }}
- --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
- --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
podOptions:
automountServiceAccountToken: true
service:
main:
ports:
main:
protocol: http
port: 8080
prometheusOperator:
logFormat: logfmt
logLevel: all
kubeletService:
enabled: true
namespace: kube-system
prometheusConfigReloader:
enabled: false
probes:
enabled: false
## Set a Field Selector to filter watched secrets
##
secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1"
## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
## rules from making their way into prometheus and potentially preventing the container from starting
admissionWebhooks:
## Valid values: Fail, Ignore, IgnoreOnInstallOnly
## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail"
failurePolicy: ""
## The default timeoutSeconds is 10 and the maximum value is 30.
timeoutSeconds: 10
enabled: true
## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.
## If unspecified, system trust roots on the apiserver are used.
caBundle: ""
## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
## certs ahead of time if you wish.
##
patch:
enabled: true
# Use certmanager to generate webhook certs
certManager:
enabled: false
# self-signed root certificate
rootCert:
# default to be 5y
duration: ""
admissionCert:
# default to be 1y
duration: ""
# issuerRef:
# name: "issuer"
# kind: "ClusterIssuer"
operator:
register: true
portal:
open:
enabled: false
metrics:
main:
enabled: false
endpoints:
- port: main
interval: 5s
scrapeTimeout: 5s
path: /
honorLabels: false
rbac:
main:
enabled: true
primary: true
clusterWide: true
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- alertmanagers/finalizers
- alertmanagers/status
- alertmanagerconfigs
- prometheuses
- prometheuses/finalizers
- prometheuses/status
- prometheusagents
- prometheusagents/finalizers
- prometheusagents/status
- thanosrulers
- thanosrulers/finalizers
- thanosrulers/status
- scrapeconfigs
- servicemonitors
- podmonitors
- probes
- prometheusrules
verbs:
- "*"
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- "*"
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- services
- services/finalizers
- endpoints
verbs:
- get
- create
- update
- delete
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- get
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
crds:
annotations: {}
serviceAccount:
main:
enabled: true
primary: true
targetSelectAll: true
manifestManager:
enabled: false
Reference in New Issue View Git Blame Copy Permalink