From 2fc70b5319014a8e12c4cbb91e933c3b44e0dab3 Mon Sep 17 00:00:00 2001 From: Pablo Galego Date: Mon, 5 Jul 2021 18:21:15 +0200 Subject: [PATCH] [bitnami/*] Adapt values.yaml of fluentd, grafana and grafana-operator charts (#6827) * Adapt fluentd values.yaml to readme-generator * Reorganize fluentd values.yaml in sections * Fix typos in fluentd values.yaml * Generate fluentd README * Adapt grafana values.yaml to readme-generator * Reorganize grafana valuues in sections * Generate Grafana README * Adapt grafana-operator values.yaml to readme-generator * Reorganize grafana-operator values in sections * Generate grafana-operator README * Bump patch version in charts * Fix supplementalGroups description * Bump grafana chart patch version * Add values.yaml paths to Github Actions workflow * Fix description in grafana-operator README --- .github/workflows/generate-chart-readme.yml | 3 + bitnami/fluentd/Chart.yaml | 2 +- bitnami/fluentd/README.md | 366 ++++++----- bitnami/fluentd/values.yaml | 688 ++++++++++---------- bitnami/grafana-operator/Chart.yaml | 2 +- bitnami/grafana-operator/README.md | 277 ++++---- bitnami/grafana-operator/values.yaml | 373 +++++++---- bitnami/grafana/Chart.yaml | 2 +- bitnami/grafana/README.md | 297 +++++---- bitnami/grafana/values.yaml | 467 +++++++------ 10 files changed, 1329 insertions(+), 1148 deletions(-) diff --git a/.github/workflows/generate-chart-readme.yml b/.github/workflows/generate-chart-readme.yml index 0d34875922..3df8244a99 100644 --- a/.github/workflows/generate-chart-readme.yml +++ b/.github/workflows/generate-chart-readme.yml @@ -9,6 +9,9 @@ on: - 'bitnami/dokuwiki/values.yaml' - 'bitnami/drupal/values.yaml' - 'bitnami/ejbca/values.yaml' + - 'bitnami/fluentd/values.yaml' + - 'bitnami/grafana/values.yaml' + - 'bitnami/grafana-operator/values.yaml' jobs: generate-chart-readme: diff --git a/bitnami/fluentd/Chart.yaml b/bitnami/fluentd/Chart.yaml index 64ca4a5701..5dbb6900a5 100644 --- a/bitnami/fluentd/Chart.yaml +++ b/bitnami/fluentd/Chart.yaml @@ -25,4 +25,4 @@ name: fluentd sources: - https://github.com/bitnami/bitnami-docker-fluentd - https://www.fluentd.org/ -version: 4.0.2 +version: 4.0.3 diff --git a/bitnami/fluentd/README.md b/bitnami/fluentd/README.md index a78d09f7f9..beb563c946 100644 --- a/bitnami/fluentd/README.md +++ b/bitnami/fluentd/README.md @@ -48,179 +48,201 @@ The command removes all the Kubernetes components associated with the chart and ## Parameters -The following tables lists the configurable parameters of the fluentd chart and their default values. +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `nil` | + + +### Common parameters + +| Name | Description | Value | +| ------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname template | `nil` | +| `clusterDomain` | Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | + + +### Fluentd parameters + +| Name | Description | Value | +| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | +| `image.registry` | Fluentd image registry | `docker.io` | +| `image.repository` | Fluentd image repository | `bitnami/fluentd` | +| `image.tag` | Fluentd image tag (immutable tags are recommended) | `1.13.1-debian-10-r0` | +| `image.pullPolicy` | Fluentd image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Fluentd image pull secrets | `[]` | +| `forwarder.enabled` | Enable forwarder daemonset | `true` | +| `forwarder.daemonUser` | Forwarder daemon user and group (set to root by default because it reads from host paths) | `root` | +| `forwarder.daemonGroup` | Fluentd forwarder daemon system group | `root` | +| `forwarder.hostAliases` | Add deployment host aliases | `[]` | +| `forwarder.securityContext.enabled` | Enable security context for forwarder pods | `true` | +| `forwarder.securityContext.runAsUser` | User ID for forwarder's containers | `0` | +| `forwarder.securityContext.runAsGroup` | Group ID for forwarder's containers | `0` | +| `forwarder.securityContext.fsGroup` | Group ID for forwarder's containers filesystem | `0` | +| `forwarder.containerSecurityContext.enabled` | Enable security context for the forwarder container | `true` | +| `forwarder.containerSecurityContext.privileged` | Run as privileged | `false` | +| `forwarder.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation | `false` | +| `forwarder.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | +| `forwarder.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | +| `forwarder.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | +| `forwarder.configMap` | Name of the config map that contains the Fluentd configuration files | `nil` | +| `forwarder.configMapFiles` | Files to be added to be config map. Ignored if `forwarder.configMap` is set | `{}` | +| `forwarder.extraArgs` | Extra arguments for the Fluentd command line | `""` | +| `forwarder.extraEnv` | Extra environment variables to pass to the container | `[]` | +| `forwarder.containerPorts` | Ports the forwarder containers will listen on | `[]` | +| `forwarder.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the forwarders | `ClusterIP` | +| `forwarder.service.ports` | Array containing the forwarder service ports | `{}` | +| `forwarder.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) | `nil` | +| `forwarder.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `forwarder.service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `forwarder.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `forwarder.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `forwarder.livenessProbe.httpGet.path` | Request path for livenessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `forwarder.livenessProbe.httpGet.port` | Port for livenessProbe | `http` | +| `forwarder.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `forwarder.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `forwarder.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `forwarder.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `forwarder.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `forwarder.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `forwarder.readinessProbe.httpGet.path` | Request path for readinessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `forwarder.readinessProbe.httpGet.port` | Port for readinessProbe | `http` | +| `forwarder.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `forwarder.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `forwarder.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `forwarder.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `forwarder.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `forwarder.updateStrategy.type` | Set up update strategy. | `RollingUpdate` | +| `forwarder.resources.limits` | The resources limits for the container | `{}` | +| `forwarder.resources.requests` | The requested resources for the container | `{}` | +| `forwarder.priorityClassName` | Set Priority Class Name to allow priority control over other pods | `""` | +| `forwarder.podAffinityPreset` | Forwarder Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `forwarder.podAntiAffinityPreset` | Forwarder Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `forwarder.nodeAffinityPreset.type` | Forwarder Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `forwarder.nodeAffinityPreset.key` | Forwarder Node label key to match Ignored if `affinity` is set. | `""` | +| `forwarder.nodeAffinityPreset.values` | Forwarder Node label values to match. Ignored if `affinity` is set. | `[]` | +| `forwarder.affinity` | Forwarder Affinity for pod assignment | `{}` | +| `forwarder.nodeSelector` | Forwarder Node labels for pod assignment | `{}` | +| `forwarder.tolerations` | Forwarder Tolerations for pod assignment | `[]` | +| `forwarder.podAnnotations` | Pod annotations | `{}` | +| `forwarder.podLabels` | Extra labels to add to Pod | `{}` | +| `forwarder.serviceAccount.create` | Specify whether a ServiceAccount should be created. | `true` | +| `forwarder.serviceAccount.name` | The name of the ServiceAccount to create | `nil` | +| `forwarder.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `forwarder.rbac.create` | Specify whether RBAC resources should be created and used, allowing the get, watch and list of pods/namespaces | `true` | +| `forwarder.rbac.pspEnabled` | Specify whether the bundled Pod Security Policy should be created and bound with RBAC | `false` | +| `forwarder.persistence.enabled` | Enable persistence volume for the forwarder | `false` | +| `forwarder.persistence.hostPath.path` | Directory from the host node's filesystem to mount as hostPath volume for persistence. | `/opt/bitnami/fluentd/logs/buffers` | +| `forwarder.initContainers` | Additional init containers to add to the pods | `[]` | +| `forwarder.sidecars` | Add sidecars to forwarder pods | `[]` | +| `forwarder.extraVolumes` | Extra volumes | `nil` | +| `forwarder.extraVolumeMounts` | Mount extra volume(s) | `nil` | +| `aggregator.enabled` | Enable Fluentd aggregator daemonset | `true` | +| `aggregator.replicaCount` | Number of aggregator pods to deploy in the Stateful Set | `1` | +| `aggregator.securityContext.enabled` | Enable security context for aggregator pods | `true` | +| `aggregator.securityContext.runAsUser` | User ID for aggregator's containers | `1001` | +| `aggregator.securityContext.runAsGroup` | Group ID for aggregator's containers | `1001` | +| `aggregator.securityContext.fsGroup` | Group ID for aggregator's containers filesystem | `1001` | +| `aggregator.hostAliases` | Add deployment host aliases | `[]` | +| `aggregator.containerSecurityContext.enabled` | Enable security context for the aggregator container | `true` | +| `aggregator.containerSecurityContext.privileged` | Run as privileged | `false` | +| `aggregator.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation | `false` | +| `aggregator.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | +| `aggregator.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | +| `aggregator.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | +| `aggregator.configMap` | Name of the config map that contains the Fluentd configuration files | `nil` | +| `aggregator.configMapFiles` | Files to be added to be config map. Ignored if `aggregator.configMap` is set | `{}` | +| `aggregator.port` | Port the Aggregator container will listen for logs. Leave it blank to ignore. | `24224` | +| `aggregator.extraArgs` | Extra arguments for the Fluentd command line | `""` | +| `aggregator.extraEnv` | Extra environment variables to pass to the container | `[]` | +| `aggregator.containerPorts` | Ports the aggregator containers will listen on | `[]` | +| `aggregator.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the aggregators | `ClusterIP` | +| `aggregator.service.ports` | Array containing the aggregator service ports | `{}` | +| `aggregator.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) | `nil` | +| `aggregator.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `aggregator.service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `aggregator.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `aggregator.ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `aggregator.ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | +| `aggregator.ingress.pathType` | Ingress Path type. How the path matching is interpreted | `ImplementationSpecific` | +| `aggregator.ingress.apiVersion` | Override API Version (automatically detected if not set) | `nil` | +| `aggregator.ingress.hostname` | Default host for the ingress resource | `fluentd.local` | +| `aggregator.ingress.path` | Default path for the ingress resource | `ImplementationSpecific` | +| `aggregator.ingress.annotations` | Ingress annotations | `{}` | +| `aggregator.ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | +| `aggregator.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `aggregator.ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `aggregator.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `aggregator.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `aggregator.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `aggregator.livenessProbe.httpGet.path` | Request path for livenessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `aggregator.livenessProbe.httpGet.port` | Port for livenessProbe | `http` | +| `aggregator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `aggregator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `aggregator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `aggregator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `aggregator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `aggregator.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `aggregator.readinessProbe.httpGet.path` | Request path for readinessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `aggregator.readinessProbe.httpGet.port` | Port for readinessProbe | `http` | +| `aggregator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `aggregator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `aggregator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `aggregator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `aggregator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `aggregator.updateStrategy.type` | Set up update strategy. | `RollingUpdate` | +| `aggregator.resources.limits` | The resources limits for the container | `{}` | +| `aggregator.resources.requests` | The requested resources for the container | `{}` | +| `aggregator.podAffinityPreset` | Aggregator Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `aggregator.podAntiAffinityPreset` | Aggregator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `aggregator.nodeAffinityPreset.type` | Aggregator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `aggregator.nodeAffinityPreset.key` | Aggregator Node label key to match Ignored if `affinity` is set. | `""` | +| `aggregator.nodeAffinityPreset.values` | Aggregator Node label values to match. Ignored if `affinity` is set. | `[]` | +| `aggregator.affinity` | Aggregator Affinity for pod assignment | `{}` | +| `aggregator.nodeSelector` | Aggregator Node labels for pod assignment | `{}` | +| `aggregator.tolerations` | Aggregator Tolerations for pod assignment | `[]` | +| `aggregator.podAnnotations` | Pod annotations | `{}` | +| `aggregator.podLabels` | Extra labels to add to Pod | `{}` | +| `aggregator.serviceAccount.create` | Specify whether a ServiceAccount should be created | `false` | +| `aggregator.serviceAccount.name` | The name of the ServiceAccount to create | `nil` | +| `aggregator.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `aggregator.autoscaling.enabled` | Create an Horizontal Pod Autoscaler | `false` | +| `aggregator.autoscaling.minReplicas` | Minimum number of replicas for the HPA | `2` | +| `aggregator.autoscaling.maxReplicas` | Maximum number of replicas for the HPA | `5` | +| `aggregator.autoscaling.metrics` | Metrics for the HPA to manage the scaling | `[]` | +| `aggregator.persistence.enabled` | Enable persistence volume for the aggregator | `false` | +| `aggregator.persistence.storageClass` | Persistent Volume storage class | `nil` | +| `aggregator.persistence.accessMode` | Persistent Volume access mode | `ReadWriteOnce` | +| `aggregator.persistence.size` | Persistent Volume size | `10Gi` | +| `aggregator.initContainers` | Add init containers to aggregator pods | `[]` | +| `aggregator.sidecars` | Add sidecars to aggregator pods | `[]` | +| `aggregator.extraVolumes` | Extra volumes | `nil` | +| `aggregator.extraVolumeMounts` | Mount extra volume(s) | `nil` | +| `serviceAccount` | Pods Service Account. This top-level global entry is DEPRECATED. Please use "forwarder.serviceAccount" instead. | `{}` | +| `rbac` | Role Based Access. This top-level global entry is DEPRECATED. Please use "forwarder.rbac" instead. | `{}` | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.service.type` | Prometheus metrics service type | `ClusterIP` | +| `metrics.service.port` | Prometheus metrics service port | `24231` | +| `metrics.service.loadBalancerIP` | Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` | `nil` | +| `metrics.service.annotations` | Annotations for the Prometheus Exporter service service | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.labels` | ServiceMonitor extra labels | `{}` | +| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` | +| `tls.enabled` | Enable TLS/SSL encrytion for internal communications | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. | `false` | +| `tls.forwarder.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd forwarder | `nil` | +| `tls.aggregator.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd aggregator | `nil` | -| Parameter | Description | Default | -|-------------------------------------------------|----------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | Fluentd image registry | `docker.io` | -| `image.repository` | Fluentd image name | `bitnami/fluentd` | -| `image.tag` | Fluentd image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Fluentd image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | -| `nameOverride` | String to partially override fluentd.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override fluentd.fullname template with a string | `nil` | -| `clusterDomain` | Kubernetes DNS domain name to use | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` (evaluated as a template) | -| `forwarder.enabled` | Enable Fluentd forwarder | `true` | -| `forwarder.daemonUser` | Fluentd forwarder daemon system user | `root` | -| `forwarder.daemonGroup` | Fluentd forwarder daemon system group | `root` | -| `forwarder.securityContext.enabled` | Enable security context for forwarder pods | `true` | -| `forwarder.securityContext.fsGroup` | Group ID for forwarder's containers filesystem | `0` | -| `forwarder.securityContext.runAsUser` | User ID for forwarder's containers | `0` | -| `forwarder.securityContext.runAsGroup` | Group ID for forwarder's containers | `0` | -| `forwarder.securityContext.*` | Other pod security context to be included as-is in pod spec | `{}` | -| `forwarder.containerSecurityContext.enabled` | Enable security context for the forwarder container | `true` | -| `forwarder.containerSecurityContext.*` | Other container security context to be included as-is in pod spec | `{ "privileged" : false, "allowPrivilegeEscalation": false, "capabilities": { "drop": ["ALL"] } }` | -| `forwarder.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | 30 | -| `forwarder.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | -| `forwarder.configMap` | Name of the config map that contains the Fluentd configuration files | `nil` | -| `forwarder.configMapFiles` | Files to be added to be config map. Ignored if `forwarder.configMap` is set | `Check values.yaml` | -| `forwarder.hostAliases` | Add deployment host aliases | `[]` | -| `forwarder.extraArgs` | Extra arguments for the Fluentd command line | `nil` | -| `forwarder.priorityClassName` | Set Pods Priority Class | `nil` | -| `forwarder.extraEnv` | Extra environment variables to pass to the container | `[]` | -| `forwarder.containerPorts` | Ports the forwarder containers will listen on | `Check values.yaml` | -| `forwarder.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the forwarders | `ClusterIP` | -| `forwarder.service.ports` | Array containing the forwarder service ports | `Check values.yaml file` | -| `forwarder.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `forwarder.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `forwarder.service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `forwarder.service.annotations` | Annotations for the forwarder service | `{}` | -| `forwarder.persistence.enabled` | Enable persistence volume for the forwarder | `false` | -| `forwarder.persistence.hostPath.path` | Directory from the host node's filesystem to mount as hostPath volume for persistence. | `false` | -| `forwarder.livenessProbe.enabled` | Enable liveness probes for the forwarder | `true` | -| `forwarder.livenessProbe.httpGet.path` | Path to access the liveness probes for the forwarder | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `forwarder.livenessProbe.httpGet.port` | Name or number of the port to access on the liveness probes for the forwarder | `http` | -| `forwarder.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | -| `forwarder.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `forwarder.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `forwarder.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `forwarder.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `forwarder.readinessProbe.enabled` | Enable readiness probes for the forwarder | `true` | -| `forwarder.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `5` | -| `forwarder.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `forwarder.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `forwarder.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `forwarder.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `forwarder.updateStrategy` | Update strategy for the forwarder DaemonSet | `RollingUpdate` | -| `forwarder.resources` | Configure resource requests and limits | `nil` | -| `forwarder.podAffinityPreset` | Forwarder Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `forwarder.podAntiAffinityPreset` | Forwarder Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `forwarder.nodeAffinityPreset.type` | Forwarder Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `forwarder.nodeAffinityPreset.key` | Forwarder Node label key to match Ignored if `affinity` is set. | `""` | -| `forwarder.nodeAffinityPreset.values` | Forwarder Node label values to match. Ignored if `affinity` is set. | `[]` | -| `forwarder.affinity` | Forwarder Affinity for pod assignment | `{}` (evaluated as a template) | -| `forwarder.nodeSelector` | Forwarder Node labels for pod assignment | `{}` (evaluated as a template) | -| `forwarder.tolerations` | Forwarder Tolerations for pod assignment | `[]` (evaluated as a template) | -| `forwarder.podAnnotations` | Pod annotations | `{}` | -| `forwarder.serviceAccount.create` | Specify whether a ServiceAccount should be created. | `true` | -| `forwarder.serviceAccount.name` | The name of the ServiceAccount to create | Generated using the `fluentd.fullname` template | -| `forwarder.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | -| `forwarder.rbac.create` | Specify whether RBAC resources should be created and used, allowing the get, watch and list of pods/namespaces | `true` | -| `forwarder.rbac.pspEnabled` | Specify whether the bundled Pod Security Policy should be created and bound with RBAC | `false` | -| `forwarder.initContainers` | Additional init containers to add to the pods | `[]` | -| `forwarder.sidecars` | Add additional containers to the pods | `[]` | -| `forwarder.extraVolumes` | Extra volumes | `nil` | -| `forwarder.extraVolumeMounts` | Mount extra volume(s) | `nil` | -| `aggregator.enabled` | Enable Fluentd aggregator | `true` | -| `aggregator.replicaCount` | Number of aggregator pods to deploy in the Stateful Set | `2` | -| `aggregator.securityContext.enabled` | Enable security context for aggregator pods | `true` | -| `aggregator.securityContext.fsGroup` | Group ID for aggregator's containers filesystem | `1001` | -| `aggregator.securityContext.runAsUser` | User ID for aggregator's containers | `1001` | -| `aggregator.securityContext.runAsGroup` | Group ID for aggregator's containers | `1001` | -| `aggregator.securityContext.*` | Other pod security context to be included as-is in pod spec | `{}` | -| `aggregator.containerSecurityContext.enabled` | Enable security context for the aggregator container | `true` | -| `aggregator.containerSecurityContext.*` | Other container security context to be included as-is in pod spec | `{ "privileged" : false, "allowPrivilegeEscalation": false, "capabilities": { "drop": ["ALL"] } }` | -| `aggregator.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | 30 | -| `aggregator.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | -| `aggregator.configMap` | Name of the config map that contains the Fluentd configuration files | `nil` | -| `aggregator.configMapFiles` | Files to be added to be config map. Ignored if `aggregator.configMap` is set | `Check values.yaml` | -| `aggregator.port` | Kubernetes Service port - Fluentd transport port for the aggregators | `24224` | -| `aggregator.extraArgs` | Extra arguments for the Fluentd command line | `nil` | -| `aggregator.extraEnv` | Extra environment variables to pass to the container | `[]` | -| `aggregator.containerPorts` | Ports the aggregator containers will listen on | `Check values.yaml` | -| `aggregator.hostAliases` | Add deployment host aliases | `[]` | -| `aggregator.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the aggregators | `ClusterIP` | -| `aggregator.service.ports` | Array containing the aggregator service ports | `Check values.yaml file` | -| `aggregator.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `aggregator.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `aggregator.service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `aggregator.service.annotations` | Annotations for the aggregator service | `{}` | -| `aggregator.ingress.enabled` | Enable ingress controller resource | `false` | -| `aggregator.ingress.certManager` | Add annotations for cert-manager | `false` | -| `aggregator.ingress.hostname` | Default host for the ingress resource | `wordpress.local` | -| `aggregator.ingress.path` | Default path for the ingress resource | `/` | -| `aggregator.ingress.pathType` | How the path matching is interpreted | `ImplementationSpecific` | -| `aggregator.ingress.tls` | Create TLS Secret | `false` | -| `aggregator.ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) | -| `aggregator.ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` | -| `aggregator.ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` | -| `aggregator.ingress.extraPaths` | Additional arbitrary path/backend objects | `nil` | -| `aggregator.ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` | -| `aggregator.ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` | -| `aggregator.ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `aggregator.ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `aggregator.ingress.secrets[0].key` | TLS Secret Key | `nil` | -| `aggregator.persistence.enabled` | Enable persistence volume for the aggregator | `false` | -| `aggregator.persistence.storageClass` | Persistent Volume storage class | `nil` | -| `aggregator.persistence.accessMode` | Persistent Volume access mode | `ReadWriteOnce` | -| `aggregator.persistence.size` | Persistent Volume size | `10Gi` | -| `aggregator.livenessProbe.enabled` | Enable liveness probes for the aggregator | `true` | -| `aggregator.livenessProbe.httpGet.path` | Path to access the liveness probes for the aggregator | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `aggregator.livenessProbe.httpGet.port` | Name or number of the port to access on the liveness probes for the aggregator | `http` | -| `aggregator.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | -| `aggregator.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `aggregator.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `aggregator.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `aggregator.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `aggregator.readinessProbe.enabled` | Enable readiness probes for the aggregator | `true` | -| `aggregator.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `5` | -| `aggregator.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `aggregator.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `aggregator.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `aggregator.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `aggregator.updateStrategy` | Update strategy for the aggregator DaemonSet | `RollingUpdate` | -| `aggregator.resources` | Configure resource requests and limits | `nil` | -| `aggregator.podAffinityPreset` | Aggregator Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `aggregator.podAntiAffinityPreset` | Aggregator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `aggregator.nodeAffinityPreset.type` | Aggregator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `aggregator.nodeAffinityPreset.key` | Aggregator Node label key to match Ignored if `affinity` is set. | `""` | -| `aggregator.nodeAffinityPreset.values` | Aggregator Node label values to match. Ignored if `affinity` is set. | `[]` | -| `aggregator.affinity` | Aggregator Affinity for pod assignment | `{}` (evaluated as a template) | -| `aggregator.nodeSelector` | Aggregator Node labels for pod assignment | `{}` (evaluated as a template) | -| `aggregator.tolerations` | Aggregator Tolerations for pod assignment | `[]` (evaluated as a template) | -| `aggregator.podAnnotations` | Pod annotations | `{}` | -| `aggregator.serviceAccount.create` | Specify whether a ServiceAccount should be created. | `false` | -| `aggregator.serviceAccount.name` | The name of the ServiceAccount to create | Generated using the `fluentd.fullname` template | -| `aggregator.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | -| `aggregator.autoscaling.enabled` | Create an Horizontal Pod Autoscaler | `false` | -| `aggregator.autoscaling.minReplicas` | Minimum number of replicas for the HPA | `2` | -| `aggregator.autoscaling.maxReplicas` | Maximum number of replicas for the HPA | `5` | -| `aggregator.autoscaling.metrics` | Metrics for the HPA to manage the scaling | `Check values.yaml` | -| `aggregator.initContainers` | Additional init containers to add to the pods | `[]` | -| `aggregator.sidecars` | Add additional containers to the pods | `[]` | -| `aggregator.extraVolumes` | Extra volumes | `nil` | -| `aggregator.extraVolumeMounts` | Mount extra volume(s) | `nil` | -| `metrics.enabled` | Enable the export of Prometheus metrics | `nil` | -| `metrics.service.type` | Prometheus metrics service type | `ClusterIP` | -| `metrics.service.loadBalancerIP` | Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` | `nil` | -| `metrics.service.port` | Prometheus metrics service port | `24231` | -| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{ prometheus.io/scrape: "true", prometheus.io/port: "80", prometheus.io/path: "_prometheus/metrics" }` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `nil` | -| `metrics.serviceMonitor.labels` | ServiceMonitor extra labels | `nil` | -| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `nil` | -| `tls.enabled` | Enable TLS/SSL encrytion for internal communications | `false` | -| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. | `false` | -| `tls.aggregator.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd aggregator | `nil` | -| `tls.forwarder.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd forwarder | `nil` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/bitnami/fluentd/values.yaml b/bitnami/fluentd/values.yaml index 9a0a3fa4e4..ba15730e82 100644 --- a/bitnami/fluentd/values.yaml +++ b/bitnami/fluentd/values.yaml @@ -1,15 +1,48 @@ +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) ## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: +## @param clusterDomain Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## @section Fluentd parameters ## Bitnami Fluentd image version ## ref: https://hub.docker.com/r/bitnami/fluentd/tags/ +## @param image.registry Fluentd image registry +## @param image.repository Fluentd image repository +## @param image.tag Fluentd image tag (immutable tags are recommended) +## @param image.pullPolicy Fluentd image pull policy +## @param image.pullSecrets Fluentd image pull secrets ## image: registry: docker.io @@ -24,57 +57,43 @@ image: ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## - # pullSecrets: - # - myRegistryKeySecretName - -## Force target Kubernetes version (using Helm capabilites if not set) -## -kubeVersion: - -## String to partially override common.names.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override common.names.fullname template -## -# fullnameOverride: - -## Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - + ## pullSecrets: + ## - myRegistryKeySecretName + pullSecrets: [] ## Forwarder parameters ## forwarder: - ## Enable forwarder daemonset + ## @param forwarder.enabled Enable forwarder daemonset ## enabled: true - - ## Forwarder daemon user and group (set to root by default because it reads from host paths) + ## @param forwarder.daemonUser Forwarder daemon user and group (set to root by default because it reads from host paths) ## daemonUser: root + ## @param forwarder.daemonGroup Fluentd forwarder daemon system group + ## daemonGroup: root - - ## Deployment pod host aliases + ## @param forwarder.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - ## K8s Security Context for forwarder pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param forwarder.securityContext.enabled Enable security context for forwarder pods + ## @param forwarder.securityContext.runAsUser User ID for forwarder's containers + ## @param forwarder.securityContext.runAsGroup Group ID for forwarder's containers + ## @param forwarder.securityContext.fsGroup Group ID for forwarder's containers filesystem ## securityContext: enabled: true runAsUser: 0 runAsGroup: 0 fsGroup: 0 - ## K8s Security Context for forwarder container ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param forwarder.containerSecurityContext.enabled Enable security context for the forwarder container + ## @param forwarder.containerSecurityContext.privileged Run as privileged + ## @param forwarder.containerSecurityContext.allowPrivilegeEscalation Allow Privilege Escalation + ## @param forwarder.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext ## containerSecurityContext: enabled: true @@ -86,24 +105,18 @@ forwarder: capabilities: drop: - ALL - - ## Duration in seconds the pod needs to terminate gracefully + ## @param forwarder.terminationGracePeriodSeconds Duration in seconds the pod needs to terminate gracefully ## https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ ## terminationGracePeriodSeconds: 30 - - ## Name of the config file that will be used by Fluentd at launch - ## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory + ## @param forwarder.configFile Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory ## configFile: fluentd.conf - - ## Name of the configMap that contains the configuration files for fluentd + ## @param forwarder.configMap Name of the config map that contains the Fluentd configuration files ## If not specified, one will be created by default ## - # configMap: - - ## Files to be added to the configMap - ## This is ignored if configMap is set + configMap: + ## @param forwarder.configMapFiles [object] Files to be added to be config map. Ignored if `forwarder.configMap` is set ## configMapFiles: fluentd.conf: | @@ -210,86 +223,88 @@ forwarder: host #{hostname} - - ## String with extra arguments for the Fluentd command line + ## @param forwarder.extraArgs Extra arguments for the Fluentd command line ## ref: https://docs.fluentd.org/deployment/command-line-option ## extraArgs: "" - - ## Extra environment variables to pass to the container + ## @param forwarder.extraEnv Extra environment variables to pass to the container ## extraEnv: ## - name: MY_ENV_VAR ## value: my_value ## extraEnv: [] - - ## Forwarder containers' ports + ## @param forwarder.containerPorts [array] Ports the forwarder containers will listen on ## containerPorts: - # - name: syslog-tcp - # containerPort: 5140 - # protocol: TCP - # - name: syslog-udp - # containerPort: 5140 - # protocol: UDP - # - name: tcp - # containerPort: 24224 - # protocol: TCP + ## - name: syslog-tcp + ## containerPort: 5140 + ## protocol: TCP + ## - name: syslog-udp + ## containerPort: 5140 + ## protocol: UDP + ## - name: tcp + ## containerPort: 24224 + ## protocol: TCP - name: http containerPort: 9880 protocol: TCP - ## Service parameters ## service: - ## Service type + ## @param forwarder.service.type Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the forwarders ## type: ClusterIP - - ## Service ports + ## @param forwarder.service.ports [object] Array containing the forwarder service ports ## ports: - # syslog-udp: - # port: 5140 - # targetPort: syslog-udp - # protocol: UDP - # nodePort: 31514 - # syslog-tcp: - # port: 5140 - # targetPort: syslog-tcp - # protocol: TCP - # nodePort: 31514 - # tcp: - # port: 24224 - # targetPort: tcp - # protocol: TCP + ## syslog-udp: + ## port: 5140 + ## targetPort: syslog-udp + ## protocol: UDP + ## nodePort: 31514 + ## syslog-tcp: + ## port: 5140 + ## targetPort: syslog-tcp + ## protocol: TCP + ## nodePort: 31514 + ## tcp: + ## port: 24224 + ## targetPort: tcp + ## protocol: TCP http: port: 9880 targetPort: http protocol: TCP - - ## loadBalancerIP for the forwarders service (optional, cloud specific) + ## @param forwarder.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## - # loadBalancerIP: - - ## Load Balancer sources + loadBalancerIP: + ## @param forwarder.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - - ## Set the Cluster IP to use - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 ## - # clusterIP: None - - ## Provide any additional annotations which may be required + loadBalancerSourceRanges: [] + ## @param forwarder.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## e.g: + ## clusterIP: None + ## + clusterIP: + ## @param forwarder.service.annotations Provide any additional annotations which may be required ## annotations: {} - - ## Forwarder containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param forwarder.livenessProbe.enabled Enable livenessProbe + ## @param forwarder.livenessProbe.httpGet.path Request path for livenessProbe + ## @param forwarder.livenessProbe.httpGet.port Port for livenessProbe + ## @param forwarder.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param forwarder.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param forwarder.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param forwarder.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param forwarder.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -301,6 +316,17 @@ forwarder: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param forwarder.readinessProbe.enabled Enable readinessProbe + ## @param forwarder.readinessProbe.httpGet.path Request path for readinessProbe + ## @param forwarder.readinessProbe.httpGet.port Port for readinessProbe + ## @param forwarder.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param forwarder.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param forwarder.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param forwarder.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param forwarder.readinessProbe.successThreshold Success threshold for readinessProbe + ## readinessProbe: enabled: true httpGet: @@ -311,131 +337,116 @@ forwarder: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 - - ## Set up update strategy. + ## @param forwarder.updateStrategy.type Set up update strategy. ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy ## Example: - # updateStrategy: - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## updateStrategy: type: RollingUpdate - ## Forwarder containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param forwarder.resources.limits The resources limits for the container + ## @param forwarder.resources.requests The requested resources for the container ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 500m + ## memory: 1Gi limits: {} - # cpu: 500m - # memory: 1Gi + ## Examples: + ## requests: + ## cpu: 300m + ## memory: 512Mi requests: {} - # cpu: 300m - # memory: 512Mi - - ## Set Priority Class Name to allow priority control over other pods + ## @param forwarder.priorityClassName Set Priority Class Name to allow priority control over other pods ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" - - ## Pod affinity preset + ## @param forwarder.podAffinityPreset Forwarder Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard ## podAffinityPreset: "" - - ## Pod anti-affinity preset + ## @param forwarder.podAntiAffinityPreset Forwarder Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard ## podAntiAffinityPreset: "" - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard + ## @param forwarder.nodeAffinityPreset.type Forwarder Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" - ## Node label key to match + ## @param forwarder.nodeAffinityPreset.key Forwarder Node label key to match Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" - ## Node label values to match + ## @param forwarder.nodeAffinityPreset.values Forwarder Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - - ## Affinity for pod assignment + ## @param forwarder.affinity Forwarder Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} - - ## Node labels for pod assignment + ## @param forwarder.nodeSelector Forwarder Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param forwarder.tolerations Forwarder Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## Pod annotations + ## @param forwarder.podAnnotations Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - - ## Extra labels to add to Pod + ## @param forwarder.podLabels Extra labels to add to Pod ## podLabels: {} - ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: - ## Specifies whether a ServiceAccount should be created + ## @param forwarder.serviceAccount.create Specify whether a ServiceAccount should be created. ## create: true - ## The name of the ServiceAccount to use. + ## @param forwarder.serviceAccount.name The name of the ServiceAccount to create ## If not set and create is true, a name is generated using the common.names.fullname template - # name: - ## Annotations for the Service Account (evaluated as a template) + name: + ## @param forwarder.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} - ## Role Based Access ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ + ## @param forwarder.rbac.create Specify whether RBAC resources should be created and used, allowing the get, watch and list of pods/namespaces + ## @param forwarder.rbac.pspEnabled Specify whether the bundled Pod Security Policy should be created and bound with RBAC ## rbac: create: true pspEnabled: false - - ## Add init containers to forwarder pods - ## For example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## - ## Persist data to a persistent volume ## persistence: + ## @param forwarder.persistence.enabled Enable persistence volume for the forwarder + ## enabled: false - ## If persistence enabled, a hostPath volume mounts a directory of your choice from the host node's filesystem into your Pod. + ## @param forwarder.persistence.hostPath.path Directory from the host node's filesystem to mount as hostPath volume for persistence. ## The host directory you chose is mounted into /opt/bitnami/fluentd/logs/buffers in your Pod ## Example use case: mount host directory /tmp/buffer (if the directory doesn't exist, it creates it) into forwarder pod. ## persistence: @@ -445,10 +456,15 @@ forwarder: ## hostPath: path: /opt/bitnami/fluentd/logs/buffers - + ## @param forwarder.initContainers Additional init containers to add to the pods + ## For example: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## initContainers: [] - - ## Add sidecars to forwarder pods + ## @param forwarder.sidecars Add sidecars to forwarder pods ## ## For example: ## sidecars: @@ -460,44 +476,49 @@ forwarder: ## containerPort: 1234 ## sidecars: [] - - ## Extra volumes to mount + ## @param forwarder.extraVolumes Extra volumes ## Example Use Case: mount systemd journal volume - # extraVolumes: - # - name: systemd - # hostPath: - # path: /run/log/journal/ - # - # extraVolumeMounts: - # - name: systemd - # mountPath: /run/log/journal/ - + ## - name: systemd + ## hostPath: + ## path: /run/log/journal/ + ## + extraVolumes: + ## @param forwarder.extraVolumeMounts Mount extra volume(s) + ## - name: systemd + ## mountPath: /run/log/journal/ + ## + extraVolumeMounts: ## Aggregator parameters ## aggregator: - ## Enable Aggregator daemonset + ## @param aggregator.enabled Enable Fluentd aggregator daemonset ## enabled: true - ## Number of Aggregator replicas + ## @param aggregator.replicaCount Number of aggregator pods to deploy in the Stateful Set ## replicaCount: 1 - ## K8s Security Context for Aggregator pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param aggregator.securityContext.enabled Enable security context for aggregator pods + ## @param aggregator.securityContext.runAsUser User ID for aggregator's containers + ## @param aggregator.securityContext.runAsGroup Group ID for aggregator's containers + ## @param aggregator.securityContext.fsGroup Group ID for aggregator's containers filesystem ## securityContext: enabled: true runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 - - ## Deployment pod host aliases + ## @param aggregator.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - ## K8s Security Context for Aggregator containers ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param aggregator.containerSecurityContext.enabled Enable security context for the aggregator container + ## @param aggregator.containerSecurityContext.privileged Run as privileged + ## @param aggregator.containerSecurityContext.allowPrivilegeEscalation Allow Privilege Escalation + ## @param aggregator.containerSecurityContext.capabilities.drop [array] Drop capabilities for the securityContext ## containerSecurityContext: enabled: true @@ -509,24 +530,17 @@ aggregator: capabilities: drop: - ALL - - ## Duration in seconds the pod needs to terminate gracefully + ## @param aggregator.terminationGracePeriodSeconds Duration in seconds the pod needs to terminate gracefully ## https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ ## terminationGracePeriodSeconds: 30 - - ## Name of the config file that will be used by Fluentd at launch - ## Fluentd will look for it under the /opt/bitnami/fluentd/conf directory + ## @param aggregator.configFile Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory ## configFile: fluentd.conf - - ## Name of the configMap that contains the configuration files for fluentd - ## If not specified, one will be created by default + ## @param aggregator.configMap Name of the config map that contains the Fluentd configuration files ## - # configMap: - - ## Files to be added to the configMap - ## This is ignored if configMap is set + configMap: + ## @param aggregator.configMapFiles [object] Files to be added to be config map. Ignored if `aggregator.configMap` is set ## configMapFiles: fluentd.conf: | @@ -598,24 +612,21 @@ aggregator: - ## Port the Aggregator container will listen for logs. Leave it blank to ignore. + ## @param aggregator.port Port the Aggregator container will listen for logs. Leave it blank to ignore. ## You can specify other ports in the aggregator.containerPorts parameter ## port: 24224 - - ## String with extra arguments for the Fluentd command line + ## @param aggregator.extraArgs Extra arguments for the Fluentd command line ## ref: https://docs.fluentd.org/deployment/command-line-option ## extraArgs: "" - - ## Extra environment variables to pass to the container + ## @param aggregator.extraEnv Extra environment variables to pass to the container ## extraEnv: ## - name: MY_ENV_VAR ## value: my_value ## extraEnv: [] - - ## Aggregator containers' ports + ## @param aggregator.containerPorts [array] Ports the aggregator containers will listen on ## containerPorts: # - name: my-port @@ -624,15 +635,13 @@ aggregator: - name: http containerPort: 9880 protocol: TCP - ## Service parameters ## service: - ## Service type + ## @param aggregator.service.type Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the aggregators ## type: ClusterIP - - ## Service ports + ## @param aggregator.service.ports [object] Array containing the aggregator service ports ## ports: http: @@ -643,79 +652,69 @@ aggregator: port: 24224 targetPort: tcp protocol: TCP - - ## loadBalancerIP for the forwarders service (optional, cloud specific) + ## @param aggregator.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## - # loadBalancerIP: - - ## Load Balancer sources + loadBalancerIP: + ## @param aggregator.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - - ## Set the Cluster IP to use + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + loadBalancerSourceRanges: [] + ## @param aggregator.service.clusterIP Static clusterIP or None for headless services ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## e.g: + ## clusterIP: None ## - # clusterIP: None - - ## Provide any additional annotations which may be required + clusterIP: + ## @param aggregator.service.annotations Provide any additional annotations which may be required ## annotations: {} - ## Configure the ingress resource that allows you to access the ## Fluentd aggregator. Set up the URL ## ref: http://kubernetes.io/docs/user-guide/ingress/ ## ingress: - ## Set to true to enable ingress record generation + ## @param aggregator.ingress.enabled Set to true to enable ingress record generation ## enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager + ## @param aggregator.ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager ## certManager: false - - ## Ingress Path type + ## @param aggregator.ingress.pathType Ingress Path type. How the path matching is interpreted ## pathType: ImplementationSpecific - - ## Override API Version (automatically detected if not set) + ## @param aggregator.ingress.apiVersion Override API Version (automatically detected if not set) ## apiVersion: - - ## When the ingress is enabled, a host pointing to this will be created + ## @param aggregator.ingress.hostname Default host for the ingress resource ## hostname: fluentd.local - - ## The Path to WordPress. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. + ## @param aggregator.ingress.path Default path for the ingress resource + ## You may need to set this to '/*' in order to use this with ALB ingress controllers. ## path: / - - ## Ingress annotations done as key:value pairs + ## @param aggregator.ingress.annotations Ingress annotations ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set ## annotations: {} - - ## Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## @param aggregator.ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.aggregator.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false - - ## The list of additional hostnames to be covered with this ingress record. + ## @param aggregator.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: fluentd.local ## path: / ## - - ## Any additional arbitrary paths that may need to be added to the ingress under the main host. + extraHosts: [] + ## @param aggregator.ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* @@ -723,16 +722,16 @@ aggregator: ## serviceName: ssl-redirect ## servicePort: use-annotation ## - - ## The tls configuration for additional hostnames to be covered with this ingress record. + extraPaths: [] + ## @param aggregator.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - fluentd.local ## secretName: fluentd.local-tls ## - - ## If you're providing your own certificates, please use this to add the certificates as secrets + extraTls: [] + ## @param aggregator.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## @@ -741,15 +740,22 @@ aggregator: ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information - ## - secrets: [] + ## e.g: ## - name: fluentd.local-tls ## key: ## certificate: ## - - ## Configure extra options for liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + secrets: [] + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param aggregator.livenessProbe.enabled Enable livenessProbe + ## @param aggregator.livenessProbe.httpGet.path Request path for livenessProbe + ## @param aggregator.livenessProbe.httpGet.port Port for livenessProbe + ## @param aggregator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param aggregator.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param aggregator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param aggregator.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param aggregator.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -761,6 +767,17 @@ aggregator: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param aggregator.readinessProbe.enabled Enable readinessProbe + ## @param aggregator.readinessProbe.httpGet.path Request path for readinessProbe + ## @param aggregator.readinessProbe.httpGet.port Port for readinessProbe + ## @param aggregator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param aggregator.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param aggregator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param aggregator.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param aggregator.readinessProbe.successThreshold Success threshold for readinessProbe + ## readinessProbe: enabled: true httpGet: @@ -771,108 +788,101 @@ aggregator: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 - - ## Set up update strategy. + ## @param aggregator.updateStrategy.type Set up update strategy. ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets ## Example: - # updateStrategy: - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 25% - # maxUnavailable: 25% + ## updateStrategy: + ## type: RollingUpdate + ## rollingUpdate: + ## maxSurge: 25% + ## maxUnavailable: 25% + ## updateStrategy: type: RollingUpdate - ## Aggregator containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param aggregator.resources.limits The resources limits for the container + ## @param aggregator.resources.requests The requested resources for the container ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 500m + ## memory: 1Gi limits: {} - # cpu: 500m - # memory: 1Gi + ## Examples: + ## requests: + ## cpu: 300m + ## memory: 512Mi requests: {} - # cpu: 300m - # memory: 512Mi - - ## Pod affinity preset + ## @param aggregator.podAffinityPreset Aggregator Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard ## podAffinityPreset: "" - - ## Pod anti-affinity preset + ## @param aggregator.podAntiAffinityPreset Aggregator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard + ## @param aggregator.nodeAffinityPreset.type Aggregator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" + ## @param aggregator.nodeAffinityPreset.key Aggregator Node label key to match Ignored if `affinity` is set. ## key: "" - ## Node label values to match + ## @param aggregator.nodeAffinityPreset.values Aggregator Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - - ## Affinity for pod assignment + ## @param aggregator.affinity Aggregator Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} - - ## Node labels for pod assignment + ## @param aggregator.nodeSelector Aggregator Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param aggregator.tolerations Aggregator Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## Pod annotations + ## @param aggregator.podAnnotations Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - - ## Extra labels to add to Pod + ## @param aggregator.podLabels Extra labels to add to Pod ## podLabels: {} - ## Pods Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: - ## Specifies whether a ServiceAccount should be created + ## @param aggregator.serviceAccount.create Specify whether a ServiceAccount should be created ## create: false - ## The name of the ServiceAccount to use. + ## @param aggregator.serviceAccount.name The name of the ServiceAccount to create ## If not set and create is true, a name is generated using the common.names.fullname template - # name: - ## Annotations for the Service Account (evaluated as a template) + name: + ## @param aggregator.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} - ## Autoscaling parameters ## This is not recommended in a forwarder+aggregator architecture + ## @param aggregator.autoscaling.enabled Create an Horizontal Pod Autoscaler + ## @param aggregator.autoscaling.minReplicas Minimum number of replicas for the HPA + ## @param aggregator.autoscaling.maxReplicas Maximum number of replicas for the HPA + ## @param aggregator.autoscaling.metrics [array] Metrics for the HPA to manage the scaling ## autoscaling: enabled: false @@ -891,8 +901,11 @@ aggregator: target: type: Utilization averageUtilization: 60 - ## Persist data to a persistent volume + ## @param aggregator.persistence.enabled Enable persistence volume for the aggregator + ## @param aggregator.persistence.storageClass Persistent Volume storage class + ## @param aggregator.persistence.accessMode Persistent Volume access mode + ## @param aggregator.persistence.size Persistent Volume size ## persistence: enabled: false @@ -902,11 +915,10 @@ aggregator: ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## - # storageClass: "-" + storageClass: accessMode: ReadWriteOnce size: 10Gi - - ## Add init containers to aggregator pods + ## @param aggregator.initContainers Add init containers to aggregator pods ## Example ## ## initContainers: @@ -915,8 +927,7 @@ aggregator: ## command: ['do', 'something'] ## initContainers: [] - - ## Add sidecars to aggregator pods + ## @param aggregator.sidecars Add sidecars to aggregator pods ## ## For example: ## sidecars: @@ -928,103 +939,100 @@ aggregator: ## containerPort: 1234 ## sidecars: [] - - ## Extra volumes to mount + ## @param aggregator.extraVolumes Extra volumes ## Example Use Case: mount an emptyDir into /tmp to support running with readOnlyRootFileSystem - # extraVolumes: - # - name: tmpDir - # emptyDir: {} - # - # extraVolumeMounts: - # - name: tmpDir - # mountPath: /tmp - -## Pods Service Account + ## - name: tmpDir + ## emptyDir: {} + ## + extraVolumes: + ## @param aggregator.extraVolumeMounts Mount extra volume(s) + ## - name: tmpDir + ## mountPath: /tmp + ## + extraVolumeMounts: +## @param serviceAccount Pods Service Account. This top-level global entry is DEPRECATED. Please use "forwarder.serviceAccount" instead. +## Only the forwarder was affected by the historical usage here. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## -## This top-level global entry is DEPRECATED. Please use "forwarder.serviceAccount" instead. Only the -## forwarder was affected by the historical usage here. -## serviceAccount: {} - -## Role Based Access +## @param rbac Role Based Access. This top-level global entry is DEPRECATED. Please use "forwarder.rbac" instead. +## Only the forwarder was affected by the historical usage here. ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## -## This top-level global entry is DEPRECATED. Please use "forwarder.rbac" instead. Only the -## forwarder was affected by the historical usage here. -## rbac: {} - ## Prometheus Exporter / Metrics ## metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## enabled: false ## Prometheus Exporter service parameters ## service: - ## Service type + ## @param metrics.service.type Prometheus metrics service type ## type: ClusterIP - ## Service port + ## @param metrics.service.port Prometheus metrics service port ## port: 24231 - ## loadBalancerIP for the Prometheus Exporter service (optional, cloud specific) + ## @param metrics.service.loadBalancerIP Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## - # loadBalancerIP: - ## Annotations for the Prometheus Exporter service service + loadBalancerIP: + ## @param metrics.service.annotations [object] Annotations for the Prometheus Exporter service service ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "24231" prometheus.io/path: "/metrics" - ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## enabled: false - ## Namespace in which Prometheus is running + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## - # namespace: monitoring - - ## Interval at which metrics should be scraped. + namespace: + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s ## - # interval: 10s - - ## Timeout after which the scrape is ended + interval: + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s ## - # scrapeTimeout: 10s - - ## ServiceMonitor selector labels + scrapeTimeout: + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus ## - # selector: - # prometheus: my-prometheus - - ## ServiceMonitor extra labels + selector: {} + ## @param metrics.serviceMonitor.labels ServiceMonitor extra labels ## - # labels: {} - - ## ServiceMonitor annotations + labels: {} + ## @param metrics.serviceMonitor.annotations ServiceMonitor annotations ## - # annotations: {} - + annotations: {} ## Enable internal SSL/TLS encryption ## tls: + ## @param tls.enabled Enable TLS/SSL encrytion for internal communications + ## enabled: false - ## Create self-signed TLS certificates. + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates. ## autoGenerated: false - + ## @param tls.forwarder.existingSecret Name of the existing secret containing the TLS certificates for the Fluentd forwarder + ## forwarder: - ## Name of the existing secret containing the Forwarder certificates - ## existingSecret: - + ## @param tls.aggregator.existingSecret Name of the existing secret containing the TLS certificates for the Fluentd aggregator + ## aggregator: - ## Name of the existing secret containing the Aggregator certificates - ## existingSecret: diff --git a/bitnami/grafana-operator/Chart.yaml b/bitnami/grafana-operator/Chart.yaml index d5f47dbb1b..eae0e4c1ea 100644 --- a/bitnami/grafana-operator/Chart.yaml +++ b/bitnami/grafana-operator/Chart.yaml @@ -25,4 +25,4 @@ name: grafana-operator sources: - https://github.com/integr8ly/grafana-operator - https://github.com/bitnami/bitnami-docker-grafana-operator -version: 0.7.5 +version: 0.7.6 diff --git a/bitnami/grafana-operator/README.md b/bitnami/grafana-operator/README.md index 8e990085f2..50b0c1516e 100644 --- a/bitnami/grafana-operator/README.md +++ b/bitnami/grafana-operator/README.md @@ -128,160 +128,157 @@ This solution allows to easily deploy multiple Grafana instances compared to the ## Parameters -The following tables list the configurable parameters of the grafana-operator chart and their default values per section/component: - ### Global parameters -| Parameter | Description | Default | -|---------------------------|-------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | + ### Common parameters -| Parameter | Description | Default | -|---------------------|-----------------------------------------------------------------------------------------------------------|--------------------------------| -| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override common.names.fullname template with a string | `nil` | -| `commonAnnotations` | Common Annotations which are applied to every ressource deployed | `{}` | -| `commonLabels` | Common Labels which are applied to every ressource deployed | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` (evaluated as a template) | +| Name | Description | Value | +| ------------------- | --------------------------------------------------------------------------------------------------------- | ----- | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname template with a string | `nil` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `commonLabels` | Common Labels which are applied to every resource deployed | `{}` | +| `commonAnnotations` | Common Annotations which are applied to every ressource deployed | `{}` | + ### Grafana Operator parameters -| Parameter | Description | Default | -|------------------------------------------------------------ |-----------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `operator.enabled` | Enable the deployment of the Grafana Operator | `true` | -| `operator.image.registry` | Grafana Operator image registry | `docker.io` | -| `operator.image.repository` | Grafana Operator image name | `bitnami/grafana-operator` | -| `operator.image.tag` | Grafana Operator image tag | `{TAG_NAME}` | -| `operator.image.pullPolicy` | Grafana Operator image pull policy | `IfNotPresent` | -| `operator.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `operator.replicaCount` | Specify the amount of replicas running | `1` | -| `operator.updateStrategy` | Specify the updateStrategy of the containers | `{"type": "Recreate"}` | -| `operator.args.scanAllNamespaces` | Specify if all namespace should be scanned for dashboards and datasources. (Creates ClusterRole) | `false` | -| `operator.args.scanNamespaces` | Specify the namespaces which should be scanned for dashboards and datasources (Creates ClusterRole) | `[]` (does not add ClusterRole or Namespaces) | -| `operator.podAffinityPreset` | Set podAffinity preset from Helm Chart | `nil` | -| `operator.podAntiAffinityPreset` | Set podAntiAffinity preset from Helm Chart | `soft` | -| `operator.nodeAffinityPreset.type` | Set nodeAffinity preset type | `nil` | -| `operator.nodeAffinityPreset.key` | Set nodeAffinity preset key | `nil` | -| `operator.nodeAffinityPreset.values` | Set nodeAffinity preset values | `nil` | -| `operator.resources.limits` | Specify resource limits which the container is not allowed to succeed | `{}` (does not add resource limits to deployed pods) | -| `operator.resources.requests` | Specify resource requests which the container needs to spawn | `{}` (does not add resource limits to deployed pods) | -| `operator.nodeSelector` | Node labels for controller pod assignment | `{}` | -| `operator.tolerations` | Tolerations for controller pod assignment | `[]` | -| `operator.affinity` | Affinity for controller pod assignment | `{}` | -| `operator.podAnnotations` | Pod annotations | `{}` | -| `operator.hostAliases` | Add deployment host aliases | `[]` | -| `operator.podLabels` | Pod labels | `{}` | -| `operator.serviceAccount.create` | create a serviceAccount for the deployment | `true` | -| `operator.serviceAccount.name` | use the serviceAccount with the specified name | `` | -| `operator.podSecurityContext.enabled` | Enable pods security context | `true` | -| `operator.podSecurityContext.runAsNonRoot` | Grafana Operator must run as nonRoot | `true` | -| `operator.podSecurityContext.runAsUser` | User ID for the pods | `1001` | -| `operator.podSecurityContext.runAsGroup` | User ID for the pods | `1001` | -| `operator.podSecurityContext.fsGroup` | Group ID for the pods | `1001` | -| `operator.podSecurityContext.supplementalGroups` | Drop capabilities for the securityContext | `[]` | -| `operator.containerSecurityContext.enabled` | Enable container security context | `true` | -| `operator.containerSecurityContext.runAsUser` | User ID for the operator container | `1001` | -| `operator.containerSecurityContext.runAsGroup` | User ID for the operator container | `1001` | -| `operator.containerSecurityContext.readOnlyRootFilesystem` | ReadOnlyRootFilesystem fot the operator container | `true` | -| `operator.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation for the operator container | `false` | -| `operator.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `operator.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `3` | -| `operator.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `operator.livenessProbe.timeoutSeconds` | When the probe times out | `10` | -| `operator.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | -| `operator.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `1` | -| `operator.readinessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `operator.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `3` | -| `operator.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `operator.readinessProbe.timeoutSeconds` | When the probe times out | `10` | -| `operator.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | -| `operator.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `1` | -| `operator.rbac.create` | Specify if an rbac authorization should be created with the necessarry Rolebindings | `true` | -| `operator.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `true` | -| `operator.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | -| `operator.prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use defaul prometheus scrapeIntervall | `""` | -| `operator.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | -| `operator.prometheus.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `operator.enabled` | Enable the deployment of the Grafana Operator | `true` | +| `operator.replicaCount` | Number of grafana-operator Pod replicas | `1` | +| `operator.updateStrategy.type` | Set up update strategy for Grafana installation. | `Recreate` | +| `operator.image.registry` | Grafana Operator image registry | `docker.io` | +| `operator.image.repository` | Grafana Operator image name | `bitnami/grafana-operator` | +| `operator.image.tag` | Grafana Operator image tag | `3.10.2-debian-10-r0` | +| `operator.image.pullPolicy` | Grafana Operator image pull policy | `IfNotPresent` | +| `operator.image.pullSecrets` | Grafana Operator image pull secrets | `[]` | +| `operator.args.scanAllNamespaces` | Specify if all namespace should be scanned for dashboards and datasources. (Creates ClusterRole) | `false` | +| `operator.args.scanNamespaces` | Specify the namespaces which should be scanned for dashboards and datasources (Creates ClusterRole) | `[]` | +| `operator.rbac.create` | Create specifies whether to install and use RBAC rules | `true` | +| `operator.serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `operator.serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `nil` | +| `operator.podSecurityContext.enabled` | Enable pods security context | `true` | +| `operator.podSecurityContext.runAsUser` | User ID for the pods | `1001` | +| `operator.podSecurityContext.runAsGroup` | User ID for the pods | `1001` | +| `operator.podSecurityContext.runAsNonRoot` | Grafana Operator must run as nonRoot | `true` | +| `operator.podSecurityContext.fsGroup` | Group ID for the pods | `1001` | +| `operator.podSecurityContext.supplementalGroups` | Which group IDs containers add | `[]` | +| `operator.containerSecurityContext.enabled` | Enable container security context | `true` | +| `operator.containerSecurityContext.runAsUser` | User ID for the operator container | `1001` | +| `operator.containerSecurityContext.runAsGroup` | User ID for the operator container | `1001` | +| `operator.containerSecurityContext.readOnlyRootFilesystem` | ReadOnlyRootFilesystem fot the operator container | `false` | +| `operator.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation for the operator container | `false` | +| `operator.resources` | Container resource requests and limits | `{}` | +| `operator.hostAliases` | Add deployment host aliases | `[]` | +| `operator.podAffinityPreset` | Pod affinity preset | `""` | +| `operator.podAntiAffinityPreset` | Pod anti-affinity preset. Allowed values: `soft` or `hard` | `soft` | +| `operator.nodeAffinityPreset.type` | Node affinity preset type. Allowed values: `soft` or `hard` | `""` | +| `operator.nodeAffinityPreset.key` | Set nodeAffinity preset key | `""` | +| `operator.nodeAffinityPreset.values` | Set nodeAffinity preset values | `[]` | +| `operator.podAnnotations` | Pod annotations | `{}` | +| `operator.podLabels` | Additional pod labels | `{}` | +| `operator.nodeSelector` | Node labels for pod assignment | `{}` | +| `operator.tolerations` | Tolerations for controller pod assignment | `[]` | +| `operator.affinity` | Affinity for controller pod assignment | `{}` | +| `operator.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` | +| `operator.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | +| `operator.prometheus.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | +| `operator.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `operator.prometheus.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `operator.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `operator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `operator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `operator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `operator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `operator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `operator.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `operator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `operator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `operator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `operator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `operator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | + ### Grafana parameters -| Parameter | Description | Default | -|-------------------------------------------------------------|-----------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `grafana.enabled` | Enabled the deployment of the Grafana CRD object into the cluster | `true` | -| `grafana.image.registry` | Grafana image registry | `docker.io` | -| `grafana.image.repository` | Grafana image name | `bitnami/grafana` | -| `grafana.image.tag` | Grafana image tag | `{TAG_NAME}` | -| `grafana.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `grafana.envFrom` | Extra environment variable to pass to the running container | `[]` | -| `grafana.client.timeout` | The timeout in seconds for the Grafana Rest API on that instance | `5` | -| `grafana.client.preferService` | If the API should be used via Ingress or via the internal service | `true` | -| `grafana.replicaCount` | Specify the amount of replicas running | `1` | -| `grafana.ingress.enabled` | If an ingress or OpenShift Route should be created | `false` | -| `grafana.ingress.hostname` | The hostname under which the grafana instance should be reachable | `grafana.local` | -| `grafana.ingress.path` | The path for the ingress instance to forward to the grafana app | `/` | -| `grafana.ingress.labels` | Additional Labels for the ingress resource | `nil` | -| `grafana.ingress.annotations` | Additional Annotations for the ingress resource | `nil` | -| `grafana.ingress.tls` | This enables tls support for the ingress resource | `false` | -| `grafana.ingress.tlsSecret` | The name for the secret to use for the tls termination | `grafana.local-tls` | -| `grafana.persistence.enabled` | Enable persistent storage for the grafana deployment | `false` | -| `grafana.persistence.storageClass` | Define the storageClass for the persistent storage if not defined default is used | `nil` | -| `grafana.persistence.accessMode` | Define the accessMode for the persistent storage | `ReadWriteOnce` | -| `grafana.persistence.size` | Define the size of the PersistentVolumeClaim to request for | `10Gi` | -| `grafana.config` | grafana.ini configuration for the instance for this to configure please look at upstream docs | `{}` | -| `grafana.config.security.admin_user` | Set Grafana instance admin username | `""` | -| `grafana.config.security.admin_password` | Set Grafana instance admin password | `""` | -| `grafana.jsonnetLibrarySelector` | The LabelSelector to grab for jsonnet lib resources | `{}` | -| `grafana.dashboardLabelSelectors` | The LabelSelector to grab for dashboard resources | `[]` | -| `grafana.podAffinityPreset` | Set podAffinity preset from Helm Chart | `nil` | -| `grafana.podAntiAffinityPreset` | Set podAntiAffinity preset from Helm Chart | `soft` | -| `grafana.nodeAffinityPreset.type` | Set nodeAffinity preset type | `nil` | -| `grafana.nodeAffinityPreset.key` | Set nodeAffinity preset key | `nil` | -| `grafana.nodeAffinityPreset.values` | Set nodeAffinity preset values | `nil` | -| `grafana.resources.limits` | Specify resource limits which the container is not allowed to succeed | `{}` (does not add resource limits to deployed pods) | -| `grafana.resources.requests` | Specify resource requests which the container needs to spawn | `{}` (does not add resource limits to deployed pods) | -| `grafana.nodeSelector` | Node labels for controller pod assignment | `{}` | -| `grafana.tolerations` | Tolerations for controller pod assignment | `[]` | -| `grafana.affinity` | Affinity for controller pod assignment | `{}` | -| `grafana.podAnnotations` | Pod annotations | `{}` | -| `grafana.podLabels` | Pod labels | `{}` | -| `grafana.podSecurityContext.enabled` | Enable pods security context | `true` | -| `grafana.podSecurityContext.runAsNonRoot` | Grafana Operator must run as nonRoot | `true` | -| `grafana.podSecurityContext.runAsUser` | User ID for the pods | `1001` | -| `grafana.podSecurityContext.runAsGroup` | User ID for the pods | `1001` | -| `grafana.podSecurityContext.fsGroup` | Group ID for the pods | `1001` | -| `grafana.podSecurityContext.supplementalGroups` | Drop capabilities for the securityContext | `[]` | -| `grafana.containerSecurityContext.enabled` | Enable containers security context | `true` | -| `grafana.containerSecurityContext.runAsUser` | User ID for the containers | `1001` | -| `grafana.containerSecurityContext.runAsGroup` | Group ID for the containers | `1001` | -| `grafana.containerSecurityContext.fsGroup` | Filesystem Group ID for the containers | `1001` | -| `grafana.containerSecurityContext.allowPrivilegeEscalation` | Don't allow privilege escalation for the containers | `false` | -| `grafana.speaker.extraEnvVars` | Extra environment variable to pass to the running container | `[]` | -| `grafana.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `grafana.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `3` | -| `grafana.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `grafana.livenessProbe.timeoutSeconds` | When the probe times out | `10` | -| `grafana.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | -| `grafana.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `1` | -| `grafana.readinessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `grafana.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `3` | -| `grafana.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `grafana.readinessProbe.timeoutSeconds` | When the probe times out | `10` | -| `grafana.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | -| `grafana.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `1` | -| `grafana.configMaps` | Extra configMaps to mount into the grafana pod | `[]` | -| `grafana.secrets` | Extra secrets to mount into the grafana pod | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -------------------- | +| `grafana.enabled` | Enabled the deployment of the Grafana CRD object into the cluster | `true` | +| `grafana.image.registry` | Grafana image registry | `docker.io` | +| `grafana.image.repository` | Grafana image name | `bitnami/grafana` | +| `grafana.image.tag` | Grafana image tag | `7.5.9-debian-10-r1` | +| `grafana.image.pullSecrets` | Grafana image pull secrets | `[]` | +| `grafana.podSecurityContext.enabled` | Enable pods security context | `true` | +| `grafana.podSecurityContext.runAsUser` | User ID for the pods | `1001` | +| `grafana.podSecurityContext.runAsGroup` | User ID for the pods | `1001` | +| `grafana.podSecurityContext.runAsNonRoot` | Grafana Operator must run as nonRoot | `true` | +| `grafana.podSecurityContext.fsGroup` | Group ID for the pods | `1001` | +| `grafana.podSecurityContext.supplementalGroups` | Which group IDs containers add | `[]` | +| `grafana.containerSecurityContext.enabled` | Enable containers security context | `true` | +| `grafana.containerSecurityContext.runAsUser` | User ID for the containers | `1001` | +| `grafana.containerSecurityContext.runAsGroup` | Group ID for the containers | `1001` | +| `grafana.containerSecurityContext.fsGroup` | Filesystem Group ID for the containers | `1001` | +| `grafana.containerSecurityContext.allowPrivilegeEscalation` | Don't allow privilege escalation for the containers | `false` | +| `grafana.resources.limits` | The resources limits for the container | `{}` | +| `grafana.resources.requests` | The requested resources for the container | `{}` | +| `grafana.replicaCount` | Specify the amount of replicas running | `1` | +| `grafana.podAffinityPreset` | Pod affinity preset | `""` | +| `grafana.podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | +| `grafana.nodeAffinityPreset.type` | Set nodeAffinity preset type | `""` | +| `grafana.nodeAffinityPreset.key` | Set nodeAffinity preset key | `""` | +| `grafana.nodeAffinityPreset.values` | Set nodeAffinity preset values | `[]` | +| `grafana.affinity` | Affinity for controller pod assignment | `{}` | +| `grafana.nodeSelector` | Node labels for controller pod assignment | `{}` | +| `grafana.tolerations` | Tolerations for controller pod assignment | `[]` | +| `grafana.envFrom` | Extra environment variable to pass to the running container | `[]` | +| `grafana.client.timeout` | The timeout in seconds for the Grafana Rest API on that instance | `5` | +| `grafana.client.preferService` | If the API should be used via Ingress or via the internal service | `true` | +| `grafana.ingress.enabled` | If an ingress or OpenShift Route should be created | `false` | +| `grafana.ingress.hostname` | The hostname under which the grafana instance should be reachable | `grafana.local` | +| `grafana.ingress.path` | The path for the ingress instance to forward to the grafana app | `/` | +| `grafana.ingress.labels` | Additional Labels for the ingress resource | `{}` | +| `grafana.ingress.annotations` | Additional Annotations for the ingress resource | `{}` | +| `grafana.ingress.tls` | This enables tls support for the ingress resource | `false` | +| `grafana.ingress.tlsSecret` | The name for the secret to use for the tls termination | `grafana.local-tls` | +| `grafana.persistence.enabled` | Enable persistent storage for the grafana deployment | `false` | +| `grafana.persistence.storageClass` | Define the storageClass for the persistent storage if not defined default is used | `nil` | +| `grafana.persistence.accessMode` | Define the accessMode for the persistent storage | `ReadWriteOnce` | +| `grafana.persistence.size` | Define the size of the PersistentVolumeClaim to request for | `10Gi` | +| `grafana.config` | grafana.ini configuration for the instance for this to configure please look at upstream docs | `{}` | +| `grafana.configMaps` | Extra configMaps to mount into the grafana pod | `[]` | +| `grafana.secrets` | Extra secrets to mount into the grafana pod | `[]` | +| `grafana.jsonnetLibrarySelector` | Configuring the read for jsonnetLibraries to pull in. | `{}` | +| `grafana.dashboardLabelSelectors` | This selects dashboards on the label. | `{}` | +| `grafana.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `grafana.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `grafana.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `grafana.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `grafana.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `grafana.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `grafana.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `grafana.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `grafana.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `grafana.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `grafana.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `grafana.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | + ### PluginInit parameters -| Parameter | Description | Default | -|---------------------------------------|--------------------------------------------------|---------------------------------------------------------| -| `grafanaPluginInit.image.registry` | Grafana Plugin Init image registry | `docker.io` | -| `grafanaPluginInit.image.repository` | Grafana Plugin Init image name | `bitnami/grafana` | -| `grafanaPluginInit.image.tag` | Grafana Plugin Init image tag | `{TAG_NAME}` | -| `grafanaPluginInit.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| Name | Description | Value | +| ------------------------------------- | -------------------------------------- | -------------------- | +| `grafanaPluginInit.image.registry` | Grafana Plugin Init image registry | `docker.io` | +| `grafanaPluginInit.image.repository` | Grafana Plugin Init image name | `bitnami/grafana` | +| `grafanaPluginInit.image.tag` | Grafana Plugin Init image tag | `7.5.9-debian-10-r1` | +| `grafanaPluginInit.image.pullSecrets` | Grafana Plugin Init image pull secrets | `[]` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/bitnami/grafana-operator/values.yaml b/bitnami/grafana-operator/values.yaml index ff594470a9..81941a7f4d 100644 --- a/bitnami/grafana-operator/values.yaml +++ b/bitnami/grafana-operator/values.yaml @@ -1,44 +1,53 @@ +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## String to partially override common.names.fullname include (will maintain the release name) +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array ## -# nameOverride: +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] -## String to fully override common.names.fullname template +## @section Common parameters + +## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) ## -# fullnameOverride: - -## Extra objects to deploy (value evaluated as a template) +nameOverride: +## @param fullnameOverride String to fully override common.names.fullname template with a string +## +fullnameOverride: +## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - -## Add labels to all the deployed resources +## @param commonLabels Common Labels which are applied to every resource deployed ## commonLabels: {} - -## Add annotations to all the deployed resources +## @param commonAnnotations Common Annotations which are applied to every ressource deployed ## commonAnnotations: {} +## @section Grafana Operator parameters + ## This all configuration for the Grafana Operator. ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/README.md ## Constants it is using for creating instances: ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/pkg/controller/model/constants.go ## operator: + ## @param operator.enabled Enable the deployment of the Grafana Operator + ## enabled: true - ## Number of grafana-operator Pod replicas + ## @param operator.replicaCount Number of grafana-operator Pod replicas ## replicaCount: 1 - - ## Set up update strategy for Grafana installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. + ## @param operator.updateStrategy.type Set up update strategy for Grafana installation. + ## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## Example: ## updateStrategy: @@ -49,7 +58,12 @@ operator: ## updateStrategy: type: Recreate - + ## @param operator.image.registry Grafana Operator image registry + ## @param operator.image.repository Grafana Operator image name + ## @param operator.image.tag Grafana Operator image tag + ## @param operator.image.pullPolicy Grafana Operator image pull policy + ## @param operator.image.pullSecrets Grafana Operator image pull secrets + ## image: registry: docker.io repository: bitnami/grafana-operator @@ -61,31 +75,39 @@ operator: pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - + pullSecrets: [] + ## @param operator.args.scanAllNamespaces Specify if all namespace should be scanned for dashboards and datasources. (Creates ClusterRole) + ## @param operator.args.scanNamespaces Specify the namespaces which should be scanned for dashboards and datasources (Creates ClusterRole) + ## args: ## If one of these options is set a clusterRole and clusterRoleBinding is created to ## ensure that the operator is able to get data from other namespaces. ## scanAllNamespaces: false scanNamespaces: [] - + ## @param operator.rbac.create Create specifies whether to install and use RBAC rules + ## rbac: - # create specifies whether to install and use RBAC rules. create: true - + ## @param operator.serviceAccount.create Specifies whether a service account should be created + ## @param operator.serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template + ## serviceAccount: - # Specifies whether a service account should be created create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template name: - ## Pod securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param operator.podSecurityContext.enabled Enable pods security context + ## @param operator.podSecurityContext.runAsUser User ID for the pods + ## @param operator.podSecurityContext.runAsGroup User ID for the pods + ## @param operator.podSecurityContext.runAsNonRoot Grafana Operator must run as nonRoot + ## @param operator.podSecurityContext.fsGroup Group ID for the pods + ## @param operator.podSecurityContext.supplementalGroups Which group IDs containers add ## podSecurityContext: enabled: true @@ -93,10 +115,14 @@ operator: runAsGroup: 1001 runAsNonRoot: true fsGroup: 1001 - # supplementalGroups: [] - + supplementalGroups: [] ## Container securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param operator.containerSecurityContext.enabled Enable container security context + ## @param operator.containerSecurityContext.runAsUser User ID for the operator container + ## @param operator.containerSecurityContext.runAsGroup User ID for the operator container + ## @param operator.containerSecurityContext.readOnlyRootFilesystem ReadOnlyRootFilesystem fot the operator container + ## @param operator.containerSecurityContext.allowPrivilegeEscalation Allow Privilege Escalation for the operator container ## containerSecurityContext: enabled: true @@ -104,6 +130,7 @@ operator: runAsGroup: 1001 readOnlyRootFilesystem: false allowPrivilegeEscalation: false + ## @param operator.resources Container resource requests and limits ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -116,81 +143,85 @@ operator: ## memory: 128Mi ## resources: {} - - ## Deployment pod host aliases + ## @param operator.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - - ## Pod affinity preset + ## @param operator.podAffinityPreset Pod affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: '' - - ## Pod anti-affinity preset + ## @param operator.podAntiAffinityPreset Pod anti-affinity preset. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard ## podAntiAffinityPreset: soft - + ## Node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard + ## @param operator.nodeAffinityPreset.type Node affinity preset type. Allowed values: `soft` or `hard` ## type: '' - ## Node label key to match + ## @param operator.nodeAffinityPreset.key Set nodeAffinity preset key ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: '' - ## Node label values to match + ## @param operator.nodeAffinityPreset.values Set nodeAffinity preset values ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - - ## Pod annotations + ## @param operator.podAnnotations Pod annotations ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - - ## Additional pod labels + ## @param operator.podLabels Additional pod labels ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} - - ## Node labels for pod assignment + ## @param operator.nodeSelector Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param operator.tolerations Tolerations for controller pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## Affinity for pod assignment + ## @param operator.affinity Affinity for controller pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} - prometheus: - # Prometheus Operator service monitors + ## Prometheus Operator service monitors + ## serviceMonitor: - # enable support for Prometheus Operator + ## @param operator.prometheus.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator + ## enabled: false - # Job label for scrape target + ## @param operator.prometheus.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator + ## jobLabel: app.kubernetes.io/name - # Scrape interval. If not set, the Prometheus default scrape interval is used. + ## @param operator.prometheus.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used + ## interval: "" + ## @param operator.prometheus.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## metricRelabelings: [] + ## @param operator.prometheus.serviceMonitor.relabelings Specify general relabeling + ## relabelings: [] - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## Liveness probe value + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param operator.livenessProbe.enabled Enable livenessProbe + ## @param operator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param operator.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param operator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param operator.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param operator.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -199,7 +230,15 @@ operator: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - + ## Readiness probe values + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param operator.readinessProbe.enabled Enable readinessProbe + ## @param operator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param operator.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param operator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param operator.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param operator.readinessProbe.successThreshold Success threshold for readinessProbe + ## readinessProbe: enabled: true failureThreshold: 3 @@ -208,21 +247,37 @@ operator: successThreshold: 1 timeoutSeconds: 1 +## @section Grafana parameters + grafana: + ## @param grafana.enabled Enabled the deployment of the Grafana CRD object into the cluster + ## enabled: true + ## @param grafana.image.registry Grafana image registry + ## @param grafana.image.repository Grafana image name + ## @param grafana.image.tag Grafana image tag + ## @param grafana.image.pullSecrets Grafana image pull secrets + ## image: registry: docker.io repository: bitnami/grafana tag: 7.5.9-debian-10-r1 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName - + pullSecrets: [] ## Pod securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param grafana.podSecurityContext.enabled Enable pods security context + ## @param grafana.podSecurityContext.runAsUser User ID for the pods + ## @param grafana.podSecurityContext.runAsGroup User ID for the pods + ## @param grafana.podSecurityContext.runAsNonRoot Grafana Operator must run as nonRoot + ## @param grafana.podSecurityContext.fsGroup Group ID for the pods + ## @param grafana.podSecurityContext.supplementalGroups Which group IDs containers add ## podSecurityContext: enabled: true @@ -230,10 +285,14 @@ grafana: runAsGroup: 1001 runAsNonRoot: true fsGroup: 1001 - # supplementalGroups: [] - + supplementalGroups: [] ## Container securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param grafana.containerSecurityContext.enabled Enable containers security context + ## @param grafana.containerSecurityContext.runAsUser User ID for the containers + ## @param grafana.containerSecurityContext.runAsGroup Group ID for the containers + ## @param grafana.containerSecurityContext.fsGroup Filesystem Group ID for the containers + ## @param grafana.containerSecurityContext.allowPrivilegeEscalation Don't allow privilege escalation for the containers ## containerSecurityContext: enabled: true @@ -241,146 +300,149 @@ grafana: runAsGroup: 1001 fsGroup: 1001 allowPrivilegeEscalation: false - ## Grafana containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param grafana.resources.limits The resources limits for the container + ## @param grafana.resources.requests The requested resources for the container ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 500m + ## memory: 1Gi limits: {} - # cpu: 500m - # memory: 1Gi + ## Examples: + ## requests: + ## cpu: 250m + ## memory: 256Mi requests: {} - # cpu: 250m - # memory: 256Mi - - ## The amount of pods scheduled by the created deployment + ## @param grafana.replicaCount Specify the amount of replicas running ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-the-deployment ## NOTE: Number of replicas. If more than one is selected, a shared database should be configured. ## replicaCount: 1 - - ## Pod affinity preset + ## @param grafana.podAffinityPreset Pod affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: "" - - ## Pod anti-affinity preset + ## @param grafana.podAntiAffinityPreset Pod anti-affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## Allowed values: soft, hard ## nodeAffinityPreset: - ## Node affinity type + ## @param grafana.nodeAffinityPreset.type Set nodeAffinity preset type ## Allowed values: soft, hard ## type: "" - ## Node label key to match + ## @param grafana.nodeAffinityPreset.key Set nodeAffinity preset key ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" - ## Node label values to match + ## @param grafana.nodeAffinityPreset.values Set nodeAffinity preset values ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - - ## Affinity for pod assignment + ## @param grafana.affinity Affinity for controller pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} - - ## Node labels for pod assignment + ## @param grafana.nodeSelector Node labels for controller pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - - ## Tolerations for pod assignment + ## @param grafana.tolerations Tolerations for controller pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - - ## This loads extra configmaps and secrets into the created deployment. + ## @param grafana.envFrom Extra environment variable to pass to the running container ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-the-deployment - ## - # envFrom: - ## Examples for a configmap or secret - ## - # - configMapRef: - # name: grafana-configmap - # - secretRef: - # name: grafana-secrets - + ## e.g: + ## envFrom: + ## - configMapRef: + ## name: grafana-configmap + ## - secretRef: + ## name: grafana-secrets + envFrom: [] ## The grafana-operator client-configuration for this grafana instance ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-grafana-api-access + ## @param grafana.client.timeout The timeout in seconds for the Grafana Rest API on that instance + ## @param grafana.client.preferService If the API should be used via Ingress or via the internal service ## client: timeout: 5 preferService: true - ## Configure the ingress resource that allows you to access the ## Grafana web. Set up the URL ## Ref: http://kubernetes.io/docs/user-guide/ingress/ ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-the-ingress-or-route ## ingress: - enabled: false - hostname: grafana.local - path: / - - ## Labels to add to the ingress object + ## @param grafana.ingress.enabled If an ingress or OpenShift Route should be created ## - # labels: {} - - ## Ingress annotations done as key:value pairs + enabled: false + ## @param grafana.ingress.hostname The hostname under which the grafana instance should be reachable + ## + hostname: grafana.local + ## @param grafana.ingress.path The path for the ingress instance to forward to the grafana app + ## + path: / + ## @param grafana.ingress.labels Additional Labels for the ingress resource + ## + labels: {} + ## @param grafana.ingress.annotations Additional Annotations for the ingress resource ## For a full list of possible ingress annotations, please see ## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - # annotations: - # kubernetes.io/ingress.class: nginx - - ## Set this to true in order to enable TLS on the ingress record + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## + annotations: {} + ## @param grafana.ingress.tls This enables tls support for the ingress resource ## tls: false - - ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + ## @param grafana.ingress.tlsSecret The name for the secret to use for the tls termination ## tlsSecret: grafana.local-tls - ## Enable persistence using Persistent Volume Claims ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## - ## persistence: + ## @param grafana.persistence.enabled Enable persistent storage for the grafana deployment + ## enabled: false - ## Grafana data Persistent Volume Storage Class + ## @param grafana.persistence.storageClass Define the storageClass for the persistent storage if not defined default is used ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## - # storageClass: "-" + storageClass: + ## @param grafana.persistence.accessMode Define the accessMode for the persistent storage + ## accessMode: ReadWriteOnce + ## @param grafana.persistence.size Define the size of the PersistentVolumeClaim to request for + ## size: 10Gi - - ## This is the configuration from the grafana pod itself. - ## every toml section is a root key + ## @param grafana.config [object] grafana.ini configuration for the instance for this to configure please look at upstream docs + ## This is the configuration from the grafana pod itself. Every toml section is a root key ## Ref: https://grafana.com/docs/grafana/latest/administration/configuration/ ## config: @@ -424,34 +486,41 @@ grafana: # # role_attribute_path: contains(groups[*], 'platform-readonly') && 'Viewer' || contains(groups[*], 'platform-admin') && 'Admin' || contains(groups[*], 'platform-emergency') && 'Admin' || contains(groups[*], 'customer-poweruser') && 'Admin' || contains(groups[*], 'customer-collaborator') && 'Editor' || contains(groups[*], 'customer-readonly') && 'Viewer' # # allowed_domains: example.com # allow_sign_up: True - - ## Mount extra configmaps and secrets into the Grafana pod + ## @param grafana.configMaps Extra configMaps to mount into the grafana pod ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/extra_files.md + ## e.g: + ## configMaps: + ## - myCustomConfigMap ## configMaps: [] - # - myCustomConfigMap - # + ## @param grafana.secrets Extra secrets to mount into the grafana pod + ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/extra_files.md + ## e.g: + ## secrets: + ## - myCustomSecret + ## secrets: [] - # - myCustomSecret - # - - ## Configuring the read for jsonnetLibraries to pull in. + ## @param grafana.jsonnetLibrarySelector [object] Configuring the read for jsonnetLibraries to pull in. ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#jsonnet-library-discovery ## jsonnetLibrarySelector: matchLabels: app.kubernetes.io/instance: '{{ .Release.Name }}' - - ## This selects dashboards on the label. + ## @param grafana.dashboardLabelSelectors [object] This selects dashboards on the label. ## A cachall is not possible so you need to define at least one label selector here. ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#deploying-grafana ## dashboardLabelSelectors: - matchLabels: app.kubernetes.io/instance: '{{ .Release.Name }}' - - ## Grafana containers' liveness and readiness probes + ## Grafana containers' liveness probe ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param grafana.livenessProbe.enabled Enable livenessProbe + ## @param grafana.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param grafana.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param grafana.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param grafana.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param grafana.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -460,6 +529,15 @@ grafana: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 + ## Grafana containers' readiness probe + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## @param grafana.readinessProbe.enabled Enable readinessProbe + ## @param grafana.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param grafana.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param grafana.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param grafana.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param grafana.readinessProbe.successThreshold Success threshold for readinessProbe + ## readinessProbe: enabled: true initialDelaySeconds: 30 @@ -468,14 +546,23 @@ grafana: failureThreshold: 6 successThreshold: 1 +## @section PluginInit parameters + grafanaPluginInit: + ## @param grafanaPluginInit.image.registry Grafana Plugin Init image registry + ## @param grafanaPluginInit.image.repository Grafana Plugin Init image name + ## @param grafanaPluginInit.image.tag Grafana Plugin Init image tag + ## @param grafanaPluginInit.image.pullSecrets Grafana Plugin Init image pull secrets + ## image: registry: docker.io repository: bitnami/grafana tag: 7.5.9-debian-10-r1 ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName ## - # pullSecrets: - # - myRegistryKeySecretName + pullSecrets: [] diff --git a/bitnami/grafana/Chart.yaml b/bitnami/grafana/Chart.yaml index ce176e2a86..55dc738c77 100644 --- a/bitnami/grafana/Chart.yaml +++ b/bitnami/grafana/Chart.yaml @@ -24,4 +24,4 @@ name: grafana sources: - https://github.com/bitnami/bitnami-docker-grafana - https://grafana.com/ -version: 6.0.1 +version: 6.0.2 diff --git a/bitnami/grafana/README.md b/bitnami/grafana/README.md index aacf9842b5..6091d9f193 100644 --- a/bitnami/grafana/README.md +++ b/bitnami/grafana/README.md @@ -130,172 +130,187 @@ This solution allows to easily deploy multiple Grafana instances compared to the ## Parameters -The following tables lists the configurable parameters of the grafana chart and their default values. - ### Global parameters -| Parameter | Description | Default | -|---------------------------|-------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `nil` | + ### Common parameters -| Parameter | Description | Default | -|--------------------|----------------------------------------------------------------------|--------------------------------| -| `nameOverride` | String to partially override grafana.fullname | `nil` | -| `fullnameOverride` | String to fully override grafana.fullname | `nil` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` (evaluated as a template) | +| Name | Description | Value | +| ------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `nameOverride` | String to partially override grafana.fullname template (will maintain the release name) | `nil` | +| `fullnameOverride` | String to fully override grafana.fullname template | `nil` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | + ### Grafana parameters -| Parameter | Description | Default | -|------------------------------------|----------------------------------------------------------------------------|---------------------------------------------------------| -| `image.registry` | Grafana image registry | `docker.io` | -| `image.repository` | Grafana image name | `bitnami/grafana` | -| `image.tag` | Grafana image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Grafana image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `hostAliases` | Add deployment host aliases | `[]` | -| `admin.user` | Grafana admin username | `admin` | -| `admin.password` | Grafana admin password | Randomly generated | -| `admin.existingSecret` | Name of the existing secret containing admin password | `nil` | -| `admin.existingSecretPasswordKey` | Password key on the existing secret | `password` | -| `smtp.enabled` | Enable SMTP configuration | `false` | -| `smtp.host` | SMTP host | `nil` | -| `smtp.user` | SMTP user | `user` | -| `smtp.password` | SMTP password | `password` | -| `smtp.existingSecret` | Name of the existing secret with SMTP credentials | `nil` | -| `smtp.existingSecretUserKey` | User key on the existing secret | `user` | -| `smtp.existingSecretPasswordKey` | Password key on the existing secret | `password` | -| `plugins` | Grafana plugins to be installed in deployment time separated by commas | `nil` | -| `ldap.enabled` | Enable LDAP for Grafana | `false` | -| `ldap.allowSignUp` | Allows LDAP sign up for Grafana | `false` | -| `ldap.configMapName` | Name of the ConfigMap with the LDAP configuration file for Grafana | `nil` | -| `extraEnvVars` | Array containing extra env vars to configure Grafana | `{}` | -| `extraConfigmaps` | Array to mount extra ConfigMaps to configure Grafana | `{}` | -| `config.useGrafanaIniFile` | Allows to load a `grafana.ini` file | `false` | -| `config.grafanaIniConfigMap` | Name of the ConfigMap containing the `grafana.ini` file | `nil` | -| `config.grafanaIniSecret` | Name of the Secret containing the `grafana.ini` file | `nil` | -| `dashboardsProvider.enabled` | Enable the use of a Grafana dashboard provider | `false` | -| `dashboardsProvider.configMapName` | Name of a ConfigMap containing a custom dashboard provider | `nil` (evaluated as a template) | -| `dashboardsConfigMaps` | Array with the names of a series of ConfigMaps containing dashboards files | `nil` | -| `datasources.secretName` | Secret name containing custom datasource files | `nil` | +| Name | Description | Value | +| ---------------------------------- | --------------------------------------------------------------------------------- | -------------------- | +| `image.registry` | Grafana image registry | `docker.io` | +| `image.repository` | Grafana image repository | `bitnami/grafana` | +| `image.tag` | Grafana image tag (immutable tags are recommended) | `8.0.3-debian-10-r0` | +| `image.pullPolicy` | Grafana image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Grafana image pull secrets | `[]` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `admin.user` | Grafana admin username | `admin` | +| `admin.password` | Admin password. If a password is not provided a random password will be generated | `nil` | +| `admin.existingSecret` | Name of the existing secret containing admin password | `nil` | +| `admin.existingSecretPasswordKey` | Password key on the existing secret | `password` | +| `smtp.enabled` | Enable SMTP configuration | `false` | +| `smtp.user` | SMTP user | `user` | +| `smtp.password` | SMTP password | `password` | +| `smtp.host` | Custom host for the smtp server | `nil` | +| `smtp.existingSecret` | Name of existing secret containing SMTP credentials (user and password) | `nil` | +| `smtp.existingSecretUserKey` | User key on the existing secret | `user` | +| `smtp.existingSecretPasswordKey` | Password key on the existing secret | `password` | +| `plugins` | Grafana plugins to be installed in deployment time separated by commas | `nil` | +| `ldap.enabled` | Enable LDAP for Grafana | `false` | +| `ldap.allowSignUp` | Allows LDAP sign up for Grafana | `false` | +| `ldap.configMapName` | Name of the ConfigMap with the LDAP configuration file for Grafana | `nil` | +| `extraEnvVars` | Array containing extra env vars to configure Grafana | `{}` | +| `extraConfigmaps` | Array to mount extra ConfigMaps to configure Grafana | `{}` | +| `config.useGrafanaIniFile` | Allows to load a `grafana.ini` file | `false` | +| `config.grafanaIniConfigMap` | Name of the ConfigMap containing the `grafana.ini` file | `nil` | +| `config.grafanaIniSecret` | Name of the Secret containing the `grafana.ini` file | `nil` | +| `dashboardsProvider.enabled` | Enable the use of a Grafana dashboard provider | `false` | +| `dashboardsProvider.configMapName` | Name of a ConfigMap containing a custom dashboard provider | `nil` | +| `dashboardsConfigMaps` | Array with the names of a series of ConfigMaps containing dashboards files | `[]` | +| `datasources.secretName` | Secret name containing custom datasource files | `nil` | + ### Deployment parameters -| Parameter | Description | Default | -|--------------------------------|-------------------------------------------------------------------------------------------|--------------------------------| -| `replicaCount` | Number of Grafana nodes | `1` | -| `updateStrategy` | Update strategy for the deployment | `{type: "RollingUpdate"}` | -| `schedulerName` | Alternative scheduler | `nil` | -| `priorityClassName` | Priority class name | `nil` | -| `podLabels` | Grafana pod labels | `{}` (evaluated as a template) | -| `podAnnotations` | Grafana Pod annotations | `{}` (evaluated as a template) | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | -| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | -| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | -| `livenessProbe` | Liveness probe configuration for Grafana | `Check values.yaml file` | -| `readinessProbe` | Readiness probe configuration for Grafana | `Check values.yaml file` | -| `securityContext.enabled` | Enable securityContext on for Grafana deployment | `true` | -| `securityContext.runAsUser` | User for the security context | `1001` | -| `securityContext.fsGroup` | Group to configure permissions for volumes | `1001` | -| `securityContext.runAsNonRoot` | Run containers as non-root users | `true` | -| `resources.limits` | The resources limits for Grafana containers | `{}` | -| `resources.requests` | The requested resources for Grafana containers | `{}` | -| `sidecars` | Attach additional sidecar containers to the Grafana pod | `{}` | -| `extraVolumes` | Additional volumes for the Grafana pod | `[]` | -| `extraVolumeMounts` | Additional volume mounts for the Grafana container | `[]` | +| Name | Description | Value | +| ------------------------------------ | ----------------------------------------------------------------------------------------- | --------------- | +| `replicaCount` | Number of Grafana nodes | `1` | +| `updateStrategy.type` | Set up update strategy for Grafana installation. | `RollingUpdate` | +| `schedulerName` | Alternative scheduler | `nil` | +| `priorityClassName` | Priority class name | `""` | +| `podAnnotations` | Grafana Pod annotations | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `securityContext.enabled` | Enable securityContext on for Grafana deployment | `true` | +| `securityContext.fsGroup` | Group to configure permissions for volumes | `1001` | +| `securityContext.runAsUser` | User for the security context | `1001` | +| `securityContext.runAsNonRoot` | Run containers as non-root users | `true` | +| `resources.limits` | The resources limits for Grafana containers | `{}` | +| `resources.requests` | The requested resources for Grafana containers | `{}` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `sidecars` | Attach additional sidecar containers to the Grafana pod | `{}` | +| `extraVolumes` | Additional volumes for the Grafana pod | `[]` | +| `extraVolumeMounts` | Additional volume mounts for the Grafana container | `[]` | + ### Persistence parameters -| Parameter | Description | Default | -|----------------------------|-----------------------------------|-----------------| -| `persistence.enabled` | Enable persistence | `true` | -| `persistence.storageClass` | Storage class to use with the PVC | `nil` | -| `persistence.accessMode` | Access mode to the PV | `ReadWriteOnce` | -| `persistence.size` | Size for the PV | `10Gi` | +| Name | Description | Value | +| --------------------------- | --------------------------------------------------------------------------------------------------------- | --------------- | +| `persistence.enabled` | Enable persistence | `true` | +| `persistence.accessMode` | Access mode to the PV | `ReadWriteOnce` | +| `persistence.storageClass` | Storage class to use with the PVC | `nil` | +| `persistence.existingClaim` | If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable | `nil` | +| `persistence.size` | Size for the PV | `10Gi` | + ### RBAC parameters -| Parameter | Description | Default | -|------------------------------|----------------------------------------------------|-------------------------------------------------| -| `serviceAccount.create` | Enable creation of ServiceAccount for Grafana pods | `true` | -| `serviceAccount.name` | Name of the created serviceAccount | Generated using the `grafana.fullname` template | -| `serviceAccount.annotations` | ServiceAccount Annotations | `{}` | +| Name | Description | Value | +| ---------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------ | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `nil` | +| `serviceAccount.annotations` | Annotations to add to the ServiceAccount Metadata | `{}` | -### Exposure parameters -| Parameter | Description | Default | -|------------------------------------|----------------------------------------------------------------------------------------|--------------------------------| -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | Grafana service port | `3000` | -| `service.nodePort` | Port to bind to for NodePort service type (client port) | `nil` | -| `service.annotations` | Annotations for Grafana service | `{}` | -| `service.loadBalancerIP` | loadBalancerIP if Grafana service type is `LoadBalancer` | `nil` | -| `service.loadBalancerSourceRanges` | loadBalancerSourceRanges if Grafana service type is `LoadBalancer` | `nil` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.hostname` | Default host for the ingress resource. If specified as "*" no host rule is configured. | `grafana.local` | -| `ingress.path` | Default path for the ingress resource | `/` | -| `ingress.tls` | Create TLS Secret | `false` | -| `ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) | -| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` | -| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` | -| `ingress.extraPaths` | Additional arbitrary path/backend objects | `nil` | -| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | +### Traffic exposure parameters + +| Name | Description | Value | +| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | Grafana service port | `3000` | +| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `nil` | +| `service.loadBalancerIP` | loadBalancerIP if Grafana service type is `LoadBalancer` (optional, cloud specific) | `nil` | +| `service.loadBalancerSourceRanges` | loadBalancerSourceRanges if Grafana service type is `LoadBalancer` (optional, cloud specific) | `[]` | +| `service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | +| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `nil` | +| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `grafana.local` | +| `ingress.path` | Default path for the ingress resource | `ImplementationSpecific` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.secrets` | It is also possible to create and manage the certificates outside of this helm chart | `[]` | + ### Metrics parameters -| Parameter | Description | Default | -|----------------------------------------|--------------------------------------------------------------------------------------------------------|-------------------------------------------| -| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `metrics.service.annotations` | Annotations for Prometheus metrics service | `Check values.yaml file` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` (Prometheus Operator default value) | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `nil` | +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + ### Grafana Image Renderer parameters -| Parameter | Description | Default | -|------------------------------------------------------|--------------------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `imageRenderer.enabled` | Enable using a remote rendering service to render PNG images | `false` | -| `imageRenderer.image.registry` | Grafana Image Renderer image registry | `docker.io` | -| `imageRenderer.image.repository` | Grafana Image Renderer image name | `bitnami/grafana-image-renderer` | -| `imageRenderer.image.tag` | Grafana Image Renderer image tag | `{TAG_NAME}` | -| `imageRenderer.image.pullPolicy` | Grafana Image Renderer image pull policy | `IfNotPresent` | -| `imageRenderer.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `imageRenderer.replicaCount` | Number of Grafana Image Renderer nodes | `1` | -| `imageRenderer.podAnnotations` | Grafana Image Renderer Pod annotations | `{}` (evaluated as a template) | -| `imageRenderer.affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | -| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | -| `imageRenderer.tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | -| `imageRenderer.securityContext.enabled` | Enable securityContext on for Grafana Image Renderer deployment | `true` | -| `imageRenderer.securityContext.runAsUser` | User for the security context | `1001` | -| `imageRenderer.securityContext.fsGroup` | Group to configure permissions for volumes | `1001` | -| `imageRenderer.securityContext.runAsNonRoot` | Run containers as non-root users | `true` | -| `imageRenderer.service.port` | Grafana Image Renderer service port | `8080` | -| `imageRenderer.metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `imageRenderer.metrics.annotations` | Annotations for Prometheus metrics service | `Check values.yaml file` | -| `imageRenderer.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `imageRenderer.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | -| `imageRenderer.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` (Prometheus Operator default value) | -| `imageRenderer.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` (Prometheus Operator default value) | -| `imageRenderer.metrics.serviceMonitor.selector` | Prometheus instance selector labels | `nil` | +| Name | Description | Value | +| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | -------------------------------- | +| `imageRenderer.enabled` | Enable using a remote rendering service to render PNG images | `false` | +| `imageRenderer.image.registry` | Grafana Image Renderer image registry | `docker.io` | +| `imageRenderer.image.repository` | Grafana Image Renderer image repository | `bitnami/grafana-image-renderer` | +| `imageRenderer.image.tag` | Grafana Image Renderer image tag (immutable tags are recommended) | `3.0.1-debian-10-r5` | +| `imageRenderer.image.pullPolicy` | Grafana Image Renderer image pull policy | `IfNotPresent` | +| `imageRenderer.image.pullSecrets` | Grafana image Renderer pull secrets | `[]` | +| `imageRenderer.replicaCount` | Number of Grafana Image Renderer Pod replicas | `1` | +| `imageRenderer.podAnnotations` | Grafana Image Renderer Pod annotations | `{}` | +| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | +| `imageRenderer.tolerations` | Tolerations for pod assignment | `[]` | +| `imageRenderer.affinity` | Affinity for pod assignment | `{}` | +| `imageRenderer.securityContext.enabled` | Enable securityContext on for Grafana Image Renderer deployment | `true` | +| `imageRenderer.securityContext.fsGroup` | Group to configure permissions for volumes | `1001` | +| `imageRenderer.securityContext.runAsUser` | User for the security context | `1001` | +| `imageRenderer.securityContext.runAsNonRoot` | Run containers as non-root users | `true` | +| `imageRenderer.service.port` | Grafana Image Renderer metrics port | `8080` | +| `imageRenderer.metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `imageRenderer.metrics.annotations` | Prometheus annotations | `{}` | +| `imageRenderer.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `imageRenderer.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `nil` | +| `imageRenderer.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `nil` | +| `imageRenderer.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `nil` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/bitnami/grafana/values.yaml b/bitnami/grafana/values.yaml index 559a7731f8..a8b8eb8919 100644 --- a/bitnami/grafana/values.yaml +++ b/bitnami/grafana/values.yaml @@ -1,15 +1,48 @@ +## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) ## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass +global: + imageRegistry: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: + +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @param nameOverride String to partially override grafana.fullname template (will maintain the release name) +## +nameOverride: +## @param fullnameOverride String to fully override grafana.fullname template +## +fullnameOverride: +## @param clusterDomain Default Kubernetes cluster domain +## +clusterDomain: cluster.local + +## @section Grafana parameters ## Bitnami Grafana image version ## ref: https://hub.docker.com/r/bitnami/grafana/tags/ +## @param image.registry Grafana image registry +## @param image.repository Grafana image repository +## @param image.tag Grafana image tag (immutable tags are recommended) +## @param image.pullPolicy Grafana image pull policy +## @param image.pullSecrets Grafana image pull secrets ## image: registry: docker.io @@ -24,94 +57,77 @@ image: ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## - # pullSecrets: - # - myRegistryKeySecretName - -## Force target Kubernetes version (using Helm capabilites if not set) -## -kubeVersion: - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Deployment pod host aliases + ## pullSecrets: + ## - myRegistryKeySecretName + pullSecrets: [] +## @param hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] - -## String to partially override grafana.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override grafana.fullname template -## -# fullnameOverride: - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - ## Admin credentials configuration ## admin: - ## Admin username + ## @param admin.user Grafana admin username ## user: "admin" - ## Admin password - ## If a password is not provided a random password will be generated + ## @param admin.password Admin password. If a password is not provided a random password will be generated ## - # password: - ## Name of the existing secret containing admin password + password: + ## @param admin.existingSecret Name of the existing secret containing admin password ## - # existingSecret: - ## Password key on the existing secret + existingSecret: + ## @param admin.existingSecretPasswordKey Password key on the existing secret ## existingSecretPasswordKey: password - ## SMTP configuration ## smtp: + ## @param smtp.enabled Enable SMTP configuration + ## enabled: false - ## SMTP credentials + ## @param smtp.user SMTP user ## user: user + ## @param smtp.password SMTP password + ## password: password - ## Custom host for the smtp server + ## @param smtp.host Custom host for the smtp server + ## e.g: + ## host: mysmtphost.com ## - # host: mysmtphost.com - ## Name of existing secret containing SMTP credentials (user and password) + host: + ## @param smtp.existingSecret Name of existing secret containing SMTP credentials (user and password) ## - # existingSecret: - ## User and password key on the existing secret + existingSecret: + ## @param smtp.existingSecretUserKey User key on the existing secret ## existingSecretUserKey: user + ## @param smtp.existingSecretPasswordKey Password key on the existing secret + ## existingSecretPasswordKey: password - -## Grafana plugins that will be installed +## @param plugins Grafana plugins to be installed in deployment time separated by commas ## Specify plugins as a list separated by commas ( you will need to scape them when specifying from command line ) ## Example: ## plugins: grafana-kubernetes-app,grafana-example-app ## -# plugins: - +plugins: ## Ldap configuration for Grafana +## @param ldap.enabled Enable LDAP for Grafana +## @param ldap.allowSignUp Allows LDAP sign up for Grafana +## @param ldap.configMapName Name of the ConfigMap with the LDAP configuration file for Grafana ## ldap: enabled: false allowSignUp: false - ## configMap with LDAP configuration file (ldap.toml) - # configMapName: - -## An array to add extra env vars + configMapName: +## @param extraEnvVars Array containing extra env vars to configure Grafana ## For example: ## extraEnvVars: ## - name: GF_DEFAULT_INSTANCE_NAME ## value: my-instance ## extraEnvVars: {} - -## An array to add extra configmaps: +## @param extraConfigmaps Array to mount extra ConfigMaps to configure Grafana ## For example: ## extraConfigmaps: ## - name: myconfigmap @@ -120,27 +136,28 @@ extraEnvVars: {} ## readOnly: true ## extraConfigmaps: {} - ## Parameters to override the default grafana.ini file. ## It is needed to create a configmap or a secret containing the grafana.ini file. +## @param config.useGrafanaIniFile Allows to load a `grafana.ini` file +## @param config.grafanaIniConfigMap Name of the ConfigMap containing the `grafana.ini` file +## @param config.grafanaIniSecret Name of the Secret containing the `grafana.ini` file ## config: useGrafanaIniFile: false grafanaIniConfigMap: grafanaIniSecret: - -## Create dasboard provider to load dashboards, a default one is created to load -## dashboards from "/opt/bitnami/grafana/dashboards" +## Create dasboard provider to load dashboards, a default one is created to load dashboards +## from "/opt/bitnami/grafana/dashboards" +## @param dashboardsProvider.enabled Enable the use of a Grafana dashboard provider +## @param dashboardsProvider.configMapName Name of a ConfigMap containing a custom dashboard provider ## dashboardsProvider: enabled: false - ## ConfigMap with a custom provider file. ## Important to set the Path to "/opt/bitnami/grafana/dashboards" ## Evaluated as a template. ## configMapName: - -## Create dashboards from a custom configMap that contains the file. +## @param dashboardsConfigMaps Array with the names of a series of ConfigMaps containing dashboards files ## They will be mounted by the default dashboard provider if it is enabled ## Use an array with the configMap names. ## Example: @@ -151,18 +168,20 @@ dashboardsProvider: ## fileName: myotherdashboard.json ## dashboardsConfigMaps: [] - ## Create datasources from a custom secret ## The secret must contain the files +## @param datasources.secretName Secret name containing custom datasource files ## datasources: secretName: -## Number of grafana Pod replicas +## @section Deployment parameters + +## @param replicaCount Number of Grafana nodes ## replicaCount: 1 - -## Set up update strategy for Grafana installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. +## @param updateStrategy.type Set up update strategy for Grafana installation. +## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## Example: ## updateStrategy: @@ -173,109 +192,96 @@ replicaCount: 1 ## updateStrategy: type: RollingUpdate - -## Use an alternate scheduler, e.g. "stork". +## @param schedulerName Alternative scheduler ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## -# schedulerName: - -## Set a priority class name. +schedulerName: +## @param priorityClassName Priority class name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## -# priorityClassName: "" +priorityClassName: "" -serviceAccount: - ## Specifies whether a ServiceAccount should be created - ## - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - # name: - ## Annotations to add to the ServiceAccount Metadata - ## - annotations: {} - -## Pod annotations +## @param podAnnotations Grafana Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - -## Pod affinity preset +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard ## podAffinityPreset: "" - -## Pod anti-affinity preset +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard ## podAntiAffinityPreset: soft - ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard +## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. +## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. ## nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## type: "" - ## Node label key to match ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" - ## Node label values to match ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] - -## Affinity for pod assignment +## @param affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} - -## Node labels for pod assignment +## @param nodeSelector Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - -## Tolerations for pod assignment +## @param tolerations Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - -## SecurityContext configuration +## @param securityContext.enabled Enable securityContext on for Grafana deployment +## @param securityContext.fsGroup Group to configure permissions for volumes +## @param securityContext.runAsUser User for the security context +## @param securityContext.runAsNonRoot Run containers as non-root users ## securityContext: enabled: true runAsUser: 1001 fsGroup: 1001 runAsNonRoot: true - ## Grafana containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for Grafana containers +## @param resources.requests The requested resources for Grafana containers ## resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## Example: + ## limits: + ## cpu: 500m + ## memory: 1Gi limits: {} - # cpu: 500m - # memory: 1Gi + ## Examples: + ## requests: + ## cpu: 250m + ## memory: 256Mi requests: {} - # cpu: 250m - # memory: 256Mi - -## Grafana containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## Grafana containers' liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true @@ -284,6 +290,15 @@ livenessProbe: timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 +## Grafana containers' readinessProbe probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## readinessProbe: enabled: true initialDelaySeconds: 30 @@ -292,28 +307,7 @@ readinessProbe: failureThreshold: 6 successThreshold: 1 -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -## -persistence: - enabled: true - ## Grafana data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - accessMode: ReadWriteOnce - size: 10Gi - -## Add extra sidecars to the Grafana pod +## @param sidecars Attach additional sidecar containers to the Grafana pod ## Example: ## sidecars: ## - name: your-image-name @@ -324,16 +318,14 @@ persistence: ## containerPort: 1234 ## sidecars: {} - -## Add extra volumes to the Grafana pod +## @param extraVolumes Additional volumes for the Grafana pod ## Example: ## extraVolumes: ## - name: my-volume ## emptyDir: {} ## extraVolumes: [] - -## Add extra volume mounts to the grafana pod +## @param extraVolumeMounts Additional volume mounts for the Grafana container ## Example: ## extraVolumeMounts: ## - name: my-volume @@ -341,86 +333,114 @@ extraVolumes: [] ## extraVolumeMounts: [] +## @section Persistence parameters + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## @param persistence.enabled Enable persistence +## @param persistence.accessMode Access mode to the PV +## @param persistence.storageClass Storage class to use with the PVC +## @param persistence.existingClaim If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable +## @param persistence.size Size for the PV +## +persistence: + enabled: true + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: + existingClaim: + accessMode: ReadWriteOnce + size: 10Gi + +## @section RBAC parameters + +## @param serviceAccount.create Specifies whether a ServiceAccount should be created +## @param serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template +## @param serviceAccount.annotations Annotations to add to the ServiceAccount Metadata +serviceAccount: + create: true + name: + annotations: {} + +## @section Traffic exposure parameters + ## Service parameters ## service: - ## K8s service type + ## @param service.type Kubernetes Service type ## type: ClusterIP - ## Grafana service port + ## @param service.port Grafana service port ## port: 3000 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## - # nodePort: - ## loadBalancerIP for the Grafana Service (optional, cloud specific) + nodePort: + ## @param service.loadBalancerIP loadBalancerIP if Grafana service type is `LoadBalancer` (optional, cloud specific) ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## - # loadBalancerIP: - ## loadBalancerSourceRanges for the Grafana Service (optional, cloud specific) + loadBalancerIP: + ## @param service.loadBalancerSourceRanges loadBalancerSourceRanges if Grafana service type is `LoadBalancer` (optional, cloud specific) ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 ## - # loadBalancerSourceRanges: - # - 10.10.10.0/24 - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. + loadBalancerSourceRanges: [] + ## @param service.annotations Provide any additional annotations which may be required. + ## This can be used to set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} - ## Configure the ingress resource that allows you to access the ## Grafana installation. Set up the URL ## ref: http://kubernetes.io/docs/user-guide/ingress/ ## ingress: - ## Set to true to enable ingress record generation + ## @param ingress.enabled Set to true to enable ingress record generation ## enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager + ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager ## certManager: false - - ## Ingress Path type + ## @param ingress.pathType Ingress Path type ## pathType: ImplementationSpecific - - ## Override API Version (automatically detected if not set) + ## @param ingress.apiVersion Override API Version (automatically detected if not set) ## apiVersion: - - ## When the ingress is enabled, a host pointing to this will be created + ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created ## hostname: grafana.local - - ## The Path to Grafana. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. + ## @param ingress.path Default path for the ingress resource + ## The Path to Grafana. You may need to set this to '/*' in order to use this with ALB ingress controllers. ## path: / - - ## Ingress annotations done as key:value pairs + ## @param ingress.annotations Ingress annotations ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set ## annotations: {} - - ## Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it ## tls: false - - ## The list of additional hostnames to be covered with this ingress record. + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: grafana.local ## path: / ## - - ## Any additional arbitrary paths that may need to be added to the ingress under the main host. + extraHosts: [] + ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. ## extraPaths: ## - path: /* @@ -428,70 +448,87 @@ ingress: ## serviceName: ssl-redirect ## servicePort: use-annotation ## - - ## The tls configuration for additional hostnames to be covered with this ingress record. + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - grafana.local ## secretName: grafana.local-tls ## - - ## If you're providing your own certificates, please use this to add the certificates as secrets + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## - ## It is also possible to create and manage the certificates outside of this helm chart + ## @param ingress.secrets It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information - ## - secrets: [] + ## e.g: ## - name: grafana.local-tls ## key: ## certificate: ## + secrets: [] + +## @section Metrics parameters ## Prometheus metrics ## metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## enabled: false - ## Prometheus Operator ServiceMonitor configuration + ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service ## service: annotations: prometheus.io/scrape: "true" prometheus.io/port: "3000" prometheus.io/path: "/metrics" - serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## enabled: false - ## Namespace in which Prometheus is running + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## - # namespace: monitoring - - ## Interval at which metrics should be scraped. + namespace: + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s ## - # interval: 10s - - ## Timeout after which the scrape is ended + interval: + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s ## - # scrapeTimeout: 10s - - ## ServiceMonitor selector labels + scrapeTimeout: + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## e.g: + ## selector: + ## prometheus: my-prometheus ## - # selector: - # prometheus: my-prometheus + selector: {} + +## @section Grafana Image Renderer parameters imageRenderer: + ## @param imageRenderer.enabled Enable using a remote rendering service to render PNG images + ## enabled: false ## Bitnami Grafana Image Renderer image ## ref: https://hub.docker.com/r/bitnami/grafana-image-renderer/tags/ + ## @param imageRenderer.image.registry Grafana Image Renderer image registry + ## @param imageRenderer.image.repository Grafana Image Renderer image repository + ## @param imageRenderer.image.tag Grafana Image Renderer image tag (immutable tags are recommended) + ## @param imageRenderer.image.pullPolicy Grafana Image Renderer image pull policy + ## @param imageRenderer.image.pullSecrets Grafana image Renderer pull secrets ## image: registry: docker.io @@ -509,26 +546,30 @@ imageRenderer: ## - myRegistryKeySecretName ## pullSecrets: [] - ## Number of Grafana Image Renderer Pod replicas + ## @param imageRenderer.replicaCount Number of Grafana Image Renderer Pod replicas ## replicaCount: 1 - ## Pod annotations + ## @param imageRenderer.podAnnotations Grafana Image Renderer Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} - ## Node labels for pod assignment + ## @param imageRenderer.nodeSelector Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} - ## Tolerations for pod assignment + ## @param imageRenderer.tolerations Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - ## Affinity for pod assignment + ## @param imageRenderer.affinity Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## SecurityContext configuration + ## @param imageRenderer.securityContext.enabled Enable securityContext on for Grafana Image Renderer deployment + ## @param imageRenderer.securityContext.fsGroup Group to configure permissions for volumes + ## @param imageRenderer.securityContext.runAsUser User for the security context + ## @param imageRenderer.securityContext.runAsNonRoot Run containers as non-root users ## securityContext: enabled: true @@ -536,14 +577,16 @@ imageRenderer: fsGroup: 1001 runAsNonRoot: true service: - ## Grafana Image Renderer metrics port + ## @param imageRenderer.service.port Grafana Image Renderer metrics port ## port: 8080 ## Enable Prometheus metrics endpoint ## metrics: + ## @param imageRenderer.metrics.enabled Enable the export of Prometheus metrics + ## enabled: false - ## Prometheus annotations + ## @param imageRenderer.metrics.annotations [object] Annotations for Prometheus metrics service[object] Prometheus annotations ## annotations: prometheus.io/scrape: "true" @@ -552,15 +595,21 @@ imageRenderer: ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: + ## @param imageRenderer.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## enabled: false - ## Namespace in which Prometheus is running + ## @param imageRenderer.metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## - # namespace: monitoring - ## Interval at which metrics should be scraped. + namespace: + ## @param imageRenderer.metrics.serviceMonitor.interval Interval at which metrics should be scraped. ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s ## - # interval: 10s - ## Timeout after which the scrape is ended + interval: + ## @param imageRenderer.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s ## - # scrapeTimeout: 10s + scrapeTimeout: