mirror of
https://github.com/bitnami/charts.git
synced 2026-03-16 14:57:08 +08:00
[bitnami/thanos] feat: ✨ Add support for PSA restricted policy (#20553)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
035310a020
commit
af354f22eb
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: minio
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.8.15
|
||||
version: 12.8.18
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.13.3
|
||||
digest: sha256:c1e81f8b66e6a6053241be3e51ace764fcfe58a36bf9d031fb26326aeb3e1caa
|
||||
generated: "2023-10-19T10:04:18.256535187Z"
|
||||
digest: sha256:38d2c94b0fde7c366633aafcc234cf66ccdca79a06dcc6b9e3b5b0814a744e79
|
||||
generated: "2023-10-31T12:32:57.929225957+01:00"
|
||||
|
||||
@@ -35,4 +35,4 @@ maintainers:
|
||||
name: thanos
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/thanos
|
||||
version: 12.13.13
|
||||
version: 12.14.0
|
||||
|
||||
@@ -163,11 +163,14 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
| `query.updateStrategy.type` | Update strategy type for Thanos Query replicas | `RollingUpdate` |
|
||||
| `query.podSecurityContext.enabled` | Enable security context for the Thanos Query pods | `true` |
|
||||
| `query.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Query pods | `1001` |
|
||||
| `query.containerSecurityContext.enabled` | Enable container security context for the Thanos Query containers | `true` |
|
||||
| `query.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Query containers | `1001` |
|
||||
| `query.containerSecurityContext.runAsNonRoot` | Force the Thanos Query containers to run as a non root user | `true` |
|
||||
| `query.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Query containers | `false` |
|
||||
| `query.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Query containers | `true` |
|
||||
| `query.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `query.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `query.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `query.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `query.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `query.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `query.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `query.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `query.resources.limits` | The resources limits for the Thanos Query container | `{}` |
|
||||
| `query.resources.requests` | The requested resources for the Thanos Query container | `{}` |
|
||||
| `query.livenessProbe.enabled` | Enable livenessProbe on Thanos Query containers | `true` |
|
||||
@@ -315,11 +318,14 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
| `queryFrontend.updateStrategy.type` | Update strategy type for Thanos Query Frontend replicas | `RollingUpdate` |
|
||||
| `queryFrontend.podSecurityContext.enabled` | Enable security context for the Thanos Query Frontend pods | `true` |
|
||||
| `queryFrontend.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Query Frontend pods | `1001` |
|
||||
| `queryFrontend.containerSecurityContext.enabled` | Enable container security context for the Thanos Query Frontend containers | `true` |
|
||||
| `queryFrontend.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Query Frontend containers | `1001` |
|
||||
| `queryFrontend.containerSecurityContext.runAsNonRoot` | Force the Thanos Query Frontend containers to run as a non root user | `true` |
|
||||
| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Query Frontend containers | `false` |
|
||||
| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Query Frontend containers | `true` |
|
||||
| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `queryFrontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `queryFrontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `queryFrontend.resources.limits` | The resources limits for the Thanos Query Frontend container | `{}` |
|
||||
| `queryFrontend.resources.requests` | The requested resources for the Thanos Query Frontend container | `{}` |
|
||||
| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe on Thanos Query Frontend containers | `true` |
|
||||
@@ -424,11 +430,14 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
| `bucketweb.updateStrategy.type` | Update strategy type for Thanos Bucket Web replicas | `RollingUpdate` |
|
||||
| `bucketweb.podSecurityContext.enabled` | Enable security context for the Thanos Bucket Web pods | `true` |
|
||||
| `bucketweb.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Bucket Web pods | `1001` |
|
||||
| `bucketweb.containerSecurityContext.enabled` | Enable container security context for the Thanos Bucket Web containers | `true` |
|
||||
| `bucketweb.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Bucket Web containers | `1001` |
|
||||
| `bucketweb.containerSecurityContext.runAsNonRoot` | Force the Thanos Bucket Web containers to run as a non root user | `true` |
|
||||
| `bucketweb.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Bucket Web containers | `false` |
|
||||
| `bucketweb.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Bucket Web containers | `true` |
|
||||
| `bucketweb.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `bucketweb.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `bucketweb.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `bucketweb.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `bucketweb.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `bucketweb.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `bucketweb.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `bucketweb.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `bucketweb.resources.limits` | The resources limits for the Thanos Bucket Web container | `{}` |
|
||||
| `bucketweb.resources.requests` | The requested resources for the Thanos Bucket Web container | `{}` |
|
||||
| `bucketweb.livenessProbe.enabled` | Enable livenessProbe on Thanos Bucket Web containers | `true` |
|
||||
@@ -541,11 +550,14 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
| `compactor.updateStrategy.type` | Update strategy type for Thanos Compactor replicas | `Recreate` |
|
||||
| `compactor.podSecurityContext.enabled` | Enable security context for the Thanos Compactor pods | `true` |
|
||||
| `compactor.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Compactor pods | `1001` |
|
||||
| `compactor.containerSecurityContext.enabled` | Enable container security context for the Thanos Compactor containers | `true` |
|
||||
| `compactor.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Compactor containers | `1001` |
|
||||
| `compactor.containerSecurityContext.runAsNonRoot` | Force the Thanos Compactor containers to run as a non root user | `true` |
|
||||
| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Compactor containers | `false` |
|
||||
| `compactor.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Compactor containers | `true` |
|
||||
| `compactor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `compactor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `compactor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `compactor.resources.limits` | The resources limits for the Thanos Compactor container | `{}` |
|
||||
| `compactor.resources.requests` | The requested resources for the Thanos Compactor container | `{}` |
|
||||
| `compactor.livenessProbe.enabled` | Enable livenessProbe on Thanos Compactor containers | `true` |
|
||||
@@ -653,11 +665,14 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
| `storegateway.podManagementPolicy` | Statefulset Pod management policy: OrderedReady (default) or Parallel | `OrderedReady` |
|
||||
| `storegateway.podSecurityContext.enabled` | Enable security context for the Thanos Store Gateway pods | `true` |
|
||||
| `storegateway.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Store Gateway pods | `1001` |
|
||||
| `storegateway.containerSecurityContext.enabled` | Enable container security context for the Thanos Store Gateway containers | `true` |
|
||||
| `storegateway.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Store Gateway containers | `1001` |
|
||||
| `storegateway.containerSecurityContext.runAsNonRoot` | Force the Thanos Store Gateway containers to run as a non root user | `true` |
|
||||
| `storegateway.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Store Gateway containers | `false` |
|
||||
| `storegateway.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Store Gateway containers | `true` |
|
||||
| `storegateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `storegateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `storegateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `storegateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `storegateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `storegateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `storegateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `storegateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `storegateway.resources.limits` | The resources limits for the Thanos Store Gateway container | `{}` |
|
||||
| `storegateway.resources.requests` | The requested resources for the Thanos Store Gateway container | `{}` |
|
||||
| `storegateway.livenessProbe.enabled` | Enable livenessProbe on Thanos Store Gateway containers | `true` |
|
||||
@@ -798,11 +813,14 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
| `ruler.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` |
|
||||
| `ruler.podSecurityContext.enabled` | Enable security context for the Thanos Ruler pods | `true` |
|
||||
| `ruler.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Ruler pods | `1001` |
|
||||
| `ruler.containerSecurityContext.enabled` | Enable container security context for the Thanos Ruler containers | `true` |
|
||||
| `ruler.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Ruler containers | `1001` |
|
||||
| `ruler.containerSecurityContext.runAsNonRoot` | Force the Thanos Ruler containers to run as a non root user | `true` |
|
||||
| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Ruler containers | `false` |
|
||||
| `ruler.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Ruler containers | `true` |
|
||||
| `ruler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `ruler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `ruler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `ruler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `ruler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `ruler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `ruler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `ruler.resources.limits` | The resources limits for the Thanos Ruler container | `{}` |
|
||||
| `ruler.resources.requests` | The requested resources for the Thanos Ruler container | `{}` |
|
||||
| `ruler.livenessProbe.enabled` | Enable livenessProbe on Thanos Ruler containers | `true` |
|
||||
@@ -924,11 +942,14 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
| `receive.podManagementPolicy` | Statefulset Pod management policy: OrderedReady (default) or Parallel | `OrderedReady` |
|
||||
| `receive.podSecurityContext.enabled` | Enable security context for the Thanos Receive pods | `true` |
|
||||
| `receive.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Receive pods | `1001` |
|
||||
| `receive.containerSecurityContext.enabled` | Enable container security context for the Thanos Receive containers | `true` |
|
||||
| `receive.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Receive containers | `1001` |
|
||||
| `receive.containerSecurityContext.runAsNonRoot` | Force the Thanos Receive containers to run as a non root user | `true` |
|
||||
| `receive.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Receive containers | `false` |
|
||||
| `receive.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Receive containers | `true` |
|
||||
| `receive.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `receive.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `receive.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `receive.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `receive.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `receive.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `receive.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `receive.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `receive.resources.limits` | The resources limits for the Thanos Receive container | `{}` |
|
||||
| `receive.resources.requests` | The requested resources for the Thanos Receive container | `{}` |
|
||||
| `receive.livenessProbe.enabled` | Enable livenessProbe on Thanos Receive containers | `true` |
|
||||
@@ -1026,85 +1047,88 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate
|
||||
|
||||
### Thanos Receive Distributor parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | --------------- |
|
||||
| `receiveDistributor.enabled` | Enable/disable Thanos Receive Distributor component | `false` |
|
||||
| `receiveDistributor.logLevel` | Thanos Receive Distributor log level | `info` |
|
||||
| `receiveDistributor.logFormat` | Thanos Receive Distributor log format | `logfmt` |
|
||||
| `receiveDistributor.replicaLabel` | Label to treat as a replica indicator along which data is de-duplicated | `replica` |
|
||||
| `receiveDistributor.replicationFactor` | Thanos Receive Distributor replication-factor | `1` |
|
||||
| `receiveDistributor.extraEnvVars` | Extra environment variables for Thanos Receive Distributor container | `[]` |
|
||||
| `receiveDistributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes | `""` |
|
||||
| `receiveDistributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes | `""` |
|
||||
| `receiveDistributor.extraFlags` | Extra Flags to passed to Thanos Receive Distributor | `[]` |
|
||||
| `receiveDistributor.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `receiveDistributor.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `receiveDistributor.replicaCount` | Number of Thanos Receive Distributor replicas to deploy | `1` |
|
||||
| `receiveDistributor.updateStrategy.type` | Update strategy type for Thanos Receive Distributor replicas | `RollingUpdate` |
|
||||
| `receiveDistributor.podSecurityContext.enabled` | Enable security context for the Thanos Receive Distributor pods | `true` |
|
||||
| `receiveDistributor.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Receive Distributor pods | `1001` |
|
||||
| `receiveDistributor.containerSecurityContext.enabled` | Enable container security context for the Thanos Receive Distributor containers | `true` |
|
||||
| `receiveDistributor.containerSecurityContext.runAsUser` | User ID for the service user running the Thanos Receive Distributor containers | `1001` |
|
||||
| `receiveDistributor.containerSecurityContext.runAsNonRoot` | Force the Thanos Receive Distributor containers to run as a non root user | `true` |
|
||||
| `receiveDistributor.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off for Thanos Receive Distributor containers | `false` |
|
||||
| `receiveDistributor.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem on Thanos Receive Distributor containers | `true` |
|
||||
| `receiveDistributor.resources.limits` | The resources limits for the Thanos Receive container | `{}` |
|
||||
| `receiveDistributor.resources.requests` | The requested resources for the Thanos Receive container | `{}` |
|
||||
| `receiveDistributor.livenessProbe.enabled` | Enable livenessProbe on Thanos Receive Distributor containers | `true` |
|
||||
| `receiveDistributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `receiveDistributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `receiveDistributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` |
|
||||
| `receiveDistributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `receiveDistributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `receiveDistributor.readinessProbe.enabled` | Enable readinessProbe on Thanos Receive Distributor containers | `true` |
|
||||
| `receiveDistributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `receiveDistributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `receiveDistributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` |
|
||||
| `receiveDistributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `receiveDistributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `receiveDistributor.startupProbe.enabled` | Enable startupProbe on Thanos Receive Distributor containers | `false` |
|
||||
| `receiveDistributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
|
||||
| `receiveDistributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `receiveDistributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `receiveDistributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `receiveDistributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `receiveDistributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `receiveDistributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `receiveDistributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `receiveDistributor.initContainers` | Add additional init containers to the Thanos Receive Distributor pods | `[]` |
|
||||
| `receiveDistributor.sidecars` | Extra containers running as sidecars to Thanos Receive Distributor pods | `[]` |
|
||||
| `receiveDistributor.extraVolumes` | Extra volumes to add to Thanos Receive Distributor | `[]` |
|
||||
| `receiveDistributor.extraVolumeMounts` | Extra volume mounts to add to the receive distributor container | `[]` |
|
||||
| `receiveDistributor.podAffinityPreset` | Thanos Receive pod affinity preset | `""` |
|
||||
| `receiveDistributor.podAntiAffinityPreset` | Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `receiveDistributor.nodeAffinityPreset.type` | Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `receiveDistributor.nodeAffinityPreset.key` | Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set. | `""` |
|
||||
| `receiveDistributor.nodeAffinityPreset.values` | Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set. | `[]` |
|
||||
| `receiveDistributor.affinity` | Thanos Receive Distributor affinity for pod assignment | `{}` |
|
||||
| `receiveDistributor.nodeSelector` | Thanos Receive Distributor node labels for pod assignment | `{}` |
|
||||
| `receiveDistributor.tolerations` | Thanos Receive Distributor tolerations for pod assignment | `[]` |
|
||||
| `receiveDistributor.podLabels` | Thanos Receive Distributor pod labels | `{}` |
|
||||
| `receiveDistributor.podAnnotations` | Annotations for Thanos Receive Distributor pods | `{}` |
|
||||
| `receiveDistributor.dnsConfig` | Deployment pod DNS config | `{}` |
|
||||
| `receiveDistributor.dnsPolicy` | Deployment pod DNS policy | `""` |
|
||||
| `receiveDistributor.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `receiveDistributor.lifecycleHooks` | for the Thanos Receive Distributor container(s) to automate configuration before or after startup | `{}` |
|
||||
| `receiveDistributor.priorityClassName` | Thanos Receive Distributor priorityClassName | `""` |
|
||||
| `receiveDistributor.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods | `""` |
|
||||
| `receiveDistributor.topologySpreadConstraints` | Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains | `[]` |
|
||||
| `receiveDistributor.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the deployment | `true` |
|
||||
| `receiveDistributor.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `receiveDistributor.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
||||
| `receiveDistributor.serviceAccount.annotations` | Annotations for Thanos Receive Distributor Service Account | `{}` |
|
||||
| `receiveDistributor.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `true` |
|
||||
| `receiveDistributor.autoscaling.enabled` | Enable autoscaling for Thanos Receive Distributor | `false` |
|
||||
| `receiveDistributor.autoscaling.minReplicas` | Minimum number of Thanos Receive Distributor replicas | `""` |
|
||||
| `receiveDistributor.autoscaling.maxReplicas` | Maximum number of Thanos Receive Distributor replicas | `""` |
|
||||
| `receiveDistributor.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `receiveDistributor.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| `receiveDistributor.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor | `false` |
|
||||
| `receiveDistributor.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `receiveDistributor.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
| Name | Description | Value |
|
||||
| ---------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ---------------- |
|
||||
| `receiveDistributor.enabled` | Enable/disable Thanos Receive Distributor component | `false` |
|
||||
| `receiveDistributor.logLevel` | Thanos Receive Distributor log level | `info` |
|
||||
| `receiveDistributor.logFormat` | Thanos Receive Distributor log format | `logfmt` |
|
||||
| `receiveDistributor.replicaLabel` | Label to treat as a replica indicator along which data is de-duplicated | `replica` |
|
||||
| `receiveDistributor.replicationFactor` | Thanos Receive Distributor replication-factor | `1` |
|
||||
| `receiveDistributor.extraEnvVars` | Extra environment variables for Thanos Receive Distributor container | `[]` |
|
||||
| `receiveDistributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes | `""` |
|
||||
| `receiveDistributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes | `""` |
|
||||
| `receiveDistributor.extraFlags` | Extra Flags to passed to Thanos Receive Distributor | `[]` |
|
||||
| `receiveDistributor.command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `receiveDistributor.args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `receiveDistributor.replicaCount` | Number of Thanos Receive Distributor replicas to deploy | `1` |
|
||||
| `receiveDistributor.updateStrategy.type` | Update strategy type for Thanos Receive Distributor replicas | `RollingUpdate` |
|
||||
| `receiveDistributor.podSecurityContext.enabled` | Enable security context for the Thanos Receive Distributor pods | `true` |
|
||||
| `receiveDistributor.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Receive Distributor pods | `1001` |
|
||||
| `receiveDistributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `receiveDistributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `receiveDistributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `receiveDistributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `receiveDistributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
|
||||
| `receiveDistributor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `receiveDistributor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `receiveDistributor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `receiveDistributor.resources.limits` | The resources limits for the Thanos Receive container | `{}` |
|
||||
| `receiveDistributor.resources.requests` | The requested resources for the Thanos Receive container | `{}` |
|
||||
| `receiveDistributor.livenessProbe.enabled` | Enable livenessProbe on Thanos Receive Distributor containers | `true` |
|
||||
| `receiveDistributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
|
||||
| `receiveDistributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
|
||||
| `receiveDistributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` |
|
||||
| `receiveDistributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
|
||||
| `receiveDistributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `receiveDistributor.readinessProbe.enabled` | Enable readinessProbe on Thanos Receive Distributor containers | `true` |
|
||||
| `receiveDistributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
|
||||
| `receiveDistributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
|
||||
| `receiveDistributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` |
|
||||
| `receiveDistributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
|
||||
| `receiveDistributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `receiveDistributor.startupProbe.enabled` | Enable startupProbe on Thanos Receive Distributor containers | `false` |
|
||||
| `receiveDistributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
|
||||
| `receiveDistributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `receiveDistributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
|
||||
| `receiveDistributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
|
||||
| `receiveDistributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `receiveDistributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `receiveDistributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `receiveDistributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `receiveDistributor.initContainers` | Add additional init containers to the Thanos Receive Distributor pods | `[]` |
|
||||
| `receiveDistributor.sidecars` | Extra containers running as sidecars to Thanos Receive Distributor pods | `[]` |
|
||||
| `receiveDistributor.extraVolumes` | Extra volumes to add to Thanos Receive Distributor | `[]` |
|
||||
| `receiveDistributor.extraVolumeMounts` | Extra volume mounts to add to the receive distributor container | `[]` |
|
||||
| `receiveDistributor.podAffinityPreset` | Thanos Receive pod affinity preset | `""` |
|
||||
| `receiveDistributor.podAntiAffinityPreset` | Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `receiveDistributor.nodeAffinityPreset.type` | Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `receiveDistributor.nodeAffinityPreset.key` | Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set. | `""` |
|
||||
| `receiveDistributor.nodeAffinityPreset.values` | Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set. | `[]` |
|
||||
| `receiveDistributor.affinity` | Thanos Receive Distributor affinity for pod assignment | `{}` |
|
||||
| `receiveDistributor.nodeSelector` | Thanos Receive Distributor node labels for pod assignment | `{}` |
|
||||
| `receiveDistributor.tolerations` | Thanos Receive Distributor tolerations for pod assignment | `[]` |
|
||||
| `receiveDistributor.podLabels` | Thanos Receive Distributor pod labels | `{}` |
|
||||
| `receiveDistributor.podAnnotations` | Annotations for Thanos Receive Distributor pods | `{}` |
|
||||
| `receiveDistributor.dnsConfig` | Deployment pod DNS config | `{}` |
|
||||
| `receiveDistributor.dnsPolicy` | Deployment pod DNS policy | `""` |
|
||||
| `receiveDistributor.hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `receiveDistributor.lifecycleHooks` | for the Thanos Receive Distributor container(s) to automate configuration before or after startup | `{}` |
|
||||
| `receiveDistributor.priorityClassName` | Thanos Receive Distributor priorityClassName | `""` |
|
||||
| `receiveDistributor.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods | `""` |
|
||||
| `receiveDistributor.topologySpreadConstraints` | Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains | `[]` |
|
||||
| `receiveDistributor.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the deployment | `true` |
|
||||
| `receiveDistributor.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
|
||||
| `receiveDistributor.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` |
|
||||
| `receiveDistributor.serviceAccount.annotations` | Annotations for Thanos Receive Distributor Service Account | `{}` |
|
||||
| `receiveDistributor.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `true` |
|
||||
| `receiveDistributor.autoscaling.enabled` | Enable autoscaling for Thanos Receive Distributor | `false` |
|
||||
| `receiveDistributor.autoscaling.minReplicas` | Minimum number of Thanos Receive Distributor replicas | `""` |
|
||||
| `receiveDistributor.autoscaling.maxReplicas` | Maximum number of Thanos Receive Distributor replicas | `""` |
|
||||
| `receiveDistributor.autoscaling.targetCPU` | Target CPU utilization percentage | `""` |
|
||||
| `receiveDistributor.autoscaling.targetMemory` | Target Memory utilization percentage | `""` |
|
||||
| `receiveDistributor.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor | `false` |
|
||||
| `receiveDistributor.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
|
||||
| `receiveDistributor.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` |
|
||||
|
||||
### Metrics parameters
|
||||
|
||||
|
||||
@@ -227,18 +227,26 @@ query:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Query containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param query.containerSecurityContext.enabled Enable container security context for the Thanos Query containers
|
||||
## @param query.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query containers
|
||||
## @param query.containerSecurityContext.runAsNonRoot Force the Thanos Query containers to run as a non root user
|
||||
## @param query.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query containers
|
||||
## @param query.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query containers
|
||||
## @param query.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param query.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param query.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param query.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param query.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param query.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param query.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param query.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Query containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param query.resources.limits The resources limits for the Thanos Query container
|
||||
@@ -902,18 +910,26 @@ queryFrontend:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Query Frontend containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param queryFrontend.containerSecurityContext.enabled Enable container security context for the Thanos Query Frontend containers
|
||||
## @param queryFrontend.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query Frontend containers
|
||||
## @param queryFrontend.containerSecurityContext.runAsNonRoot Force the Thanos Query Frontend containers to run as a non root user
|
||||
## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query Frontend containers
|
||||
## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query Frontend containers
|
||||
## @param queryFrontend.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param queryFrontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param queryFrontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param queryFrontend.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param queryFrontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param queryFrontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Query Frontend containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param queryFrontend.resources.limits The resources limits for the Thanos Query Frontend container
|
||||
@@ -1345,18 +1361,26 @@ bucketweb:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Bucket Web containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param bucketweb.containerSecurityContext.enabled Enable container security context for the Thanos Bucket Web containers
|
||||
## @param bucketweb.containerSecurityContext.runAsUser User ID for the service user running the Thanos Bucket Web containers
|
||||
## @param bucketweb.containerSecurityContext.runAsNonRoot Force the Thanos Bucket Web containers to run as a non root user
|
||||
## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Bucket Web containers
|
||||
## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Bucket Web containers
|
||||
## @param bucketweb.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param bucketweb.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param bucketweb.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param bucketweb.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param bucketweb.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param bucketweb.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Bucket Web containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param bucketweb.resources.limits The resources limits for the Thanos Bucket Web container
|
||||
@@ -1792,18 +1816,26 @@ compactor:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Compactor containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param compactor.containerSecurityContext.enabled Enable container security context for the Thanos Compactor containers
|
||||
## @param compactor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Compactor containers
|
||||
## @param compactor.containerSecurityContext.runAsNonRoot Force the Thanos Compactor containers to run as a non root user
|
||||
## @param compactor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Compactor containers
|
||||
## @param compactor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Compactor containers
|
||||
## @param compactor.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param compactor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param compactor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param compactor.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param compactor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param compactor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param compactor.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param compactor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Compactor containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param compactor.resources.limits The resources limits for the Thanos Compactor container
|
||||
@@ -2254,18 +2286,26 @@ storegateway:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Store Gateway containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param storegateway.containerSecurityContext.enabled Enable container security context for the Thanos Store Gateway containers
|
||||
## @param storegateway.containerSecurityContext.runAsUser User ID for the service user running the Thanos Store Gateway containers
|
||||
## @param storegateway.containerSecurityContext.runAsNonRoot Force the Thanos Store Gateway containers to run as a non root user
|
||||
## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Store Gateway containers
|
||||
## @param storegateway.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Store Gateway containers
|
||||
## @param storegateway.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param storegateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param storegateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param storegateway.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param storegateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param storegateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param storegateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Store Gateway containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param storegateway.resources.limits The resources limits for the Thanos Store Gateway container
|
||||
@@ -2897,18 +2937,26 @@ ruler:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Ruler containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param ruler.containerSecurityContext.enabled Enable container security context for the Thanos Ruler containers
|
||||
## @param ruler.containerSecurityContext.runAsUser User ID for the service user running the Thanos Ruler containers
|
||||
## @param ruler.containerSecurityContext.runAsNonRoot Force the Thanos Ruler containers to run as a non root user
|
||||
## @param ruler.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Ruler containers
|
||||
## @param ruler.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Ruler containers
|
||||
## @param ruler.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param ruler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param ruler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param ruler.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param ruler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param ruler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param ruler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param ruler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Ruler containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param ruler.resources.limits The resources limits for the Thanos Ruler container
|
||||
@@ -3401,18 +3449,26 @@ receive:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Receive containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param receive.containerSecurityContext.enabled Enable container security context for the Thanos Receive containers
|
||||
## @param receive.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive containers
|
||||
## @param receive.containerSecurityContext.runAsNonRoot Force the Thanos Receive containers to run as a non root user
|
||||
## @param receive.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive containers
|
||||
## @param receive.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive containers
|
||||
## @param receive.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param receive.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param receive.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param receive.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param receive.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param receive.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param receive.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param receive.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Receive containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param receive.resources.limits The resources limits for the Thanos Receive container
|
||||
@@ -3871,18 +3927,26 @@ receiveDistributor:
|
||||
fsGroup: 1001
|
||||
## K8s containers' Security Context for Thanos Receive Distributor containers
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param receiveDistributor.containerSecurityContext.enabled Enable container security context for the Thanos Receive Distributor containers
|
||||
## @param receiveDistributor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive Distributor containers
|
||||
## @param receiveDistributor.containerSecurityContext.runAsNonRoot Force the Thanos Receive Distributor containers to run as a non root user
|
||||
## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive Distributor containers
|
||||
## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive Distributor containers
|
||||
## @param receiveDistributor.containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param receiveDistributor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param receiveDistributor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param receiveDistributor.containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param receiveDistributor.containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param receiveDistributor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Thanos Receive Distributor containers' resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param receiveDistributor.resources.limits The resources limits for the Thanos Receive container
|
||||
|
||||
Reference in New Issue
Block a user