543 lines
18 KiB
YAML
543 lines
18 KiB
YAML
# Default values for kube-state-metrics.
|
|
prometheusScrape: true
|
|
image:
|
|
registry: registry.k8s.io
|
|
repository: kube-state-metrics/kube-state-metrics
|
|
# If unset use v + .Charts.appVersion
|
|
tag: ""
|
|
sha: ""
|
|
pullPolicy: IfNotPresent
|
|
|
|
imagePullSecrets: []
|
|
# - name: "image-pull-secret"
|
|
|
|
global:
|
|
# To help compatibility with other charts which use global.imagePullSecrets.
|
|
# Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
|
|
# global:
|
|
# imagePullSecrets:
|
|
# - name: pullSecret1
|
|
# - name: pullSecret2
|
|
# or
|
|
# global:
|
|
# imagePullSecrets:
|
|
# - pullSecret1
|
|
# - pullSecret2
|
|
imagePullSecrets: []
|
|
#
|
|
# Allow parent charts to override registry hostname
|
|
imageRegistry: ""
|
|
|
|
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
|
|
# will be automatically sharded across <.Values.replicas> pods using the built-in
|
|
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
|
|
# This is an experimental feature and there are no stability guarantees.
|
|
autosharding:
|
|
enabled: false
|
|
|
|
replicas: 1
|
|
|
|
# Change the deployment strategy when autosharding is disabled.
|
|
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
|
# The default is "RollingUpdate" as per Kubernetes defaults.
|
|
# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data.
|
|
# updateStrategy: Recreate
|
|
|
|
# Number of old history to retain to allow rollback
|
|
# Default Kubernetes value is set to 10
|
|
revisionHistoryLimit: 10
|
|
|
|
# List of additional cli arguments to configure kube-state-metrics
|
|
# for example: --enable-gzip-encoding, --log-file, etc.
|
|
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
|
|
extraArgs: []
|
|
|
|
# If false then the user will opt out of automounting API credentials.
|
|
automountServiceAccountToken: true
|
|
|
|
service:
|
|
port: 8080
|
|
# Default to clusterIP for backward compatibility
|
|
type: ClusterIP
|
|
ipDualStack:
|
|
enabled: false
|
|
ipFamilies: ["IPv6", "IPv4"]
|
|
ipFamilyPolicy: "PreferDualStack"
|
|
nodePort: 0
|
|
loadBalancerIP: ""
|
|
# Only allow access to the loadBalancerIP from these IPs
|
|
loadBalancerSourceRanges: []
|
|
clusterIP: ""
|
|
annotations: {}
|
|
|
|
## Additional labels to add to all resources
|
|
customLabels: {}
|
|
# app: kube-state-metrics
|
|
|
|
## Override selector labels
|
|
selectorOverride: {}
|
|
|
|
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
|
|
releaseLabel: false
|
|
|
|
hostNetwork: false
|
|
|
|
rbac:
|
|
# If true, create & use RBAC resources
|
|
create: true
|
|
|
|
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
|
|
# useExistingRole: your-existing-role
|
|
|
|
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
|
|
useClusterRole: true
|
|
|
|
# Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration
|
|
# Example:
|
|
# - apiGroups: ["monitoring.coreos.com"]
|
|
# resources: ["prometheuses"]
|
|
# verbs: ["list", "watch"]
|
|
extraRules: []
|
|
|
|
# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled).
|
|
# The requests are served through the same service but requests are then HTTPS.
|
|
kubeRBACProxy:
|
|
enabled: false
|
|
image:
|
|
registry: quay.io
|
|
repository: brancz/kube-rbac-proxy
|
|
tag: v0.18.0
|
|
sha: ""
|
|
pullPolicy: IfNotPresent
|
|
|
|
# List of additional cli arguments to configure kube-rbac-prxy
|
|
# for example: --tls-cipher-suites, --log-file, etc.
|
|
# all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
|
|
extraArgs: []
|
|
|
|
## Specify security settings for a Container
|
|
## Allows overrides and additional options compared to (Pod) securityContext
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
containerSecurityContext:
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 64Mi
|
|
# requests:
|
|
# cpu: 10m
|
|
# memory: 32Mi
|
|
|
|
## volumeMounts enables mounting custom volumes in rbac-proxy containers
|
|
## Useful for TLS certificates and keys
|
|
volumeMounts: []
|
|
# - mountPath: /etc/tls
|
|
# name: kube-rbac-proxy-tls
|
|
# readOnly: true
|
|
|
|
serviceAccount:
|
|
# Specifies whether a ServiceAccount should be created, require rbac true
|
|
create: true
|
|
# The name of the ServiceAccount to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name:
|
|
# Reference to one or more secrets to be used when pulling images
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
imagePullSecrets: []
|
|
# ServiceAccount annotations.
|
|
# Use case: AWS EKS IAM roles for service accounts
|
|
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
|
|
annotations: {}
|
|
# If false then the user will opt out of automounting API credentials.
|
|
automountServiceAccountToken: true
|
|
|
|
prometheus:
|
|
monitor:
|
|
enabled: false
|
|
annotations: {}
|
|
additionalLabels: {}
|
|
namespace: ""
|
|
namespaceSelector: []
|
|
jobLabel: ""
|
|
targetLabels: []
|
|
podTargetLabels: []
|
|
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
|
|
##
|
|
sampleLimit: 0
|
|
|
|
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
|
|
##
|
|
targetLimit: 0
|
|
|
|
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
|
##
|
|
labelLimit: 0
|
|
|
|
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
|
##
|
|
labelNameLengthLimit: 0
|
|
|
|
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
|
##
|
|
labelValueLengthLimit: 0
|
|
selectorOverride: {}
|
|
|
|
## kube-state-metrics endpoint
|
|
http:
|
|
interval: ""
|
|
scrapeTimeout: ""
|
|
proxyUrl: ""
|
|
## Whether to enable HTTP2 for servicemonitor
|
|
enableHttp2: false
|
|
honorLabels: false
|
|
metricRelabelings: []
|
|
relabelings: []
|
|
scheme: ""
|
|
## File to read bearer token for scraping targets
|
|
bearerTokenFile: ""
|
|
## Secret to mount to read bearer token for scraping targets. The secret needs
|
|
## to be in the same namespace as the service monitor and accessible by the
|
|
## Prometheus Operator
|
|
bearerTokenSecret: {}
|
|
# name: secret-name
|
|
# key: key-name
|
|
tlsConfig: {}
|
|
|
|
## selfMonitor endpoint
|
|
metrics:
|
|
interval: ""
|
|
scrapeTimeout: ""
|
|
proxyUrl: ""
|
|
## Whether to enable HTTP2 for servicemonitor
|
|
enableHttp2: false
|
|
honorLabels: false
|
|
metricRelabelings: []
|
|
relabelings: []
|
|
scheme: ""
|
|
## File to read bearer token for scraping targets
|
|
bearerTokenFile: ""
|
|
## Secret to mount to read bearer token for scraping targets. The secret needs
|
|
## to be in the same namespace as the service monitor and accessible by the
|
|
## Prometheus Operator
|
|
bearerTokenSecret: {}
|
|
# name: secret-name
|
|
# key: key-name
|
|
tlsConfig: {}
|
|
|
|
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
|
##
|
|
podSecurityPolicy:
|
|
enabled: false
|
|
annotations: {}
|
|
## Specify pod annotations
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
|
##
|
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
|
|
|
additionalVolumes: []
|
|
|
|
## Configure network policy for kube-state-metrics
|
|
networkPolicy:
|
|
enabled: false
|
|
# networkPolicy.flavor -- Flavor of the network policy to use.
|
|
# Can be:
|
|
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
|
|
# * cilium for cilium.io/v2/CiliumNetworkPolicy
|
|
flavor: kubernetes
|
|
|
|
## Configure the cilium network policy kube-apiserver selector
|
|
# cilium:
|
|
# kubeApiServerSelector:
|
|
# - toEntities:
|
|
# - kube-apiserver
|
|
|
|
# egress:
|
|
# - {}
|
|
# ingress:
|
|
# - {}
|
|
# podSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/name: kube-state-metrics
|
|
|
|
securityContext:
|
|
enabled: true
|
|
runAsGroup: 65534
|
|
runAsUser: 65534
|
|
fsGroup: 65534
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
## Specify security settings for a Container
|
|
## Allows overrides and additional options compared to (Pod) securityContext
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
containerSecurityContext:
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
|
|
## Node labels for pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
nodeSelector: {}
|
|
|
|
## Affinity settings for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
affinity: {}
|
|
|
|
## Tolerations for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
tolerations: []
|
|
|
|
## Topology spread constraints for pod assignment
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
topologySpreadConstraints: []
|
|
|
|
# Annotations to be added to the deployment/statefulset
|
|
annotations: {}
|
|
|
|
# Annotations to be added to the pod
|
|
podAnnotations: {}
|
|
|
|
# Labels to be added to the pod
|
|
podLabels: {}
|
|
|
|
## Assign a PriorityClassName to pods if set
|
|
# priorityClassName: ""
|
|
|
|
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
podDisruptionBudget: {}
|
|
|
|
# Comma-separated list of metrics to be exposed.
|
|
# This list comprises of exact metric names and/or regex patterns.
|
|
# The allowlist and denylist are mutually exclusive.
|
|
metricAllowlist: []
|
|
|
|
# Comma-separated list of metrics not to be enabled.
|
|
# This list comprises of exact metric names and/or regex patterns.
|
|
# The allowlist and denylist are mutually exclusive.
|
|
metricDenylist: []
|
|
|
|
# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
|
|
# labels metric. By default the metric contains only name and namespace labels.
|
|
# To include additional labels, provide a list of resource names in their plural form and Kubernetes
|
|
# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
|
|
# A single '*' can be provided per resource instead to allow any labels, but that has
|
|
# severe performance implications (Example: '=pods=[*]').
|
|
metricLabelsAllowlist: []
|
|
# - namespaces=[k8s-label-1,k8s-label-n]
|
|
|
|
# Comma-separated list of Kubernetes annotations keys that will be used in the resource'
|
|
# labels metric. By default the metric contains only name and namespace labels.
|
|
# To include additional annotations provide a list of resource names in their plural form and Kubernetes
|
|
# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'.
|
|
# A single '*' can be provided per resource instead to allow any annotations, but that has
|
|
# severe performance implications (Example: '=pods=[*]').
|
|
metricAnnotationsAllowList: []
|
|
# - pods=[k8s-annotation-1,k8s-annotation-n]
|
|
|
|
# Available collectors for kube-state-metrics.
|
|
# By default, all available resources are enabled, comment out to disable.
|
|
collectors:
|
|
- certificatesigningrequests
|
|
- configmaps
|
|
- cronjobs
|
|
- daemonsets
|
|
- deployments
|
|
- endpoints
|
|
- horizontalpodautoscalers
|
|
- ingresses
|
|
- jobs
|
|
- leases
|
|
- limitranges
|
|
- mutatingwebhookconfigurations
|
|
- namespaces
|
|
- networkpolicies
|
|
- nodes
|
|
- persistentvolumeclaims
|
|
- persistentvolumes
|
|
- poddisruptionbudgets
|
|
- pods
|
|
- replicasets
|
|
- replicationcontrollers
|
|
- resourcequotas
|
|
- secrets
|
|
- services
|
|
- statefulsets
|
|
- storageclasses
|
|
- validatingwebhookconfigurations
|
|
- volumeattachments
|
|
|
|
# Enabling kubeconfig will pass the --kubeconfig argument to the container
|
|
kubeconfig:
|
|
enabled: false
|
|
# base64 encoded kube-config file
|
|
secret:
|
|
|
|
# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics
|
|
customResourceState:
|
|
enabled: false
|
|
# Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules
|
|
config: {}
|
|
|
|
# Enable only the release namespace for collecting resources. By default all namespaces are collected.
|
|
# If releaseNamespace and namespaces are both set a merged list will be collected.
|
|
releaseNamespace: false
|
|
|
|
# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
|
|
namespaces: ""
|
|
|
|
# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
|
|
# only namespaces that are excluded in namespaces-denylist will be used.
|
|
namespacesDenylist: ""
|
|
|
|
## Override the deployment namespace
|
|
##
|
|
namespaceOverride: ""
|
|
|
|
resources: {}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 64Mi
|
|
# requests:
|
|
# cpu: 10m
|
|
# memory: 32Mi
|
|
|
|
## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
|
|
## For example: kubeTargetVersionOverride: 1.14.9
|
|
##
|
|
kubeTargetVersionOverride: ""
|
|
|
|
# Enable self metrics configuration for service and Service Monitor
|
|
# Default values for telemetry configuration can be overridden
|
|
# If you set telemetryNodePort, you must also set service.type to NodePort
|
|
selfMonitor:
|
|
enabled: false
|
|
# telemetryHost: 0.0.0.0
|
|
# telemetryPort: 8081
|
|
# telemetryNodePort: 0
|
|
|
|
# Enable vertical pod autoscaler support for kube-state-metrics
|
|
verticalPodAutoscaler:
|
|
enabled: false
|
|
|
|
# Recommender responsible for generating recommendation for the object.
|
|
# List should be empty (then the default recommender will generate the recommendation)
|
|
# or contain exactly one recommender.
|
|
# recommenders: []
|
|
# - name: custom-recommender-performance
|
|
|
|
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
|
|
controlledResources: []
|
|
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
|
|
# controlledValues: RequestsAndLimits
|
|
|
|
# Define the max allowed resources for the pod
|
|
maxAllowed: {}
|
|
# cpu: 200m
|
|
# memory: 100Mi
|
|
# Define the min allowed resources for the pod
|
|
minAllowed: {}
|
|
# cpu: 200m
|
|
# memory: 100Mi
|
|
|
|
# updatePolicy:
|
|
# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
|
|
# minReplicas: 1
|
|
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
|
|
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
|
|
# updateMode: Auto
|
|
|
|
# volumeMounts are used to add custom volume mounts to deployment.
|
|
# See example below
|
|
volumeMounts: []
|
|
# - mountPath: /etc/config
|
|
# name: config-volume
|
|
|
|
# volumes are used to add custom volumes to deployment
|
|
# See example below
|
|
volumes: []
|
|
# - configMap:
|
|
# name: cm-for-volume
|
|
# name: config-volume
|
|
|
|
# Extra manifests to deploy as an array
|
|
extraManifests: []
|
|
# - apiVersion: v1
|
|
# kind: ConfigMap
|
|
# metadata:
|
|
# labels:
|
|
# name: prometheus-extra
|
|
# data:
|
|
# extra-data: "value"
|
|
|
|
## Containers allows injecting additional containers.
|
|
containers: []
|
|
# - name: crd-init
|
|
# image: kiwigrid/k8s-sidecar:latest
|
|
|
|
## InitContainers allows injecting additional initContainers.
|
|
initContainers: []
|
|
# - name: crd-sidecar
|
|
# image: kiwigrid/k8s-sidecar:latest
|
|
|
|
## Settings for startup, liveness and readiness probes
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
|
|
##
|
|
|
|
## Startup probe can optionally be enabled.
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
failureThreshold: 3
|
|
httpGet:
|
|
httpHeaders: []
|
|
scheme: http
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 5
|
|
|
|
## Liveness probe
|
|
##
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
httpHeaders: []
|
|
scheme: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 5
|
|
|
|
## Readiness probe
|
|
##
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
httpHeaders: []
|
|
scheme: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 5
|