# Default values for kube-state-metrics. prometheusScrape: true image: registry: registry.k8s.io repository: kube-state-metrics/kube-state-metrics # If unset use v + .Charts.appVersion tag: "" sha: "" pullPolicy: IfNotPresent imagePullSecrets: [] # - name: "image-pull-secret" global: # To help compatibility with other charts which use global.imagePullSecrets. # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). # global: # imagePullSecrets: # - name: pullSecret1 # - name: pullSecret2 # or # global: # imagePullSecrets: # - pullSecret1 # - pullSecret2 imagePullSecrets: [] # # Allow parent charts to override registry hostname imageRegistry: "" # If set to true, this will deploy kube-state-metrics as a StatefulSet and the data # will be automatically sharded across <.Values.replicas> pods using the built-in # autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding # This is an experimental feature and there are no stability guarantees. autosharding: enabled: false replicas: 1 # Change the deployment strategy when autosharding is disabled. # ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # The default is "RollingUpdate" as per Kubernetes defaults. # During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data. # updateStrategy: Recreate # Number of old history to retain to allow rollback # Default Kubernetes value is set to 10 revisionHistoryLimit: 10 # List of additional cli arguments to configure kube-state-metrics # for example: --enable-gzip-encoding, --log-file, etc. # all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md extraArgs: [] # If false then the user will opt out of automounting API credentials. automountServiceAccountToken: true service: port: 8080 # Default to clusterIP for backward compatibility type: ClusterIP ipDualStack: enabled: false ipFamilies: ["IPv6", "IPv4"] ipFamilyPolicy: "PreferDualStack" nodePort: 0 loadBalancerIP: "" # Only allow access to the loadBalancerIP from these IPs loadBalancerSourceRanges: [] clusterIP: "" annotations: {} ## Additional labels to add to all resources customLabels: {} # app: kube-state-metrics ## Override selector labels selectorOverride: {} ## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box releaseLabel: false hostNetwork: false rbac: # If true, create & use RBAC resources create: true # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. # useExistingRole: your-existing-role # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) useClusterRole: true # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration # Example: # - apiGroups: ["monitoring.coreos.com"] # resources: ["prometheuses"] # verbs: ["list", "watch"] extraRules: [] # Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled). # The requests are served through the same service but requests are then HTTPS. kubeRBACProxy: enabled: false image: registry: quay.io repository: brancz/kube-rbac-proxy tag: v0.18.0 sha: "" pullPolicy: IfNotPresent # List of additional cli arguments to configure kube-rbac-prxy # for example: --tls-cipher-suites, --log-file, etc. # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage extraArgs: [] ## Specify security settings for a Container ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 64Mi # requests: # cpu: 10m # memory: 32Mi ## volumeMounts enables mounting custom volumes in rbac-proxy containers ## Useful for TLS certificates and keys volumeMounts: [] # - mountPath: /etc/tls # name: kube-rbac-proxy-tls # readOnly: true serviceAccount: # Specifies whether a ServiceAccount should be created, require rbac true create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: # Reference to one or more secrets to be used when pulling images # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # ServiceAccount annotations. # Use case: AWS EKS IAM roles for service accounts # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html annotations: {} # If false then the user will opt out of automounting API credentials. automountServiceAccountToken: true prometheus: monitor: enabled: false annotations: {} additionalLabels: {} namespace: "" namespaceSelector: [] jobLabel: "" targetLabels: [] podTargetLabels: [] ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. ## sampleLimit: 0 ## TargetLimit defines a limit on the number of scraped targets that will be accepted. ## targetLimit: 0 ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## labelLimit: 0 ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## labelNameLengthLimit: 0 ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. ## labelValueLengthLimit: 0 selectorOverride: {} ## kube-state-metrics endpoint http: interval: "" scrapeTimeout: "" proxyUrl: "" ## Whether to enable HTTP2 for servicemonitor enableHttp2: false honorLabels: false metricRelabelings: [] relabelings: [] scheme: "" ## File to read bearer token for scraping targets bearerTokenFile: "" ## Secret to mount to read bearer token for scraping targets. The secret needs ## to be in the same namespace as the service monitor and accessible by the ## Prometheus Operator bearerTokenSecret: {} # name: secret-name # key: key-name tlsConfig: {} ## selfMonitor endpoint metrics: interval: "" scrapeTimeout: "" proxyUrl: "" ## Whether to enable HTTP2 for servicemonitor enableHttp2: false honorLabels: false metricRelabelings: [] relabelings: [] scheme: "" ## File to read bearer token for scraping targets bearerTokenFile: "" ## Secret to mount to read bearer token for scraping targets. The secret needs ## to be in the same namespace as the service monitor and accessible by the ## Prometheus Operator bearerTokenSecret: {} # name: secret-name # key: key-name tlsConfig: {} ## Specify if a Pod Security Policy for kube-state-metrics must be created ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## podSecurityPolicy: enabled: false annotations: {} ## Specify pod annotations ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl ## # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' additionalVolumes: [] ## Configure network policy for kube-state-metrics networkPolicy: enabled: false # networkPolicy.flavor -- Flavor of the network policy to use. # Can be: # * kubernetes for networking.k8s.io/v1/NetworkPolicy # * cilium for cilium.io/v2/CiliumNetworkPolicy flavor: kubernetes ## Configure the cilium network policy kube-apiserver selector # cilium: # kubeApiServerSelector: # - toEntities: # - kube-apiserver # egress: # - {} # ingress: # - {} # podSelector: # matchLabels: # app.kubernetes.io/name: kube-state-metrics securityContext: enabled: true runAsGroup: 65534 runAsUser: 65534 fsGroup: 65534 runAsNonRoot: true seccompProfile: type: RuntimeDefault ## Specify security settings for a Container ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL ## Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} ## Affinity settings for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ affinity: {} ## Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## Topology spread constraints for pod assignment ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: [] # Annotations to be added to the deployment/statefulset annotations: {} # Annotations to be added to the pod podAnnotations: {} # Labels to be added to the pod podLabels: {} ## Assign a PriorityClassName to pods if set # priorityClassName: "" # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} # Comma-separated list of metrics to be exposed. # This list comprises of exact metric names and/or regex patterns. # The allowlist and denylist are mutually exclusive. metricAllowlist: [] # Comma-separated list of metrics not to be enabled. # This list comprises of exact metric names and/or regex patterns. # The allowlist and denylist are mutually exclusive. metricDenylist: [] # Comma-separated list of additional Kubernetes label keys that will be used in the resource's # labels metric. By default the metric contains only name and namespace labels. # To include additional labels, provide a list of resource names in their plural form and Kubernetes # label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. # A single '*' can be provided per resource instead to allow any labels, but that has # severe performance implications (Example: '=pods=[*]'). metricLabelsAllowlist: [] # - namespaces=[k8s-label-1,k8s-label-n] # Comma-separated list of Kubernetes annotations keys that will be used in the resource' # labels metric. By default the metric contains only name and namespace labels. # To include additional annotations provide a list of resource names in their plural form and Kubernetes # annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. # A single '*' can be provided per resource instead to allow any annotations, but that has # severe performance implications (Example: '=pods=[*]'). metricAnnotationsAllowList: [] # - pods=[k8s-annotation-1,k8s-annotation-n] # Available collectors for kube-state-metrics. # By default, all available resources are enabled, comment out to disable. collectors: - certificatesigningrequests - configmaps - cronjobs - daemonsets - deployments - endpoints - horizontalpodautoscalers - ingresses - jobs - leases - limitranges - mutatingwebhookconfigurations - namespaces - networkpolicies - nodes - persistentvolumeclaims - persistentvolumes - poddisruptionbudgets - pods - replicasets - replicationcontrollers - resourcequotas - secrets - services - statefulsets - storageclasses - validatingwebhookconfigurations - volumeattachments # Enabling kubeconfig will pass the --kubeconfig argument to the container kubeconfig: enabled: false # base64 encoded kube-config file secret: # Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics customResourceState: enabled: false # Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules config: {} # Enable only the release namespace for collecting resources. By default all namespaces are collected. # If releaseNamespace and namespaces are both set a merged list will be collected. releaseNamespace: false # Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected. namespaces: "" # Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, # only namespaces that are excluded in namespaces-denylist will be used. namespacesDenylist: "" ## Override the deployment namespace ## namespaceOverride: "" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 64Mi # requests: # cpu: 10m # memory: 32Mi ## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. ## For example: kubeTargetVersionOverride: 1.14.9 ## kubeTargetVersionOverride: "" # Enable self metrics configuration for service and Service Monitor # Default values for telemetry configuration can be overridden # If you set telemetryNodePort, you must also set service.type to NodePort selfMonitor: enabled: false # telemetryHost: 0.0.0.0 # telemetryPort: 8081 # telemetryNodePort: 0 # Enable vertical pod autoscaler support for kube-state-metrics verticalPodAutoscaler: enabled: false # Recommender responsible for generating recommendation for the object. # List should be empty (then the default recommender will generate the recommendation) # or contain exactly one recommender. # recommenders: [] # - name: custom-recommender-performance # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory controlledResources: [] # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. # controlledValues: RequestsAndLimits # Define the max allowed resources for the pod maxAllowed: {} # cpu: 200m # memory: 100Mi # Define the min allowed resources for the pod minAllowed: {} # cpu: 200m # memory: 100Mi # updatePolicy: # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction # minReplicas: 1 # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". # updateMode: Auto # volumeMounts are used to add custom volume mounts to deployment. # See example below volumeMounts: [] # - mountPath: /etc/config # name: config-volume # volumes are used to add custom volumes to deployment # See example below volumes: [] # - configMap: # name: cm-for-volume # name: config-volume # Extra manifests to deploy as an array extraManifests: [] # - apiVersion: v1 # kind: ConfigMap # metadata: # labels: # name: prometheus-extra # data: # extra-data: "value" ## Containers allows injecting additional containers. containers: [] # - name: crd-init # image: kiwigrid/k8s-sidecar:latest ## InitContainers allows injecting additional initContainers. initContainers: [] # - name: crd-sidecar # image: kiwigrid/k8s-sidecar:latest ## Settings for startup, liveness and readiness probes ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ ## ## Startup probe can optionally be enabled. ## startupProbe: enabled: false failureThreshold: 3 httpGet: httpHeaders: [] scheme: http initialDelaySeconds: 0 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 ## Liveness probe ## livenessProbe: failureThreshold: 3 httpGet: httpHeaders: [] scheme: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 ## Readiness probe ## readinessProbe: failureThreshold: 3 httpGet: httpHeaders: [] scheme: http initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5