mirror of
https://github.com/bitnami/charts.git
synced 2026-03-06 15:10:15 +08:00
4255d8f137
* [bitnami/thanos] Fixing typo in the values comment Signed-off-by: Till Toenshoff <toenshoff@me.com> * [bitnami/thanos] Bumping version Signed-off-by: Till Toenshoff <toenshoff@me.com> Signed-off-by: Till Toenshoff <toenshoff@me.com>
4095 lines
194 KiB
YAML
4095 lines
194 KiB
YAML
## @section Global parameters
|
|
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
|
|
|
|
## @param global.imageRegistry Global Docker image registry
|
|
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
|
## @param global.storageClass Global StorageClass for Persistent Volume(s)
|
|
##
|
|
global:
|
|
imageRegistry: ""
|
|
## e.g:
|
|
## imagePullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
imagePullSecrets: []
|
|
storageClass: ""
|
|
|
|
## @section Common parameters
|
|
|
|
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
|
|
##
|
|
kubeVersion: ""
|
|
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
|
|
##
|
|
nameOverride: ""
|
|
## @param fullnameOverride String to fully override common.names.fullname template
|
|
##
|
|
fullnameOverride: ""
|
|
## @param commonLabels Add labels to all the deployed resources
|
|
##
|
|
commonLabels: {}
|
|
## @param commonAnnotations Add annotations to all the deployed resources
|
|
##
|
|
commonAnnotations: {}
|
|
## @param clusterDomain Kubernetes Cluster Domain
|
|
##
|
|
clusterDomain: cluster.local
|
|
## @param extraDeploy Array of extra objects to deploy with the release
|
|
##
|
|
extraDeploy: []
|
|
|
|
## @section Thanos common parameters
|
|
|
|
## Bitnami Thanos image
|
|
## ref: https://hub.docker.com/r/bitnami/thanos/tags/
|
|
## @param image.registry Thanos image registry
|
|
## @param image.repository Thanos image repository
|
|
## @param image.tag Thanos image tag (immutable tags are recommended)
|
|
## @param image.digest Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param image.pullPolicy Thanos image pull policy
|
|
## @param image.pullSecrets Specify docker-registry secret names as an array
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/thanos
|
|
tag: 0.29.0-scratch-r0
|
|
digest: ""
|
|
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
## @param objstoreConfig The [objstore configuration](https://thanos.io/tip/thanos/storage.md/)
|
|
## Specify content for objstore.yml
|
|
##
|
|
objstoreConfig: ""
|
|
## @param indexCacheConfig The [index cache configuration](https://thanos.io/tip/components/store.md/)
|
|
## Specify content for index-cache.yml
|
|
##
|
|
indexCacheConfig: ""
|
|
## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/tip/components/store.md/)
|
|
## Specify content for bucket-cache.yml
|
|
##
|
|
bucketCacheConfig: ""
|
|
## @param existingObjstoreSecret Secret with Objstore Configuration
|
|
## Note: This will override objstoreConfig
|
|
##
|
|
existingObjstoreSecret: ""
|
|
## @param existingObjstoreSecretItems Optional item list for specifying a custom Secret key. If so, path should be objstore.yml
|
|
##
|
|
existingObjstoreSecretItems: []
|
|
## @param httpConfig The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/)
|
|
## If provided, overrides settings under https.* and auth.*
|
|
httpConfig: ""
|
|
## @param existingHttpConfigSecret Secret containing the HTTPS and Basic auth configuration
|
|
##
|
|
existingHttpConfigSecret: ""
|
|
|
|
## HTTPS configuration (Experimental)
|
|
## Ref: https://thanos.io/tip/operating/https.md/
|
|
##
|
|
https:
|
|
## @param https.enabled Set to true to enable HTTPS. Requires a secret containing the certificate and key.
|
|
##
|
|
enabled: false
|
|
## @param https.autoGenerated Create self-signed TLS certificates.
|
|
##
|
|
autoGenerated: false
|
|
## @param https.existingSecret Existing secret containing your own server key and certificate
|
|
##
|
|
existingSecret: ""
|
|
## @param https.certFilename
|
|
##
|
|
certFilename: "tls.crt"
|
|
## @param https.keyFilename
|
|
##
|
|
keyFilename: "tls.key"
|
|
## @param https.caFilename
|
|
##
|
|
caFilename: "ca.crt"
|
|
## @param https.key TLS Key for Thanos HTTPS - ignored if existingSecret is provided
|
|
## @param https.cert TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided
|
|
## @param https.ca (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided
|
|
##
|
|
key: ""
|
|
cert: ""
|
|
ca: ""
|
|
## @param https.clientAuthType Server policy for client authentication using certificates. Maps to ClientAuth Policies.
|
|
## For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType
|
|
clientAuthType: ""
|
|
## Thanos Basic authentication (Experimental)
|
|
##
|
|
auth:
|
|
## @param auth.basicAuthUsers Object containing <user>:<passwords> key-value pairs for each user that will have access via basic authentication
|
|
## Note: Passwords will be later encrypted using bcrypt
|
|
basicAuthUsers: {}
|
|
|
|
## Common Service Account
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
|
|
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
|
|
##
|
|
serviceAccount:
|
|
create: false
|
|
name: ""
|
|
automountServiceAccountToken: true
|
|
annotations: {}
|
|
|
|
## DEPRECATED - existingServiceAccount. This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
## existingServiceAccount: ""
|
|
|
|
## @section Thanos Query parameters
|
|
|
|
query:
|
|
## @param query.enabled Set to true to enable Thanos Query component
|
|
##
|
|
enabled: true
|
|
## @param query.logLevel Thanos Query log level
|
|
##
|
|
logLevel: info
|
|
## @param query.logFormat Thanos Query log format
|
|
##
|
|
logFormat: logfmt
|
|
## @param query.replicaLabel Replica indicator(s) along which data is de-duplicated
|
|
##
|
|
replicaLabel: [replica]
|
|
## Dynamically configure store APIs using DNS discovery
|
|
## @param query.dnsDiscovery.enabled Enable store APIs discovery via DNS
|
|
## @param query.dnsDiscovery.sidecarsService Sidecars service name to discover them using DNS discovery
|
|
## @param query.dnsDiscovery.sidecarsNamespace Sidecars namespace to discover them using DNS discovery
|
|
##
|
|
dnsDiscovery:
|
|
enabled: true
|
|
sidecarsService: ""
|
|
sidecarsNamespace: ""
|
|
## @param query.stores Statically configure store APIs to connect with Thanos Query
|
|
##
|
|
stores: []
|
|
## @param query.sdConfig Query Service Discovery Configuration
|
|
## Specify content for servicediscovery.yml
|
|
##
|
|
sdConfig: ""
|
|
## @param query.existingSDConfigmap Name of existing ConfigMap with Ruler configuration
|
|
## NOTE: This will override query.sdConfig
|
|
##
|
|
existingSDConfigmap: ""
|
|
## @param query.extraEnvVars Extra environment variables for Thanos Query container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param query.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param query.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param query.extraFlags Extra Flags to passed to Thanos Query
|
|
##
|
|
extraFlags: []
|
|
## @param query.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param query.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param query.replicaCount Number of Thanos Query replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
## @param query.updateStrategy.type Update strategy type for Thanos Query replicas
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## K8s Pod Security Context for Thanos Query pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pods
|
|
## @param query.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Query containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param query.containerSecurityContext.enabled Enable container security context for the Thanos Query containers
|
|
## @param query.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query containers
|
|
## @param query.containerSecurityContext.runAsNonRoot Force the Thanos Query containers to run as a non root user
|
|
## @param query.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query containers
|
|
## @param query.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Query containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param query.resources.limits The resources limits for the Thanos Query container
|
|
## @param query.resources.requests The requested resources for the Thanos Query container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Query containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param query.livenessProbe.enabled Enable livenessProbe on Thanos Query containers
|
|
## @param query.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param query.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param query.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param query.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param query.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param query.readinessProbe.enabled Enable readinessProbe on Thanos Query containers
|
|
## @param query.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param query.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param query.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param query.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param query.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param query.startupProbe.enabled Enable startupProbe on Thanos Query containers
|
|
## @param query.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param query.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param query.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param query.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param query.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param query.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param query.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param query.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param query.initContainers Add additional init containers to the Thanos Query pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param query.sidecars Extra containers running as sidecars to Thanos Query pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param query.extraVolumes Extra volumes to add to Thanos Query
|
|
##
|
|
extraVolumes: []
|
|
## @param query.extraVolumeMounts Extra volume mounts to add to the query container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param query.podAffinityPreset Thanos Query pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param query.podAntiAffinityPreset Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## @param query.podAntiAffinityPresetTopologyKey Thanos Query pod anti-affinity topologyKey. Ignored if `query.affinity` is set.
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPresetTopologyKey: ""
|
|
## Thanos Query node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param query.nodeAffinityPreset.type Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param query.nodeAffinityPreset.key Thanos Query node label key to match Ignored if `query.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param query.nodeAffinityPreset.values Thanos Query node label values to match. Ignored if `query.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param query.affinity Thanos Query affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param query.nodeSelector Thanos Query node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param query.tolerations Thanos Query tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param query.podLabels Thanos Query pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param query.podAnnotations Annotations for Thanos Query pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param query.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param query.lifecycleHooks for the Thanos Query container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param query.priorityClassName Thanos Query priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param query.schedulerName Name of the k8s scheduler (other than default) for Thanos Query pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param query.topologySpreadConstraints Topology Spread Constraints for Thanos Query pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## Thanos Query GRPC parameters
|
|
## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags
|
|
##
|
|
grpc:
|
|
## GRPC server side
|
|
##
|
|
server:
|
|
## TLS configuration
|
|
## @param query.grpc.server.tls.enabled Enable TLS encryption in the GRPC server
|
|
## @param query.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
|
|
## @param query.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
|
|
## @param query.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
|
|
## @param query.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
|
|
## @param query.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates
|
|
## e.g:
|
|
## existingSecret:
|
|
## name: foo
|
|
## keyMapping:
|
|
## ca-cert: ca.pem
|
|
## tls-cert: cert.pem
|
|
## tls-key: key.pem
|
|
##
|
|
tls:
|
|
enabled: false
|
|
autoGenerated: false
|
|
cert: ""
|
|
key: ""
|
|
ca: ""
|
|
existingSecret: {}
|
|
## GRPC client side
|
|
##
|
|
client:
|
|
## @param query.grpc.client.serverName Server name to verify the hostname on the returned GRPC certificates
|
|
##
|
|
serverName: ""
|
|
## TLS configuration
|
|
## @param query.grpc.client.tls.enabled Enable TLS encryption in the GRPC server
|
|
## @param query.grpc.client.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
|
|
## @param query.grpc.client.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
|
|
## @param query.grpc.client.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
|
|
## @param query.grpc.client.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
|
|
## @param query.grpc.client.tls.existingSecret Existing secret containing your own TLS certificates
|
|
## e.g:
|
|
## existingSecret:
|
|
## name: foo
|
|
## keyMapping:
|
|
## ca-cert: ca.pem
|
|
## tls-cert: cert.pem
|
|
## tls-key: key.pem
|
|
##
|
|
tls:
|
|
enabled: false
|
|
autoGenerated: false
|
|
cert: ""
|
|
key: ""
|
|
ca: ""
|
|
existingSecret: {}
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param query.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param query.service.ports.http Thanos Query service HTTP port
|
|
##
|
|
ports:
|
|
http: 9090
|
|
## @param query.service.nodePorts.http Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
## @param query.service.clusterIP Thanos Query service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param query.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## Set the LoadBalancer service type to internal only
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param query.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param query.service.externalTrafficPolicy Thanos Query service externalTrafficPolicy
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param query.service.annotations Annotations for Thanos Query service
|
|
##
|
|
annotations: {}
|
|
## @param query.service.extraPorts Extra ports to expose in the Thanos Query service
|
|
##
|
|
extraPorts: []
|
|
## @param query.service.labelSelectorsOverride Selector for Thanos Query service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param query.service.additionalHeadless Additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
|
|
## Service GRPC parameters
|
|
##
|
|
serviceGrpc:
|
|
## @param query.serviceGrpc.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param query.serviceGrpc.ports.grpc Thanos Query service GRPC port
|
|
##
|
|
ports:
|
|
grpc: 10901
|
|
## @param query.serviceGrpc.nodePorts.grpc Specify the Thanos Query GRPC nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
grpc: ""
|
|
## @param query.serviceGrpc.clusterIP Thanos Query service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param query.serviceGrpc.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## Set the LoadBalancer service type to internal only
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param query.serviceGrpc.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param query.serviceGrpc.externalTrafficPolicy Thanos Query service externalTrafficPolicy
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param query.serviceGrpc.annotations Annotations for Thanos Query service
|
|
##
|
|
annotations: {}
|
|
## @param query.serviceGrpc.extraPorts Extra ports to expose in the Thanos Query service
|
|
##
|
|
extraPorts: []
|
|
## @param query.serviceGrpc.labelSelectorsOverride Selector for Thanos Query service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param query.serviceGrpc.additionalHeadless Additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
|
|
## Autoscaling parameters
|
|
## @param query.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param query.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param query.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account
|
|
## @param query.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED query.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## RBAC configuration
|
|
##
|
|
rbac:
|
|
## @param query.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Service Account
|
|
##
|
|
create: false
|
|
## @param query.rbac.rules Custom RBAC rules to set
|
|
## e.g:
|
|
## rules:
|
|
## - apiGroups:
|
|
## - ""
|
|
## resources:
|
|
## - pods
|
|
## verbs:
|
|
## - get
|
|
## - list
|
|
##
|
|
rules: []
|
|
## @param query.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query
|
|
## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
|
|
##
|
|
pspEnabled: false
|
|
## Thanos Query Autoscaling configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param query.autoscaling.enabled Enable autoscaling for Thanos Query
|
|
## @param query.autoscaling.minReplicas Minimum number of Thanos Query replicas
|
|
## @param query.autoscaling.maxReplicas Maximum number of Thanos Query replicas
|
|
## @param query.autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param query.autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: ""
|
|
maxReplicas: ""
|
|
targetCPU: ""
|
|
targetMemory: ""
|
|
## Thanos Query Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
## @param query.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query
|
|
## @param query.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param query.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
## Configure the ingress resource that allows you to access Thanos Query
|
|
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## @param query.ingress.enabled Enable ingress controller resource
|
|
##
|
|
enabled: false
|
|
## @param query.ingress.hostname Default host for the ingress resource
|
|
##
|
|
hostname: thanos.local
|
|
## @param query.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param query.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param query.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
## @param query.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos.local
|
|
## secretName: thanos.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param query.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param query.ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param query.ingress.tls Enable TLS configuration for the hostname defined at `query.ingress.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.hostname }}`
|
|
## You can:
|
|
## - Use the `query.ingress.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `query.ingress.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param query.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param query.ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param query.ingress.path Ingress path
|
|
##
|
|
path: /
|
|
## @param query.ingress.pathType Ingress path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
## Create an ingress object for the GRPC service. This requires an HTTP/2
|
|
## capable Ingress controller (eg. traefik using AWS NLB). Example annotations
|
|
## - ingress.kubernetes.io/protocol: h2c
|
|
## - service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
|
## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
|
|
## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/
|
|
## and also the documentation for your ingress controller.
|
|
##
|
|
## The options that are accepted are identical to the HTTP one listed above
|
|
##
|
|
grpc:
|
|
## @param query.ingress.grpc.enabled Enable ingress controller resource (GRPC)
|
|
##
|
|
enabled: false
|
|
## @param query.ingress.grpc.hostname Default host for the ingress resource (GRPC)
|
|
##
|
|
hostname: thanos-grpc.local
|
|
## @param query.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param query.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## Examples:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param query.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos-grpc.local
|
|
## path: /
|
|
##
|
|
extraHosts: []
|
|
## @param query.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos-grpc.local
|
|
## secretName: thanos-grpc.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param query.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos-grpc.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param query.ingress.grpc.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param query.ingress.grpc.tls Enable TLS configuration for the hostname defined at `query.ingress.grpc.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.grpc.hostname }}`
|
|
## You can:
|
|
## - Use the `query.ingress.grpc.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `query.ingress.grpc.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param query.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param query.ingress.grpc.apiVersion Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param query.ingress.grpc.path Ingress Path
|
|
##
|
|
path: /
|
|
## @param query.ingress.grpc.pathType Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## @section Thanos Query Frontend parameters
|
|
|
|
queryFrontend:
|
|
## @param queryFrontend.enabled Enable/disable Thanos Query Frontend component
|
|
##
|
|
enabled: true
|
|
## @param queryFrontend.logLevel Thanos Query Frontend log level
|
|
##
|
|
logLevel: info
|
|
## @param queryFrontend.logFormat Thanos Query Frontend log format
|
|
##
|
|
logFormat: logfmt
|
|
## @param queryFrontend.config Thanos Query Frontend configuration
|
|
## Specify content for config.yml
|
|
##
|
|
config: ""
|
|
## @param queryFrontend.existingConfigmap Name of existing ConfigMap with Thanos Query Frontend configuration
|
|
## NOTE: This will override queryFrontend.config
|
|
##
|
|
existingConfigmap: ""
|
|
## @param queryFrontend.extraEnvVars Extra environment variables for Thanos Query Frontend container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query Frontend nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query Frontend nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param queryFrontend.extraFlags Extra Flags to passed to Thanos Query Frontend
|
|
##
|
|
extraFlags: []
|
|
## @param queryFrontend.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param queryFrontend.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param queryFrontend.replicaCount Number of Thanos Query Frontend replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
## @param queryFrontend.updateStrategy.type Update strategy type for Thanos Query Frontend replicas
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## K8s Pod Security Context for Thanos Query Frontend pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Query Frontend pods
|
|
## @param queryFrontend.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query Frontend pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Query Frontend containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param queryFrontend.containerSecurityContext.enabled Enable container security context for the Thanos Query Frontend containers
|
|
## @param queryFrontend.containerSecurityContext.runAsUser User ID for the service user running the Thanos Query Frontend containers
|
|
## @param queryFrontend.containerSecurityContext.runAsNonRoot Force the Thanos Query Frontend containers to run as a non root user
|
|
## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Query Frontend containers
|
|
## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Query Frontend containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Query Frontend containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param queryFrontend.resources.limits The resources limits for the Thanos Query Frontend container
|
|
## @param queryFrontend.resources.requests The requested resources for the Thanos Query Frontend container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Query Frontend containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on Thanos Query Frontend containers
|
|
## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on Thanos Query Frontend containers
|
|
## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param queryFrontend.startupProbe.enabled Enable startupProbe on Thanos Query Frontend containers
|
|
## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param queryFrontend.initContainers Add additional init containers to the Thanos Query Frontend pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param queryFrontend.sidecars Extra containers running as sidecars to Thanos Query Frontend pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param queryFrontend.extraVolumes Extra volumes to add to Thanos Query Frontend
|
|
##
|
|
extraVolumes: []
|
|
## @param queryFrontend.extraVolumeMounts Extra volume mounts to add to the query-frontend container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param queryFrontend.podAffinityPreset Thanos Query Frontend pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param queryFrontend.podAntiAffinityPreset Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Thanos Query Frontend node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param queryFrontend.nodeAffinityPreset.type Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param queryFrontend.nodeAffinityPreset.key Thanos Query Frontend node label key to match. Ignored if `queryFrontend.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param queryFrontend.nodeAffinityPreset.values Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param queryFrontend.affinity Thanos Query Frontend affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param queryFrontend.nodeSelector Thanos Query Frontend node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param queryFrontend.tolerations Thanos Query Frontend tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param queryFrontend.podLabels Thanos Query Frontend pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param queryFrontend.podAnnotations Annotations for Thanos Query Frontend pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param queryFrontend.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param queryFrontend.lifecycleHooks for the Thanos Query Frontend container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param queryFrontend.priorityClassName Thanos Query Frontend priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param queryFrontend.schedulerName Name of the k8s scheduler (other than default) for Thanos Query Frontend pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param queryFrontend.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param queryFrontend.service.ports.http Thanos Query Frontend service HTTP port
|
|
##
|
|
ports:
|
|
http: 9090
|
|
## @param queryFrontend.service.nodePorts.http Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
## @param queryFrontend.service.clusterIP Thanos Query Frontend service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param queryFrontend.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## Set the LoadBalancer service type to internal only
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param queryFrontend.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param queryFrontend.service.externalTrafficPolicy Thanos Query Frontend service externalTrafficPolicy
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param queryFrontend.service.annotations Annotations for Thanos Query Frontend service
|
|
##
|
|
annotations: {}
|
|
## @param queryFrontend.service.labels Labels for Thanos Query Frontend service
|
|
##
|
|
labels: {}
|
|
## @param queryFrontend.service.extraPorts Extra ports to expose in the Thanos Query Frontend service
|
|
##
|
|
extraPorts: []
|
|
## @param queryFrontend.service.labelSelectorsOverride Selector for Thanos Query service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param queryFrontend.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param queryFrontend.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param queryFrontend.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account
|
|
## @param queryFrontend.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED queryFrontend.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## RBAC configuration
|
|
##
|
|
rbac:
|
|
## @param queryFrontend.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Frontend Service Account
|
|
##
|
|
create: false
|
|
## @param queryFrontend.rbac.rules Custom RBAC rules to set
|
|
## e.g:
|
|
## rules:
|
|
## - apiGroups:
|
|
## - ""
|
|
## resources:
|
|
## - pods
|
|
## verbs:
|
|
## - get
|
|
## - list
|
|
##
|
|
rules: []
|
|
## @param queryFrontend.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query Frontend
|
|
## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
|
|
##
|
|
pspEnabled: false
|
|
## Thanos Query Frontend Autoscaling configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param queryFrontend.autoscaling.enabled Enable autoscaling for Thanos Query Frontend
|
|
## @param queryFrontend.autoscaling.minReplicas Minimum number of Thanos Query Frontend replicas
|
|
## @param queryFrontend.autoscaling.maxReplicas Maximum number of Thanos Query Frontend replicas
|
|
## @param queryFrontend.autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param queryFrontend.autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: ""
|
|
maxReplicas: ""
|
|
targetCPU: ""
|
|
targetMemory: ""
|
|
## Thanos Query Frontend Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query Frontend
|
|
## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
## Configure the ingress resource that allows you to access Thanos Query Frontend
|
|
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## @param queryFrontend.ingress.enabled Enable ingress controller resource
|
|
##
|
|
enabled: false
|
|
## @param queryFrontend.ingress.hostname Default host for the ingress resource
|
|
##
|
|
hostname: thanos.local
|
|
## @param queryFrontend.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param queryFrontend.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param queryFrontend.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
## @param queryFrontend.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos.local
|
|
## secretName: thanos.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param queryFrontend.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param queryFrontend.ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param queryFrontend.ingress.tls Enable TLS configuration for the hostname defined at `queryFrontend.ingress.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.queryFrontend.ingress.hostname }}`
|
|
## You can:
|
|
## - Use the `queryFrontend.ingress.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `queryFrontend.ingress.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param queryFrontend.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param queryFrontend.ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param queryFrontend.ingress.path Ingress path
|
|
##
|
|
path: /
|
|
## @param queryFrontend.ingress.pathType Ingress path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## @section Thanos Bucket Web parameters
|
|
|
|
bucketweb:
|
|
## @param bucketweb.enabled Enable/disable Thanos Bucket Web component
|
|
##
|
|
enabled: false
|
|
## @param bucketweb.logLevel Thanos Bucket Web log level
|
|
##
|
|
logLevel: info
|
|
## @param bucketweb.logFormat Thanos Bucket Web log format
|
|
##
|
|
logFormat: logfmt
|
|
## @param bucketweb.refresh Refresh interval to download metadata from remote storage
|
|
##
|
|
refresh: 30m
|
|
## @param bucketweb.timeout Timeout to download metadata from remote storage
|
|
##
|
|
timeout: 5m
|
|
## @param bucketweb.extraEnvVars Extra environment variables for Thanos Bucket Web container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param bucketweb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Bucket Web nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param bucketweb.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Bucket Web nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param bucketweb.extraFlags Extra Flags to passed to Thanos Bucket Web
|
|
##
|
|
extraFlags: []
|
|
## @param bucketweb.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param bucketweb.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param bucketweb.replicaCount Number of Thanos Bucket Web replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
## @param bucketweb.updateStrategy.type Update strategy type for Thanos Bucket Web replicas
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## K8s Pod Security Context for Thanos Bucket Web pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucket Web pods
|
|
## @param bucketweb.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Bucket Web pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Bucket Web containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param bucketweb.containerSecurityContext.enabled Enable container security context for the Thanos Bucket Web containers
|
|
## @param bucketweb.containerSecurityContext.runAsUser User ID for the service user running the Thanos Bucket Web containers
|
|
## @param bucketweb.containerSecurityContext.runAsNonRoot Force the Thanos Bucket Web containers to run as a non root user
|
|
## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Bucket Web containers
|
|
## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Bucket Web containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Bucket Web containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param bucketweb.resources.limits The resources limits for the Thanos Bucket Web container
|
|
## @param bucketweb.resources.requests The requested resources for the Thanos Bucket Web container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Bucket Web containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param bucketweb.livenessProbe.enabled Enable livenessProbe on Thanos Bucket Web containers
|
|
## @param bucketweb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param bucketweb.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param bucketweb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param bucketweb.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param bucketweb.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param bucketweb.readinessProbe.enabled Enable readinessProbe on Thanos Bucket Web containers
|
|
## @param bucketweb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param bucketweb.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param bucketweb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param bucketweb.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param bucketweb.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param bucketweb.startupProbe.enabled Enable startupProbe on Thanos Bucket Web containers
|
|
## @param bucketweb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param bucketweb.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param bucketweb.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param bucketweb.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param bucketweb.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param bucketweb.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param bucketweb.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param bucketweb.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param bucketweb.initContainers Add additional init containers to the Thanos Bucket Web pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param bucketweb.sidecars Extra containers running as sidecars to Thanos Bucket Web pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param bucketweb.extraVolumes Extra volumes to add to Bucket Web
|
|
##
|
|
extraVolumes: []
|
|
## @param bucketweb.extraVolumeMounts Extra volume mounts to add to the bucketweb container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param bucketweb.podAffinityPreset Thanos Bucket Web pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param bucketweb.podAntiAffinityPreset Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Thanos Bucket Web node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param bucketweb.nodeAffinityPreset.type Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param bucketweb.nodeAffinityPreset.key Thanos Bucket Web node label key to match. Ignored if `bucketweb.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param bucketweb.nodeAffinityPreset.values Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param bucketweb.affinity Thanos Bucket Web affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param bucketweb.nodeSelector Thanos Bucket Web node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param bucketweb.tolerations Thanos Bucket Web tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param bucketweb.podLabels Thanos Bucket Web pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param bucketweb.podAnnotations Annotations for Thanos Bucket Web pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param bucketweb.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param bucketweb.lifecycleHooks for the Thanos Bucket Web container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param bucketweb.priorityClassName Thanos Bucket Web priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param bucketweb.schedulerName Name of the k8s scheduler (other than default) for Thanos Bucket Web pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param bucketweb.topologySpreadConstraints Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param bucketweb.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param bucketweb.service.ports.http Thanos Bucket Web service HTTP port
|
|
##
|
|
ports:
|
|
http: 8080
|
|
## @param bucketweb.service.nodePorts.http Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
## @param bucketweb.service.clusterIP Thanos Bucket Web service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param bucketweb.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param bucketweb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
##
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param bucketweb.service.externalTrafficPolicy Thanos Bucket Web service externalTrafficPolicy
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param bucketweb.service.annotations Annotations for Thanos Bucket Web service
|
|
##
|
|
annotations: {}
|
|
## @param bucketweb.service.extraPorts Extra ports to expose in the Thanos Bucket Web service
|
|
##
|
|
extraPorts: []
|
|
## @param bucketweb.service.labelSelectorsOverride Selector for Thanos Query service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param bucketweb.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param bucketweb.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param bucketweb.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account
|
|
## @param bucketweb.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED bucketweb.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## Thanos Bucket Web Autoscaling configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param bucketweb.autoscaling.enabled Enable autoscaling for Thanos Bucket Web
|
|
## @param bucketweb.autoscaling.minReplicas Minimum number of Thanos Bucket Web replicas
|
|
## @param bucketweb.autoscaling.maxReplicas Maximum number of Thanos Bucket Web replicas
|
|
## @param bucketweb.autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param bucketweb.autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: ""
|
|
maxReplicas: ""
|
|
targetCPU: ""
|
|
targetMemory: ""
|
|
## Thanos Bucket Web Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
## @param bucketweb.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Bucket Web
|
|
## @param bucketweb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param bucketweb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
## Configure the ingress resource that allows you to access Thanos Bucketweb
|
|
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## @param bucketweb.ingress.enabled Enable ingress controller resource
|
|
##
|
|
enabled: false
|
|
## @param bucketweb.ingress.hostname Default host for the ingress resource
|
|
##
|
|
hostname: thanos-bucketweb.local
|
|
## @param bucketweb.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param bucketweb.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param bucketweb.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos-bucketweb.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
## @param bucketweb.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos-bucketweb.local
|
|
## secretName: thanos-bucketweb.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param bucketweb.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos-bucketweb.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param bucketweb.ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param bucketweb.ingress.tls Enable TLS configuration for the hostname defined at `bucketweb.ingress.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.bucketweb.ingress.hostname }}`
|
|
## You can:
|
|
## - Use the `bucketweb.ingress.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `bucketweb.ingress.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param bucketweb.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param bucketweb.ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param bucketweb.ingress.path Ingress path
|
|
##
|
|
path: /
|
|
## @param bucketweb.ingress.pathType Ingress path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## @section Thanos Compactor parameters
|
|
|
|
compactor:
|
|
## @param compactor.enabled Enable/disable Thanos Compactor component
|
|
##
|
|
enabled: false
|
|
## @param compactor.logLevel Thanos Compactor log level
|
|
##
|
|
logLevel: info
|
|
## @param compactor.logFormat Thanos Compactor log format
|
|
##
|
|
logFormat: logfmt
|
|
## Resolution and Retention flags
|
|
## @param compactor.retentionResolutionRaw Resolution and Retention flag
|
|
## @param compactor.retentionResolution5m Resolution and Retention flag
|
|
## @param compactor.retentionResolution1h Resolution and Retention flag
|
|
##
|
|
retentionResolutionRaw: 30d
|
|
retentionResolution5m: 30d
|
|
retentionResolution1h: 10y
|
|
## @param compactor.consistencyDelay Minimum age of fresh (non-compacted) blocks before they are being processed
|
|
##
|
|
consistencyDelay: 30m
|
|
## @param compactor.extraEnvVars Extra environment variables for Thanos Compactor container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Compactor nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Compactor nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param compactor.extraFlags Extra Flags to passed to Thanos Compactor
|
|
##
|
|
extraFlags: []
|
|
## @param compactor.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param compactor.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param compactor.updateStrategy.type Update strategy type for Thanos Compactor replicas
|
|
##
|
|
updateStrategy:
|
|
type: Recreate
|
|
## K8s Pod Security Context for Thanos Compactor pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pods
|
|
## @param compactor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Compactor pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Compactor containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param compactor.containerSecurityContext.enabled Enable container security context for the Thanos Compactor containers
|
|
## @param compactor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Compactor containers
|
|
## @param compactor.containerSecurityContext.runAsNonRoot Force the Thanos Compactor containers to run as a non root user
|
|
## @param compactor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Compactor containers
|
|
## @param compactor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Compactor containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Compactor containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param compactor.resources.limits The resources limits for the Thanos Compactor container
|
|
## @param compactor.resources.requests The requested resources for the Thanos Compactor container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Compactor containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param compactor.livenessProbe.enabled Enable livenessProbe on Thanos Compactor containers
|
|
## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param compactor.readinessProbe.enabled Enable readinessProbe on Thanos Compactor containers
|
|
## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param compactor.startupProbe.enabled Enable startupProbe on Thanos Compactor containers
|
|
## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param compactor.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param compactor.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param compactor.initContainers Add additional init containers to the Thanos Compactor pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param compactor.sidecars Extra containers running as sidecars to Thanos Compactor pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param compactor.extraVolumes Extra volumes to add to Thanos Compactor
|
|
##
|
|
extraVolumes: []
|
|
## @param compactor.extraVolumeMounts Extra volume mounts to add to the compactor container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param compactor.podAffinityPreset Thanos Compactor pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param compactor.podAntiAffinityPreset Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Thanos Compactor node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param compactor.nodeAffinityPreset.type Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param compactor.nodeAffinityPreset.key Thanos Compactor node label key to match. Ignored if `compactor.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param compactor.nodeAffinityPreset.values Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param compactor.affinity Thanos Compactor affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param compactor.nodeSelector Thanos Compactor node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param compactor.tolerations Thanos Compactor tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param compactor.podLabels Thanos Compactor pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param compactor.podAnnotations Annotations for Thanos Compactor pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param compactor.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param compactor.lifecycleHooks for the Thanos Compactor container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param compactor.priorityClassName Thanos Compactor priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param compactor.schedulerName Name of the k8s scheduler (other than default) for Thanos Compactor pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param compactor.topologySpreadConstraints Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param compactor.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param compactor.service.ports.http Thanos Compactor service HTTP port
|
|
##
|
|
ports:
|
|
http: 9090
|
|
## @param compactor.service.nodePorts.http Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
## @param compactor.service.clusterIP Thanos Compactor service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param compactor.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## Set the LoadBalancer service type to internal only
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param compactor.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param compactor.service.externalTrafficPolicy Thanos Compactor service externalTrafficPolicy
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param compactor.service.annotations Annotations for Thanos Compactor service
|
|
##
|
|
annotations: {}
|
|
## @param compactor.service.extraPorts Extra ports to expose in the Thanos Compactor service
|
|
##
|
|
extraPorts: []
|
|
## @param compactor.service.labelSelectorsOverride Selector for Thanos Query service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param compactor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param compactor.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param compactor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account
|
|
## @param compactor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED compactor.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## Configure the ingress resource that allows you to access Thanos Query Frontend
|
|
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## @param compactor.ingress.enabled Enable ingress controller resource
|
|
##
|
|
enabled: false
|
|
## @param compactor.ingress.hostname Default host for the ingress resource
|
|
##
|
|
hostname: thanos-compactor.local
|
|
## @param compactor.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param compactor.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param compactor.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
## @param compactor.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos.local
|
|
## secretName: thanos.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param compactor.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param compactor.ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param compactor.ingress.tls Enable TLS configuration for the hostname defined at `compactor.ingress.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.compactor.ingress.hostname }}`
|
|
## You can:
|
|
## - Use the `compactor.ingress.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `compactor.ingress.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param compactor.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param compactor.ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param compactor.ingress.path Ingress path
|
|
##
|
|
path: /
|
|
## @param compactor.ingress.pathType Ingress path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
## @param compactor.persistence.enabled Enable data persistence using PVC(s) on Thanos Compactor pods
|
|
##
|
|
enabled: true
|
|
## @param compactor.persistence.storageClass Specify the `storageClass` used to provision the volume
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
storageClass: ""
|
|
## @param compactor.persistence.accessModes PVC Access Modes for data volume
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## @param compactor.persistence.size PVC Storage Request for data volume
|
|
##
|
|
size: 8Gi
|
|
## @param compactor.persistence.annotations Annotations for the PVC
|
|
##
|
|
annotations: {}
|
|
## @param compactor.persistence.existingClaim Name of an existing PVC to use
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
##
|
|
existingClaim: ""
|
|
|
|
## @section Thanos Store Gateway parameters
|
|
|
|
storegateway:
|
|
## @param storegateway.enabled Enable/disable Thanos Store Gateway component
|
|
##
|
|
enabled: false
|
|
## @param storegateway.logLevel Thanos Store Gateway log level
|
|
##
|
|
logLevel: info
|
|
## @param storegateway.logFormat Thanos Store Gateway log format
|
|
##
|
|
logFormat: logfmt
|
|
## @param storegateway.config Thanos Store Gateway configuration
|
|
## Specify content for config.yml
|
|
##
|
|
config: ""
|
|
## @param storegateway.existingConfigmap Name of existing ConfigMap with Thanos Store Gateway configuration
|
|
## NOTE: This will override storegateway.config
|
|
##
|
|
existingConfigmap: ""
|
|
## Thanos Store Gateway GRPC parameters
|
|
## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/store.md#flags
|
|
##
|
|
grpc:
|
|
## GRPC server side
|
|
##
|
|
server:
|
|
## TLS configuration
|
|
## @param storegateway.grpc.server.tls.enabled Enable TLS encryption in the GRPC server
|
|
## @param storegateway.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
|
|
## @param storegateway.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
|
|
## @param storegateway.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
|
|
## @param storegateway.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
|
|
## @param storegateway.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates
|
|
## e.g:
|
|
## existingSecret:
|
|
## name: foo
|
|
## keyMapping:
|
|
## ca-cert: ca.pem
|
|
## tls-cert: cert.pem
|
|
## tls-key: key.pem
|
|
##
|
|
tls:
|
|
enabled: false
|
|
autoGenerated: false
|
|
cert: ""
|
|
key: ""
|
|
ca: ""
|
|
existingSecret: {}
|
|
## @param storegateway.extraEnvVars Extra environment variables for Thanos Store Gateway container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param storegateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Store Gateway nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param storegateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Store Gateway nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param storegateway.extraFlags Extra Flags to passed to Thanos Store Gateway
|
|
##
|
|
extraFlags: []
|
|
## @param storegateway.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param storegateway.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param storegateway.replicaCount Number of Thanos Store Gateway replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
## @param storegateway.updateStrategy.type Update strategy type for Thanos Store Gateway replicas
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## @param storegateway.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
|
|
##
|
|
podManagementPolicy: OrderedReady
|
|
## K8s Pod Security Context for Thanos Store Gateway pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Store Gateway pods
|
|
## @param storegateway.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Store Gateway pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Store Gateway containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param storegateway.containerSecurityContext.enabled Enable container security context for the Thanos Store Gateway containers
|
|
## @param storegateway.containerSecurityContext.runAsUser User ID for the service user running the Thanos Store Gateway containers
|
|
## @param storegateway.containerSecurityContext.runAsNonRoot Force the Thanos Store Gateway containers to run as a non root user
|
|
## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Store Gateway containers
|
|
## @param storegateway.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Store Gateway containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Store Gateway containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param storegateway.resources.limits The resources limits for the Thanos Store Gateway container
|
|
## @param storegateway.resources.requests The requested resources for the Thanos Store Gateway container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Store Gateway containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param storegateway.livenessProbe.enabled Enable livenessProbe on Thanos Store Gateway containers
|
|
## @param storegateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param storegateway.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param storegateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param storegateway.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param storegateway.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param storegateway.readinessProbe.enabled Enable readinessProbe on Thanos Store Gateway containers
|
|
## @param storegateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param storegateway.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param storegateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param storegateway.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param storegateway.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param storegateway.startupProbe.enabled Enable startupProbe on Thanos Store Gateway containers
|
|
## @param storegateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param storegateway.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param storegateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param storegateway.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param storegateway.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param storegateway.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param storegateway.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param storegateway.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param storegateway.initContainers Add additional init containers to the Thanos Store Gateway pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param storegateway.sidecars Extra containers running as sidecars to Thanos Store Gateway pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param storegateway.extraVolumes Extra volumes to add to Thanos Store Gateway
|
|
##
|
|
extraVolumes: []
|
|
## @param storegateway.extraVolumeMounts Extra volume mounts to add to the storegateway container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param storegateway.podAffinityPreset Thanos Store Gateway pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param storegateway.podAntiAffinityPreset Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Thanos Store Gateway node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param storegateway.nodeAffinityPreset.type Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param storegateway.nodeAffinityPreset.key Thanos Store Gateway node label key to match. Ignored if `storegateway.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param storegateway.nodeAffinityPreset.values Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param storegateway.affinity Thanos Store Gateway affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param storegateway.nodeSelector Thanos Store Gateway node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param storegateway.tolerations Thanos Store Gateway tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param storegateway.podLabels Thanos Store Gateway pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param storegateway.podAnnotations Annotations for Thanos Store Gateway pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param storegateway.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param storegateway.lifecycleHooks for the Thanos Store Gateway container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param storegateway.priorityClassName Thanos Store Gateway priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param storegateway.topologySpreadConstraints Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## @param storegateway.schedulerName Name of the k8s scheduler (other than default) for Thanos Store Gateway pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param storegateway.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param storegateway.service.ports.http Thanos Store Gateway service HTTP port
|
|
## @param storegateway.service.ports.grpc Thanos Store Gateway service GRPC port
|
|
##
|
|
ports:
|
|
http: 9090
|
|
grpc: 10901
|
|
## @param storegateway.service.nodePorts.http Specify the Thanos Store Gateway HTTP nodePort value for the LoadBalancer and NodePort service types
|
|
## @param storegateway.service.nodePorts.grpc Specify the Thanos Store Gateway GRPC nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
grpc: ""
|
|
## @param storegateway.service.clusterIP Thanos Store Gateway service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param storegateway.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## Set the LoadBalancer service type to internal only
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param storegateway.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param storegateway.service.externalTrafficPolicy Thanos Store Gateway service externalTrafficPolicy
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param storegateway.service.annotations Annotations for Thanos Store Gateway service
|
|
##
|
|
annotations: {}
|
|
## @param storegateway.service.extraPorts Extra ports to expose in the Thanos Store Gateway service
|
|
##
|
|
extraPorts: []
|
|
## @param storegateway.service.labelSelectorsOverride Selector for Thanos Query service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param storegateway.service.additionalHeadless Additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
## @param storegateway.persistence.enabled Enable data persistence using PVC(s) on Thanos Store Gateway pods
|
|
##
|
|
enabled: true
|
|
## @param storegateway.persistence.storageClass Specify the `storageClass` used to provision the volume
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
storageClass: ""
|
|
## @param storegateway.persistence.accessModes PVC Access Modes for data volume
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## @param storegateway.persistence.size PVC Storage Request for data volume
|
|
##
|
|
size: 8Gi
|
|
## @param storegateway.persistence.labels Labels for the PVC
|
|
##
|
|
labels: {}
|
|
## @param storegateway.persistence.annotations Annotations for the PVC
|
|
##
|
|
annotations: {}
|
|
## @param storegateway.persistence.existingClaim Name of an existing PVC to use
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
##
|
|
existingClaim: ""
|
|
## @param storegateway.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param storegateway.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param storegateway.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account
|
|
## @param storegateway.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED storegateway.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## Thanos Store Gateway Autoscaling configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway
|
|
## @param storegateway.autoscaling.minReplicas Minimum number of Thanos Store Gateway replicas
|
|
## @param storegateway.autoscaling.maxReplicas Maximum number of Thanos Store Gateway replicas
|
|
## @param storegateway.autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param storegateway.autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: ""
|
|
maxReplicas: ""
|
|
targetCPU: ""
|
|
targetMemory: ""
|
|
## Thanos Store Gateway Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
## @param storegateway.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Store Gateway
|
|
## @param storegateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param storegateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
## Configure the ingress resource that allows you to access Thanos Query Frontend
|
|
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## @param storegateway.ingress.enabled Enable ingress controller resource
|
|
##
|
|
enabled: false
|
|
## @param storegateway.ingress.hostname Default host for the ingress resource
|
|
##
|
|
hostname: thanos-storegateway.local
|
|
## @param storegateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param storegateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param storegateway.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
## @param storegateway.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos.local
|
|
## secretName: thanos.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param storegateway.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param storegateway.ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param storegateway.ingress.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.hostname }}`
|
|
## You can:
|
|
## - Use the `storegateway.ingress.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param storegateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param storegateway.ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param storegateway.ingress.path Ingress path
|
|
##
|
|
path: /
|
|
## @param storegateway.ingress.pathType Ingress path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
## Create an ingress object for the GRPC service. This requires an HTTP/2
|
|
## capable Ingress controller (eg. traefik using AWS NLB). Example annotations
|
|
## - ingress.kubernetes.io/protocol: h2c
|
|
## - service.beta.kubernetes.io/aws-load-balancer-type: nlb
|
|
## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
|
|
## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/
|
|
## and also the documentation for your ingress controller.
|
|
##
|
|
## The options that are accepted are identical to the HTTP one listed above
|
|
##
|
|
grpc:
|
|
## @param storegateway.ingress.grpc.enabled Enable ingress controller resource (GRPC)
|
|
##
|
|
enabled: false
|
|
## @param storegateway.ingress.grpc.hostname Default host for the ingress resource (GRPC)
|
|
##
|
|
hostname: thanos-grpc.local
|
|
## @param storegateway.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param storegateway.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## Examples:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param storegateway.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos-grpc.local
|
|
## path: /
|
|
##
|
|
extraHosts: []
|
|
## @param storegateway.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos-grpc.local
|
|
## secretName: thanos-grpc.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param storegateway.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos-grpc.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param storegateway.ingress.grpc.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param storegateway.ingress.grpc.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.grpc.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.grpc.hostname }}`
|
|
## You can:
|
|
## - Use the `storegateway.ingress.grpc.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.grpc.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param storegateway.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param storegateway.ingress.grpc.apiVersion Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param storegateway.ingress.grpc.path Ingress Path
|
|
##
|
|
path: /
|
|
## @param storegateway.ingress.grpc.pathType Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
## Sharded parameters
|
|
## @param storegateway.sharded.enabled Enable sharding for Thanos Store Gateway
|
|
## @param storegateway.sharded.hashPartitioning.shards Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks
|
|
## @param storegateway.sharded.timePartitioning [array] Setting time timePartitioning will create multiple store deployments based on the number of partitions
|
|
## @param storegateway.sharded.service.clusterIPs Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards
|
|
## e.g:
|
|
## clusterIPs:
|
|
## - X.X.X.X
|
|
## - Y.Y.Y.Y
|
|
## @param storegateway.sharded.service.loadBalancerIPs Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards
|
|
## e.g:
|
|
## loadBalancerIPs:
|
|
## - X.X.X.X
|
|
## - Y.Y.Y.Y
|
|
## @param storegateway.sharded.service.http.nodePorts Array of http node ports used for Store Gateway service. Length must be the same as the number of shards
|
|
## e.g:
|
|
## nodePorts:
|
|
## - 30001
|
|
## - 30002
|
|
## @param storegateway.sharded.service.grpc.nodePorts Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards
|
|
## e.g:
|
|
## nodePorts:
|
|
## - 30011
|
|
## - 30012
|
|
##
|
|
sharded:
|
|
enabled: false
|
|
hashPartitioning:
|
|
shards: ""
|
|
timePartitioning:
|
|
- min: ""
|
|
max: ""
|
|
service:
|
|
clusterIPs: []
|
|
loadBalancerIPs: []
|
|
http:
|
|
nodePorts: []
|
|
grpc:
|
|
nodePorts: []
|
|
|
|
## @section Thanos Ruler parameters
|
|
|
|
ruler:
|
|
## @param ruler.enabled Enable/disable Thanos Ruler component
|
|
##
|
|
enabled: false
|
|
## @param ruler.logLevel Thanos Ruler log level
|
|
##
|
|
logLevel: info
|
|
## @param ruler.logFormat Thanos Ruler log format
|
|
##
|
|
logFormat: logfmt
|
|
## @param ruler.replicaLabel Label to treat as a replica indicator along which data is de-duplicated
|
|
##
|
|
replicaLabel: replica
|
|
## @param ruler.dnsDiscovery.enabled Dynamically configure Query APIs using DNS discovery
|
|
##
|
|
dnsDiscovery:
|
|
enabled: true
|
|
## @param ruler.alertmanagers Alert managers URLs array
|
|
## NOTE: This is only used when ruler.alertmanagersConfig is not set
|
|
##
|
|
alertmanagers: []
|
|
## @param ruler.alertmanagersConfig Alert managers configuration
|
|
## NOTE: This is only used when ruler.alertmanagers is not set
|
|
## ref: https://thanos.io/tip/components/rule.md/#alertmanager
|
|
## e.g:
|
|
## alertmanagersConfig:
|
|
## alertmanagers:
|
|
## - http_config:
|
|
## basic_auth:
|
|
## username: some_user
|
|
## password: some_pass
|
|
## static_configs:
|
|
## - alertmanager.thanos.io
|
|
## scheme: http
|
|
## timeout: 10s
|
|
## api_version: v2
|
|
##
|
|
alertmanagersConfig: ""
|
|
## @param ruler.evalInterval The default evaluation interval to use
|
|
##
|
|
evalInterval: 1m
|
|
## @param ruler.clusterName Used to set the 'ruler_cluster' label
|
|
##
|
|
clusterName: ""
|
|
## @param ruler.config Ruler configuration
|
|
## Specify content for ruler.yml
|
|
##
|
|
config: ""
|
|
## @param ruler.existingConfigmap Name of existing ConfigMap with Ruler configuration
|
|
## NOTE: This will override ruler.config
|
|
##
|
|
existingConfigmap: ""
|
|
## @param ruler.extraEnvVars Extra environment variables for Thanos Ruler container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Ruler nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Ruler nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param ruler.extraFlags Extra Flags to passed to Thanos Ruler
|
|
##
|
|
extraFlags: []
|
|
## @param ruler.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param ruler.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param ruler.replicaCount Number of Thanos Ruler replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
## @param ruler.updateStrategy.type Update strategy type for Thanos Ruler replicas
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## @param ruler.podManagementPolicy Statefulset Pod Management Policy Type
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
|
|
##
|
|
podManagementPolicy: OrderedReady
|
|
## K8s Pod Security Context for Thanos Ruler pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pods
|
|
## @param ruler.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Ruler pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Ruler containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param ruler.containerSecurityContext.enabled Enable container security context for the Thanos Ruler containers
|
|
## @param ruler.containerSecurityContext.runAsUser User ID for the service user running the Thanos Ruler containers
|
|
## @param ruler.containerSecurityContext.runAsNonRoot Force the Thanos Ruler containers to run as a non root user
|
|
## @param ruler.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Ruler containers
|
|
## @param ruler.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Ruler containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Ruler containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param ruler.resources.limits The resources limits for the Thanos Ruler container
|
|
## @param ruler.resources.requests The requested resources for the Thanos Ruler container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Ruler containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param ruler.livenessProbe.enabled Enable livenessProbe on Thanos Ruler containers
|
|
## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param ruler.readinessProbe.enabled Enable readinessProbe on Thanos Ruler containers
|
|
## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param ruler.startupProbe.enabled Enable startupProbe on Thanos Ruler containers
|
|
## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param ruler.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param ruler.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param ruler.initContainers Add additional init containers to the Thanos Ruler pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param ruler.sidecars Extra containers running as sidecars to Thanos Ruler pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param ruler.extraVolumes Extra volumes to add to Thanos Ruler
|
|
##
|
|
extraVolumes: []
|
|
## @param ruler.extraVolumeMounts Extra volume mounts to add to the ruler container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param ruler.podAffinityPreset Thanos Ruler pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param ruler.podAntiAffinityPreset Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Thanos Ruler node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param ruler.nodeAffinityPreset.type Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param ruler.nodeAffinityPreset.key Thanos Ruler node label key to match. Ignored if `ruler.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param ruler.nodeAffinityPreset.values Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param ruler.affinity Thanos Ruler affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param ruler.nodeSelector Thanos Ruler node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param ruler.tolerations Thanos Ruler tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param ruler.podLabels Thanos Ruler pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param ruler.podAnnotations Annotations for Thanos Ruler pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param ruler.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param ruler.lifecycleHooks for the Thanos Ruler container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param ruler.priorityClassName Thanos Ruler priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param ruler.schedulerName Name of the k8s scheduler (other than default) for Thanos Ruler pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param ruler.topologySpreadConstraints Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param ruler.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param ruler.service.ports.http Thanos Ruler service HTTP port
|
|
## @param ruler.service.ports.grpc Thanos Ruler service GRPC port
|
|
##
|
|
ports:
|
|
http: 9090
|
|
grpc: 10901
|
|
## @param ruler.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types
|
|
## @param ruler.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
grpc: ""
|
|
## @param ruler.service.clusterIP Thanos Ruler service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param ruler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## Set the LoadBalancer service type to internal only
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param ruler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param ruler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param ruler.service.annotations Annotations for Thanos Ruler service
|
|
##
|
|
annotations: {}
|
|
## @param ruler.service.extraPorts Extra ports to expose in the Thanos Ruler service
|
|
##
|
|
extraPorts: []
|
|
## @param ruler.service.labelSelectorsOverride Selector for Thanos Query service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param ruler.service.additionalHeadless Additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
## @param ruler.persistence.enabled Enable data persistence using PVC(s) on Thanos Ruler pods
|
|
##
|
|
enabled: true
|
|
## @param ruler.persistence.storageClass Specify the `storageClass` used to provision the volume
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
storageClass: ""
|
|
## @param ruler.persistence.accessModes PVC Access Modes for data volume
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## @param ruler.persistence.size PVC Storage Request for data volume
|
|
##
|
|
size: 8Gi
|
|
## @param ruler.persistence.annotations Annotations for the PVC
|
|
##
|
|
annotations: {}
|
|
## @param ruler.persistence.existingClaim Name of an existing PVC to use
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
##
|
|
existingClaim: ""
|
|
## @param ruler.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param ruler.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param ruler.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account
|
|
## @param ruler.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED ruler.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## Thanos Ruler Autoscaling configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param ruler.autoscaling.enabled Enable autoscaling for Thanos Ruler
|
|
## @param ruler.autoscaling.minReplicas Minimum number of Thanos Ruler replicas
|
|
## @param ruler.autoscaling.maxReplicas Maximum number of Thanos Ruler replicas
|
|
## @param ruler.autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param ruler.autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: ""
|
|
maxReplicas: ""
|
|
targetCPU: ""
|
|
targetMemory: ""
|
|
## Thanos Ruler Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Ruler
|
|
## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
## Configure the ingress resource that allows you to access Thanos Ruler
|
|
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## @param ruler.ingress.enabled Enable ingress controller resource
|
|
##
|
|
enabled: false
|
|
## @param ruler.ingress.hostname Default host for the ingress resource
|
|
##
|
|
hostname: thanos-ruler.local
|
|
## @param ruler.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param ruler.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param ruler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
## @param ruler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos.local
|
|
## secretName: thanos.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param ruler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param ruler.ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param ruler.ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param ruler.ingress.path Ingress path
|
|
##
|
|
path: /
|
|
## @param ruler.ingress.pathType Ingress path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## @section Thanos Receive parameters
|
|
|
|
receive:
|
|
## @param receive.enabled Enable/disable Thanos Receive component
|
|
##
|
|
enabled: false
|
|
## @param receive.mode Mode to run receiver in. Valid options are "standalone" or "dual-mode"
|
|
## ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md
|
|
## Enables running the Thanos Receiver in dual mode. Setting this to "dual-mode" will create a deployment for
|
|
## the stateless thanos distributor.
|
|
mode: standalone
|
|
## @param receive.logLevel Thanos Receive log level
|
|
##
|
|
logLevel: info
|
|
## @param receive.logFormat Thanos Receive log format
|
|
##
|
|
logFormat: logfmt
|
|
## @param receive.tsdbRetention Thanos Receive TSDB retention period
|
|
##
|
|
tsdbRetention: 15d
|
|
## @param receive.replicationFactor Thanos Receive replication-factor
|
|
##
|
|
replicationFactor: 1
|
|
## @param receive.config Receive Hashring configuration
|
|
## Note: json formatted string and yaml allowed.
|
|
## e.g:
|
|
## config:
|
|
## - endpoints:
|
|
## - "127.0.0.1:10901"
|
|
##
|
|
config: []
|
|
## @param receive.existingConfigmap Name of existing ConfigMap with Thanos Receive Hashring configuration
|
|
## NOTE: This will override receive.config
|
|
##
|
|
existingConfigmap: ""
|
|
## @param receive.replicaLabel Label to treat as a replica indicator along which data is de-duplicated
|
|
##
|
|
replicaLabel: replica
|
|
## Thanos Receive parameters
|
|
## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags
|
|
##
|
|
grpc:
|
|
## GRPC server side
|
|
##
|
|
server:
|
|
## TLS configuration
|
|
## @param receive.grpc.server.tls.enabled Enable TLS encryption in the GRPC server
|
|
## @param receive.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates
|
|
## @param receive.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided
|
|
## @param receive.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided
|
|
## @param receive.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided
|
|
## @param receive.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates
|
|
## e.g:
|
|
## existingSecret:
|
|
## name: foo
|
|
## keyMapping:
|
|
## ca-cert: ca.pem
|
|
## tls-cert: cert.pem
|
|
## tls-key: key.pem
|
|
##
|
|
tls:
|
|
enabled: false
|
|
autoGenerated: false
|
|
cert: ""
|
|
key: ""
|
|
ca: ""
|
|
existingSecret: {}
|
|
## @param receive.extraEnvVars Extra environment variables for Thanos Receive container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param receive.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param receive.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param receive.extraFlags Extra Flags to passed to Thanos Receive
|
|
##
|
|
extraFlags: []
|
|
## @param receive.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param receive.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param receive.replicaCount Number of Thanos Receive replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
## @param receive.updateStrategy.type Update strategy type for Thanos Receive replicas
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## @param receive.podManagementPolicy
|
|
## @param receive.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
|
|
##
|
|
podManagementPolicy: OrderedReady
|
|
## K8s Pod Security Context for Thanos Receive pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pods
|
|
## @param receive.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Receive containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param receive.containerSecurityContext.enabled Enable container security context for the Thanos Receive containers
|
|
## @param receive.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive containers
|
|
## @param receive.containerSecurityContext.runAsNonRoot Force the Thanos Receive containers to run as a non root user
|
|
## @param receive.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive containers
|
|
## @param receive.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Receive containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param receive.resources.limits The resources limits for the Thanos Receive container
|
|
## @param receive.resources.requests The requested resources for the Thanos Receive container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Receive containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param receive.livenessProbe.enabled Enable livenessProbe on Thanos Receive containers
|
|
## @param receive.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param receive.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param receive.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param receive.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param receive.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param receive.readinessProbe.enabled Enable readinessProbe on Thanos Receive containers
|
|
## @param receive.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param receive.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param receive.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param receive.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param receive.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param receive.startupProbe.enabled Enable startupProbe on Thanos Receive containers
|
|
## @param receive.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param receive.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param receive.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param receive.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param receive.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param receive.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param receive.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param receive.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param receive.initContainers Add additional init containers to the Thanos Receive pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param receive.sidecars Extra containers running as sidecars to Thanos Receive pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param receive.extraVolumes Extra volumes to add to Thanos Receive
|
|
##
|
|
extraVolumes: []
|
|
## @param receive.extraVolumeMounts Extra volume mounts to add to the receive container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param receive.podAffinityPreset Thanos Receive pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param receive.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Thanos Receive node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param receive.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receive.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param receive.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receive.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param receive.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receive.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param receive.affinity Thanos Receive affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param receive.nodeSelector Thanos Receive node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param receive.tolerations Thanos Receive tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param receive.podLabels Thanos Receive pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param receive.podAnnotations Annotations for Thanos Receive pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param receive.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param receive.lifecycleHooks for the Thanos Receive container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param receive.priorityClassName Thanos Receive priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param receive.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param receive.topologySpreadConstraints Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## @param receive.service.type Kubernetes service type
|
|
##
|
|
type: ClusterIP
|
|
## @param receive.service.ports.http Thanos Ruler service HTTP port
|
|
## @param receive.service.ports.grpc Thanos Ruler service GRPC port
|
|
## @param receive.service.ports.remote Thanos Ruler service remote port
|
|
##
|
|
ports:
|
|
http: 10902
|
|
grpc: 10901
|
|
remote: 19291
|
|
## @param receive.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types
|
|
## @param receive.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types
|
|
## @param receive.service.nodePorts.remote Specify the Thanos Ruler remote nodePort value for the LoadBalancer and NodePort service types
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
|
##
|
|
nodePorts:
|
|
http: ""
|
|
grpc: ""
|
|
remote: ""
|
|
## @param receive.service.clusterIP Thanos Ruler service clusterIP IP
|
|
## e.g:
|
|
## clusterIP: None
|
|
##
|
|
clusterIP: ""
|
|
## @param receive.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer`
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
loadBalancerIP: ""
|
|
## @param receive.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer
|
|
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
|
## e.g:
|
|
## loadBalancerSourceRanges:
|
|
## - 10.10.10.0/24
|
|
##
|
|
loadBalancerSourceRanges: []
|
|
## @param receive.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy
|
|
## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
|
|
##
|
|
externalTrafficPolicy: Cluster
|
|
## @param receive.service.annotations Annotations for Thanos Receive service
|
|
##
|
|
annotations: {}
|
|
## @param receive.service.extraPorts Extra ports to expose in the Thanos Receive service
|
|
##
|
|
extraPorts: []
|
|
## @param receive.service.labelSelectorsOverride Selector for Thanos receive service
|
|
##
|
|
labelSelectorsOverride: {}
|
|
## @param receive.service.additionalHeadless Additional Headless service
|
|
##
|
|
additionalHeadless: false
|
|
## @param receive.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param receive.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param receive.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account
|
|
## @param receive.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## Thanos Receive Autoscaling configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive
|
|
## @param receive.autoscaling.minReplicas Minimum number of Thanos Receive replicas
|
|
## @param receive.autoscaling.maxReplicas Maximum number of Thanos Receive replicas
|
|
## @param receive.autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param receive.autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: ""
|
|
maxReplicas: ""
|
|
targetCPU: ""
|
|
targetMemory: ""
|
|
## Thanos Receive Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
## @param receive.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive
|
|
## @param receive.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param receive.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
## Persistence parameters
|
|
##
|
|
persistence:
|
|
## @param receive.persistence.enabled Enable data persistence using PVC(s) on Thanos Receive pods
|
|
##
|
|
enabled: true
|
|
## @param receive.persistence.storageClass Specify the `storageClass` used to provision the volume
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner.
|
|
##
|
|
storageClass: ""
|
|
## @param receive.persistence.accessModes PVC Access Modes for data volume
|
|
##
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
## @param receive.persistence.size PVC Storage Request for data volume
|
|
##
|
|
size: 8Gi
|
|
## @param receive.persistence.annotations Annotations for the PVC
|
|
##
|
|
annotations: {}
|
|
## @param receive.persistence.existingClaim Name of an existing PVC to use
|
|
## If defined, PVC must be created manually before volume will be bound
|
|
##
|
|
existingClaim: ""
|
|
## Configure the ingress resource that allows you to access Thanos Receive
|
|
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
|
##
|
|
ingress:
|
|
## @param receive.ingress.enabled Set to true to enable ingress record generation
|
|
##
|
|
enabled: false
|
|
## @param receive.ingress.hostname When the ingress is enabled, a host pointing to this will be created
|
|
##
|
|
hostname: thanos-receive.local
|
|
## @param receive.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
|
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
|
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
|
##
|
|
ingressClassName: ""
|
|
## @param receive.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
## Use this parameter to set the required annotations for cert-manager, see
|
|
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
|
##
|
|
## e.g:
|
|
## annotations:
|
|
## kubernetes.io/ingress.class: nginx
|
|
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
|
##
|
|
annotations: {}
|
|
## @param receive.ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
|
|
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
|
|
## extraHosts:
|
|
## - name: thanos.local
|
|
## path: /
|
|
## pathType: ImplementationSpecific
|
|
##
|
|
extraHosts: []
|
|
## @param receive.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
|
|
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
|
## extraTls:
|
|
## - hosts:
|
|
## - thanos.local
|
|
## secretName: thanos.local-tls
|
|
##
|
|
extraTls: []
|
|
## @param receive.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
|
|
## key and certificate should start with -----BEGIN CERTIFICATE----- or
|
|
## -----BEGIN RSA PRIVATE KEY-----
|
|
##
|
|
## name should line up with a tlsSecret set further up
|
|
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
|
|
##
|
|
## It is also possible to create and manage the certificates outside of this helm chart
|
|
## Please see README.md for more information
|
|
## e.g:
|
|
## - name: thanos.local-tls
|
|
## key:
|
|
## certificate:
|
|
##
|
|
secrets: []
|
|
## @param receive.ingress.extraRules Additional rules to be covered with this ingress record
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
|
## e.g:
|
|
## extraRules:
|
|
## - host: example.local
|
|
## http:
|
|
## path: /
|
|
## backend:
|
|
## service:
|
|
## name: example-svc
|
|
## port:
|
|
## name: http
|
|
##
|
|
extraRules: []
|
|
## @param receive.ingress.tls Enable TLS configuration for the hostname defined at `receive.ingress.hostname` parameter
|
|
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.receive.ingress.hostname }}`
|
|
## You can:
|
|
## - Use the `receive.ingress.secrets` parameter to create this TLS secret
|
|
## - Rely on cert-manager to create it by setting the corresponding annotations
|
|
## - Rely on Helm to create self-signed certificates by setting `receive.ingress.selfSigned=true`
|
|
##
|
|
tls: false
|
|
## @param receive.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
|
##
|
|
selfSigned: false
|
|
## @param receive.ingress.apiVersion Override API Version (automatically detected if not set)
|
|
##
|
|
apiVersion: ""
|
|
## @param receive.ingress.path Ingress Path
|
|
##
|
|
path: /
|
|
## @param receive.ingress.pathType Ingress Path type
|
|
##
|
|
pathType: ImplementationSpecific
|
|
|
|
## @section Thanos Receive Distributor parameters
|
|
|
|
receiveDistributor:
|
|
## @param receiveDistributor.enabled Enable/disable Thanos Receive Distributor component
|
|
##
|
|
enabled: false
|
|
## @param receiveDistributor.logLevel Thanos Receive Distributor log level
|
|
##
|
|
logLevel: info
|
|
## @param receiveDistributor.logFormat Thanos Receive Distributor log format
|
|
##
|
|
logFormat: logfmt
|
|
## @param receiveDistributor.replicaLabel Label to treat as a replica indicator along which data is de-duplicated
|
|
##
|
|
replicaLabel: replica
|
|
## @param receiveDistributor.replicationFactor Thanos Receive Distributor replication-factor
|
|
##
|
|
replicationFactor: 1
|
|
## @param receiveDistributor.extraEnvVars Extra environment variables for Thanos Receive Distributor container
|
|
## e.g:
|
|
## extraEnvVars:
|
|
## - name: FOO
|
|
## value: "bar"
|
|
##
|
|
extraEnvVars: []
|
|
## @param receiveDistributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes
|
|
##
|
|
extraEnvVarsCM: ""
|
|
## @param receiveDistributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes
|
|
##
|
|
extraEnvVarsSecret: ""
|
|
## @param receiveDistributor.extraFlags Extra Flags to passed to Thanos Receive Distributor
|
|
##
|
|
extraFlags: []
|
|
## @param receiveDistributor.command Override default container command (useful when using custom images)
|
|
##
|
|
command: []
|
|
## @param receiveDistributor.args Override default container args (useful when using custom images)
|
|
##
|
|
args: []
|
|
## @param receiveDistributor.replicaCount Number of Thanos Receive Distributor replicas to deploy
|
|
##
|
|
replicaCount: 1
|
|
## @param receiveDistributor.updateStrategy.type Update strategy type for Thanos Receive Distributor replicas
|
|
##
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
## K8s Pod Security Context for Thanos Receive Distributor pods
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
## @param receiveDistributor.podSecurityContext.enabled Enable security context for the Thanos Receive Distributor pods
|
|
## @param receiveDistributor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive Distributor pods
|
|
##
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
## K8s containers' Security Context for Thanos Receive Distributor containers
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
## @param receiveDistributor.containerSecurityContext.enabled Enable container security context for the Thanos Receive Distributor containers
|
|
## @param receiveDistributor.containerSecurityContext.runAsUser User ID for the service user running the Thanos Receive Distributor containers
|
|
## @param receiveDistributor.containerSecurityContext.runAsNonRoot Force the Thanos Receive Distributor containers to run as a non root user
|
|
## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off for Thanos Receive Distributor containers
|
|
## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem on Thanos Receive Distributor containers
|
|
##
|
|
containerSecurityContext:
|
|
enabled: true
|
|
runAsUser: 1001
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
## Thanos Receive Distributor containers' resource requests and limits
|
|
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
|
## @param receiveDistributor.resources.limits The resources limits for the Thanos Receive container
|
|
## @param receiveDistributor.resources.requests The requested resources for the Thanos Receive container
|
|
##
|
|
resources:
|
|
limits: {}
|
|
requests: {}
|
|
## Configure extra options for Thanos Receive Distributor containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
|
|
## @param receiveDistributor.livenessProbe.enabled Enable livenessProbe on Thanos Receive Distributor containers
|
|
## @param receiveDistributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
|
## @param receiveDistributor.livenessProbe.periodSeconds Period seconds for livenessProbe
|
|
## @param receiveDistributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
|
## @param receiveDistributor.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
|
## @param receiveDistributor.livenessProbe.successThreshold Success threshold for livenessProbe
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param receiveDistributor.readinessProbe.enabled Enable readinessProbe on Thanos Receive Distributor containers
|
|
## @param receiveDistributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
|
## @param receiveDistributor.readinessProbe.periodSeconds Period seconds for readinessProbe
|
|
## @param receiveDistributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
|
## @param receiveDistributor.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
|
## @param receiveDistributor.readinessProbe.successThreshold Success threshold for readinessProbe
|
|
##
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
timeoutSeconds: 30
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
failureThreshold: 6
|
|
## @param receiveDistributor.startupProbe.enabled Enable startupProbe on Thanos Receive Distributor containers
|
|
## @param receiveDistributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
|
## @param receiveDistributor.startupProbe.periodSeconds Period seconds for startupProbe
|
|
## @param receiveDistributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
|
## @param receiveDistributor.startupProbe.failureThreshold Failure threshold for startupProbe
|
|
## @param receiveDistributor.startupProbe.successThreshold Success threshold for startupProbe
|
|
##
|
|
startupProbe:
|
|
enabled: false
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 15
|
|
successThreshold: 1
|
|
## @param receiveDistributor.customLivenessProbe Custom livenessProbe that overrides the default one
|
|
##
|
|
customLivenessProbe: {}
|
|
## @param receiveDistributor.customReadinessProbe Custom readinessProbe that overrides the default one
|
|
##
|
|
customReadinessProbe: {}
|
|
## @param receiveDistributor.customStartupProbe Custom startupProbe that overrides the default one
|
|
##
|
|
customStartupProbe: {}
|
|
## @param receiveDistributor.initContainers Add additional init containers to the Thanos Receive Distributor pods
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
|
## e.g:
|
|
## initContainers:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## command: ['sh', '-c', 'echo "hello world"']
|
|
##
|
|
initContainers: []
|
|
## @param receiveDistributor.sidecars Extra containers running as sidecars to Thanos Receive Distributor pods
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
## @param receiveDistributor.extraVolumes Extra volumes to add to Thanos Receive Distributor
|
|
##
|
|
extraVolumes: []
|
|
## @param receiveDistributor.extraVolumeMounts Extra volume mounts to add to the receive distributor container
|
|
##
|
|
extraVolumeMounts: []
|
|
## @param receiveDistributor.podAffinityPreset Thanos Receive pod affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
## Allowed values: soft, hard
|
|
##
|
|
podAffinityPreset: ""
|
|
## @param receiveDistributor.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard`
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
|
##
|
|
podAntiAffinityPreset: soft
|
|
## Thanos Receive node affinity preset
|
|
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
|
##
|
|
nodeAffinityPreset:
|
|
## @param receiveDistributor.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard`
|
|
##
|
|
type: ""
|
|
## @param receiveDistributor.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set.
|
|
## e.g:
|
|
## key: "kubernetes.io/e2e-az-name"
|
|
##
|
|
key: ""
|
|
## @param receiveDistributor.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set.
|
|
## e.g:
|
|
## values:
|
|
## - e2e-az1
|
|
## - e2e-az2
|
|
##
|
|
values: []
|
|
## @param receiveDistributor.affinity Thanos Receive Distributor affinity for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
## Note: receiveDistributor.podAffinityPreset, receiveDistributor.podAntiAffinityPreset, and receiveDistributor.nodeAffinityPreset will be ignored when it's set
|
|
##
|
|
affinity: {}
|
|
## @param receiveDistributor.nodeSelector Thanos Receive Distributor node labels for pod assignment
|
|
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## @param receiveDistributor.tolerations Thanos Receive Distributor tolerations for pod assignment
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## @param receiveDistributor.podLabels Thanos Receive Distributor pod labels
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
|
##
|
|
podLabels: {}
|
|
## @param receiveDistributor.podAnnotations Annotations for Thanos Receive Distributor pods
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## @param receiveDistributor.hostAliases Deployment pod host aliases
|
|
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
|
|
##
|
|
hostAliases: []
|
|
## @param receiveDistributor.lifecycleHooks for the Thanos Receive Distributor container(s) to automate configuration before or after startup
|
|
##
|
|
lifecycleHooks: {}
|
|
## @param receiveDistributor.priorityClassName Thanos Receive Distributor priorityClassName
|
|
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
##
|
|
priorityClassName: ""
|
|
## @param receiveDistributor.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods
|
|
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
|
##
|
|
schedulerName: ""
|
|
## @param receiveDistributor.topologySpreadConstraints Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains
|
|
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
|
##
|
|
topologySpreadConstraints: []
|
|
## @param receiveDistributor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment
|
|
##
|
|
automountServiceAccountToken: true
|
|
## ServiceAccount configuration
|
|
## @param receiveDistributor.serviceAccount.create Specifies whether a ServiceAccount should be created
|
|
## @param receiveDistributor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template.
|
|
## @param receiveDistributor.serviceAccount.annotations Annotations for Thanos Receive Distributor Service Account
|
|
## @param receiveDistributor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token
|
|
## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead
|
|
##
|
|
serviceAccount:
|
|
create: true
|
|
name: ""
|
|
annotations: {}
|
|
automountServiceAccountToken: true
|
|
## existingServiceAccount: ""
|
|
## Thanos Receive Distributor Autoscaling configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
|
## @param receiveDistributor.autoscaling.enabled Enable autoscaling for Thanos Receive Distributor
|
|
## @param receiveDistributor.autoscaling.minReplicas Minimum number of Thanos Receive Distributor replicas
|
|
## @param receiveDistributor.autoscaling.maxReplicas Maximum number of Thanos Receive Distributor replicas
|
|
## @param receiveDistributor.autoscaling.targetCPU Target CPU utilization percentage
|
|
## @param receiveDistributor.autoscaling.targetMemory Target Memory utilization percentage
|
|
##
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: ""
|
|
maxReplicas: ""
|
|
targetCPU: ""
|
|
targetMemory: ""
|
|
## Thanos Receive Distributor Pod Disruption Budget configuration
|
|
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
|
|
## @param receiveDistributor.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor
|
|
## @param receiveDistributor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
|
|
## @param receiveDistributor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
|
|
##
|
|
pdb:
|
|
create: false
|
|
minAvailable: 1
|
|
maxUnavailable: ""
|
|
|
|
## @section Metrics parameters
|
|
|
|
## Prometheus metrics
|
|
##
|
|
metrics:
|
|
## @param metrics.enabled Enable the export of Prometheus metrics
|
|
##
|
|
enabled: false
|
|
## Prometheus Operator ServiceMonitor configuration
|
|
##
|
|
serviceMonitor:
|
|
## @param metrics.serviceMonitor.enabled Specify if a ServiceMonitor will be deployed for Prometheus Operator
|
|
##
|
|
enabled: false
|
|
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
|
|
##
|
|
namespace: ""
|
|
## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
|
|
##
|
|
labels: {}
|
|
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
|
|
##
|
|
jobLabel: ""
|
|
## @param metrics.serviceMonitor.interval How frequently to scrape metrics
|
|
## e.g:
|
|
## interval: 10s
|
|
##
|
|
interval: ""
|
|
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
|
|
## e.g:
|
|
## scrapeTimeout: 10s
|
|
##
|
|
scrapeTimeout: ""
|
|
## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics
|
|
##
|
|
metricRelabelings: []
|
|
## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling
|
|
##
|
|
relabelings: []
|
|
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
|
|
## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
|
|
##
|
|
selector: {}
|
|
|
|
## PrometheusRule CRD configuration
|
|
##
|
|
prometheusRule:
|
|
## @param metrics.prometheusRule.enabled If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`)
|
|
##
|
|
enabled: false
|
|
## Configure prometheus rules
|
|
##
|
|
default:
|
|
## @extra metrics.prometheusRule.default.absent_rules Enable absent_rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @extra metrics.prometheusRule.default.compaction Enable compaction rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @extra metrics.prometheusRule.default.query Enable query when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @extra metrics.prometheusRule.default.receive Enable receive rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @extra metrics.prometheusRule.default.replicate Enable replicate rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @extra metrics.prometheusRule.default.ruler Enable ruler rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @extra metrics.prometheusRule.default.sidecar Enable sidecar rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @extra metrics.prometheusRule.default.store_gateway Enable store_gateway rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`)
|
|
## @param metrics.prometheusRule.default.create would create all default prometheus alerts
|
|
##
|
|
create: false
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosCompactIsDown Disable ThanosCompactIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryIsDown Disable ThanosQueryIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveIsDown Disable ThanosReceiveIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleIsDown Disable ThanosRuleIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosSidecarIsDown Disable ThanosSidecarIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosStoreIsDown Disable ThanosStoreIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosCompactHalted Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh Disable ThanosQueryHttpRequestQueryErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh Disable ThanosQueryHttpRequestQueryRangeErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate Disable ThanosQueryGrpcServerErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate Disable ThanosQueryGrpcClientErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures Disable ThanosQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh Disable ThanosQueryInstantLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh Disable ThanosQueryRangeLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosQueryOverload Disable ThanosQueryOverload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh Disable ThanosReceiveHttpRequestErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh Disable ThanosReceiveHttpRequestLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures Disable ThanosReceiveHighReplicationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures Disable ThanosReceiveHighForwardRequestFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures Disable ThanosReceiveHighHashringFileRefreshFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure Disable ThanosReceiveConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload Disable ThanosReceiveNoUpload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold Disable ThanosReceiveTrafficBelowThreshold rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate Disable ThanosBucketReplicateErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency Disable ThanosBucketReplicateRunLatency rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts Disable ThanosRuleQueueIsDroppingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts Disable ThanosRuleSenderIsFailingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures Disable ThanosRuleHighRuleEvaluationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings Disable ThanosRuleHighRuleEvaluationWarnings rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh Disable ThanosRuleRuleEvaluationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate Disable ThanosRuleGrpcErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure Disable ThanosRuleConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures Disable ThanosRuleQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures Disable ThanosRuleAlertmanagerHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals Disable ThanosRuleNoEvaluationFor10Intervals rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations Disable ThanosNoRuleEvaluations rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed Disable ThanosSidecarBucketOperationsFailed rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh Disable ThanosStoreSeriesGateLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures Disable ThanosStoreBucketHighOperationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true
|
|
## @extra metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh Disable ThanosStoreObjstoreOperationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true
|
|
## @param metrics.prometheusRule.default.disabled disable one specific prometheus alert rule
|
|
##
|
|
disabled: {}
|
|
## @param metrics.prometheusRule.namespace Namespace in which the PrometheusRule CRD is created
|
|
##
|
|
namespace: ""
|
|
## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule
|
|
##
|
|
additionalLabels: {}
|
|
## @param metrics.prometheusRule.groups Prometheus Rule Groups for Thanos components
|
|
## These are just examples rules, please adapt them to your needs.
|
|
## groups:
|
|
## - name: Compactor
|
|
## rules:
|
|
## - alert: ThanosCompactMultipleRunning
|
|
## annotations:
|
|
## description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}}$value{{`}}`}} instances running.
|
|
## runbook_url: https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactmultiplerunning
|
|
## summary: Thanos Compact has multiple instances running.
|
|
## expr: sum by (job) (up{job=~"{{ template "common.names.fullname" . }}-compact.*"}) > 1
|
|
## for: 5m
|
|
## labels:
|
|
## severity: warning
|
|
groups: []
|
|
|
|
## @section Volume Permissions parameters
|
|
|
|
## 'volumePermissions' init container parameters
|
|
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
|
|
## based on the *podSecurityContext/*containerSecurityContext parameters
|
|
##
|
|
volumePermissions:
|
|
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
|
|
##
|
|
enabled: false
|
|
## @param volumePermissions.image.registry Init container volume-permissions image registry
|
|
## @param volumePermissions.image.repository Init container volume-permissions image repository
|
|
## @param volumePermissions.image.tag Init container volume-permissions image tag
|
|
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
|
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
|
|
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
|
|
##
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/bitnami-shell
|
|
tag: 11-debian-11-r55
|
|
digest: ""
|
|
## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
## e.g:
|
|
## pullSecrets:
|
|
## - myRegistryKeySecretName
|
|
##
|
|
pullSecrets: []
|
|
|
|
## @section MinIO® chart parameters
|
|
## @extra minio For full list of MinIO® values configurations please refere [here](https://github.com/bitnami/charts/tree/main/bitnami/minio)
|
|
|
|
minio:
|
|
## @param minio.enabled Enable/disable MinIO® chart installation
|
|
## to be used as an objstore for Thanos
|
|
##
|
|
enabled: false
|
|
## MinIO® authentication parameters
|
|
##
|
|
auth:
|
|
## @param minio.auth.rootUser MinIO® root username
|
|
##
|
|
rootUser: admin
|
|
## @param minio.auth.rootPassword Password for MinIO® root user
|
|
##
|
|
rootPassword: ""
|
|
## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create
|
|
##
|
|
defaultBuckets: 'thanos'
|
|
|
|
## @section NetWorkPolicy parameters
|
|
|
|
networkPolicy:
|
|
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now.
|
|
##
|
|
enabled: false
|
|
## @param networkPolicy.allowExternal Don't require client label for connections
|
|
## The Policy model to apply. When set to false, only pods with the correct
|
|
## client label will have network access to http and grpc thanos port.
|
|
## When true, thanos will accept connections from any source
|
|
## (with the correct destination port).
|
|
##
|
|
allowExternal: true
|
|
## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed
|
|
## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace
|
|
## and that match other criteria, the ones that have the good label, can reach thanos.
|
|
## But sometimes, we want thanos to be accessible to clients from other namespaces, in this case, we can use this
|
|
## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added.
|
|
##
|
|
## Example:
|
|
## explicitNamespacesSelector:
|
|
## matchLabels:
|
|
## role: frontend
|
|
## matchExpressions:
|
|
## - {key: role, operator: In, values: [frontend]}
|
|
##
|
|
explicitNamespacesSelector: {}
|