mirror of
https://github.com/bitnami/charts.git
synced 2026-03-12 14:57:18 +08:00
1680 lines
50 KiB
YAML
1680 lines
50 KiB
YAML
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry, and imagePullSecrets
|
|
##
|
|
# global:
|
|
# imageRegistry: myRegistryName
|
|
# imagePullSecrets:
|
|
# - myRegistryKeySecretName
|
|
# storageClass: myStorageClass
|
|
|
|
## Bitnami Thanos image
|
|
## ref: https://hub.docker.com/r/bitnami/thanos/tags/
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/thanos
|
|
tag: 0.17.2-scratch-r1
|
|
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## String to partially override common.names.fullname template (will maintain the release name)
|
|
##
|
|
# nameOverride:
|
|
|
|
## String to fully override common.names.fullname template
|
|
##
|
|
# fullnameOverride:
|
|
|
|
## Kubernetes Cluster Domain
|
|
##
|
|
clusterDomain: cluster.local
|
|
|
|
## Objstore Configuration
|
|
## Specify content for objstore.yml
|
|
##
|
|
# objstoreConfig:
|
|
|
|
## Index cache Configuration
|
|
## Specify content for index-cache.yml
|
|
##
|
|
# indexCacheConfig:
|
|
|
|
## Bucket cache Configuration
|
|
## Specify content for bucket-cache.yml
|
|
##
|
|
# bucketCacheConfig:
|
|
|
|
## Secret with Objstore Configuration
|
|
## Note: This will override objstoreConfig
|
|
##
|
|
# existingObjstoreSecret:
|
|
## optional item list for specifying a custom Secret key. If so, path should be objstore.yml
|
|
# existingObjstoreSecretItems: []
|
|
|
|
## Provide a common service account to be shared with all components
|
|
##
|
|
# existingServiceAccount: my-service-account
|
|
|
|
## Thanos Query parameters
|
|
##
|
|
query:
|
|
## Set to true to enable Thanos Query component
|
|
##
|
|
enabled: true
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for query
|
|
##
|
|
# existingServiceAccount: query-service-account
|
|
|
|
## Labels to treat as a replica indicator along which data is deduplicated
|
|
##
|
|
replicaLabel: [replica]
|
|
|
|
## Dynamically configure store APIs using DNS discovery
|
|
##
|
|
dnsDiscovery:
|
|
enabled: true
|
|
## Sidecars service name to discover them using DNS discovery
|
|
## Evaluated as a template.
|
|
# sidecarsService: "{{ .Release.Name }}-prometheus-thanos"
|
|
##
|
|
## Sidecars namespace to discover them using DNS discovery
|
|
## Evaluated as a template.
|
|
# sidecarsNamespace: "{{ .Release.Namespace }}"
|
|
|
|
## Statically configure store APIs to connect with Thanos Query
|
|
##
|
|
stores: []
|
|
|
|
## Query Service Discovery Configuration
|
|
## Specify content for servicediscovery.yml
|
|
##
|
|
# sdConfig:
|
|
|
|
## ConfigMap with Query Service Discovery Configuration
|
|
## NOTE: This will override query.sdConfig
|
|
##
|
|
# existingSDConfigmap:
|
|
|
|
## Extra Flags to passed to Thanos Query
|
|
##
|
|
extraFlags: []
|
|
|
|
## Number of Thanos Query replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Query pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Query pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Query node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Query pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Query pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Query pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Annotations for query pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Query pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
# Create ClusterRole and ClusterRolebing for the Service account
|
|
rbac:
|
|
create: false
|
|
|
|
# Create PodSecurity Policy
|
|
pspEnabled: false
|
|
|
|
## Thanos Query containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Query pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /-/healthy
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /-/ready
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
|
|
## Thanos Query GRPC TLS parameters
|
|
## to configure --grpc-server-tls-cert, --grpc-server-tls-key, --grpc-server-tls-client-ca, --grpc-client-tls-secure, --grpc-client-tls-cert, --grpc-client-tls-key, --grpc-client-tls-ca, --grpc-client-server-name
|
|
## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags
|
|
grpcTLS:
|
|
# TLS server side
|
|
server:
|
|
# enable TLS for GRPC server
|
|
secure: false
|
|
# TLS Certificate for gRPC server, leave blank to disable TLS
|
|
cert:
|
|
# TLS Key for the gRPC server, leave blank to disable TLS
|
|
key:
|
|
# TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
|
|
ca:
|
|
# TLS client side
|
|
client:
|
|
# Use TLS when talking to the gRPC server
|
|
secure: false
|
|
# TLS Certificates to use to identify this client to the server
|
|
cert:
|
|
# TLS Key for the client's certificate
|
|
key:
|
|
# TLS CA Certificates to use to verify gRPC servers
|
|
ca:
|
|
# Server name to verify the hostname on the returned gRPC certificates. See https://tools.ietf.org/html/rfc4366#section-3.1
|
|
servername:
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Query service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## GRPC Port
|
|
##
|
|
grpc:
|
|
port: 10901
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Autoscaling parameters
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
# minReplicas: 1
|
|
# maxReplicas: 11
|
|
# targetCPU: 50
|
|
# targetMemory: 50
|
|
|
|
## Query Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Query
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos.local
|
|
# path: /
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos.local
|
|
# secretName: thanos.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
|
|
## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress
|
|
##
|
|
tls: false
|
|
|
|
secrets: []
|
|
# - name: thanos.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Create an ingress object for the GRPC service. This requires an HTTP/2
|
|
## capable Ingress controller (eg. traefik using AWS NLB). Example annotations
|
|
## - ingress.kubernetes.io/protocol: h2c
|
|
## - service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
|
## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
|
|
## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/
|
|
## and also the documentation for your ingress controller.
|
|
##
|
|
## The options that are accepted are identical to the HTTP one listed above
|
|
grpc:
|
|
enabled: false
|
|
certManager: false
|
|
hostname: thanos-grpc.local
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos-grpc.local
|
|
# path: /
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos-grpc.local
|
|
# secretName: thanos-grpc.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
secrets: []
|
|
# - name: thanos-grpc.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Thanos Query Frontend parameters
|
|
##
|
|
queryFrontend:
|
|
## Set to true to enable Thanos Query Frontend component
|
|
##
|
|
enabled: true
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for Query Frontend
|
|
##
|
|
# existingServiceAccount: query-frontend-service-account
|
|
|
|
extraFlags: []
|
|
|
|
## Thanos Query Frontend Cache Configuration
|
|
## Specify content for config.yml
|
|
##
|
|
# config:
|
|
|
|
## ConfigMap with Thanos Query Frontend Cache Configuration
|
|
## NOTE: This will override queryFrontend.config
|
|
##
|
|
# existingConfigmap:
|
|
|
|
## Number of Thanos Query Frontend replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Query Frontend pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Query Frontend pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Query Frontend node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Query Frontend pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Query Frontend pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Query Frontend pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Annotations for query frontend pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Query Frontend pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
# Create ClusterRole and ClusterRolebing for the Service account
|
|
rbac:
|
|
create: false
|
|
|
|
# Create PodSecurity Policy
|
|
pspEnabled: false
|
|
|
|
## Thanos Query Frontend containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Query Frontend pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /-/healthy
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /-/ready
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Query Frontend service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
##
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Autoscaling parameters
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
# minReplicas: 1
|
|
# maxReplicas: 11
|
|
# targetCPU: 50
|
|
# targetMemory: 50
|
|
|
|
## Query Frontend Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Query Frontend
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos.local
|
|
# path: /
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos.local
|
|
# secretName: thanos.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
##
|
|
secrets: []
|
|
# - name: thanos.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Thanos Bucket Web parameters
|
|
##
|
|
bucketweb:
|
|
## Set to true to enable Thanos Bucket Web component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for bucketweb
|
|
##
|
|
# existingServiceAccount: bucketweb-service-account
|
|
|
|
## Refresh interval to download metadata from remote storage
|
|
##
|
|
refresh: 30m
|
|
|
|
## Timeout to download metadata from remote storage
|
|
##
|
|
timeout: 5m
|
|
|
|
## Extra Flags to passed to Bucket Web
|
|
##
|
|
extraFlags: []
|
|
|
|
## Number of Thanos Query replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Bucket Web pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Bucket Web pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Bucket Web node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Bucket Web pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Bucket Web pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Bucket Web pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Annotations for bucketweb pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Bucket Web pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## Thanos Bucket Web containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Bucket Web pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Bucket Web service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 8080
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Bucket Web Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Configure the ingress resource that allows you to access Thanos Bucketweb
|
|
## ref: http://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
|
|
## Set this to true in order to add the corresponding annotations for cert-manager
|
|
##
|
|
certManager: false
|
|
|
|
## When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos-bucketweb.local
|
|
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
|
|
##
|
|
annotations: {}
|
|
|
|
## The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
# extraHosts:
|
|
# - name: thanos-bucketweb.local
|
|
# path: /
|
|
|
|
## The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
# extraTls:
|
|
# - hosts:
|
|
# - thanos-bucketweb.local
|
|
# secretName: thanos-bucketweb.local-tls
|
|
|
|
## If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
|
|
## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress
|
|
##
|
|
tls: false
|
|
|
|
secrets: []
|
|
# - name: thanos-bucketweb.local-tls
|
|
# key:
|
|
# certificate:
|
|
|
|
## Thanos Compactor parameters
|
|
##
|
|
compactor:
|
|
## Set to true to enable Thanos Compactor component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for compactor
|
|
##
|
|
# existingServiceAccount: compactor-service-account
|
|
|
|
## Resolution and Retention flags
|
|
##
|
|
retentionResolutionRaw: 30d
|
|
retentionResolution5m: 30d
|
|
retentionResolution1h: 10y
|
|
|
|
## Minimum age of fresh (non-compacted) blocks
|
|
## before they are being processed
|
|
##
|
|
consistencyDelay: 30m
|
|
|
|
## Extra Flags to passed to Thanos Compactor
|
|
##
|
|
extraFlags: []
|
|
|
|
## StrategyType, can be set to RollingUpdate or Recreate by default.
|
|
##
|
|
strategyType: RollingUpdate
|
|
|
|
## Thanos Compactor pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Compactor pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Compactor node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Compactor pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Compactor pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Compactor pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Annotations for compactor pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Compactor pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## Thanos Compactor containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Compactor pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /-/healthy
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /-/ready
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Compactor service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
# existingClaim:
|
|
## Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
# storageClass: "-"
|
|
## Persistent Volume Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## Persistent Volume Claim size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Thanos Store Gateway parameters
|
|
##
|
|
storegateway:
|
|
## Set to true to enable Thanos Store Gateway component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for storegateway
|
|
##
|
|
# existingServiceAccount: storegateway-service-account
|
|
|
|
## Extra Flags to passed to Thanos Store Gateway
|
|
##
|
|
extraFlags: []
|
|
|
|
## Store Gateway Cache Configuration
|
|
## Specify content for config.yml
|
|
##
|
|
# config:
|
|
|
|
## ConfigMap with Store Gateway Cache Configuration
|
|
## NOTE: This will override storegateway.config
|
|
##
|
|
# existingConfigmap:
|
|
|
|
## Number of Thanos Store Gateway replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or OnDelete by default.
|
|
##
|
|
updateStrategyType: RollingUpdate
|
|
|
|
## Statefulset Pod management policy: OrderedReady (default) or Parallel.
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
|
|
##
|
|
podManagementPolicy: OrderedReady
|
|
|
|
## Thanos Store Gateway pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Store Gateway pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Store Gateway node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Store Gateway pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Store Gateway pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Store Gateway pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Annotations for storegateway pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Store Gateway pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## Thanos Store Gateway containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Store Gateway pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /-/healthy
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /-/ready
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Store Gateway service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## GRPC Port
|
|
##
|
|
grpc:
|
|
port: 10901
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Create additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
# existingClaim:
|
|
## Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
# storageClass: "-"
|
|
## Persistent Volume Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## Persistent Volume Claim size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Autoscaling parameters
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
# minReplicas: 1
|
|
# maxReplicas: 11
|
|
# targetCPU: 50
|
|
# targetMemory: 50
|
|
|
|
## Store Gateway Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Thanos Ruler parameters
|
|
##
|
|
ruler:
|
|
## Set to true to enable Thanos Ruler component
|
|
##
|
|
enabled: false
|
|
|
|
## Log level
|
|
##
|
|
logLevel: info
|
|
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
serviceAccount:
|
|
annotations: {}
|
|
## Provide an existing service account for ruler
|
|
##
|
|
# existingServiceAccount: ruler-service-account
|
|
|
|
## Dynamically configure Query APIs using DNS discovery
|
|
##
|
|
dnsDiscovery:
|
|
enabled: true
|
|
|
|
## Alermanager URLs array
|
|
##
|
|
alertmanagers: []
|
|
|
|
## The default evaluation interval to use
|
|
##
|
|
evalInterval: 1m
|
|
|
|
## Used to set the 'ruler_cluster' label
|
|
##
|
|
# clusterName:
|
|
|
|
## Extra Flags to passed to Thanos Ruler
|
|
##
|
|
extraFlags: []
|
|
|
|
## Ruler Configuration
|
|
## Specify content for ruler.yml
|
|
##
|
|
# config:
|
|
|
|
## ConfigMap with Ruler Configuration
|
|
## NOTE: This will override ruler.config
|
|
##
|
|
# existingConfigmap:
|
|
|
|
## Number of Thanos Ruler replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
|
|
## StrategyType, can be set to RollingUpdate or OnDelete by default.
|
|
##
|
|
updateStrategyType: RollingUpdate
|
|
|
|
## Statefulset Pod management policy: OrderedReady (default) or Parallel.
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
|
|
##
|
|
podManagementPolicy: OrderedReady
|
|
|
|
## Thanos Ruler pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
|
|
## Thanos Ruler pod anti-affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
|
|
## Thanos Ruler node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
nodeAffinityPreset:
|
|
## Node affinity type
|
|
## Allowed values: soft, hard
|
|
type: ""
|
|
## Node label key to match
|
|
## E.g.
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## Node label values to match
|
|
## E.g.
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
|
|
## Affinity for Thanos Ruler pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
|
|
## Node labels for Thanos Ruler pods assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for Thanos Ruler pods assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Annotations for ruler pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Pod priority
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
# priorityClassName: ""
|
|
|
|
## K8s Security Context for Thanos Ruler pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## Thanos Ruler containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Thanos Ruler pods' liveness and readiness probes. Evaluated as a template.
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /-/healthy
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /-/ready
|
|
port: http
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
# periodSeconds: 10
|
|
# successThreshold: 1
|
|
# failureThreshold: 6
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## Service type
|
|
##
|
|
type: ClusterIP
|
|
## Thanos Ruler service clusterIP IP
|
|
##
|
|
# clusterIP: None
|
|
## HTTP Port
|
|
##
|
|
http:
|
|
port: 9090
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## GRPC Port
|
|
##
|
|
grpc:
|
|
port: 10901
|
|
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
# nodePort:
|
|
## Set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Load Balancer sources
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
# loadBalancerSourceRanges:
|
|
# - 10.10.10.0/24
|
|
## Provide any additional annotations which may be required
|
|
##
|
|
annotations: {}
|
|
## Use to override service selector labels
|
|
##
|
|
labelSelectorsOverride: {}
|
|
|
|
## Create additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## A manually managed Persistent Volume and Claim
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
## The value is evaluated as a template
|
|
##
|
|
# existingClaim:
|
|
## Persistent Volume Storage Class
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
# storageClass: "-"
|
|
## Persistent Volume Access Mode
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## Persistent Volume Claim size
|
|
##
|
|
size: 8Gi
|
|
|
|
## Ruler Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
|
##
|
|
pdb:
|
|
create: false
|
|
## Min number of pods that must still be available after the eviction
|
|
##
|
|
minAvailable: 1
|
|
## Max number of pods that can be unavailable after the eviction
|
|
##
|
|
# maxUnavailable: 1
|
|
|
|
## Prometheus metrics
|
|
##
|
|
metrics:
|
|
enabled: false
|
|
|
|
## Prometheus Operator ServiceMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
enabled: false
|
|
## Namespace in which Prometheus is running
|
|
##
|
|
# namespace: monitoring
|
|
## Labels to add to the ServiceMonitor object
|
|
##
|
|
# labels:
|
|
## Interval at which metrics should be scraped.
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
# interval: 10s
|
|
## Timeout after which the scrape is ended
|
|
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
|
|
##
|
|
# scrapeTimeout: 10s
|
|
|
|
## Init Container parameters
|
|
## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
|
|
## values from the securityContext section of the component
|
|
##
|
|
volumePermissions:
|
|
enabled: false
|
|
## Bitnami Minideb image
|
|
## ref: https://hub.docker.com/r/bitnami/minideb/tags/
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/minideb
|
|
tag: buster
|
|
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: Always
|
|
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## MinIO(TM) Chart configuration
|
|
##
|
|
minio:
|
|
## Set to true to deploy a MinIO(TM) chart
|
|
## to be used as an objstore for Thanos
|
|
##
|
|
enabled: false
|
|
|
|
## MinIO(TM) credentials
|
|
##
|
|
accessKey:
|
|
password: ''
|
|
secretKey:
|
|
password: ''
|
|
|
|
## Default MinIO(TM) buckets
|
|
##
|
|
defaultBuckets: 'thanos'
|