mirror of
https://github.com/bitnami/charts.git
synced 2026-03-13 06:47:24 +08:00
2662 lines
76 KiB
YAML
2662 lines
76 KiB
YAML
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry, and imagePullSecrets
|
|
##
|
|
# global:
|
|
# imageRegistry: myRegistryName
|
|
# imagePullSecrets:
|
|
# - myRegistryKeySecretName
|
|
# storageClass: myStorageClass
|
|
|
|
## Force target Kubernetes version (using Helm capabilites if not set)
|
|
##
|
|
kubeVersion:
|
|
|
|
## Bitnami Thanos image
|
|
## ref: https://hub.docker.com/r/bitnami/thanos/tags/
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/thanos
|
|
tag: 0.21.1-scratch-r2
|
|
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## String to partially override common.names.fullname template (will maintain the release name)
|
|
##
|
|
# nameOverride:
|
|
|
|
## String to fully override common.names.fullname template
|
|
##
|
|
# fullnameOverride:
|
|
|
|
## Add labels to all the deployed resources
|
|
##
|
|
commonLabels: {}
|
|
|
|
## Kubernetes Cluster Domain
|
|
##
|
|
clusterDomain: cluster.local
|
|
|
|
## Objstore Configuration
|
|
## Specify content for objstore.yml
|
|
##
|
|
# objstoreConfig:
|
|
|
|
## Index cache Configuration
|
|
## Specify content for index-cache.yml
|
|
##
|
|
# indexCacheConfig:
|
|
|
|
## Bucket cache Configuration
|
|
## Specify content for bucket-cache.yml
|
|
##
|
|
# bucketCacheConfig:
|
|
|
|
## Secret with Objstore Configuration
|
|
## Note: This will override objstoreConfig
|
|
##
|
|
# existingObjstoreSecret:
|
|
## optional item list for specifying a custom Secret key. If so, path should be objstore.yml
|
|
# existingObjstoreSecretItems: []
|
|
|
|
## Provide a common service account to be shared with all components
|
|
##
|
|
# existingServiceAccount: my-service-account
|
|
|
|
## Thanos Query parameters
|
|
##
|
|
query:
|
|
## Set to true to enable Thanos Query component
|
|
##
|
|
enabled: true
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Log format
|
|
##
|
|
logFormat: logfmt
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for query
|
|
##
|
|
# existingServiceAccount: query-service-account
|
|
|
|
## Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
|
|
## Labels to treat as a replica indicator along which data is deduplicated
|
|
##
|
|
replicaLabel: [replica]
|
|
|
|
## Dynamically configure store APIs using DNS discovery
|
|
##
|
|
dnsDiscovery:
|
|
enabled: true
|
|
## Sidecars service name to discover them using DNS discovery
|
|
## Evaluated as a template.
|
|
# sidecarsService: "{{ .Release.Name }}-prometheus-thanos"
|
|
##
|
|
## Sidecars namespace to discover them using DNS discovery
|
|
## Evaluated as a template.
|
|
# sidecarsNamespace: "{{ .Release.Namespace }}"
|
|
|
|
## Statically configure store APIs to connect with Thanos Query
|
|
##
|
|
stores: []
|
|
|
|
## Query Service Discovery Configuration
|
|
## Specify content for servicediscovery.yml
|
|
##
|
|
# sdConfig:
|
|
|
|
## ConfigMap with Query Service Discovery Configuration
|
|
## NOTE: This will override query.sdConfig
|
|
##
|
|
# existingSDConfigmap:
|
|
|
|
## Optional additional containers (sidecar)
|
|
##
|
|
extraContainers: []
|
|
## Example:
|
|
## - name: oAuth2-proxy
|
|
## args:
|
|
## - -https-address=:9092
|
|
## - -upstream=http://localhost:9091
|
|
## - -skip-auth-regex=^/metrics
|
|
## image: openshift/oauth-proxy:v1.1.0
|
|
## ports:
|
|
## - containerPort: 9092
|
|
## name: proxy
|
|
## resources:
|
|
## limits:
|
|
## memory: 16Mi
|
|
## requests:
|
|
## memory: 4Mi
|
|
## cpu: 20m
|
|
## volumeMounts:
|
|
## - mountPath: /secrets/proxy-tls
|
|
## name: secret-proxy-tls
|
|
|
|
## Extra environment variable(s) to set on query container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
##
|
|
extraEnv: []
|
|
|
|
## Extra volumes to add to Thanos Query
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Extra volume mounts to add to the query container
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Extra Flags to passed to Thanos Query
|
|
##
|
|
extraFlags: []
|
|
|
|
## Number of Thanos Query replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Query pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Query pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Query node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
##
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Query pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Query pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Query pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Labels
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Annotations for query pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Query pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## K8s containers' Security Context for Thanos Query container
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
# Create ClusterRole and ClusterRolebing for the Service account
|
|
rbac:
|
|
create: false
|
|
|
|
# Create PodSecurity Policy
|
|
pspEnabled: false
|
|
|
|
## Thanos Query containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Query pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
## Thanos Query GRPC TLS parameters
|
|
## to configure --grpc-server-tls-cert, --grpc-server-tls-key, --grpc-server-tls-client-ca, --grpc-client-tls-secure, --grpc-client-tls-cert, --grpc-client-tls-key, --grpc-client-tls-ca, --grpc-client-server-name
|
|
## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags
|
|
##
|
|
grpcTLS:
|
|
# TLS server side
|
|
server:
|
|
# enable TLS for GRPC server
|
|
secure: false
|
|
## Create self-signed TLS certificates. Currently only supports PEM certificates.
|
|
##
|
|
autoGenerated: false
|
|
# TLS Certificate for gRPC server, leave blank to disable TLS
|
|
cert:
|
|
# TLS Key for the gRPC server, leave blank to disable TLS
|
|
key:
|
|
# TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
|
|
ca:
|
|
# Existing secret containing your own TLS certificates.
|
|
# existingSecret:
|
|
# name:
|
|
# keyMapping:
|
|
# ca-cert: ca.pem
|
|
# tls-cert: cert.pem
|
|
# tls-key: key.pem
|
|
|
|
# TLS client side
|
|
client:
|
|
# Use TLS when talking to the gRPC server
|
|
secure: false
|
|
## Create self-signed TLS certificates. Currently only supports PEM certificates.
|
|
##
|
|
autoGenerated: false
|
|
# TLS Certificates to use to identify this client to the server
|
|
cert:
|
|
# TLS Key for the client's certificate
|
|
key:
|
|
# TLS CA Certificates to use to verify gRPC servers
|
|
ca:
|
|
# Server name to verify the hostname on the returned gRPC certificates. See https://tools.ietf.org/html/rfc4366#section-3.1
|
|
servername:
|
|
# Existing secret containing your own TLS certificates.
|
|
# existingSecret:
|
|
# name:
|
|
# keyMapping:
|
|
# ca-cert: ca.pem
|
|
# tls-cert: cert.pem
|
|
# tls-key: key.pem
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Query service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
targetPort: http
|
|
## GRPC Port
|
|
##
|
|
grpc:
|
|
port: 10901
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Autoscaling parameters
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
# minReplicas: 1
|
|
# maxReplicas: 11
|
|
# targetCPU: 50
|
|
# targetMemory: 50
|
|
|
|
## Query Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Query
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos.local
|
|
# path: /
|
|
# pathType: ImplementationSpecific
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos.local
|
|
# secretName: thanos.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
|
|
## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress
|
|
##
|
|
tls: false
|
|
|
|
secrets: []
|
|
# - name: thanos.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion:
|
|
|
|
## Ingress Path
|
|
##
|
|
path: /
|
|
|
|
## Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## Create an ingress object for the GRPC service. This requires an HTTP/2
|
|
## capable Ingress controller (eg. traefik using AWS NLB). Example annotations
|
|
## - ingress.kubernetes.io/protocol: h2c
|
|
## - service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
|
## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
|
|
## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/
|
|
## and also the documentation for your ingress controller.
|
|
##
|
|
## The options that are accepted are identical to the HTTP one listed above
|
|
##
|
|
grpc:
|
|
enabled: false
|
|
certManager: false
|
|
hostname: thanos-grpc.local
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos-grpc.local
|
|
# path: /
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos-grpc.local
|
|
# secretName: thanos-grpc.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
secrets: []
|
|
# - name: thanos-grpc.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion:
|
|
|
|
## Ingress Path
|
|
##
|
|
path: /
|
|
|
|
## Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## Thanos Query Frontend parameters
|
|
##
|
|
queryFrontend:
|
|
## Set to true to enable Thanos Query Frontend component
|
|
##
|
|
enabled: true
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Log format
|
|
##
|
|
logFormat: logfmt
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for Query Frontend
|
|
##
|
|
# existingServiceAccount: query-frontend-service-account
|
|
|
|
## Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
|
|
## Optional additional containers (sidecar)
|
|
##
|
|
extraContainers: []
|
|
## Example:
|
|
## - name: oAuth2-proxy
|
|
## args:
|
|
## - -https-address=:9092
|
|
## - -upstream=http://localhost:9091
|
|
## - -skip-auth-regex=^/metrics
|
|
## image: openshift/oauth-proxy:v1.1.0
|
|
## ports:
|
|
## - containerPort: 9092
|
|
## name: proxy
|
|
## resources:
|
|
## limits:
|
|
## memory: 16Mi
|
|
## requests:
|
|
## memory: 4Mi
|
|
## cpu: 20m
|
|
## volumeMounts:
|
|
## - mountPath: /secrets/proxy-tls
|
|
## name: secret-proxy-tls
|
|
|
|
## Extra environment variable(s) to set on query-frontend container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
##
|
|
extraEnv: []
|
|
|
|
## Extra volumes to add to the Query Frontend
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Extra volume mounts to add to the query-frontend container
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Extra Flags to passed to Thanos Query Frontend
|
|
##
|
|
extraFlags: []
|
|
|
|
## Thanos Query Frontend Cache Configuration
|
|
## Specify content for config.yml
|
|
##
|
|
# config:
|
|
|
|
## ConfigMap with Thanos Query Frontend Cache Configuration
|
|
## NOTE: This will override queryFrontend.config
|
|
##
|
|
# existingConfigmap:
|
|
|
|
## Number of Thanos Query Frontend replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Query Frontend pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Query Frontend pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Query Frontend node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
##
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Query Frontend pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Query Frontend pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Query Frontend pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Labels
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Annotations for query frontend pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Query Frontend pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## K8s containers' Security Context for Thanos Query Frontend container
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
# Create ClusterRole and ClusterRolebing for the Service account
|
|
rbac:
|
|
create: false
|
|
|
|
# Create PodSecurity Policy
|
|
pspEnabled: false
|
|
|
|
## Thanos Query Frontend containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Query Frontend pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Query Frontend service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
targetPort: http
|
|
##
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Autoscaling parameters
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
# minReplicas: 1
|
|
# maxReplicas: 11
|
|
# targetCPU: 50
|
|
# targetMemory: 50
|
|
|
|
## Query Frontend Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Query Frontend
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos.local
|
|
# path: /
|
|
# pathType: ImplementationSpecific
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos.local
|
|
# secretName: thanos.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
|
|
## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress
|
|
##
|
|
tls: false
|
|
|
|
secrets: []
|
|
# - name: thanos.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion:
|
|
|
|
## Ingress Path
|
|
##
|
|
path: /
|
|
|
|
## Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## Thanos Bucket Web parameters
|
|
##
|
|
bucketweb:
|
|
## Set to true to enable Thanos Bucket Web component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Log format
|
|
##
|
|
logFormat: logfmt
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for bucketweb
|
|
##
|
|
# existingServiceAccount: bucketweb-service-account
|
|
|
|
## Refresh interval to download metadata from remote storage
|
|
##
|
|
refresh: 30m
|
|
|
|
## Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
|
|
## Timeout to download metadata from remote storage
|
|
##
|
|
timeout: 5m
|
|
|
|
## Optional additional containers (sidecar)
|
|
##
|
|
extraContainers: []
|
|
## Example:
|
|
## - name: oAuth2-proxy
|
|
## args:
|
|
## - -https-address=:9092
|
|
## - -upstream=http://localhost:9091
|
|
## - -skip-auth-regex=^/metrics
|
|
## image: openshift/oauth-proxy:v1.1.0
|
|
## ports:
|
|
## - containerPort: 9092
|
|
## name: proxy
|
|
## resources:
|
|
## limits:
|
|
## memory: 16Mi
|
|
## requests:
|
|
## memory: 4Mi
|
|
## cpu: 20m
|
|
## volumeMounts:
|
|
## - mountPath: /secrets/proxy-tls
|
|
## name: secret-proxy-tls
|
|
|
|
## Extra environment variable(s) to set on bucketweb container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
##
|
|
extraEnv: []
|
|
|
|
## Extra volumes to add to Bucket Web
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Extra volume mounts to add to the bucketweb container
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Extra Flags to passed to Bucket Web
|
|
##
|
|
extraFlags: []
|
|
|
|
## Number of Thanos Query replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Bucket Web pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Bucket Web pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Bucket Web node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
##
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Bucket Web pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Bucket Web pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Bucket Web pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Labels
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Annotations for bucketweb pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Bucket Web pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## K8s containers' Security Context for Thanos Bucket Web container
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
## Thanos Bucket Web containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Bucket Web pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Bucket Web service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 8080
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
targetPort: http
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Bucket Web Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Bucketweb
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos-bucketweb.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos-bucketweb.local
|
|
# path: /
|
|
# pathType: ImplementationSpecific
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos-bucketweb.local
|
|
# secretName: thanos-bucketweb.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
|
|
## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress
|
|
##
|
|
tls: false
|
|
|
|
secrets: []
|
|
# - name: thanos-bucketweb.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion:
|
|
|
|
## Ingress Path
|
|
##
|
|
path: /
|
|
|
|
## Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## Thanos Compactor parameters
|
|
##
|
|
compactor:
|
|
## Set to true to enable Thanos Compactor component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Log format
|
|
##
|
|
logFormat: logfmt
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for compactor
|
|
##
|
|
# existingServiceAccount: compactor-service-account
|
|
|
|
## Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
|
|
## Resolution and Retention flags
|
|
##
|
|
retentionResolutionRaw: 30d
|
|
retentionResolution5m: 30d
|
|
retentionResolution1h: 10y
|
|
|
|
## Minimum age of fresh (non-compacted) blocks
|
|
## before they are being processed
|
|
##
|
|
consistencyDelay: 30m
|
|
|
|
## Extra environment variable(s) to set on compactor container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
##
|
|
extraEnv: []
|
|
|
|
## Extra volumes to add to Thanos Compactor
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Extra volume mounts to add to the compactor container
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Extra Flags to passed to Thanos Compactor
|
|
##
|
|
extraFlags: []
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Compactor pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Compactor pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Compactor node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
##
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Compactor pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Compactor pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Compactor pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Labels
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Annotations for compactor pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Compactor pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## K8s containers' Security Context for Thanos Compactor container
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
## Thanos Compactor containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Compactor pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Compactor service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
# existingClaim:
|
|
## Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
# storageClass: "-"
|
|
## Persistent Volume Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## Persistent Volume Claim size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Thanos Store Gateway parameters
|
|
##
|
|
storegateway:
|
|
## Set to true to enable Thanos Store Gateway component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Log format
|
|
##
|
|
logFormat: logfmt
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for storegateway
|
|
##
|
|
# existingServiceAccount: storegateway-service-account
|
|
|
|
## Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
|
|
## Extra environment variable(s) to set on storegateway container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
##
|
|
extraEnv: []
|
|
|
|
## Extra volumes to add to Thanos Store Gateway
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Extra volume mounts to add to the storegateway container
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Extra Flags to passed to Thanos Store Gateway
|
|
##
|
|
extraFlags: []
|
|
|
|
## Store Gateway Cache Configuration
|
|
## Specify content for config.yml
|
|
##
|
|
# config:
|
|
|
|
## ConfigMap with Store Gateway Cache Configuration
|
|
## NOTE: This will override storegateway.config
|
|
##
|
|
# existingConfigmap:
|
|
|
|
## Thanos Store GRPC server configuration
|
|
##
|
|
grpc:
|
|
## TLS configuration
|
|
##
|
|
tls:
|
|
## Enable TLS encryption in the GRPC server
|
|
##
|
|
enabled: false
|
|
## Create self-signed TLS certificates. Currently only supports PEM certificates.
|
|
##
|
|
autoGenerated: false
|
|
## TLS Certificate for gRPC server, leave blank to disable TLS
|
|
##
|
|
cert:
|
|
## TLS Key for the gRPC server, leave blank to disable TLS
|
|
##
|
|
key:
|
|
## TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
|
|
##
|
|
ca:
|
|
## Existing secret containing your own TLS certificates.
|
|
## Example:
|
|
## existingSecret:
|
|
## name:
|
|
## keyMapping:
|
|
## ca-cert: ca.pem
|
|
## tls-cert: cert.pem
|
|
## tls-key: key.pem
|
|
##
|
|
existingSecret: {}
|
|
|
|
## Number of Thanos Store Gateway replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or OnDelete by default.
|
|
##
|
|
updateStrategyType: RollingUpdate
|
|
|
|
## Statefulset Pod management policy: OrderedReady (default) or Parallel.
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
|
|
##
|
|
podManagementPolicy: OrderedReady
|
|
|
|
## Thanos Store Gateway pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Store Gateway pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Store Gateway node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
##
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Store Gateway pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Store Gateway pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Store Gateway pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Labels
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Annotations for storegateway pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Pod Security Context for Thanos Store Gateway pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## K8s containers' Security Context for Thanos Store Gateway container
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
## Thanos Store Gateway containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Store Gateway pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Store Gateway service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## GRPC Port
|
|
##
|
|
grpc:
|
|
port: 10901
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Create additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
# existingClaim:
|
|
## Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
# storageClass: "-"
|
|
## Persistent Volume Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## Persistent Volume Claim size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Autoscaling parameters
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
# minReplicas: 1
|
|
# maxReplicas: 11
|
|
# targetCPU: 50
|
|
# targetMemory: 50
|
|
|
|
## Store Gateway Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Thanos Ruler parameters
|
|
##
|
|
ruler:
|
|
## Set to true to enable Thanos Ruler component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Log format
|
|
##
|
|
logFormat: logfmt
|
|
|
|
## Label to treat as a replica indicator along which data is deduplicated
|
|
##
|
|
replicaLabel: replica
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for ruler
|
|
##
|
|
# existingServiceAccount: ruler-service-account
|
|
|
|
## Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
|
|
## Dynamically configure Query APIs using DNS discovery
|
|
##
|
|
dnsDiscovery:
|
|
enabled: true
|
|
|
|
## Alermanager URLs array
|
|
##
|
|
alertmanagers: []
|
|
|
|
## Alertmanagers Configuration
|
|
##
|
|
## Creates a secret from the config which is then mounted to the pod
|
|
## for more complicated alertmanager setups.
|
|
alertmanagersConfig:
|
|
# alertmanagers:
|
|
# - http_config:
|
|
# basic_auth:
|
|
# username: some_user
|
|
# password: some_pass
|
|
# static_configs:
|
|
# - alertmanager.thanos.io
|
|
# scheme: http
|
|
# timeout: 10s
|
|
# api_version: v2
|
|
|
|
## The default evaluation interval to use
|
|
##
|
|
evalInterval: 1m
|
|
|
|
## Used to set the 'ruler_cluster' label
|
|
##
|
|
# clusterName:
|
|
|
|
## Optional additional containers (sidecar)
|
|
##
|
|
extraContainers: []
|
|
## Example:
|
|
## - name: oAuth2-proxy
|
|
## args:
|
|
## - -https-address=:9092
|
|
## - -upstream=http://localhost:9091
|
|
## - -skip-auth-regex=^/metrics
|
|
## image: openshift/oauth-proxy:v1.1.0
|
|
## ports:
|
|
## - containerPort: 9092
|
|
## name: proxy
|
|
## resources:
|
|
## limits:
|
|
## memory: 16Mi
|
|
## requests:
|
|
## memory: 4Mi
|
|
## cpu: 20m
|
|
## volumeMounts:
|
|
## - mountPath: /secrets/proxy-tls
|
|
## name: secret-proxy-tls
|
|
|
|
## Extra environment variable(s) to set on ruler container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
##
|
|
extraEnv: []
|
|
|
|
## Extra volumes to add to Thanos Ruler
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Extra volume mounts to add to the ruler container
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Extra Flags to passed to Thanos Ruler
|
|
##
|
|
extraFlags: []
|
|
|
|
## Ruler Configuration
|
|
## Specify content for ruler.yml
|
|
##
|
|
# config:
|
|
|
|
## ConfigMap with Ruler Configuration
|
|
## NOTE: This will override ruler.config
|
|
##
|
|
# existingConfigmap:
|
|
|
|
## Number of Thanos Ruler replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or OnDelete by default.
|
|
##
|
|
updateStrategyType: RollingUpdate
|
|
|
|
## Statefulset Pod management policy: OrderedReady (default) or Parallel.
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
|
|
##
|
|
podManagementPolicy: OrderedReady
|
|
|
|
## Thanos Ruler pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Ruler pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Ruler node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
##
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Ruler pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Ruler pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Ruler pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Labels
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Annotations for ruler pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Ruler pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## K8s containers' Security Context for Thanos Ruler container
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
## Thanos Ruler containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Ruler pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Ruler service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
targetPort: http
|
|
## GRPC Port
|
|
##
|
|
grpc:
|
|
port: 10901
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Create additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
# existingClaim:
|
|
## Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
# storageClass: "-"
|
|
## Persistent Volume Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## Persistent Volume Claim size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Ruler Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Ruler
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos-ruler.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos.local
|
|
# path: /
|
|
# pathType: ImplementationSpecific
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos.local
|
|
# secretName: thanos.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
secrets: []
|
|
# - name: thanos.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion:
|
|
|
|
## Ingress Path
|
|
##
|
|
path: /
|
|
|
|
## Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## Thanos Receive parameters
|
|
##
|
|
receive:
|
|
## Set to true to enable Thanos Receive component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Log format
|
|
##
|
|
logFormat: logfmt
|
|
|
|
## TSDB retention period
|
|
##
|
|
tsdbRetention: 15d
|
|
|
|
## Replication Factor
|
|
##
|
|
replicationFactor: 1
|
|
## Label to treat as a replica indicator along which data is deduplicated
|
|
##
|
|
replicaLabel: replica
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for receive
|
|
##
|
|
# existingServiceAccount: receive-service-account
|
|
|
|
## Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
|
|
## Receive Configuration Evaluated as a template
|
|
## json formatted string and yaml allowed.
|
|
## Specify content for receive hashring
|
|
##
|
|
# config:
|
|
# - endpoints:
|
|
# - "127.0.0.1:10901"
|
|
|
|
## Optional additional containers (sidecar)
|
|
##
|
|
extraContainers: []
|
|
## Example:
|
|
## - name: oAuth2-proxy
|
|
## args:
|
|
## - -https-address=:9092
|
|
## - -upstream=http://localhost:9091
|
|
## - -skip-auth-regex=^/metrics
|
|
## image: openshift/oauth-proxy:v1.1.0
|
|
## ports:
|
|
## - containerPort: 9092
|
|
## name: proxy
|
|
## resources:
|
|
## limits:
|
|
## memory: 16Mi
|
|
## requests:
|
|
## memory: 4Mi
|
|
## cpu: 20m
|
|
## volumeMounts:
|
|
## - mountPath: /secrets/proxy-tls
|
|
## name: secret-proxy-tls
|
|
|
|
## Extra environment variable(s) to set on receive container.
|
|
##
|
|
## extraEnv:
|
|
## - name: VARNAME1
|
|
## value: value1
|
|
## - name: VARNAME2
|
|
## valueFrom:
|
|
## secretKeyRef:
|
|
## name: existing-secret
|
|
## key: varname2-key
|
|
##
|
|
extraEnv: []
|
|
|
|
## Extra volumes to add to Thanos Receive
|
|
##
|
|
extraVolumes: []
|
|
|
|
## Extra volume mounts to add to the receive container
|
|
##
|
|
extraVolumeMounts: []
|
|
|
|
## Extra Flags to passed to Thanos Receive
|
|
##
|
|
extraFlags: []
|
|
|
|
## StrategyType, can be set to RollingUpdate or OnDelete by default.
|
|
##
|
|
updateStrategyType: RollingUpdate
|
|
|
|
## Number of Thanos Receive replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Receive pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Receive pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Receive node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
##
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Receive pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Receive pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Receive pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Labels
|
|
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
|
|
## Annotations for Receive pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
# Create ClusterRole and ClusterRolebing for the Service account
|
|
rbac:
|
|
create: false
|
|
|
|
# Create PodSecurity Policy
|
|
pspEnabled: false
|
|
|
|
## Thanos Receive containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Receive pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
|
|
## K8s Security Context for Thanos Receive pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## K8s containers' Security Context for Thanos Receive container
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: false
|
|
|
|
## Thanos Receive GRPC TLS parameters
|
|
## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags
|
|
##
|
|
grpc:
|
|
# Time to wait after an interrupt received for GRPC Server.
|
|
gracePeriod: 2m
|
|
# TLS server side
|
|
server:
|
|
# enable TLS for GRPC server
|
|
secure: false
|
|
# TLS Certificate for gRPC server, leave blank to disable TLS
|
|
cert:
|
|
# TLS Key for the gRPC server, leave blank to disable TLS
|
|
key:
|
|
# TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
|
|
ca:
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Receive service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 10902
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
targetPort: http
|
|
## GRPC Port
|
|
##
|
|
grpc:
|
|
port: 10901
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## RemoteWrite Port
|
|
##
|
|
remoteWrite:
|
|
port: 19291
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Create additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
|
|
## Autoscaling parameters
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
# minReplicas: 1
|
|
# maxReplicas: 11
|
|
# targetCPU: 50
|
|
# targetMemory: 50
|
|
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
# existingClaim:
|
|
## Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
# storageClass: "-"
|
|
## Persistent Volume Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## Persistent Volume Claim size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Receive Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Receive
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos-receive.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos.local
|
|
# path: /
|
|
# pathType: ImplementationSpecific
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos.local
|
|
# secretName: thanos.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
|
|
## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress
|
|
##
|
|
tls: false
|
|
|
|
secrets: []
|
|
# - name: thanos.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion:
|
|
|
|
## Ingress Path
|
|
##
|
|
path: /
|
|
|
|
## Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## Prometheus metrics
|
|
##
|
|
metrics:
|
|
enabled: false
|
|
|
|
## Prometheus Operator ServiceMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
enabled: false
|
|
## Namespace in which Prometheus is running
|
|
##
|
|
# namespace: monitoring
|
|
## Labels to add to the ServiceMonitor object
|
|
##
|
|
# labels:
|
|
## Interval at which metrics should be scraped.
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
# interval: 10s
|
|
## Timeout after which the scrape is ended
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
# scrapeTimeout: 10s
|
|
|
|
## Init Container parameters
|
|
## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
|
|
## values from the securityContext section of the component
|
|
##
|
|
volumePermissions:
|
|
enabled: false
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/bitnami-shell
|
|
tag: 10-debian-10-r132
|
|
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: Always
|
|
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## MinIO(R) Chart configuration
|
|
##
|
|
minio:
|
|
## Set to true to deploy a MinIO(R) chart
|
|
## to be used as an objstore for Thanos
|
|
##
|
|
enabled: false
|
|
|
|
## MinIO(R) credentials
|
|
##
|
|
accessKey:
|
|
password: ''
|
|
secretKey:
|
|
password: ''
|
|
|
|
## Default MinIO(R) buckets
|
|
##
|
|
defaultBuckets: 'thanos'
|