1 # Default values for prometheus-operator.
2 # This is a YAML-formatted file.
3 # Declare variables to be passed into your templates.
5 ## Provide a name in place of prometheus-operator for `app:` labels
9 ## Provide a name to substitue for the full names of resources
13 ## Labels to apply to all resources
19 ## Create default rules for monitoring the cluster
23 ## Labels for default rules
25 ## Annotations for default rules
34 ## Reference to one or more secrets to be used when pulling images
35 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
38 # - name: "image-pull-secret"
40 ## Configuration for alertmanager
41 ## ref: https://prometheus.io/docs/alerting/alertmanager/
45 ## Deploy alertmanager
49 ## Service account for Alertmanager to use.
50 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
56 ## Configure pod disruption budgets for Alertmanager
57 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
58 ## This configuration is immutable once created and will require the PDB to be deleted to be changed
59 ## https://github.com/kubernetes/kubernetes/issues/45398
66 ## Alertmanager configuration directives
67 ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
68 ## https://prometheus.io/webtools/alerting/routing-tree-editor/
81 alertname: DeadMansSwitch
86 ## Alertmanager template files to format alerts
87 ## ref: https://prometheus.io/docs/alerting/notifications/
88 ## https://prometheus.io/docs/alerting/notification_examples/
92 # An example template:
94 # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }}
96 # {{ define "slack.myorg.text" }}
99 # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`
100 # *Cluster:* {{ template "cluster" $root }}
101 # *Description:* {{ .Annotations.description }}
102 # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
103 # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
105 # {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`
115 ## Hosts must be provided if Ingress is enabled.
118 # - alertmanager.domain.com
120 ## TLS configuration for Alertmanager Ingress
121 ## Secret must be manually created in the namespace
124 # - secretName: alertmanager-general-tls
126 # - alertmanager.example.com
128 ## Configuration for Alertmanager service
132 ## Port to expose on each node
133 ## Only used if service.type is 'NodePort'
141 ## If true, create a serviceMonitor for alertmanager
146 ## Settings affecting alertmanagerSpec
147 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
150 ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata
151 ## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
155 ## Image of Alertmanager
158 repository: quay.io/prometheus/alertmanager
161 ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the
162 ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
166 ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.
167 ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
171 ## Log level for Alertmanager to be configured with.
175 ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the
176 ## running cluster equal to the expected size.
179 ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression
180 ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
184 ## Storage is the definition of how storage will be used by the Alertmanager instances.
185 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/storage.md
188 # volumeClaimTemplate:
190 # storageClassName: gluster
191 # accessModes: ["ReadWriteOnce"]
198 ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false
202 ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
203 ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
207 ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
211 ## Define which Nodes the Pods are scheduled on.
212 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
216 ## Define resources requests and limits for single Pods.
217 ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
223 ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
224 ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
225 ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
226 ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
230 ## If specified, the pod's tolerations.
231 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
237 # effect: "NoSchedule"
239 ## SecurityContext holds pod-level security attributes and common container settings.
240 ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
241 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
248 ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.
249 ## Note this is only for the Alertmanager UI, not the gossip communication.
253 ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.
257 ## Priority class assigned to the Pods
259 priorityClassName: ""
261 ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
265 ## Using default values from https://github.com/helm/charts/blob/master/stable/grafana/values.yaml
270 ## Deploy default dashboards.
272 defaultDashboardsEnabled: true
274 adminPassword: prom-operator
277 ## If true, Prometheus Ingress will be created
281 ## Annotations for Prometheus Ingress
284 # kubernetes.io/ingress.class: nginx
285 # kubernetes.io/tls-acme: "true"
287 ## Labels to be added to the Ingress
292 ## Must be provided if Ingress is enable.
295 # - prometheus.domain.com
298 ## TLS configuration for prometheus Ingress
299 ## Secret must be manually created in the namespace
302 # - secretName: prometheus-general-tls
304 # - prometheus.example.com
309 label: grafana_dashboard
312 label: grafana_datasource
314 ## Component scraping the kube api server
319 serverName: kubernetes
320 insecureSkipVerify: false
329 ## Component scraping the kubelet and kubelet-hosted cAdvisor
333 namespace: kube-system
336 ## Enable scraping the kubelet over https. For requirements to enable this see
337 ## https://github.com/coreos/prometheus-operator/issues/926
341 ## Component scraping the kube controller manager
343 kubeControllerManager:
346 ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
353 ## If using kubeControllerManager.endpoints only the port and targetPort are used
359 k8s-app: kube-controller-manager
360 ## Component scraping coreDns. Use either this or kubeDns
370 ## Component scraping kubeDns. Use either this or coreDns
377 ## Component scraping etcd
382 ## If your etcd is not deployed as a pod, specify IPs it can be found on
389 ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
397 ## Configure secure access to the etcd cluster by loading a secret into prometheus and
398 ## specifying security configuration below. For example, with a secret named etcd-client-cert
402 ## insecureSkipVerify: false
403 ## serverName: localhost
404 ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
405 ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client
406 ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
410 insecureSkipVerify: false
417 ## Component scraping kube scheduler
422 ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
429 ## If using kubeScheduler.endpoints only the port and targetPort are used
435 k8s-app: kube-scheduler
437 ## Component scraping kube state metrics
442 ## Configuration for kube-state-metrics subchart
448 ## Deploy node exporter as a daemonset to all nodes
453 ## Use the value configured in prometheus-node-exporter.podLabels
457 ## Configuration for prometheus-node-exporter subchart
459 prometheus-node-exporter:
461 ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards
463 jobLabel: node-exporter
465 - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)
466 - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
468 ## Manages Prometheus and Alertmanager components
473 ## Service account for Alertmanager to use.
474 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
480 ## Configuration for Prometheus operator service
483 ## Port to expose on each node
484 ## Only used if service.type is 'NodePort'
492 ## Deploy CRDs used by Prometheus Operator.
494 createCustomResource: true
496 ## Attempt to clean up CRDs created by Prometheus Operator.
498 cleanupCustomResource: true
500 ## Labels to add to the operator pod
504 ## Assign a PriorityClassName to pods if set
505 # priorityClassName: ""
507 ## If true, the operator will create and maintain a service for scraping kubelets
508 ## ref: https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus-operator/README.md
512 namespace: kube-system
514 ## Create a servicemonitor for the operator
519 ## Resource limits & requests
529 ## Define which Nodes the Pods are scheduled on.
530 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
534 ## Tolerations for use with node taints
535 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
541 # effect: "NoSchedule"
543 ## Assign the prometheus operator to run on specific nodes
544 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
547 # requiredDuringSchedulingIgnoredDuringExecution:
549 # - matchExpressions:
550 # - key: kubernetes.io/e2e-az-name
560 ## Prometheus-operator image
563 repository: quay.io/coreos/prometheus-operator
565 pullPolicy: IfNotPresent
567 ## Configmap-reload image to use for reloading configmaps
569 configmapReloadImage:
570 repository: quay.io/coreos/configmap-reload
573 ## Prometheus-config-reloader image to use for config and rule reloading
575 prometheusConfigReloaderImage:
576 repository: quay.io/coreos/prometheus-config-reloader
579 ## Hyperkube image to use when cleaning up
582 repository: k8s.gcr.io/hyperkube
584 pullPolicy: IfNotPresent
586 ## Deploy a Prometheus instance
592 ## Service account for Prometheuses to use.
593 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
599 ## Configuration for Prometheus service
604 ## Port to expose on each node
605 ## Only used if service.type is 'NodePort'
614 ## Create role bindings in the specified namespaces, to allow Prometheus monitoring
615 ## a role binding in the release namespace will always be created.
620 ## Configure pod disruption budgets for Prometheus
621 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
622 ## This configuration is immutable once created and will require the PDB to be deleted to be changed
623 ## https://github.com/kubernetes/kubernetes/issues/45398
636 ## Must be provided if Ingress is enabled.
639 # - prometheus.domain.com
642 ## TLS configuration for Prometheus Ingress
643 ## Secret must be manually created in the namespace
646 # - secretName: prometheus-general-tls
648 # - prometheus.example.com
653 ## Settings affecting prometheusSpec
654 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
658 ## Interval between consecutive scrapes.
662 ## Interval between consecutive evaluations.
664 evaluationInterval: ""
666 ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.
670 ## Image of Prometheus.
673 repository: quay.io/prometheus/prometheus
676 # repository: quay.io/coreos/prometheus
679 ## Tolerations for use with node taints
680 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
686 # effect: "NoSchedule"
688 ## Alertmanagers to which alerts will be sent
689 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints
691 ## Default configuration will connect to the alertmanager deployed as part of this release
693 alertingEndpoints: []
699 ## External labels to add to any time series or alerts when communicating with external systems
703 ## External URL at which Prometheus will be reachable.
707 ## Define which Nodes the Pods are scheduled on.
708 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
712 ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
713 ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not
714 ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated
715 ## with the new list of secrets.
719 ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
720 ## The ConfigMaps are mounted into /etc/prometheus/configmaps/.
724 ## Namespaces to be selected for PrometheusRules discovery.
725 ## If unspecified, only the same namespace as the Prometheus object is in is used.
727 ruleNamespaceSelector: {}
729 ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
730 ## prometheus resource to be created with selectors based on values in the helm deployment,
731 ## which will also match the PrometheusRule resources created
733 ruleSelectorNilUsesHelmValues: true
735 ## Rules CRD selector
736 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md
737 ## If unspecified the release `app` and `release` will be used as the label selector
741 ## Example which select all prometheusrules resources
742 ## with label "prometheus" with values any of "example-rules" or "example-rules-2"
751 ## Example which select all prometheusrules resources with label "role" set to "example-rules"
754 # role: example-rules
756 ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the
757 ## prometheus resource to be created with selectors based on values in the helm deployment,
758 ## which will also match the servicemonitors created
760 serviceMonitorSelectorNilUsesHelmValues: true
762 ## serviceMonitorSelector will limit which servicemonitors are used to create scrape
763 ## configs in Prometheus. See serviceMonitorSelectorUseHelmLabels
765 serviceMonitorSelector: {}
767 # serviceMonitorSelector: {}
769 # prometheus: somelabel
771 ## serviceMonitorNamespaceSelector will limit namespaces from which serviceMonitors are used to create scrape
772 ## configs in Prometheus. By default all namespaces will be used
774 serviceMonitorNamespaceSelector: {}
776 ## How long to retain metrics
780 ## If true, the Operator won't process any Prometheus configuration changes
784 ## Number of Prometheus replicas desired
788 ## Log level for Prometheus be configured in
792 ## Prefix used to register routes, overriding externalUrl route.
793 ## Useful for proxies that rewrite URLs.
797 ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata
798 ## Metadata Labels and Annotations gets propagated to the prometheus pods.
803 # k8s-app: prometheus
805 ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
806 ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
807 ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
808 ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
811 ## The remote_read spec configuration for Prometheus.
812 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
814 # - url: http://remote1/read
816 ## The remote_write spec configuration for Prometheus.
817 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
820 # - url: http://remote1/push
822 ## Resource limits & requests
828 ## Prometheus StorageSpec for persistent data
829 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/storage.md
832 # volumeClaimTemplate:
834 # storageClassName: gluster
835 # accessModes: ["ReadWriteOnce"]
841 ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations
842 ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form
843 ## as specified in the official Prometheus documentation:
844 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#<scrape_config>. As scrape configs are
845 ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility
846 ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible
847 ## scrape configs are going to break Prometheus after the upgrade.
849 ## The scrape configuraiton example below will find master nodes, provided they have the name .*mst.*, relabel the
850 ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes
852 additionalScrapeConfigs: []
853 # - job_name: kube-etcd
854 # kubernetes_sd_configs:
858 # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
859 # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client
860 # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
863 # regex: __meta_kubernetes_node_label_(.+)
864 # - source_labels: [__address__]
866 # target_label: __address__
867 # regex: ([^:;]+):(\d+)
868 # replacement: ${1}:2379
869 # - source_labels: [__meta_kubernetes_node_name]
872 # - source_labels: [__meta_kubernetes_node_name]
877 # metric_relabel_configs:
878 # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)
882 ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified
883 ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#<alertmanager_config>.
884 ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.
885 ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this
886 ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release
887 ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
889 additionalAlertManagerConfigs: []
890 # - consul_sd_configs:
891 # - server: consul.dev.test:8500
896 # - metrics-prometheus-alertmanager
898 ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended
899 ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the
900 ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
901 ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the
902 ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel
903 ## configs are going to break Prometheus after the upgrade.
905 additionalAlertRelabelConfigs: []
907 # regex: prometheus_replica
911 ## SecurityContext holds pod-level security attributes and common container settings.
912 ## This defaults to non root user with uid 1000 and gid 2000.
913 ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
920 ## Priority class assigned to the Pods
922 priorityClassName: ""
924 ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.
925 ## This section is experimental, it may change significantly without deprecation notice in any release.
926 ## This is experimental and may change significantly without backward compatibility in any release.
927 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#thanosspec
931 ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.
935 ## Enable additional scrape configs that are managed externally to this chart. Note that the prometheus
936 ## will fail to provision if the correct secret does not exist.
938 additionalScrapeConfigsExternal: false
940 additionalServiceMonitors: []
941 ## Name of the ServiceMonitor to create
945 ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from
948 # additionalLabels: {}
950 ## Service label for use in assembling a job name of the form <label value>-<port>
951 ## If no label is specified, the service name is used.
955 ## Label selector for services to which this ServiceMonitor applies
959 ## Namespaces from which services are selected
962 ## Match any namespace
966 ## Explicit list of namespace names to select
970 ## Endpoints of the selected service to be monitored
973 ## Name of the endpoint's service port
974 ## Mutually exclusive with targetPort
977 ## Name or number of the endpoint's target port
978 ## Mutually exclusive with port
981 ## File containing bearer token to be used when scraping targets
983 # bearerTokenFile: ""
985 ## Interval at which metrics should be scraped
989 ## HTTP path to scrape for metrics
993 ## HTTP scheme to use for scraping
997 ## TLS configuration to use when scraping the endpoint
1001 ## Path to the CA file
1005 ## Path to client certificate file
1009 ## Skip certificate verification
1011 # insecureSkipVerify: false
1013 ## Path to client key file
1017 ## Server name used to verify host name