## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## e.g: ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## kubeVersion: "" ## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname template ## fullnameOverride: "" ## @param commonLabels Add labels to all the deployed resources ## commonLabels: {} ## @param commonAnnotations Add annotations to all the deployed resources ## commonAnnotations: {} ## @param clusterDomain Kubernetes Cluster Domain ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] ## @section Thanos common parameters ## Bitnami Thanos image ## ref: https://hub.docker.com/r/bitnami/thanos/tags/ ## @param image.registry Thanos image registry ## @param image.repository Thanos image repository ## @param image.tag Thanos image tag (immutable tags are recommended) ## @param image.digest Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.pullPolicy Thanos image pull policy ## @param image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/thanos tag: 0.31.0-scratch-r1 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param objstoreConfig The [objstore configuration](https://thanos.io/tip/thanos/storage.md/) ## Specify content for objstore.yml ## objstoreConfig: "" ## @param indexCacheConfig The [index cache configuration](https://thanos.io/tip/components/store.md/) ## Specify content for index-cache.yml ## indexCacheConfig: "" ## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/tip/components/store.md/) ## Specify content for bucket-cache.yml ## bucketCacheConfig: "" ## @param existingObjstoreSecret Secret with Objstore Configuration ## Note: This will override objstoreConfig ## existingObjstoreSecret: "" ## @param existingObjstoreSecretItems Optional item list for specifying a custom Secret key. If so, path should be objstore.yml ## existingObjstoreSecretItems: [] ## @param httpConfig The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/) ## If provided, overrides settings under https.* and auth.* httpConfig: "" ## @param existingHttpConfigSecret Secret containing the HTTPS and Basic auth configuration ## existingHttpConfigSecret: "" ## HTTPS configuration (Experimental) ## Ref: https://thanos.io/tip/operating/https.md/ ## https: ## @param https.enabled Set to true to enable HTTPS. Requires a secret containing the certificate and key. ## enabled: false ## @param https.autoGenerated Create self-signed TLS certificates. ## autoGenerated: false ## @param https.existingSecret Existing secret containing your own server key and certificate ## existingSecret: "" ## @param https.certFilename ## certFilename: "tls.crt" ## @param https.keyFilename ## keyFilename: "tls.key" ## @param https.caFilename ## caFilename: "ca.crt" ## @param https.key TLS Key for Thanos HTTPS - ignored if existingSecret is provided ## @param https.cert TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided ## @param https.ca (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided ## key: "" cert: "" ca: "" ## @param https.clientAuthType Server policy for client authentication using certificates. Maps to ClientAuth Policies. ## For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType clientAuthType: "" ## Thanos Basic authentication (Experimental) ## auth: ## @param auth.basicAuthUsers Object containing : key-value pairs for each user that will have access via basic authentication ## Note: Passwords will be later encrypted using bcrypt basicAuthUsers: {} ## Common Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## @param serviceAccount.create Specifies whether a ServiceAccount should be created ## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. ## serviceAccount: create: false name: "" automountServiceAccountToken: true annotations: {} ## DEPRECATED - existingServiceAccount. This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## ## existingServiceAccount: "" ## @section Thanos Query parameters query: ## @param query.enabled Set to true to enable Thanos Query component ## enabled: true ## @param query.logLevel Thanos Query log level ## logLevel: info ## @param query.logFormat Thanos Query log format ## logFormat: logfmt ## @param query.replicaLabel Replica indicator(s) along which data is de-duplicated ## replicaLabel: [replica] ## Dynamically configure store APIs using DNS discovery ## @param query.dnsDiscovery.enabled Enable store APIs discovery via DNS ## @param query.dnsDiscovery.sidecarsService Sidecars service name to discover them using DNS discovery ## @param query.dnsDiscovery.sidecarsNamespace Sidecars namespace to discover them using DNS discovery ## dnsDiscovery: enabled: true sidecarsService: "" sidecarsNamespace: "" ## @param query.stores Statically configure store APIs to connect with Thanos Query ## stores: [] ## @param query.sdConfig Query Service Discovery Configuration ## Specify content for servicediscovery.yml ## sdConfig: "" ## @param query.existingSDConfigmap Name of existing ConfigMap with Ruler configuration ## NOTE: This will override query.sdConfig ## existingSDConfigmap: "" ## @param query.extraEnvVars Extra environment variables for Thanos Query container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param query.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query nodes ## extraEnvVarsCM: "" ## @param query.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query nodes ## extraEnvVarsSecret: "" ## @param query.extraFlags Extra Flags to passed to Thanos Query ## extraFlags: [] ## @param query.command Override default container command (useful when using custom images) ## command: [] ## @param query.args Override default container args (useful when using custom images) ## args: [] ## @param query.replicaCount Number of Thanos Query replicas to deploy ## replicaCount: 1 ## @param query.updateStrategy.type Update strategy type for Thanos Query replicas ## updateStrategy: type: RollingUpdate ## K8s Pod Security Context for Thanos Query pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pods ## @param query.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Query containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param query.containerSecurityContext.enabled Enable container security context for the Thanos Query containers ## @param query.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query containers ## @param query.containerSecurityContext.runAsNonRoot Force the Thanos Query containers to run as a non root user ## @param query.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query containers ## @param query.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Query containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param query.resources.limits The resources limits for the Thanos Query container ## @param query.resources.requests The requested resources for the Thanos Query container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Query containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param query.livenessProbe.enabled Enable livenessProbe on Thanos Query containers ## @param query.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param query.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param query.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param query.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param query.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param query.readinessProbe.enabled Enable readinessProbe on Thanos Query containers ## @param query.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param query.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param query.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param query.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param query.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param query.startupProbe.enabled Enable startupProbe on Thanos Query containers ## @param query.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param query.startupProbe.periodSeconds Period seconds for startupProbe ## @param query.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param query.startupProbe.failureThreshold Failure threshold for startupProbe ## @param query.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param query.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param query.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param query.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param query.initContainers Add additional init containers to the Thanos Query pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param query.sidecars Extra containers running as sidecars to Thanos Query pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param query.extraVolumes Extra volumes to add to Thanos Query ## extraVolumes: [] ## @param query.extraVolumeMounts Extra volume mounts to add to the query container ## extraVolumeMounts: [] ## @param query.podAffinityPreset Thanos Query pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param query.podAntiAffinityPreset Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## @param query.podAntiAffinityPresetTopologyKey Thanos Query pod anti-affinity topologyKey. Ignored if `query.affinity` is set. ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPresetTopologyKey: "" ## Thanos Query node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param query.nodeAffinityPreset.type Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param query.nodeAffinityPreset.key Thanos Query node label key to match Ignored if `query.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param query.nodeAffinityPreset.values Thanos Query node label values to match. Ignored if `query.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param query.affinity Thanos Query affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param query.nodeSelector Thanos Query node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param query.tolerations Thanos Query tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param query.podLabels Thanos Query pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param query.podAnnotations Annotations for Thanos Query pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param query.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param query.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param query.lifecycleHooks for the Thanos Query container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param query.priorityClassName Thanos Query priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param query.schedulerName Name of the k8s scheduler (other than default) for Thanos Query pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param query.topologySpreadConstraints Topology Spread Constraints for Thanos Query pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## Thanos Query GRPC parameters ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags ## grpc: ## GRPC server side ## server: ## TLS configuration ## @param query.grpc.server.tls.enabled Enable TLS encryption in the GRPC server ## @param query.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates ## @param query.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided ## @param query.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided ## @param query.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided ## @param query.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates ## e.g: ## existingSecret: ## name: foo ## keyMapping: ## ca-cert: ca.pem ## tls-cert: cert.pem ## tls-key: key.pem ## tls: enabled: false autoGenerated: false cert: "" key: "" ca: "" existingSecret: {} ## GRPC client side ## client: ## @param query.grpc.client.serverName Server name to verify the hostname on the returned GRPC certificates ## serverName: "" ## TLS configuration ## @param query.grpc.client.tls.enabled Enable TLS encryption in the GRPC server ## @param query.grpc.client.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates ## @param query.grpc.client.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided ## @param query.grpc.client.tls.key TLS Key for GRPC server - ignored if existingSecret is provided ## @param query.grpc.client.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided ## @param query.grpc.client.tls.existingSecret Existing secret containing your own TLS certificates ## e.g: ## existingSecret: ## name: foo ## keyMapping: ## ca-cert: ca.pem ## tls-cert: cert.pem ## tls-key: key.pem ## tls: enabled: false autoGenerated: false cert: "" key: "" ca: "" existingSecret: {} ## Service parameters ## service: ## @param query.service.type Kubernetes service type ## type: ClusterIP ## @param query.service.ports.http Thanos Query service HTTP port ## ports: http: 9090 ## @param query.service.nodePorts.http Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" ## @param query.service.clusterIP Thanos Query service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param query.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## Set the LoadBalancer service type to internal only ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param query.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param query.service.externalTrafficPolicy Thanos Query service externalTrafficPolicy ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## externalTrafficPolicy: Cluster ## @param query.service.annotations Annotations for Thanos Query service ## annotations: {} ## @param query.service.extraPorts Extra ports to expose in the Thanos Query service ## extraPorts: [] ## @param query.service.labelSelectorsOverride Selector for Thanos Query service ## labelSelectorsOverride: {} ## @param query.service.additionalHeadless Additional Headless service ## additionalHeadless: false ## Headless service properties ## headless: ## @param query.service.headless.annotations Annotations for the headless service. ## annotations: {} ## Service GRPC parameters ## serviceGrpc: ## @param query.serviceGrpc.type Kubernetes service type ## type: ClusterIP ## @param query.serviceGrpc.ports.grpc Thanos Query service GRPC port ## ports: grpc: 10901 ## @param query.serviceGrpc.nodePorts.grpc Specify the Thanos Query GRPC nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: grpc: "" ## @param query.serviceGrpc.clusterIP Thanos Query service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param query.serviceGrpc.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## Set the LoadBalancer service type to internal only ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param query.serviceGrpc.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param query.serviceGrpc.externalTrafficPolicy Thanos Query service externalTrafficPolicy ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## externalTrafficPolicy: Cluster ## @param query.serviceGrpc.annotations Annotations for Thanos Query service ## annotations: {} ## @param query.serviceGrpc.extraPorts Extra ports to expose in the Thanos Query service ## extraPorts: [] ## @param query.serviceGrpc.labelSelectorsOverride Selector for Thanos Query service ## labelSelectorsOverride: {} ## @param query.serviceGrpc.additionalHeadless Additional Headless service ## additionalHeadless: false ## Headless service properties ## headless: ## @param query.serviceGrpc.headless.annotations Annotations for the headless service. ## annotations: {} ## Autoscaling parameters ## @param query.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param query.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param query.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account ## @param query.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED query.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## RBAC configuration ## rbac: ## @param query.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Service Account ## create: false ## @param query.rbac.rules Custom RBAC rules to set ## e.g: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## rules: [] ## @param query.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later ## pspEnabled: false ## Thanos Query Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param query.autoscaling.enabled Enable autoscaling for Thanos Query ## @param query.autoscaling.minReplicas Minimum number of Thanos Query replicas ## @param query.autoscaling.maxReplicas Maximum number of Thanos Query replicas ## @param query.autoscaling.targetCPU Target CPU utilization percentage ## @param query.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Thanos Query Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param query.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query ## @param query.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param query.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## Configure the ingress resource that allows you to access Thanos Query ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param query.ingress.enabled Enable ingress controller resource ## enabled: false ## @param query.ingress.hostname Default host for the ingress resource ## hostname: thanos.local ## @param query.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param query.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param query.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos.local ## path: / ## pathType: ImplementationSpecific ## extraHosts: [] ## @param query.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos.local ## secretName: thanos.local-tls ## extraTls: [] ## @param query.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos.local-tls ## key: ## certificate: ## secrets: [] ## @param query.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param query.ingress.tls Enable TLS configuration for the hostname defined at `query.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.hostname }}` ## You can: ## - Use the `query.ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `query.ingress.selfSigned=true` ## tls: false ## @param query.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param query.ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param query.ingress.path Ingress path ## path: / ## @param query.ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## Create an ingress object for the GRPC service. This requires an HTTP/2 ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations ## - ingress.kubernetes.io/protocol: h2c ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ ## and also the documentation for your ingress controller. ## ## The options that are accepted are identical to the HTTP one listed above ## grpc: ## @param query.ingress.grpc.enabled Enable ingress controller resource (GRPC) ## enabled: false ## @param query.ingress.grpc.hostname Default host for the ingress resource (GRPC) ## hostname: thanos-grpc.local ## @param query.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param query.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## Examples: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param query.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos-grpc.local ## path: / ## extraHosts: [] ## @param query.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos-grpc.local ## secretName: thanos-grpc.local-tls ## extraTls: [] ## @param query.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos-grpc.local-tls ## key: ## certificate: ## secrets: [] ## @param query.ingress.grpc.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param query.ingress.grpc.tls Enable TLS configuration for the hostname defined at `query.ingress.grpc.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.grpc.hostname }}` ## You can: ## - Use the `query.ingress.grpc.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `query.ingress.grpc.selfSigned=true` ## tls: false ## @param query.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param query.ingress.grpc.apiVersion Override API Version (automatically detected if not set) ## apiVersion: "" ## @param query.ingress.grpc.path Ingress Path ## path: / ## @param query.ingress.grpc.pathType Ingress Path type ## pathType: ImplementationSpecific ## @section Thanos Query Frontend parameters queryFrontend: ## @param queryFrontend.enabled Enable/disable Thanos Query Frontend component ## enabled: true ## @param queryFrontend.logLevel Thanos Query Frontend log level ## logLevel: info ## @param queryFrontend.logFormat Thanos Query Frontend log format ## logFormat: logfmt ## @param queryFrontend.config Thanos Query Frontend configuration ## Specify content for config.yml ## config: "" ## @param queryFrontend.existingConfigmap Name of existing ConfigMap with Thanos Query Frontend configuration ## NOTE: This will override queryFrontend.config ## existingConfigmap: "" ## @param queryFrontend.extraEnvVars Extra environment variables for Thanos Query Frontend container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query Frontend nodes ## extraEnvVarsCM: "" ## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query Frontend nodes ## extraEnvVarsSecret: "" ## @param queryFrontend.extraFlags Extra Flags to passed to Thanos Query Frontend ## extraFlags: [] ## @param queryFrontend.command Override default container command (useful when using custom images) ## command: [] ## @param queryFrontend.args Override default container args (useful when using custom images) ## args: [] ## @param queryFrontend.replicaCount Number of Thanos Query Frontend replicas to deploy ## replicaCount: 1 ## @param queryFrontend.updateStrategy.type Update strategy type for Thanos Query Frontend replicas ## updateStrategy: type: RollingUpdate ## K8s Pod Security Context for Thanos Query Frontend pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Query Frontend pods ## @param queryFrontend.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query Frontend pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Query Frontend containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param queryFrontend.containerSecurityContext.enabled Enable container security context for the Thanos Query Frontend containers ## @param queryFrontend.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query Frontend containers ## @param queryFrontend.containerSecurityContext.runAsNonRoot Force the Thanos Query Frontend containers to run as a non root user ## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query Frontend containers ## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query Frontend containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Query Frontend containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param queryFrontend.resources.limits The resources limits for the Thanos Query Frontend container ## @param queryFrontend.resources.requests The requested resources for the Thanos Query Frontend container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Query Frontend containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on Thanos Query Frontend containers ## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on Thanos Query Frontend containers ## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param queryFrontend.startupProbe.enabled Enable startupProbe on Thanos Query Frontend containers ## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe ## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe ## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param queryFrontend.initContainers Add additional init containers to the Thanos Query Frontend pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param queryFrontend.sidecars Extra containers running as sidecars to Thanos Query Frontend pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param queryFrontend.extraVolumes Extra volumes to add to Thanos Query Frontend ## extraVolumes: [] ## @param queryFrontend.extraVolumeMounts Extra volume mounts to add to the query-frontend container ## extraVolumeMounts: [] ## @param queryFrontend.podAffinityPreset Thanos Query Frontend pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param queryFrontend.podAntiAffinityPreset Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Thanos Query Frontend node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param queryFrontend.nodeAffinityPreset.type Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param queryFrontend.nodeAffinityPreset.key Thanos Query Frontend node label key to match. Ignored if `queryFrontend.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param queryFrontend.nodeAffinityPreset.values Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param queryFrontend.affinity Thanos Query Frontend affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param queryFrontend.nodeSelector Thanos Query Frontend node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param queryFrontend.tolerations Thanos Query Frontend tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param queryFrontend.podLabels Thanos Query Frontend pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param queryFrontend.podAnnotations Annotations for Thanos Query Frontend pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param queryFrontend.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param queryFrontend.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param queryFrontend.lifecycleHooks for the Thanos Query Frontend container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param queryFrontend.priorityClassName Thanos Query Frontend priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param queryFrontend.schedulerName Name of the k8s scheduler (other than default) for Thanos Query Frontend pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## Service parameters ## service: ## @param queryFrontend.service.type Kubernetes service type ## type: ClusterIP ## @param queryFrontend.service.ports.http Thanos Query Frontend service HTTP port ## ports: http: 9090 ## @param queryFrontend.service.nodePorts.http Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" ## @param queryFrontend.service.clusterIP Thanos Query Frontend service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param queryFrontend.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## Set the LoadBalancer service type to internal only ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param queryFrontend.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param queryFrontend.service.externalTrafficPolicy Thanos Query Frontend service externalTrafficPolicy ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## externalTrafficPolicy: Cluster ## @param queryFrontend.service.annotations Annotations for Thanos Query Frontend service ## annotations: {} ## @param queryFrontend.service.labels Labels for Thanos Query Frontend service ## labels: {} ## @param queryFrontend.service.extraPorts Extra ports to expose in the Thanos Query Frontend service ## extraPorts: [] ## @param queryFrontend.service.labelSelectorsOverride Selector for Thanos Query service ## labelSelectorsOverride: {} ## @param queryFrontend.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param queryFrontend.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param queryFrontend.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account ## @param queryFrontend.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED queryFrontend.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## RBAC configuration ## rbac: ## @param queryFrontend.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Frontend Service Account ## create: false ## @param queryFrontend.rbac.rules Custom RBAC rules to set ## e.g: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## rules: [] ## @param queryFrontend.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query Frontend ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later ## pspEnabled: false ## Thanos Query Frontend Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param queryFrontend.autoscaling.enabled Enable autoscaling for Thanos Query Frontend ## @param queryFrontend.autoscaling.minReplicas Minimum number of Thanos Query Frontend replicas ## @param queryFrontend.autoscaling.maxReplicas Maximum number of Thanos Query Frontend replicas ## @param queryFrontend.autoscaling.targetCPU Target CPU utilization percentage ## @param queryFrontend.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Thanos Query Frontend Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query Frontend ## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## Configure the ingress resource that allows you to access Thanos Query Frontend ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param queryFrontend.ingress.enabled Enable ingress controller resource ## enabled: false ## @param queryFrontend.ingress.hostname Default host for the ingress resource ## hostname: thanos.local ## @param queryFrontend.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param queryFrontend.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param queryFrontend.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos.local ## path: / ## pathType: ImplementationSpecific ## extraHosts: [] ## @param queryFrontend.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos.local ## secretName: thanos.local-tls ## extraTls: [] ## @param queryFrontend.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos.local-tls ## key: ## certificate: ## secrets: [] ## @param queryFrontend.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param queryFrontend.ingress.tls Enable TLS configuration for the hostname defined at `queryFrontend.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.queryFrontend.ingress.hostname }}` ## You can: ## - Use the `queryFrontend.ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `queryFrontend.ingress.selfSigned=true` ## tls: false ## @param queryFrontend.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param queryFrontend.ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param queryFrontend.ingress.path Ingress path ## path: / ## @param queryFrontend.ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @section Thanos Bucket Web parameters bucketweb: ## @param bucketweb.enabled Enable/disable Thanos Bucket Web component ## enabled: false ## @param bucketweb.logLevel Thanos Bucket Web log level ## logLevel: info ## @param bucketweb.logFormat Thanos Bucket Web log format ## logFormat: logfmt ## @param bucketweb.refresh Refresh interval to download metadata from remote storage ## refresh: 30m ## @param bucketweb.timeout Timeout to download metadata from remote storage ## timeout: 5m ## @param bucketweb.extraEnvVars Extra environment variables for Thanos Bucket Web container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param bucketweb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Bucket Web nodes ## extraEnvVarsCM: "" ## @param bucketweb.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Bucket Web nodes ## extraEnvVarsSecret: "" ## @param bucketweb.extraFlags Extra Flags to passed to Thanos Bucket Web ## extraFlags: [] ## @param bucketweb.command Override default container command (useful when using custom images) ## command: [] ## @param bucketweb.args Override default container args (useful when using custom images) ## args: [] ## @param bucketweb.replicaCount Number of Thanos Bucket Web replicas to deploy ## replicaCount: 1 ## @param bucketweb.updateStrategy.type Update strategy type for Thanos Bucket Web replicas ## updateStrategy: type: RollingUpdate ## K8s Pod Security Context for Thanos Bucket Web pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucket Web pods ## @param bucketweb.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Bucket Web pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Bucket Web containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param bucketweb.containerSecurityContext.enabled Enable container security context for the Thanos Bucket Web containers ## @param bucketweb.containerSecurityContext.runAsUser User ID for the service user running the Thanos Bucket Web containers ## @param bucketweb.containerSecurityContext.runAsNonRoot Force the Thanos Bucket Web containers to run as a non root user ## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Bucket Web containers ## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Bucket Web containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Bucket Web containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param bucketweb.resources.limits The resources limits for the Thanos Bucket Web container ## @param bucketweb.resources.requests The requested resources for the Thanos Bucket Web container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Bucket Web containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param bucketweb.livenessProbe.enabled Enable livenessProbe on Thanos Bucket Web containers ## @param bucketweb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param bucketweb.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param bucketweb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param bucketweb.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param bucketweb.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param bucketweb.readinessProbe.enabled Enable readinessProbe on Thanos Bucket Web containers ## @param bucketweb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param bucketweb.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param bucketweb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param bucketweb.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param bucketweb.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param bucketweb.startupProbe.enabled Enable startupProbe on Thanos Bucket Web containers ## @param bucketweb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param bucketweb.startupProbe.periodSeconds Period seconds for startupProbe ## @param bucketweb.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param bucketweb.startupProbe.failureThreshold Failure threshold for startupProbe ## @param bucketweb.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param bucketweb.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param bucketweb.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param bucketweb.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param bucketweb.initContainers Add additional init containers to the Thanos Bucket Web pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param bucketweb.sidecars Extra containers running as sidecars to Thanos Bucket Web pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param bucketweb.extraVolumes Extra volumes to add to Bucket Web ## extraVolumes: [] ## @param bucketweb.extraVolumeMounts Extra volume mounts to add to the bucketweb container ## extraVolumeMounts: [] ## @param bucketweb.podAffinityPreset Thanos Bucket Web pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param bucketweb.podAntiAffinityPreset Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Thanos Bucket Web node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param bucketweb.nodeAffinityPreset.type Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param bucketweb.nodeAffinityPreset.key Thanos Bucket Web node label key to match. Ignored if `bucketweb.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param bucketweb.nodeAffinityPreset.values Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param bucketweb.affinity Thanos Bucket Web affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param bucketweb.nodeSelector Thanos Bucket Web node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param bucketweb.tolerations Thanos Bucket Web tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param bucketweb.podLabels Thanos Bucket Web pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param bucketweb.podAnnotations Annotations for Thanos Bucket Web pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param bucketweb.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param bucketweb.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param bucketweb.lifecycleHooks for the Thanos Bucket Web container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param bucketweb.priorityClassName Thanos Bucket Web priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param bucketweb.schedulerName Name of the k8s scheduler (other than default) for Thanos Bucket Web pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param bucketweb.topologySpreadConstraints Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## Service parameters ## service: ## @param bucketweb.service.type Kubernetes service type ## type: ClusterIP ## @param bucketweb.service.ports.http Thanos Bucket Web service HTTP port ## ports: http: 8080 ## @param bucketweb.service.nodePorts.http Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" ## @param bucketweb.service.clusterIP Thanos Bucket Web service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param bucketweb.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param bucketweb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param bucketweb.service.externalTrafficPolicy Thanos Bucket Web service externalTrafficPolicy ## externalTrafficPolicy: Cluster ## @param bucketweb.service.annotations Annotations for Thanos Bucket Web service ## annotations: {} ## @param bucketweb.service.extraPorts Extra ports to expose in the Thanos Bucket Web service ## extraPorts: [] ## @param bucketweb.service.labelSelectorsOverride Selector for Thanos Query service ## labelSelectorsOverride: {} ## @param bucketweb.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param bucketweb.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param bucketweb.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account ## @param bucketweb.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED bucketweb.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## Thanos Bucket Web Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param bucketweb.autoscaling.enabled Enable autoscaling for Thanos Bucket Web ## @param bucketweb.autoscaling.minReplicas Minimum number of Thanos Bucket Web replicas ## @param bucketweb.autoscaling.maxReplicas Maximum number of Thanos Bucket Web replicas ## @param bucketweb.autoscaling.targetCPU Target CPU utilization percentage ## @param bucketweb.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Thanos Bucket Web Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param bucketweb.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Bucket Web ## @param bucketweb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param bucketweb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## Configure the ingress resource that allows you to access Thanos Bucketweb ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param bucketweb.ingress.enabled Enable ingress controller resource ## enabled: false ## @param bucketweb.ingress.hostname Default host for the ingress resource ## hostname: thanos-bucketweb.local ## @param bucketweb.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param bucketweb.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param bucketweb.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos-bucketweb.local ## path: / ## pathType: ImplementationSpecific ## extraHosts: [] ## @param bucketweb.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos-bucketweb.local ## secretName: thanos-bucketweb.local-tls ## extraTls: [] ## @param bucketweb.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos-bucketweb.local-tls ## key: ## certificate: ## secrets: [] ## @param bucketweb.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param bucketweb.ingress.tls Enable TLS configuration for the hostname defined at `bucketweb.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.bucketweb.ingress.hostname }}` ## You can: ## - Use the `bucketweb.ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `bucketweb.ingress.selfSigned=true` ## tls: false ## @param bucketweb.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param bucketweb.ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param bucketweb.ingress.path Ingress path ## path: / ## @param bucketweb.ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @section Thanos Compactor parameters compactor: ## @param compactor.enabled Enable/disable Thanos Compactor component ## enabled: false ## @param compactor.logLevel Thanos Compactor log level ## logLevel: info ## @param compactor.logFormat Thanos Compactor log format ## logFormat: logfmt ## Resolution and Retention flags ## @param compactor.retentionResolutionRaw Resolution and Retention flag ## @param compactor.retentionResolution5m Resolution and Retention flag ## @param compactor.retentionResolution1h Resolution and Retention flag ## retentionResolutionRaw: 30d retentionResolution5m: 30d retentionResolution1h: 10y ## @param compactor.consistencyDelay Minimum age of fresh (non-compacted) blocks before they are being processed ## consistencyDelay: 30m ## @param compactor.extraEnvVars Extra environment variables for Thanos Compactor container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Compactor nodes ## extraEnvVarsCM: "" ## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Compactor nodes ## extraEnvVarsSecret: "" ## @param compactor.extraFlags Extra Flags to passed to Thanos Compactor ## extraFlags: [] ## @param compactor.command Override default container command (useful when using custom images) ## command: [] ## @param compactor.args Override default container args (useful when using custom images) ## args: [] ## K8s CronJob configuration ## ref: https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/ ## @param compactor.cronJob.enabled Run compactor as a CronJob rather than a Deployment ## @param compactor.cronJob.schedule The schedule in Cron format, see ## @param compactor.cronJob.timeZone The time zone name for the given schedule, see ## @param compactor.cronJob.concurrencyPolicy Specifies how to treat concurrent executions of a Job ## @param compactor.cronJob.startingDeadlineSeconds Optional deadline in seconds for starting the job if it misses scheduled time for any reason ## @param compactor.cronJob.suspend This flag tells the controller to suspend subsequent executions ## @param compactor.cronJob.successfulJobsHistoryLimit The number of successful finished jobs to retain ## @param compactor.cronJob.failedJobsHistoryLimit The number of failed finished jobs to retain ## @param compactor.cronJob.backoffLimit Specifies the number of retries before marking this job failed ## cronJob: enabled: false schedule: "0 */6 * * *" timeZone: "" startingDeadlineSeconds: "" concurrencyPolicy: Forbid suspend: "" successfulJobsHistoryLimit: "" failedJobsHistoryLimit: "" backoffLimit: "" ## @param compactor.restartPolicy Compactor container restart policy. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy ## restartPolicy: "" ## @param compactor.updateStrategy.type Update strategy type for Thanos Compactor replicas ## updateStrategy: type: Recreate ## K8s Pod Security Context for Thanos Compactor pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pods ## @param compactor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Compactor pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Compactor containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param compactor.containerSecurityContext.enabled Enable container security context for the Thanos Compactor containers ## @param compactor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Compactor containers ## @param compactor.containerSecurityContext.runAsNonRoot Force the Thanos Compactor containers to run as a non root user ## @param compactor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Compactor containers ## @param compactor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Compactor containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Compactor containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param compactor.resources.limits The resources limits for the Thanos Compactor container ## @param compactor.resources.requests The requested resources for the Thanos Compactor container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Compactor containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param compactor.livenessProbe.enabled Enable livenessProbe on Thanos Compactor containers ## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param compactor.readinessProbe.enabled Enable readinessProbe on Thanos Compactor containers ## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param compactor.startupProbe.enabled Enable startupProbe on Thanos Compactor containers ## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe ## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe ## @param compactor.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param compactor.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param compactor.initContainers Add additional init containers to the Thanos Compactor pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param compactor.sidecars Extra containers running as sidecars to Thanos Compactor pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param compactor.extraVolumes Extra volumes to add to Thanos Compactor ## extraVolumes: [] ## @param compactor.extraVolumeMounts Extra volume mounts to add to the compactor container ## extraVolumeMounts: [] ## @param compactor.podAffinityPreset Thanos Compactor pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param compactor.podAntiAffinityPreset Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Thanos Compactor node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param compactor.nodeAffinityPreset.type Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param compactor.nodeAffinityPreset.key Thanos Compactor node label key to match. Ignored if `compactor.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param compactor.nodeAffinityPreset.values Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param compactor.affinity Thanos Compactor affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param compactor.nodeSelector Thanos Compactor node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param compactor.tolerations Thanos Compactor tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param compactor.podLabels Thanos Compactor pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param compactor.podAnnotations Annotations for Thanos Compactor pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param compactor.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param compactor.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param compactor.lifecycleHooks for the Thanos Compactor container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param compactor.priorityClassName Thanos Compactor priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param compactor.schedulerName Name of the k8s scheduler (other than default) for Thanos Compactor pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param compactor.topologySpreadConstraints Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## Service parameters ## service: ## @param compactor.service.type Kubernetes service type ## type: ClusterIP ## @param compactor.service.ports.http Thanos Compactor service HTTP port ## ports: http: 9090 ## @param compactor.service.nodePorts.http Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" ## @param compactor.service.clusterIP Thanos Compactor service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param compactor.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## Set the LoadBalancer service type to internal only ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param compactor.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param compactor.service.externalTrafficPolicy Thanos Compactor service externalTrafficPolicy ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## externalTrafficPolicy: Cluster ## @param compactor.service.annotations Annotations for Thanos Compactor service ## annotations: {} ## @param compactor.service.extraPorts Extra ports to expose in the Thanos Compactor service ## extraPorts: [] ## @param compactor.service.labelSelectorsOverride Selector for Thanos Query service ## labelSelectorsOverride: {} ## @param compactor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param compactor.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param compactor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account ## @param compactor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED compactor.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## Configure the ingress resource that allows you to access Thanos Query Frontend ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param compactor.ingress.enabled Enable ingress controller resource ## enabled: false ## @param compactor.ingress.hostname Default host for the ingress resource ## hostname: thanos-compactor.local ## @param compactor.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param compactor.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param compactor.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos.local ## path: / ## pathType: ImplementationSpecific ## extraHosts: [] ## @param compactor.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos.local ## secretName: thanos.local-tls ## extraTls: [] ## @param compactor.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos.local-tls ## key: ## certificate: ## secrets: [] ## @param compactor.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param compactor.ingress.tls Enable TLS configuration for the hostname defined at `compactor.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.compactor.ingress.hostname }}` ## You can: ## - Use the `compactor.ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `compactor.ingress.selfSigned=true` ## tls: false ## @param compactor.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param compactor.ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param compactor.ingress.path Ingress path ## path: / ## @param compactor.ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## Persistence parameters ## persistence: ## @param compactor.persistence.enabled Enable data persistence using PVC(s) on Thanos Compactor pods ## enabled: true ## @param compactor.persistence.storageClass Specify the `storageClass` used to provision the volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## storageClass: "" ## @param compactor.persistence.accessModes PVC Access Modes for data volume ## accessModes: - ReadWriteOnce ## @param compactor.persistence.size PVC Storage Request for data volume ## size: 8Gi ## @param compactor.persistence.annotations Annotations for the PVC ## annotations: {} ## @param compactor.persistence.existingClaim Name of an existing PVC to use ## If defined, PVC must be created manually before volume will be bound ## existingClaim: "" ## @section Thanos Store Gateway parameters storegateway: ## @param storegateway.enabled Enable/disable Thanos Store Gateway component ## enabled: false ## @param storegateway.logLevel Thanos Store Gateway log level ## logLevel: info ## @param storegateway.logFormat Thanos Store Gateway log format ## logFormat: logfmt ## @param storegateway.config Thanos Store Gateway configuration ## Specify content for config.yml ## config: "" ## @param storegateway.existingConfigmap Name of existing ConfigMap with Thanos Store Gateway configuration ## NOTE: This will override storegateway.config ## existingConfigmap: "" ## Thanos Store Gateway GRPC parameters ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/store.md#flags ## grpc: ## GRPC server side ## server: ## TLS configuration ## @param storegateway.grpc.server.tls.enabled Enable TLS encryption in the GRPC server ## @param storegateway.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates ## @param storegateway.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided ## @param storegateway.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided ## @param storegateway.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided ## @param storegateway.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates ## e.g: ## existingSecret: ## name: foo ## keyMapping: ## ca-cert: ca.pem ## tls-cert: cert.pem ## tls-key: key.pem ## tls: enabled: false autoGenerated: false cert: "" key: "" ca: "" existingSecret: {} ## @param storegateway.extraEnvVars Extra environment variables for Thanos Store Gateway container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param storegateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Store Gateway nodes ## extraEnvVarsCM: "" ## @param storegateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Store Gateway nodes ## extraEnvVarsSecret: "" ## @param storegateway.extraFlags Extra Flags to passed to Thanos Store Gateway ## extraFlags: [] ## @param storegateway.command Override default container command (useful when using custom images) ## command: [] ## @param storegateway.args Override default container args (useful when using custom images) ## args: [] ## @param storegateway.replicaCount Number of Thanos Store Gateway replicas to deploy ## replicaCount: 1 ## @param storegateway.updateStrategy.type Update strategy type for Thanos Store Gateway replicas ## updateStrategy: type: RollingUpdate ## @param storegateway.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: OrderedReady ## K8s Pod Security Context for Thanos Store Gateway pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Store Gateway pods ## @param storegateway.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Store Gateway pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Store Gateway containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param storegateway.containerSecurityContext.enabled Enable container security context for the Thanos Store Gateway containers ## @param storegateway.containerSecurityContext.runAsUser User ID for the service user running the Thanos Store Gateway containers ## @param storegateway.containerSecurityContext.runAsNonRoot Force the Thanos Store Gateway containers to run as a non root user ## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Store Gateway containers ## @param storegateway.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Store Gateway containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Store Gateway containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param storegateway.resources.limits The resources limits for the Thanos Store Gateway container ## @param storegateway.resources.requests The requested resources for the Thanos Store Gateway container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Store Gateway containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param storegateway.livenessProbe.enabled Enable livenessProbe on Thanos Store Gateway containers ## @param storegateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param storegateway.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param storegateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param storegateway.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param storegateway.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param storegateway.readinessProbe.enabled Enable readinessProbe on Thanos Store Gateway containers ## @param storegateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param storegateway.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param storegateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param storegateway.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param storegateway.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param storegateway.startupProbe.enabled Enable startupProbe on Thanos Store Gateway containers ## @param storegateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param storegateway.startupProbe.periodSeconds Period seconds for startupProbe ## @param storegateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param storegateway.startupProbe.failureThreshold Failure threshold for startupProbe ## @param storegateway.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param storegateway.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param storegateway.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param storegateway.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param storegateway.initContainers Add additional init containers to the Thanos Store Gateway pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param storegateway.sidecars Extra containers running as sidecars to Thanos Store Gateway pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param storegateway.extraVolumes Extra volumes to add to Thanos Store Gateway ## extraVolumes: [] ## @param storegateway.extraVolumeMounts Extra volume mounts to add to the storegateway container ## extraVolumeMounts: [] ## @param storegateway.podAffinityPreset Thanos Store Gateway pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param storegateway.podAntiAffinityPreset Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Thanos Store Gateway node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param storegateway.nodeAffinityPreset.type Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param storegateway.nodeAffinityPreset.key Thanos Store Gateway node label key to match. Ignored if `storegateway.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param storegateway.nodeAffinityPreset.values Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param storegateway.affinity Thanos Store Gateway affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param storegateway.nodeSelector Thanos Store Gateway node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param storegateway.tolerations Thanos Store Gateway tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param storegateway.podLabels Thanos Store Gateway pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param storegateway.podAnnotations Annotations for Thanos Store Gateway pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param storegateway.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param storegateway.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param storegateway.lifecycleHooks for the Thanos Store Gateway container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param storegateway.priorityClassName Thanos Store Gateway priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param storegateway.topologySpreadConstraints Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param storegateway.schedulerName Name of the k8s scheduler (other than default) for Thanos Store Gateway pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## Service parameters ## service: ## @param storegateway.service.type Kubernetes service type ## type: ClusterIP ## @param storegateway.service.ports.http Thanos Store Gateway service HTTP port ## @param storegateway.service.ports.grpc Thanos Store Gateway service GRPC port ## ports: http: 9090 grpc: 10901 ## @param storegateway.service.nodePorts.http Specify the Thanos Store Gateway HTTP nodePort value for the LoadBalancer and NodePort service types ## @param storegateway.service.nodePorts.grpc Specify the Thanos Store Gateway GRPC nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" grpc: "" ## @param storegateway.service.clusterIP Thanos Store Gateway service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param storegateway.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## Set the LoadBalancer service type to internal only ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param storegateway.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param storegateway.service.externalTrafficPolicy Thanos Store Gateway service externalTrafficPolicy ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## externalTrafficPolicy: Cluster ## @param storegateway.service.annotations Annotations for Thanos Store Gateway service ## annotations: {} ## @param storegateway.service.extraPorts Extra ports to expose in the Thanos Store Gateway service ## extraPorts: [] ## @param storegateway.service.labelSelectorsOverride Selector for Thanos Query service ## labelSelectorsOverride: {} ## @param storegateway.service.additionalHeadless Additional Headless service ## additionalHeadless: false ## Headless service properties ## headless: ## @param storegateway.service.headless.annotations Annotations for the headless service. ## annotations: {} ## Persistence parameters ## persistence: ## @param storegateway.persistence.enabled Enable data persistence using PVC(s) on Thanos Store Gateway pods ## enabled: true ## @param storegateway.persistence.storageClass Specify the `storageClass` used to provision the volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## storageClass: "" ## @param storegateway.persistence.accessModes PVC Access Modes for data volume ## accessModes: - ReadWriteOnce ## @param storegateway.persistence.size PVC Storage Request for data volume ## size: 8Gi ## @param storegateway.persistence.labels Labels for the PVC ## labels: {} ## @param storegateway.persistence.annotations Annotations for the PVC ## annotations: {} ## @param storegateway.persistence.existingClaim Name of an existing PVC to use ## If defined, PVC must be created manually before volume will be bound ## existingClaim: "" ## @param storegateway.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param storegateway.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param storegateway.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account ## @param storegateway.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED storegateway.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## Thanos Store Gateway Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway ## @param storegateway.autoscaling.minReplicas Minimum number of Thanos Store Gateway replicas ## @param storegateway.autoscaling.maxReplicas Maximum number of Thanos Store Gateway replicas ## @param storegateway.autoscaling.targetCPU Target CPU utilization percentage ## @param storegateway.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Thanos Store Gateway Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param storegateway.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Store Gateway ## @param storegateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param storegateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## Configure the ingress resource that allows you to access Thanos Query Frontend ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param storegateway.ingress.enabled Enable ingress controller resource ## enabled: false ## @param storegateway.ingress.hostname Default host for the ingress resource ## hostname: thanos-storegateway.local ## @param storegateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param storegateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param storegateway.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos.local ## path: / ## pathType: ImplementationSpecific ## extraHosts: [] ## @param storegateway.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos.local ## secretName: thanos.local-tls ## extraTls: [] ## @param storegateway.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos.local-tls ## key: ## certificate: ## secrets: [] ## @param storegateway.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param storegateway.ingress.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.hostname }}` ## You can: ## - Use the `storegateway.ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.selfSigned=true` ## tls: false ## @param storegateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param storegateway.ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param storegateway.ingress.path Ingress path ## path: / ## @param storegateway.ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## Create an ingress object for the GRPC service. This requires an HTTP/2 ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations ## - ingress.kubernetes.io/protocol: h2c ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ ## and also the documentation for your ingress controller. ## ## The options that are accepted are identical to the HTTP one listed above ## grpc: ## @param storegateway.ingress.grpc.enabled Enable ingress controller resource (GRPC) ## enabled: false ## @param storegateway.ingress.grpc.hostname Default host for the ingress resource (GRPC) ## hostname: thanos-grpc.local ## @param storegateway.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param storegateway.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## Examples: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param storegateway.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos-grpc.local ## path: / ## extraHosts: [] ## @param storegateway.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos-grpc.local ## secretName: thanos-grpc.local-tls ## extraTls: [] ## @param storegateway.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos-grpc.local-tls ## key: ## certificate: ## secrets: [] ## @param storegateway.ingress.grpc.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param storegateway.ingress.grpc.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.grpc.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.grpc.hostname }}` ## You can: ## - Use the `storegateway.ingress.grpc.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.grpc.selfSigned=true` ## tls: false ## @param storegateway.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param storegateway.ingress.grpc.apiVersion Override API Version (automatically detected if not set) ## apiVersion: "" ## @param storegateway.ingress.grpc.path Ingress Path ## path: / ## @param storegateway.ingress.grpc.pathType Ingress Path type ## pathType: ImplementationSpecific ## Sharded parameters ## @param storegateway.sharded.enabled Enable sharding for Thanos Store Gateway ## @param storegateway.sharded.hashPartitioning.shards Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks ## @param storegateway.sharded.timePartitioning [array] Setting time timePartitioning will create multiple store deployments based on the number of partitions ## @param storegateway.sharded.service.clusterIPs Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards ## e.g: ## clusterIPs: ## - X.X.X.X ## - Y.Y.Y.Y ## @param storegateway.sharded.service.loadBalancerIPs Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards ## e.g: ## loadBalancerIPs: ## - X.X.X.X ## - Y.Y.Y.Y ## @param storegateway.sharded.service.http.nodePorts Array of http node ports used for Store Gateway service. Length must be the same as the number of shards ## e.g: ## nodePorts: ## - 30001 ## - 30002 ## @param storegateway.sharded.service.grpc.nodePorts Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards ## e.g: ## nodePorts: ## - 30011 ## - 30012 ## sharded: enabled: false hashPartitioning: shards: "" timePartitioning: - min: "" max: "" service: clusterIPs: [] loadBalancerIPs: [] http: nodePorts: [] grpc: nodePorts: [] ## @section Thanos Ruler parameters ruler: ## @param ruler.enabled Enable/disable Thanos Ruler component ## enabled: false ## @param ruler.logLevel Thanos Ruler log level ## logLevel: info ## @param ruler.logFormat Thanos Ruler log format ## logFormat: logfmt ## @param ruler.replicaLabel Label to treat as a replica indicator along which data is de-duplicated ## replicaLabel: replica ## @param ruler.dnsDiscovery.enabled Dynamically configure Query APIs using DNS discovery ## dnsDiscovery: enabled: true ## @param ruler.alertmanagers Alert managers URLs array ## NOTE: This is only used when ruler.alertmanagersConfig is not set ## alertmanagers: [] ## @param ruler.alertmanagersConfig Alert managers configuration ## NOTE: This is only used when ruler.alertmanagers is not set ## ref: https://thanos.io/tip/components/rule.md/#alertmanager ## e.g: ## alertmanagersConfig: ## alertmanagers: ## - http_config: ## basic_auth: ## username: some_user ## password: some_pass ## static_configs: ## - alertmanager.thanos.io ## scheme: http ## timeout: 10s ## api_version: v2 ## alertmanagersConfig: "" ## @param ruler.evalInterval The default evaluation interval to use ## evalInterval: 1m ## @param ruler.clusterName Used to set the 'ruler_cluster' label ## clusterName: "" ## @param ruler.config Ruler configuration ## Specify content for ruler.yml ## config: "" ## @param ruler.existingConfigmap Name of existing ConfigMap with Ruler configuration ## NOTE: This will override ruler.config ## existingConfigmap: "" ## @param ruler.extraEnvVars Extra environment variables for Thanos Ruler container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Ruler nodes ## extraEnvVarsCM: "" ## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Ruler nodes ## extraEnvVarsSecret: "" ## @param ruler.extraFlags Extra Flags to passed to Thanos Ruler ## extraFlags: [] ## @param ruler.command Override default container command (useful when using custom images) ## command: [] ## @param ruler.args Override default container args (useful when using custom images) ## args: [] ## @param ruler.replicaCount Number of Thanos Ruler replicas to deploy ## replicaCount: 1 ## @param ruler.updateStrategy.type Update strategy type for Thanos Ruler replicas ## updateStrategy: type: RollingUpdate ## @param ruler.podManagementPolicy Statefulset Pod Management Policy Type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: OrderedReady ## K8s Pod Security Context for Thanos Ruler pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pods ## @param ruler.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Ruler pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Ruler containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param ruler.containerSecurityContext.enabled Enable container security context for the Thanos Ruler containers ## @param ruler.containerSecurityContext.runAsUser User ID for the service user running the Thanos Ruler containers ## @param ruler.containerSecurityContext.runAsNonRoot Force the Thanos Ruler containers to run as a non root user ## @param ruler.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Ruler containers ## @param ruler.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Ruler containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Ruler containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param ruler.resources.limits The resources limits for the Thanos Ruler container ## @param ruler.resources.requests The requested resources for the Thanos Ruler container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Ruler containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param ruler.livenessProbe.enabled Enable livenessProbe on Thanos Ruler containers ## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param ruler.readinessProbe.enabled Enable readinessProbe on Thanos Ruler containers ## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param ruler.startupProbe.enabled Enable startupProbe on Thanos Ruler containers ## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe ## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe ## @param ruler.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param ruler.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param ruler.initContainers Add additional init containers to the Thanos Ruler pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param ruler.sidecars Extra containers running as sidecars to Thanos Ruler pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param ruler.extraVolumes Extra volumes to add to Thanos Ruler ## extraVolumes: [] ## @param ruler.extraVolumeMounts Extra volume mounts to add to the ruler container ## extraVolumeMounts: [] ## @param ruler.podAffinityPreset Thanos Ruler pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param ruler.podAntiAffinityPreset Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Thanos Ruler node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param ruler.nodeAffinityPreset.type Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param ruler.nodeAffinityPreset.key Thanos Ruler node label key to match. Ignored if `ruler.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param ruler.nodeAffinityPreset.values Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param ruler.affinity Thanos Ruler affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param ruler.nodeSelector Thanos Ruler node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param ruler.tolerations Thanos Ruler tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param ruler.podLabels Thanos Ruler pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param ruler.podAnnotations Annotations for Thanos Ruler pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param ruler.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param ruler.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param ruler.lifecycleHooks for the Thanos Ruler container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param ruler.priorityClassName Thanos Ruler priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param ruler.schedulerName Name of the k8s scheduler (other than default) for Thanos Ruler pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param ruler.topologySpreadConstraints Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## Service parameters ## service: ## @param ruler.service.type Kubernetes service type ## type: ClusterIP ## @param ruler.service.ports.http Thanos Ruler service HTTP port ## @param ruler.service.ports.grpc Thanos Ruler service GRPC port ## ports: http: 9090 grpc: 10901 ## @param ruler.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types ## @param ruler.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" grpc: "" ## @param ruler.service.clusterIP Thanos Ruler service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param ruler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## Set the LoadBalancer service type to internal only ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param ruler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param ruler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## externalTrafficPolicy: Cluster ## @param ruler.service.annotations Annotations for Thanos Ruler service ## annotations: {} ## @param ruler.service.extraPorts Extra ports to expose in the Thanos Ruler service ## extraPorts: [] ## @param ruler.service.labelSelectorsOverride Selector for Thanos Query service ## labelSelectorsOverride: {} ## @param ruler.service.additionalHeadless Additional Headless service ## additionalHeadless: false ## Headless service properties ## headless: ## @param ruler.service.headless.annotations Annotations for the headless service. ## annotations: {} ## Persistence parameters ## persistence: ## @param ruler.persistence.enabled Enable data persistence using PVC(s) on Thanos Ruler pods ## enabled: true ## @param ruler.persistence.storageClass Specify the `storageClass` used to provision the volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## storageClass: "" ## @param ruler.persistence.accessModes PVC Access Modes for data volume ## accessModes: - ReadWriteOnce ## @param ruler.persistence.size PVC Storage Request for data volume ## size: 8Gi ## @param ruler.persistence.annotations Annotations for the PVC ## annotations: {} ## @param ruler.persistence.existingClaim Name of an existing PVC to use ## If defined, PVC must be created manually before volume will be bound ## existingClaim: "" ## @param ruler.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param ruler.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param ruler.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account ## @param ruler.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED ruler.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## Thanos Ruler Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param ruler.autoscaling.enabled Enable autoscaling for Thanos Ruler ## @param ruler.autoscaling.minReplicas Minimum number of Thanos Ruler replicas ## @param ruler.autoscaling.maxReplicas Maximum number of Thanos Ruler replicas ## @param ruler.autoscaling.targetCPU Target CPU utilization percentage ## @param ruler.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Thanos Ruler Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Ruler ## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## Configure the ingress resource that allows you to access Thanos Ruler ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param ruler.ingress.enabled Enable ingress controller resource ## enabled: false ## @param ruler.ingress.hostname Default host for the ingress resource ## hostname: thanos-ruler.local ## @param ruler.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param ruler.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param ruler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos.local ## path: / ## pathType: ImplementationSpecific ## extraHosts: [] ## @param ruler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos.local ## secretName: thanos.local-tls ## extraTls: [] ## @param ruler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos.local-tls ## key: ## certificate: ## secrets: [] ## @param ruler.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param ruler.ingress.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param ruler.ingress.path Ingress path ## path: / ## @param ruler.ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @section Thanos Receive parameters receive: ## @param receive.enabled Enable/disable Thanos Receive component ## enabled: false ## @param receive.mode Mode to run receiver in. Valid options are "standalone" or "dual-mode" ## ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md ## Enables running the Thanos Receiver in dual mode. Setting this to "dual-mode" will create a deployment for ## the stateless thanos distributor. mode: standalone ## @param receive.logLevel Thanos Receive log level ## logLevel: info ## @param receive.logFormat Thanos Receive log format ## logFormat: logfmt ## @param receive.tsdbRetention Thanos Receive TSDB retention period ## tsdbRetention: 15d ## @param receive.replicationFactor Thanos Receive replication-factor ## replicationFactor: 1 ## @param receive.config Receive Hashring configuration ## Note: json formatted string and yaml allowed. ## e.g: ## config: ## - endpoints: ## - "127.0.0.1:10901" ## config: [] ## @param receive.existingConfigmap Name of existing ConfigMap with Thanos Receive Hashring configuration ## NOTE: This will override receive.config ## existingConfigmap: "" ## @param receive.replicaLabel Label to treat as a replica indicator along which data is de-duplicated ## replicaLabel: replica ## Thanos Receive parameters ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags ## grpc: ## GRPC server side ## server: ## TLS configuration ## @param receive.grpc.server.tls.enabled Enable TLS encryption in the GRPC server ## @param receive.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates ## @param receive.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided ## @param receive.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided ## @param receive.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided ## @param receive.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates ## e.g: ## existingSecret: ## name: foo ## keyMapping: ## ca-cert: ca.pem ## tls-cert: cert.pem ## tls-key: key.pem ## tls: enabled: false autoGenerated: false cert: "" key: "" ca: "" existingSecret: {} ## @param receive.extraEnvVars Extra environment variables for Thanos Receive container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param receive.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive nodes ## extraEnvVarsCM: "" ## @param receive.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive nodes ## extraEnvVarsSecret: "" ## @param receive.extraFlags Extra Flags to passed to Thanos Receive ## extraFlags: [] ## @param receive.command Override default container command (useful when using custom images) ## command: [] ## @param receive.args Override default container args (useful when using custom images) ## args: [] ## @param receive.replicaCount Number of Thanos Receive replicas to deploy ## replicaCount: 1 ## @param receive.updateStrategy.type Update strategy type for Thanos Receive replicas ## updateStrategy: type: RollingUpdate ## @param receive.podManagementPolicy ## @param receive.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: OrderedReady ## K8s Pod Security Context for Thanos Receive pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pods ## @param receive.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Receive containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param receive.containerSecurityContext.enabled Enable container security context for the Thanos Receive containers ## @param receive.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive containers ## @param receive.containerSecurityContext.runAsNonRoot Force the Thanos Receive containers to run as a non root user ## @param receive.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive containers ## @param receive.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Receive containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param receive.resources.limits The resources limits for the Thanos Receive container ## @param receive.resources.requests The requested resources for the Thanos Receive container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Receive containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param receive.livenessProbe.enabled Enable livenessProbe on Thanos Receive containers ## @param receive.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param receive.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param receive.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param receive.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param receive.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param receive.readinessProbe.enabled Enable readinessProbe on Thanos Receive containers ## @param receive.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param receive.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param receive.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param receive.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param receive.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param receive.startupProbe.enabled Enable startupProbe on Thanos Receive containers ## @param receive.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param receive.startupProbe.periodSeconds Period seconds for startupProbe ## @param receive.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param receive.startupProbe.failureThreshold Failure threshold for startupProbe ## @param receive.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param receive.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param receive.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param receive.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param receive.initContainers Add additional init containers to the Thanos Receive pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param receive.sidecars Extra containers running as sidecars to Thanos Receive pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param receive.extraVolumes Extra volumes to add to Thanos Receive ## extraVolumes: [] ## @param receive.extraVolumeMounts Extra volume mounts to add to the receive container ## extraVolumeMounts: [] ## @param receive.podAffinityPreset Thanos Receive pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: "" ## @param receive.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Thanos Receive node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param receive.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receive.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param receive.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receive.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param receive.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receive.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param receive.affinity Thanos Receive affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param receive.nodeSelector Thanos Receive node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param receive.tolerations Thanos Receive tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param receive.podLabels Thanos Receive pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param receive.podAnnotations Annotations for Thanos Receive pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param receive.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param receive.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param receive.lifecycleHooks for the Thanos Receive container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param receive.priorityClassName Thanos Receive priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param receive.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param receive.topologySpreadConstraints Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## Service parameters ## service: ## @param receive.service.type Kubernetes service type ## type: ClusterIP ## @param receive.service.ports.http Thanos Ruler service HTTP port ## @param receive.service.ports.grpc Thanos Ruler service GRPC port ## @param receive.service.ports.remote Thanos Ruler service remote port ## ports: http: 10902 grpc: 10901 remote: 19291 ## @param receive.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types ## @param receive.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types ## @param receive.service.nodePorts.remote Specify the Thanos Ruler remote nodePort value for the LoadBalancer and NodePort service types ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: http: "" grpc: "" remote: "" ## @param receive.service.clusterIP Thanos Ruler service clusterIP IP ## e.g: ## clusterIP: None ## clusterIP: "" ## @param receive.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## loadBalancerIP: "" ## @param receive.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param receive.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints ## externalTrafficPolicy: Cluster ## @param receive.service.annotations Annotations for Thanos Receive service ## annotations: {} ## @param receive.service.extraPorts Extra ports to expose in the Thanos Receive service ## extraPorts: [] ## @param receive.service.labelSelectorsOverride Selector for Thanos receive service ## labelSelectorsOverride: {} ## @param receive.service.additionalHeadless Additional Headless service ## additionalHeadless: false ## Headless service properties ## headless: ## @param receive.service.headless.annotations Annotations for the headless service. ## annotations: {} ## @param receive.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param receive.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param receive.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account ## @param receive.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## Thanos Receive Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive ## @param receive.autoscaling.minReplicas Minimum number of Thanos Receive replicas ## @param receive.autoscaling.maxReplicas Maximum number of Thanos Receive replicas ## @param receive.autoscaling.targetCPU Target CPU utilization percentage ## @param receive.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Thanos Receive Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param receive.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive ## @param receive.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param receive.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## Persistence parameters ## persistence: ## @param receive.persistence.enabled Enable data persistence using PVC(s) on Thanos Receive pods ## enabled: true ## @param receive.persistence.storageClass Specify the `storageClass` used to provision the volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## storageClass: "" ## @param receive.persistence.accessModes PVC Access Modes for data volume ## accessModes: - ReadWriteOnce ## @param receive.persistence.size PVC Storage Request for data volume ## size: 8Gi ## @param receive.persistence.annotations Annotations for the PVC ## annotations: {} ## @param receive.persistence.existingClaim Name of an existing PVC to use ## If defined, PVC must be created manually before volume will be bound ## existingClaim: "" ## Configure the ingress resource that allows you to access Thanos Receive ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## @param receive.ingress.enabled Set to true to enable ingress record generation ## enabled: false ## @param receive.ingress.hostname When the ingress is enabled, a host pointing to this will be created ## hostname: thanos-receive.local ## @param receive.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param receive.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param receive.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array ## extraHosts: ## - name: thanos.local ## path: / ## pathType: ImplementationSpecific ## extraHosts: [] ## @param receive.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## extraTls: ## - hosts: ## - thanos.local ## secretName: thanos.local-tls ## extraTls: [] ## @param receive.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets ## key and certificate should start with -----BEGIN CERTIFICATE----- or ## -----BEGIN RSA PRIVATE KEY----- ## ## name should line up with a tlsSecret set further up ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set ## ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## - name: thanos.local-tls ## key: ## certificate: ## secrets: [] ## @param receive.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @param receive.ingress.tls Enable TLS configuration for the hostname defined at `receive.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.receive.ingress.hostname }}` ## You can: ## - Use the `receive.ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `receive.ingress.selfSigned=true` ## tls: false ## @param receive.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param receive.ingress.apiVersion Override API Version (automatically detected if not set) ## apiVersion: "" ## @param receive.ingress.path Ingress Path ## path: / ## @param receive.ingress.pathType Ingress Path type ## pathType: ImplementationSpecific ## @section Thanos Receive Distributor parameters receiveDistributor: ## @param receiveDistributor.enabled Enable/disable Thanos Receive Distributor component ## enabled: false ## @param receiveDistributor.logLevel Thanos Receive Distributor log level ## logLevel: info ## @param receiveDistributor.logFormat Thanos Receive Distributor log format ## logFormat: logfmt ## @param receiveDistributor.replicaLabel Label to treat as a replica indicator along which data is de-duplicated ## replicaLabel: replica ## @param receiveDistributor.replicationFactor Thanos Receive Distributor replication-factor ## replicationFactor: 1 ## @param receiveDistributor.extraEnvVars Extra environment variables for Thanos Receive Distributor container ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param receiveDistributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes ## extraEnvVarsCM: "" ## @param receiveDistributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes ## extraEnvVarsSecret: "" ## @param receiveDistributor.extraFlags Extra Flags to passed to Thanos Receive Distributor ## extraFlags: [] ## @param receiveDistributor.command Override default container command (useful when using custom images) ## command: [] ## @param receiveDistributor.args Override default container args (useful when using custom images) ## args: [] ## @param receiveDistributor.replicaCount Number of Thanos Receive Distributor replicas to deploy ## replicaCount: 1 ## @param receiveDistributor.updateStrategy.type Update strategy type for Thanos Receive Distributor replicas ## updateStrategy: type: RollingUpdate ## K8s Pod Security Context for Thanos Receive Distributor pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param receiveDistributor.podSecurityContext.enabled Enable security context for the Thanos Receive Distributor pods ## @param receiveDistributor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive Distributor pods ## podSecurityContext: enabled: true fsGroup: 1001 ## K8s containers' Security Context for Thanos Receive Distributor containers ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param receiveDistributor.containerSecurityContext.enabled Enable container security context for the Thanos Receive Distributor containers ## @param receiveDistributor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive Distributor containers ## @param receiveDistributor.containerSecurityContext.runAsNonRoot Force the Thanos Receive Distributor containers to run as a non root user ## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive Distributor containers ## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive Distributor containers ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true ## Thanos Receive Distributor containers' resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param receiveDistributor.resources.limits The resources limits for the Thanos Receive container ## @param receiveDistributor.resources.requests The requested resources for the Thanos Receive container ## resources: limits: {} requests: {} ## Configure extra options for Thanos Receive Distributor containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param receiveDistributor.livenessProbe.enabled Enable livenessProbe on Thanos Receive Distributor containers ## @param receiveDistributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param receiveDistributor.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param receiveDistributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param receiveDistributor.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param receiveDistributor.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param receiveDistributor.readinessProbe.enabled Enable readinessProbe on Thanos Receive Distributor containers ## @param receiveDistributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param receiveDistributor.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param receiveDistributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param receiveDistributor.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param receiveDistributor.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 30 timeoutSeconds: 30 periodSeconds: 10 successThreshold: 1 failureThreshold: 6 ## @param receiveDistributor.startupProbe.enabled Enable startupProbe on Thanos Receive Distributor containers ## @param receiveDistributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param receiveDistributor.startupProbe.periodSeconds Period seconds for startupProbe ## @param receiveDistributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param receiveDistributor.startupProbe.failureThreshold Failure threshold for startupProbe ## @param receiveDistributor.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param receiveDistributor.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param receiveDistributor.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param receiveDistributor.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## @param receiveDistributor.initContainers Add additional init containers to the Thanos Receive Distributor pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @param receiveDistributor.sidecars Extra containers running as sidecars to Thanos Receive Distributor pods ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param receiveDistributor.extraVolumes Extra volumes to add to Thanos Receive Distributor ## extraVolumes: [] ## @param receiveDistributor.extraVolumeMounts Extra volume mounts to add to the receive distributor container ## extraVolumeMounts: [] ## @param receiveDistributor.podAffinityPreset Thanos Receive pod affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## Allowed values: soft, hard ## podAffinityPreset: "" ## @param receiveDistributor.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Thanos Receive node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param receiveDistributor.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param receiveDistributor.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set. ## e.g: ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param receiveDistributor.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set. ## e.g: ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param receiveDistributor.affinity Thanos Receive Distributor affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: receiveDistributor.podAffinityPreset, receiveDistributor.podAntiAffinityPreset, and receiveDistributor.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param receiveDistributor.nodeSelector Thanos Receive Distributor node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param receiveDistributor.tolerations Thanos Receive Distributor tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param receiveDistributor.podLabels Thanos Receive Distributor pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param receiveDistributor.podAnnotations Annotations for Thanos Receive Distributor pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param receiveDistributor.dnsConfig Deployment pod DNS config ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ ## E.g. ## dnsConfig: ## options: ## - name: ndots ## value: "4" ## - name: single-request-reopen ## dnsConfig: {} ## @param receiveDistributor.hostAliases Deployment pod host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param receiveDistributor.lifecycleHooks for the Thanos Receive Distributor container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param receiveDistributor.priorityClassName Thanos Receive Distributor priorityClassName ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param receiveDistributor.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param receiveDistributor.topologySpreadConstraints Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param receiveDistributor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment ## automountServiceAccountToken: true ## ServiceAccount configuration ## @param receiveDistributor.serviceAccount.create Specifies whether a ServiceAccount should be created ## @param receiveDistributor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param receiveDistributor.serviceAccount.annotations Annotations for Thanos Receive Distributor Service Account ## @param receiveDistributor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token ## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: true ## existingServiceAccount: "" ## Thanos Receive Distributor Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param receiveDistributor.autoscaling.enabled Enable autoscaling for Thanos Receive Distributor ## @param receiveDistributor.autoscaling.minReplicas Minimum number of Thanos Receive Distributor replicas ## @param receiveDistributor.autoscaling.maxReplicas Maximum number of Thanos Receive Distributor replicas ## @param receiveDistributor.autoscaling.targetCPU Target CPU utilization percentage ## @param receiveDistributor.autoscaling.targetMemory Target Memory utilization percentage ## autoscaling: enabled: false minReplicas: "" maxReplicas: "" targetCPU: "" targetMemory: "" ## Thanos Receive Distributor Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param receiveDistributor.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor ## @param receiveDistributor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled ## @param receiveDistributor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false minAvailable: 1 maxUnavailable: "" ## @section Metrics parameters ## Prometheus metrics ## metrics: ## @param metrics.enabled Enable the export of Prometheus metrics ## enabled: false ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Specify if a ServiceMonitor will be deployed for Prometheus Operator ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## namespace: "" ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor ## labels: {} ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus ## jobLabel: "" ## @param metrics.serviceMonitor.interval How frequently to scrape metrics ## e.g: ## interval: 10s ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## e.g: ## scrapeTimeout: 10s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics ## metricRelabelings: [] ## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling ## relabelings: [] ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: {} ## @param metrics.serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor ## (e.g. tlsConfig for further customization of the HTTPS behavior) ## Note that the 'scheme' is automatically set to 'https' when the 'https.enabled' flag is used in this chart. ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint ## extraParameters: {} ## PrometheusRule CRD configuration ## prometheusRule: ## @param metrics.prometheusRule.enabled If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`) ## enabled: false ## Configure prometheus rules ## default: ## @extra metrics.prometheusRule.default.absent_rules Enable absent_rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @extra metrics.prometheusRule.default.compaction Enable compaction rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @extra metrics.prometheusRule.default.query Enable query when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @extra metrics.prometheusRule.default.receive Enable receive rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @extra metrics.prometheusRule.default.replicate Enable replicate rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @extra metrics.prometheusRule.default.ruler Enable ruler rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @extra metrics.prometheusRule.default.sidecar Enable sidecar rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @extra metrics.prometheusRule.default.store_gateway Enable store_gateway rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) ## @param metrics.prometheusRule.default.create would create all default prometheus alerts ## create: false ## @extra metrics.prometheusRule.default.disabled.ThanosCompactIsDown Disable ThanosCompactIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryIsDown Disable ThanosQueryIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveIsDown Disable ThanosReceiveIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleIsDown Disable ThanosRuleIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarIsDown Disable ThanosSidecarIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true ## @extra metrics.prometheusRule.default.disabled.ThanosStoreIsDown Disable ThanosStoreIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true ## @extra metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHalted Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true ## @extra metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh Disable ThanosQueryHttpRequestQueryErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh Disable ThanosQueryHttpRequestQueryRangeErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate Disable ThanosQueryGrpcServerErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate Disable ThanosQueryGrpcClientErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures Disable ThanosQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh Disable ThanosQueryInstantLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh Disable ThanosQueryRangeLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosQueryOverload Disable ThanosQueryOverload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh Disable ThanosReceiveHttpRequestErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh Disable ThanosReceiveHttpRequestLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures Disable ThanosReceiveHighReplicationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures Disable ThanosReceiveHighForwardRequestFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures Disable ThanosReceiveHighHashringFileRefreshFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure Disable ThanosReceiveConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload Disable ThanosReceiveNoUpload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold Disable ThanosReceiveTrafficBelowThreshold rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate Disable ThanosBucketReplicateErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency Disable ThanosBucketReplicateRunLatency rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts Disable ThanosRuleQueueIsDroppingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts Disable ThanosRuleSenderIsFailingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures Disable ThanosRuleHighRuleEvaluationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings Disable ThanosRuleHighRuleEvaluationWarnings rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh Disable ThanosRuleRuleEvaluationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate Disable ThanosRuleGrpcErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure Disable ThanosRuleConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures Disable ThanosRuleQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures Disable ThanosRuleAlertmanagerHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals Disable ThanosRuleNoEvaluationFor10Intervals rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations Disable ThanosNoRuleEvaluations rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed Disable ThanosSidecarBucketOperationsFailed rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true ## @extra metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true ## @extra metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh Disable ThanosStoreSeriesGateLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true ## @extra metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures Disable ThanosStoreBucketHighOperationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true ## @extra metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh Disable ThanosStoreObjstoreOperationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true ## @param metrics.prometheusRule.default.disabled disable one specific prometheus alert rule ## disabled: {} ## @param metrics.prometheusRule.namespace Namespace in which the PrometheusRule CRD is created ## namespace: "" ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule ## additionalLabels: {} ## @param metrics.prometheusRule.groups Prometheus Rule Groups for Thanos components ## These are just examples rules, please adapt them to your needs. ## groups: ## - name: Compactor ## rules: ## - alert: ThanosCompactMultipleRunning ## annotations: ## description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}}$value{{`}}`}} instances running. ## runbook_url: https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactmultiplerunning ## summary: Thanos Compact has multiple instances running. ## expr: sum by (job) (up{job=~"{{ template "common.names.fullname" . }}-compact.*"}) > 1 ## for: 5m ## labels: ## severity: warning groups: [] ## @section Volume Permissions parameters ## 'volumePermissions' init container parameters ## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values ## based on the *podSecurityContext/*containerSecurityContext parameters ## volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false ## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.tag Init container volume-permissions image tag ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/bitnami-shell tag: 11-debian-11-r102 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @section MinIO® chart parameters ## @extra minio For full list of MinIO® values configurations please refere [here](https://github.com/bitnami/charts/tree/main/bitnami/minio) minio: ## @param minio.enabled Enable/disable MinIO® chart installation ## to be used as an objstore for Thanos ## enabled: false ## MinIO® authentication parameters ## auth: ## @param minio.auth.rootUser MinIO® root username ## rootUser: admin ## @param minio.auth.rootPassword Password for MinIO® root user ## rootPassword: "" ## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create ## defaultBuckets: 'thanos' ## @section NetWorkPolicy parameters networkPolicy: ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. ## enabled: false ## @param networkPolicy.allowExternal Don't require client label for connections ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to http and grpc thanos port. ## When true, thanos will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace ## and that match other criteria, the ones that have the good label, can reach thanos. ## But sometimes, we want thanos to be accessible to clients from other namespaces, in this case, we can use this ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. ## ## Example: ## explicitNamespacesSelector: ## matchLabels: ## role: frontend ## matchExpressions: ## - {key: role, operator: In, values: [frontend]} ## explicitNamespacesSelector: {}