This commit is contained in:
parent
8e6417f6d7
commit
9a0aa73259
|
|
@ -1,4 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: prometheus-system
|
||||
|
|
@ -1,321 +0,0 @@
|
|||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: prometheus-operator
|
||||
namespace: prometheus-system
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: prometheus-operator
|
||||
version: 1.0.4
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: truecharts
|
||||
namespace: flux-system
|
||||
interval: 15m0s
|
||||
timeout: 5m
|
||||
releaseName: prometheus-operator
|
||||
values:
|
||||
image:
|
||||
repository: tccr.io/truecharts/prometheus-operator
|
||||
tag: "v0.68.0@sha256:bd63ef4b9fcce4b07c9c1c58b114e09af73a360daf1b4c8ce3e910e5a09027c1"
|
||||
pullPolicy:
|
||||
|
||||
configReloaderImage:
|
||||
repository: tccr.io/truecharts/prometheus-config-reloader
|
||||
tag: "v0.68.0@sha256:52a3143e9852180f0f5ca91b67e714fac4905d4c076b3082c7c199fe72cadb1e"
|
||||
pullPolicy:
|
||||
|
||||
thanosImage:
|
||||
repository: tccr.io/truecharts/thanos
|
||||
tag: "v0.32.4@sha256:68b83f65ed1df9e2f749e78280d1ebeeaa8e6beade3f1ac1c31f810038a34df3"
|
||||
pullPolicy:
|
||||
|
||||
patchImage:
|
||||
repository: tccr.io/truecharts/kube-webhook-certgen
|
||||
tag: latest@sha256:28c6de4c7fe7527daafd761e2d33aafe1094004e77248fcc674cc6e092da1017
|
||||
pullPolicy:
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
args:
|
||||
- --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ include "tc.v1.common.lib.chart.names.fullname" $ }}-kubelet
|
||||
- --log-format={{ .Values.prometheusOperator.logFormat }}
|
||||
- --log-level={{ .Values.prometheusOperator.logLevel }}
|
||||
# - --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }}
|
||||
- --localhost=127.0.0.1
|
||||
# - --prometheus-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
|
||||
# - --alertmanager-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
|
||||
- --prometheus-config-reloader={{ .Values.configReloaderImage.repository }}:{{ .Values.configReloaderImage.tag }}
|
||||
- --config-reloader-cpu-request={{ .Values.resources.requests.cpu }}
|
||||
- --config-reloader-cpu-limit={{ .Values.resources.limits.cpu }}
|
||||
- --config-reloader-memory-request={{ .Values.resources.requests.memory }}
|
||||
- --config-reloader-memory-limit={{ .Values.resources.limits.memory }}
|
||||
- --enable-config-reloader-probes={{ .Values.prometheusOperator.prometheusConfigReloader.probes.enabled }}
|
||||
# - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
|
||||
# - --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||
# - --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
|
||||
# - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
|
||||
# - --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||
# - --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}
|
||||
# - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
|
||||
# - --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||
- --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }}
|
||||
# - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
|
||||
createsecret:
|
||||
type: Job
|
||||
enabled: true
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
podSpec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
imageSelector: patchImage
|
||||
args:
|
||||
- create
|
||||
- --host={{ include "tc.v1.common.lib.chart.names.fullname" $ }},{{ include "tc.v1.common.lib.chart.names.fullname" $ }}.{{ .Release.Namespace }}.svc
|
||||
- --namespace={{ .Release.Namespace }}
|
||||
- --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
patchwebhook:
|
||||
type: Job
|
||||
enabled: true
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
podSpec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
imageSelector: patchImage
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
|
||||
- --namespace={{ .Release.Namespace }}
|
||||
- --secret-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }}-admission
|
||||
- --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
podOptions:
|
||||
automountServiceAccountToken: true
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: http
|
||||
port: 8080
|
||||
|
||||
prometheusOperator:
|
||||
logFormat: logfmt
|
||||
logLevel: all
|
||||
kubeletService:
|
||||
enabled: true
|
||||
namespace: kube-system
|
||||
|
||||
prometheusConfigReloader:
|
||||
enabled: false
|
||||
probes:
|
||||
enabled: false
|
||||
|
||||
## Set a Field Selector to filter watched secrets
|
||||
##
|
||||
secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1"
|
||||
|
||||
## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
|
||||
## rules from making their way into prometheus and potentially preventing the container from starting
|
||||
admissionWebhooks:
|
||||
## Valid values: Fail, Ignore, IgnoreOnInstallOnly
|
||||
## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail"
|
||||
failurePolicy: ""
|
||||
## The default timeoutSeconds is 10 and the maximum value is 30.
|
||||
timeoutSeconds: 10
|
||||
enabled: true
|
||||
## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.
|
||||
## If unspecified, system trust roots on the apiserver are used.
|
||||
caBundle: ""
|
||||
## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
|
||||
## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
|
||||
## certs ahead of time if you wish.
|
||||
##
|
||||
|
||||
patch:
|
||||
enabled: true
|
||||
|
||||
# Use certmanager to generate webhook certs
|
||||
certManager:
|
||||
enabled: false
|
||||
# self-signed root certificate
|
||||
rootCert:
|
||||
# default to be 5y
|
||||
duration: ""
|
||||
admissionCert:
|
||||
# default to be 1y
|
||||
duration: ""
|
||||
# issuerRef:
|
||||
# name: "issuer"
|
||||
# kind: "ClusterIssuer"
|
||||
|
||||
operator:
|
||||
register: true
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
metrics:
|
||||
main:
|
||||
enabled: false
|
||||
endpoints:
|
||||
- port: main
|
||||
interval: 5s
|
||||
scrapeTimeout: 5s
|
||||
path: /
|
||||
honorLabels: false
|
||||
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
clusterWide: true
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
resources:
|
||||
- alertmanagers
|
||||
- alertmanagers/finalizers
|
||||
- alertmanagers/status
|
||||
- alertmanagerconfigs
|
||||
- prometheuses
|
||||
- prometheuses/finalizers
|
||||
- prometheuses/status
|
||||
- prometheusagents
|
||||
- prometheusagents/finalizers
|
||||
- prometheusagents/status
|
||||
- thanosrulers
|
||||
- thanosrulers/finalizers
|
||||
- thanosrulers/status
|
||||
- scrapeconfigs
|
||||
- servicemonitors
|
||||
- podmonitors
|
||||
- probes
|
||||
- prometheusrules
|
||||
verbs:
|
||||
- "*"
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- "*"
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- secrets
|
||||
verbs:
|
||||
- "*"
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- services/finalizers
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- discovery.k8s.io
|
||||
resources:
|
||||
- endpointslices
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- admissionregistration.k8s.io
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
- mutatingwebhookconfigurations
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
|
||||
crds:
|
||||
annotations: {}
|
||||
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
targetSelectAll: true
|
||||
|
||||
manifestManager:
|
||||
enabled: false
|
||||
|
||||
Loading…
Reference in New Issue
Block a user