351 lines
14 KiB
YAML
351 lines
14 KiB
YAML
|
apiVersion: apps/v1
|
||
|
|
kind: DaemonSet
|
||
|
|
metadata:
|
||
|
|
name: {{ include "prometheus-node-exporter.fullname" . }}
|
||
|
|
namespace: {{ include "prometheus-node-exporter.namespace" . }}
|
||
|
|
labels:
|
||
|
|
{{- include "prometheus-node-exporter.labels" . | nindent 4 }}
|
||
|
|
{{- with .Values.daemonsetAnnotations }}
|
||
|
|
annotations:
|
||
|
|
{{- toYaml . | nindent 4 }}
|
||
|
|
{{- end }}
|
||
|
|
spec:
|
||
|
|
selector:
|
||
|
|
matchLabels:
|
||
|
|
{{- include "prometheus-node-exporter.selectorLabels" . | nindent 6 }}
|
||
|
|
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||
|
|
{{- with .Values.updateStrategy }}
|
||
|
|
updateStrategy:
|
||
|
|
{{- toYaml . | nindent 4 }}
|
||
|
|
{{- end }}
|
||
|
|
template:
|
||
|
|
metadata:
|
||
|
|
{{- with .Values.podAnnotations }}
|
||
|
|
annotations:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
labels:
|
||
|
|
{{- include "prometheus-node-exporter.labels" . | nindent 8 }}
|
||
|
|
{{- with .Values.podLabels }}
|
||
|
|
{{- tpl (toYaml .) $ | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
spec:
|
||
|
|
automountServiceAccountToken: {{ ternary true false (or .Values.serviceAccount.automountServiceAccountToken .Values.kubeRBACProxy.enabled) }}
|
||
|
|
{{- with .Values.securityContext }}
|
||
|
|
securityContext:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.priorityClassName }}
|
||
|
|
priorityClassName: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.extraInitContainers }}
|
||
|
|
initContainers:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
serviceAccountName: {{ include "prometheus-node-exporter.serviceAccountName" . }}
|
||
|
|
{{- with .Values.terminationGracePeriodSeconds }}
|
||
|
|
terminationGracePeriodSeconds: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
containers:
|
||
|
|
{{- $servicePort := ternary .Values.kubeRBACProxy.port .Values.service.port .Values.kubeRBACProxy.enabled }}
|
||
|
|
- name: node-exporter
|
||
|
|
image: {{ include "prometheus-node-exporter.image" . }}
|
||
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||
|
|
args:
|
||
|
|
- --path.procfs=/host/proc
|
||
|
|
- --path.sysfs=/host/sys
|
||
|
|
{{- if .Values.hostRootFsMount.enabled }}
|
||
|
|
- --path.rootfs=/host/root
|
||
|
|
{{- if semverCompare ">=1.4.0-0" (coalesce .Values.version .Values.image.tag .Chart.AppVersion) }}
|
||
|
|
- --path.udev.data=/host/root/run/udev/data
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
- --web.listen-address=[$(HOST_IP)]:{{ $servicePort }}
|
||
|
|
{{- with .Values.extraArgs }}
|
||
|
|
{{- toYaml . | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.containerSecurityContext }}
|
||
|
|
securityContext:
|
||
|
|
{{- toYaml . | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
env:
|
||
|
|
- name: HOST_IP
|
||
|
|
{{- if .Values.kubeRBACProxy.enabled }}
|
||
|
|
value: 127.0.0.1
|
||
|
|
{{- else if .Values.service.listenOnAllInterfaces }}
|
||
|
|
value: 0.0.0.0
|
||
|
|
{{- else }}
|
||
|
|
valueFrom:
|
||
|
|
fieldRef:
|
||
|
|
apiVersion: v1
|
||
|
|
fieldPath: status.hostIP
|
||
|
|
{{- end }}
|
||
|
|
{{- range $key, $value := .Values.env }}
|
||
|
|
- name: {{ $key }}
|
||
|
|
value: {{ $value | quote }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if eq .Values.kubeRBACProxy.enabled false }}
|
||
|
|
ports:
|
||
|
|
- name: {{ .Values.service.portName }}
|
||
|
|
containerPort: {{ .Values.service.port }}
|
||
|
|
protocol: TCP
|
||
|
|
{{- end }}
|
||
|
|
livenessProbe:
|
||
|
|
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
|
||
|
|
httpGet:
|
||
|
|
{{- if .Values.kubeRBACProxy.enabled }}
|
||
|
|
host: 127.0.0.1
|
||
|
|
{{- end }}
|
||
|
|
httpHeaders:
|
||
|
|
{{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }}
|
||
|
|
- name: {{ $header.name }}
|
||
|
|
value: {{ $header.value }}
|
||
|
|
{{- end }}
|
||
|
|
path: /
|
||
|
|
port: {{ $servicePort }}
|
||
|
|
scheme: {{ upper .Values.livenessProbe.httpGet.scheme }}
|
||
|
|
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
|
||
|
|
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
|
||
|
|
successThreshold: {{ .Values.livenessProbe.successThreshold }}
|
||
|
|
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
|
||
|
|
readinessProbe:
|
||
|
|
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
||
|
|
httpGet:
|
||
|
|
{{- if .Values.kubeRBACProxy.enabled }}
|
||
|
|
host: 127.0.0.1
|
||
|
|
{{- end }}
|
||
|
|
httpHeaders:
|
||
|
|
{{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }}
|
||
|
|
- name: {{ $header.name }}
|
||
|
|
value: {{ $header.value }}
|
||
|
|
{{- end }}
|
||
|
|
path: /
|
||
|
|
port: {{ $servicePort }}
|
||
|
|
scheme: {{ upper .Values.readinessProbe.httpGet.scheme }}
|
||
|
|
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
||
|
|
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
||
|
|
successThreshold: {{ .Values.readinessProbe.successThreshold }}
|
||
|
|
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
||
|
|
{{- with .Values.resources }}
|
||
|
|
resources:
|
||
|
|
{{- toYaml . | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.terminationMessageParams.enabled }}
|
||
|
|
{{- with .Values.terminationMessageParams }}
|
||
|
|
terminationMessagePath: {{ .terminationMessagePath }}
|
||
|
|
terminationMessagePolicy: {{ .terminationMessagePolicy }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
volumeMounts:
|
||
|
|
- name: proc
|
||
|
|
mountPath: /host/proc
|
||
|
|
{{- with .Values.hostProcFsMount.mountPropagation }}
|
||
|
|
mountPropagation: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
readOnly: true
|
||
|
|
- name: sys
|
||
|
|
mountPath: /host/sys
|
||
|
|
{{- with .Values.hostSysFsMount.mountPropagation }}
|
||
|
|
mountPropagation: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
readOnly: true
|
||
|
|
{{- if .Values.hostRootFsMount.enabled }}
|
||
|
|
- name: root
|
||
|
|
mountPath: /host/root
|
||
|
|
{{- with .Values.hostRootFsMount.mountPropagation }}
|
||
|
|
mountPropagation: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
readOnly: true
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.extraHostVolumeMounts }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
mountPath: {{ $mount.mountPath }}
|
||
|
|
readOnly: {{ $mount.readOnly }}
|
||
|
|
{{- with $mount.mountPropagation }}
|
||
|
|
mountPropagation: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
mountPath: {{ $mount.mountPath }}
|
||
|
|
readOnly: true
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.configmaps }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
mountPath: {{ $mount.mountPath }}
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.secrets }}
|
||
|
|
- name: {{ .name }}
|
||
|
|
mountPath: {{ .mountPath }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.extraVolumeMounts }}
|
||
|
|
{{- toYaml . | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- range .Values.sidecars }}
|
||
|
|
{{- $overwrites := dict "volumeMounts" (concat (include "prometheus-node-exporter.sidecarVolumeMounts" $ | fromYamlArray) (.volumeMounts | default list) | default list) }}
|
||
|
|
{{- $defaults := dict "image" (include "prometheus-node-exporter.image" $) "securityContext" $.Values.containerSecurityContext "imagePullPolicy" $.Values.image.pullPolicy }}
|
||
|
|
- {{- toYaml (merge $overwrites . $defaults) | nindent 10 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.kubeRBACProxy.enabled }}
|
||
|
|
- name: kube-rbac-proxy
|
||
|
|
args:
|
||
|
|
{{- if .Values.kubeRBACProxy.extraArgs }}
|
||
|
|
{{- .Values.kubeRBACProxy.extraArgs | toYaml | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
- --secure-listen-address=:{{ .Values.service.port}}
|
||
|
|
- --upstream=http://127.0.0.1:{{ $servicePort }}/
|
||
|
|
- --proxy-endpoints-port={{ .Values.kubeRBACProxy.proxyEndpointsPort }}
|
||
|
|
- --config-file=/etc/kube-rbac-proxy-config/config-file.yaml
|
||
|
|
{{- if and .Values.kubeRBACProxy.tls.enabled .Values.tlsSecret.enabled }}
|
||
|
|
- --tls-cert-file=/tls/private/{{ .Values.tlsSecret.certItem }}
|
||
|
|
- --tls-private-key-file=/tls/private/{{ .Values.tlsSecret.keyItem }}
|
||
|
|
{{- if and .Values.kubeRBACProxy.tls.tlsClientAuth .Values.tlsSecret.caItem }}
|
||
|
|
- --client-ca-file=/tls/private/{{ .Values.tlsSecret.caItem }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
volumeMounts:
|
||
|
|
- name: kube-rbac-proxy-config
|
||
|
|
mountPath: /etc/kube-rbac-proxy-config
|
||
|
|
{{- if and .Values.kubeRBACProxy.tls.enabled .Values.tlsSecret.enabled }}
|
||
|
|
- name: {{ tpl .Values.tlsSecret.volumeName . | quote }}
|
||
|
|
mountPath: /tls/private
|
||
|
|
readOnly: true
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.kubeRBACProxy.extraVolumeMounts }}
|
||
|
|
{{- toYaml . | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }}
|
||
|
|
{{- if .Values.kubeRBACProxy.image.sha }}
|
||
|
|
image: "{{ .Values.global.imageRegistry | default .Values.kubeRBACProxy.image.registry}}/{{ .Values.kubeRBACProxy.image.repository }}:{{ .Values.kubeRBACProxy.image.tag }}@sha256:{{ .Values.kubeRBACProxy.image.sha }}"
|
||
|
|
{{- else }}
|
||
|
|
image: "{{ .Values.global.imageRegistry | default .Values.kubeRBACProxy.image.registry}}/{{ .Values.kubeRBACProxy.image.repository }}:{{ .Values.kubeRBACProxy.image.tag }}"
|
||
|
|
{{- end }}
|
||
|
|
ports:
|
||
|
|
- containerPort: {{ .Values.service.port}}
|
||
|
|
name: {{ .Values.kubeRBACProxy.portName }}
|
||
|
|
{{- if .Values.kubeRBACProxy.enableHostPort }}
|
||
|
|
hostPort: {{ .Values.service.port }}
|
||
|
|
{{- end }}
|
||
|
|
- containerPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
|
||
|
|
{{- if .Values.kubeRBACProxy.enableProxyEndpointsHostPort }}
|
||
|
|
hostPort: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
|
||
|
|
{{- end }}
|
||
|
|
name: "http-healthz"
|
||
|
|
readinessProbe:
|
||
|
|
httpGet:
|
||
|
|
scheme: HTTPS
|
||
|
|
port: {{ .Values.kubeRBACProxy.proxyEndpointsPort }}
|
||
|
|
path: healthz
|
||
|
|
initialDelaySeconds: 5
|
||
|
|
timeoutSeconds: 5
|
||
|
|
{{- if .Values.kubeRBACProxy.resources }}
|
||
|
|
resources:
|
||
|
|
{{- toYaml .Values.kubeRBACProxy.resources | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.terminationMessageParams.enabled }}
|
||
|
|
{{- with .Values.terminationMessageParams }}
|
||
|
|
terminationMessagePath: {{ .terminationMessagePath }}
|
||
|
|
terminationMessagePolicy: {{ .terminationMessagePolicy }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.kubeRBACProxy.env }}
|
||
|
|
env:
|
||
|
|
{{- range $key, $value := $.Values.kubeRBACProxy.env }}
|
||
|
|
- name: {{ $key }}
|
||
|
|
value: {{ $value | quote }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.kubeRBACProxy.containerSecurityContext }}
|
||
|
|
securityContext:
|
||
|
|
{{ toYaml .Values.kubeRBACProxy.containerSecurityContext | nindent 12 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if or .Values.imagePullSecrets .Values.global.imagePullSecrets }}
|
||
|
|
imagePullSecrets:
|
||
|
|
{{- include "prometheus-node-exporter.imagePullSecrets" (dict "Values" .Values "imagePullSecrets" .Values.imagePullSecrets) | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
hostNetwork: {{ .Values.hostNetwork }}
|
||
|
|
hostPID: {{ .Values.hostPID }}
|
||
|
|
hostIPC: {{ .Values.hostIPC }}
|
||
|
|
{{- with .Values.affinity }}
|
||
|
|
affinity:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.dnsConfig }}
|
||
|
|
dnsConfig:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.nodeSelector }}
|
||
|
|
nodeSelector:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.restartPolicy }}
|
||
|
|
restartPolicy: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.tolerations }}
|
||
|
|
tolerations:
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
volumes:
|
||
|
|
- name: proc
|
||
|
|
hostPath:
|
||
|
|
path: /proc
|
||
|
|
- name: sys
|
||
|
|
hostPath:
|
||
|
|
path: /sys
|
||
|
|
{{- if .Values.hostRootFsMount.enabled }}
|
||
|
|
- name: root
|
||
|
|
hostPath:
|
||
|
|
path: /
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.extraHostVolumeMounts }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
hostPath:
|
||
|
|
path: {{ $mount.hostPath }}
|
||
|
|
{{- with $mount.type }}
|
||
|
|
type: {{ . }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.sidecarVolumeMount }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
emptyDir:
|
||
|
|
medium: Memory
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.sidecarHostVolumeMounts }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
hostPath:
|
||
|
|
path: {{ $mount.hostPath }}
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.configmaps }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
configMap:
|
||
|
|
name: {{ $mount.name }}
|
||
|
|
{{- end }}
|
||
|
|
{{- range $_, $mount := .Values.secrets }}
|
||
|
|
- name: {{ $mount.name }}
|
||
|
|
secret:
|
||
|
|
secretName: {{ $mount.name }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.kubeRBACProxy.enabled }}
|
||
|
|
- name: kube-rbac-proxy-config
|
||
|
|
configMap:
|
||
|
|
name: {{ template "prometheus-node-exporter.fullname" . }}-rbac-config
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.tlsSecret.enabled }}
|
||
|
|
- name: {{ tpl .Values.tlsSecret.volumeName . | quote }}
|
||
|
|
secret:
|
||
|
|
secretName: {{ tpl .Values.tlsSecret.secretName . | quote }}
|
||
|
|
items:
|
||
|
|
- key: {{ required "Value tlsSecret.certItem must be set." .Values.tlsSecret.certItem | quote }}
|
||
|
|
path: {{ .Values.tlsSecret.certItem | quote }}
|
||
|
|
- key: {{ required "Value tlsSecret.keyItem must be set." .Values.tlsSecret.keyItem | quote }}
|
||
|
|
path: {{ .Values.tlsSecret.keyItem | quote }}
|
||
|
|
{{- if .Values.tlsSecret.caItem }}
|
||
|
|
- key: {{ .Values.tlsSecret.caItem | quote }}
|
||
|
|
path: {{ .Values.tlsSecret.caItem | quote }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- with .Values.extraVolumes }}
|
||
|
|
{{- toYaml . | nindent 8 }}
|
||
|
|
{{- end }}
|