Infrastructure/Gluttony-Cluster
2
1
Fork 0
Code Issues 13 Pull Requests Packages Wiki Activity

Add prometheus namespace

Browse Source
This commit is contained in:
Tyler Perkins 2023-10-09 20:46:28 -04:00
parent 1ef2d425cd
commit 5550336fb6
1 changed files with 321 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

321
prometheus-operator/prometheus-operator-helmrelease.yaml Normal file
View File

@ -0,0 +1,321 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: prometheus-operator
namespace: prometheus-system
spec:
chart:
spec:
chart: prometheus-operator
version: 1.0.4
sourceRef:
kind: HelmRepository
name: truecharts
namespace: flux-system
interval: 15m0s
timeout: 5m
releaseName: prometheus-operator
values:
image:
repository: tccr.io/truecharts/prometheus-operator
tag: "v0.68.0@sha256:bd63ef4b9fcce4b07c9c1c58b114e09af73a360daf1b4c8ce3e910e5a09027c1"
pullPolicy:
configReloaderImage:
repository: tccr.io/truecharts/prometheus-config-reloader
tag: "v0.68.0@sha256:52a3143e9852180f0f5ca91b67e714fac4905d4c076b3082c7c199fe72cadb1e"
pullPolicy:
thanosImage:
repository: tccr.io/truecharts/thanos
tag: "v0.32.4@sha256:68b83f65ed1df9e2f749e78280d1ebeeaa8e6beade3f1ac1c31f810038a34df3"
pullPolicy:
patchImage:
repository: tccr.io/truecharts/kube-webhook-certgen
tag: latest@sha256:28c6de4c7fe7527daafd761e2d33aafe1094004e77248fcc674cc6e092da1017
pullPolicy:
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
args:
- --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ include "tc.v1.common.lib.chart.names.fullname" $ }}-kubelet
- --log-format={{ .Values.prometheusOperator.logFormat }}
- --log-level={{ .Values.prometheusOperator.logLevel }}
# - --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }}
- --localhost=127.0.0.1
# - --prometheus-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
# - --alertmanager-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
- --prometheus-config-reloader={{ .Values.configReloaderImage.repository }}:{{ .Values.configReloaderImage.tag }}
- --config-reloader-cpu-request={{ .Values.resources.requests.cpu }}
- --config-reloader-cpu-limit={{ .Values.resources.limits.cpu }}
- --config-reloader-memory-request={{ .Values.resources.requests.memory }}
- --config-reloader-memory-limit={{ .Values.resources.limits.memory }}
- --enable-config-reloader-probes={{ .Values.prometheusOperator.prometheusConfigReloader.probes.enabled }}
# - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
# - --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }}
# - --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
# - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
# - --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }}
# - --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}
# - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
# - --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }}
- --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }}
# - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
createsecret:
type: Job
enabled: true
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
podSpec:
restartPolicy: Never
containers:
main:
enabled: true
primary: true
imageSelector: patchImage
args:
- create
- --host={{ include "tc.v1.common.lib.chart.names.fullname" $ }},{{ include "tc.v1.common.lib.chart.names.fullname" $ }}.{{ .Release.Namespace }}.svc
- --namespace={{ .Release.Namespace }}
- --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
patchwebhook:
type: Job
enabled: true
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
podSpec:
restartPolicy: Never
containers:
main:
enabled: true
primary: true
imageSelector: patchImage
args:
- patch
- --webhook-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
- --namespace={{ .Release.Namespace }}
- --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
- --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false
podOptions:
automountServiceAccountToken: true
service:
main:
ports:
main:
protocol: http
port: 8080
prometheusOperator:
logFormat: logfmt
logLevel: all
kubeletService:
enabled: true
namespace: kube-system
prometheusConfigReloader:
enabled: false
probes:
enabled: false
## Set a Field Selector to filter watched secrets
##
secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1"
## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
## rules from making their way into prometheus and potentially preventing the container from starting
admissionWebhooks:
## Valid values: Fail, Ignore, IgnoreOnInstallOnly
## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail"
failurePolicy: ""
## The default timeoutSeconds is 10 and the maximum value is 30.
timeoutSeconds: 10
enabled: true
## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.
## If unspecified, system trust roots on the apiserver are used.
caBundle: ""
## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
## certs ahead of time if you wish.
##
patch:
enabled: true
# Use certmanager to generate webhook certs
certManager:
enabled: false
# self-signed root certificate
rootCert:
# default to be 5y
duration: ""
admissionCert:
# default to be 1y
duration: ""
# issuerRef:
# name: "issuer"
# kind: "ClusterIssuer"
operator:
register: true
portal:
open:
enabled: false
metrics:
main:
enabled: false
endpoints:
- port: main
interval: 5s
scrapeTimeout: 5s
path: /
honorLabels: false
rbac:
main:
enabled: true
primary: true
clusterWide: true
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- alertmanagers/finalizers
- alertmanagers/status
- alertmanagerconfigs
- prometheuses
- prometheuses/finalizers
- prometheuses/status
- prometheusagents
- prometheusagents/finalizers
- prometheusagents/status
- thanosrulers
- thanosrulers/finalizers
- thanosrulers/status
- scrapeconfigs
- servicemonitors
- podmonitors
- probes
- prometheusrules
verbs:
- "*"
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- "*"
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- services
- services/finalizers
- endpoints
verbs:
- get
- create
- update
- delete
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- get
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
crds:
annotations: {}
serviceAccount:
main:
enabled: true
primary: true
targetSelectAll: true
manifestManager:
enabled: false