1 # Default values for prometheus-operator.
2 # This is a YAML-formatted file.
3 # Declare variables to be passed into your templates.
5 ## Provide a name in place of prometheus-operator for `app:` labels
9 ## Provide a name to substitue for the full names of resources
13 ## Labels to apply to all resources
19 ## Create default rules for monitoring the cluster
23 ## Labels for default rules
25 ## Annotations for default rules
34 ## Reference to one or more secrets to be used when pulling images
35 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
38 # - name: "image-pull-secret"
40 ## Configuration for alertmanager
41 ## ref: https://prometheus.io/docs/alerting/alertmanager/
45 ## Deploy alertmanager
49 ## Service account for Alertmanager to use.
50 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
56 ## Configure pod disruption budgets for Alertmanager
57 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
58 ## This configuration is immutable once created and will require the PDB to be deleted to be changed
59 ## https://github.com/kubernetes/kubernetes/issues/45398
66 ## Alertmanager configuration directives
67 ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
68 ## https://prometheus.io/webtools/alerting/routing-tree-editor/
81 alertname: DeadMansSwitch
86 ## Alertmanager template files to format alerts
87 ## ref: https://prometheus.io/docs/alerting/notifications/
88 ## https://prometheus.io/docs/alerting/notification_examples/
92 # An example template:
94 # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }}
96 # {{ define "slack.myorg.text" }}
99 # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`
100 # *Cluster:* {{ template "cluster" $root }}
101 # *Description:* {{ .Annotations.description }}
102 # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
103 # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
105 # {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}`
115 ## Hosts must be provided if Ingress is enabled.
118 # - alertmanager.domain.com
120 ## TLS configuration for Alertmanager Ingress
121 ## Secret must be manually created in the namespace
124 # - secretName: alertmanager-general-tls
126 # - alertmanager.example.com
128 ## Configuration for Alertmanager service
135 ## Port to expose on each node
136 ## Only used if service.type is 'NodePort'
139 ## List of IP addresses at which the Prometheus server service is available
140 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
144 loadBalancerSourceRanges: []
149 ## If true, create a serviceMonitor for alertmanager
154 ## Settings affecting alertmanagerSpec
155 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
158 ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata
159 ## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
163 ## Image of Alertmanager
166 repository: quay.io/prometheus/alertmanager
169 ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the
170 ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
174 ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.
175 ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
179 ## Log level for Alertmanager to be configured with.
183 ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the
184 ## running cluster equal to the expected size.
187 ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression
188 ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
192 ## Storage is the definition of how storage will be used by the Alertmanager instances.
193 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/storage.md
196 # volumeClaimTemplate:
198 # storageClassName: gluster
199 # accessModes: ["ReadWriteOnce"]
206 ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false
210 ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
211 ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
215 ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
219 ## Define which Nodes the Pods are scheduled on.
220 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
224 ## Define resources requests and limits for single Pods.
225 ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
231 ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
232 ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
233 ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
234 ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
238 ## If specified, the pod's tolerations.
239 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
245 # effect: "NoSchedule"
247 ## SecurityContext holds pod-level security attributes and common container settings.
248 ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
249 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
256 ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.
257 ## Note this is only for the Alertmanager UI, not the gossip communication.
261 ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.
265 ## Priority class assigned to the Pods
267 priorityClassName: ""
269 ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
273 ## Using default values from https://github.com/helm/charts/blob/master/stable/grafana/values.yaml
278 ## Deploy default dashboards.
280 defaultDashboardsEnabled: true
282 adminPassword: prom-operator
285 ## If true, Prometheus Ingress will be created
289 ## Annotations for Prometheus Ingress
292 # kubernetes.io/ingress.class: nginx
293 # kubernetes.io/tls-acme: "true"
295 ## Labels to be added to the Ingress
300 ## Must be provided if Ingress is enable.
303 # - prometheus.domain.com
306 ## TLS configuration for prometheus Ingress
307 ## Secret must be manually created in the namespace
310 # - secretName: prometheus-general-tls
312 # - prometheus.example.com
317 label: grafana_dashboard
320 label: grafana_datasource
322 ## Component scraping the kube api server
327 serverName: kubernetes
328 insecureSkipVerify: false
337 ## Component scraping the kubelet and kubelet-hosted cAdvisor
341 namespace: kube-system
344 ## Enable scraping the kubelet over https. For requirements to enable this see
345 ## https://github.com/coreos/prometheus-operator/issues/926
349 ## Component scraping the kube controller manager
351 kubeControllerManager:
354 ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
361 ## If using kubeControllerManager.endpoints only the port and targetPort are used
367 k8s-app: kube-controller-manager
368 ## Component scraping coreDns. Use either this or kubeDns
378 ## Component scraping kubeDns. Use either this or coreDns
385 ## Component scraping etcd
390 ## If your etcd is not deployed as a pod, specify IPs it can be found on
397 ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
405 ## Configure secure access to the etcd cluster by loading a secret into prometheus and
406 ## specifying security configuration below. For example, with a secret named etcd-client-cert
410 ## insecureSkipVerify: false
411 ## serverName: localhost
412 ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
413 ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client
414 ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
418 insecureSkipVerify: false
425 ## Component scraping kube scheduler
430 ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
437 ## If using kubeScheduler.endpoints only the port and targetPort are used
443 k8s-app: kube-scheduler
445 ## Component scraping kube state metrics
450 ## Configuration for kube-state-metrics subchart
456 ## Deploy node exporter as a daemonset to all nodes
461 ## Use the value configured in prometheus-node-exporter.podLabels
465 ## Configuration for prometheus-node-exporter subchart
467 prometheus-node-exporter:
469 ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards
471 jobLabel: node-exporter
473 - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)
474 - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$
476 ## Manages Prometheus and Alertmanager components
481 ## Service account for Alertmanager to use.
482 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
488 ## Configuration for Prometheus operator service
495 ## Port to expose on each node
496 ## Only used if service.type is 'NodePort'
502 ## Only use if service.type is "loadbalancer"
505 loadBalancerSourceRanges: []
508 ## NodepPort, ClusterIP, loadbalancer
512 ## List of IP addresses at which the Prometheus server service is available
513 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
517 ## Deploy CRDs used by Prometheus Operator.
519 createCustomResource: true
521 ## Customize CRDs API Group
522 crdApiGroup: monitoring.coreos.com
524 ## Attempt to clean up CRDs created by Prometheus Operator.
526 cleanupCustomResource: false
528 ## Labels to add to the operator pod
532 ## Assign a PriorityClassName to pods if set
533 # priorityClassName: ""
535 ## If true, the operator will create and maintain a service for scraping kubelets
536 ## ref: https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus-operator/README.md
540 namespace: kube-system
542 ## Create a servicemonitor for the operator
547 ## Resource limits & requests
557 ## Define which Nodes the Pods are scheduled on.
558 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
562 ## Tolerations for use with node taints
563 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
569 # effect: "NoSchedule"
571 ## Assign the prometheus operator to run on specific nodes
572 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
575 # requiredDuringSchedulingIgnoredDuringExecution:
577 # - matchExpressions:
578 # - key: kubernetes.io/e2e-az-name
588 ## Prometheus-operator image
591 repository: quay.io/coreos/prometheus-operator
593 pullPolicy: IfNotPresent
595 ## Configmap-reload image to use for reloading configmaps
597 configmapReloadImage:
598 repository: quay.io/coreos/configmap-reload
601 ## Prometheus-config-reloader image to use for config and rule reloading
603 prometheusConfigReloaderImage:
604 repository: quay.io/coreos/prometheus-config-reloader
607 ## Hyperkube image to use when cleaning up
610 repository: k8s.gcr.io/hyperkube
612 pullPolicy: IfNotPresent
614 ## Deploy a Prometheus instance
620 ## Service account for Prometheuses to use.
621 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
627 ## Configuration for Prometheus service
634 ## List of IP addresses at which the Prometheus server service is available
635 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
639 ## Port to expose on each node
640 ## Only used if service.type is 'NodePort'
645 ## Only use if service.type is "loadbalancer"
647 loadBalancerSourceRanges: []
653 ## Create role bindings in the specified namespaces, to allow Prometheus monitoring
654 ## a role binding in the release namespace will always be created.
659 ## Configure pod disruption budgets for Prometheus
660 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
661 ## This configuration is immutable once created and will require the PDB to be deleted to be changed
662 ## https://github.com/kubernetes/kubernetes/issues/45398
675 ## Must be provided if Ingress is enabled.
678 # - prometheus.domain.com
681 ## TLS configuration for Prometheus Ingress
682 ## Secret must be manually created in the namespace
685 # - secretName: prometheus-general-tls
687 # - prometheus.example.com
692 ## Settings affecting prometheusSpec
693 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
697 ## Interval between consecutive scrapes.
701 ## Interval between consecutive evaluations.
703 evaluationInterval: ""
705 ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.
709 ## Image of Prometheus.
712 repository: quay.io/prometheus/prometheus
715 # repository: quay.io/coreos/prometheus
718 ## Tolerations for use with node taints
719 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
725 # effect: "NoSchedule"
727 ## Alertmanagers to which alerts will be sent
728 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints
730 ## Default configuration will connect to the alertmanager deployed as part of this release
732 alertingEndpoints: []
738 ## External labels to add to any time series or alerts when communicating with external systems
742 ## External URL at which Prometheus will be reachable.
746 ## Define which Nodes the Pods are scheduled on.
747 ## ref: https://kubernetes.io/docs/user-guide/node-selection/
751 ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
752 ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not
753 ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated
754 ## with the new list of secrets.
758 ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
759 ## The ConfigMaps are mounted into /etc/prometheus/configmaps/.
763 ## Namespaces to be selected for PrometheusRules discovery.
764 ## If unspecified, only the same namespace as the Prometheus object is in is used.
766 ruleNamespaceSelector: {}
768 ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
769 ## prometheus resource to be created with selectors based on values in the helm deployment,
770 ## which will also match the PrometheusRule resources created
772 ruleSelectorNilUsesHelmValues: true
774 ## Rules CRD selector
775 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md
776 ## If unspecified the release `app` and `release` will be used as the label selector
780 ## Example which select all prometheusrules resources
781 ## with label "prometheus" with values any of "example-rules" or "example-rules-2"
790 ## Example which select all prometheusrules resources with label "role" set to "example-rules"
793 # role: example-rules
795 ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the
796 ## prometheus resource to be created with selectors based on values in the helm deployment,
797 ## which will also match the servicemonitors created
799 serviceMonitorSelectorNilUsesHelmValues: true
801 ## serviceMonitorSelector will limit which servicemonitors are used to create scrape
802 ## configs in Prometheus. See serviceMonitorSelectorUseHelmLabels
804 serviceMonitorSelector: {}
806 # serviceMonitorSelector: {}
808 # prometheus: somelabel
810 ## serviceMonitorNamespaceSelector will limit namespaces from which serviceMonitors are used to create scrape
811 ## configs in Prometheus. By default all namespaces will be used
813 serviceMonitorNamespaceSelector: {}
815 ## How long to retain metrics
819 ## If true, the Operator won't process any Prometheus configuration changes
823 ## Number of Prometheus replicas desired
827 ## Log level for Prometheus be configured in
831 ## Prefix used to register routes, overriding externalUrl route.
832 ## Useful for proxies that rewrite URLs.
836 ## Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata
837 ## Metadata Labels and Annotations gets propagated to the prometheus pods.
842 # k8s-app: prometheus
844 ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
845 ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
846 ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
847 ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
850 ## The remote_read spec configuration for Prometheus.
851 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
853 # - url: http://remote1/read
855 ## The remote_write spec configuration for Prometheus.
856 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
859 # - url: http://remote1/push
861 ## Resource limits & requests
867 ## Prometheus StorageSpec for persistent data
868 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/storage.md
871 # volumeClaimTemplate:
873 # storageClassName: gluster
874 # accessModes: ["ReadWriteOnce"]
880 ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations
881 ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form
882 ## as specified in the official Prometheus documentation:
883 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#<scrape_config>. As scrape configs are
884 ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility
885 ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible
886 ## scrape configs are going to break Prometheus after the upgrade.
888 ## The scrape configuraiton example below will find master nodes, provided they have the name .*mst.*, relabel the
889 ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes
891 additionalScrapeConfigs: []
892 # - job_name: kube-etcd
893 # kubernetes_sd_configs:
897 # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
898 # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client
899 # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
902 # regex: __meta_kubernetes_node_label_(.+)
903 # - source_labels: [__address__]
905 # target_label: __address__
906 # regex: ([^:;]+):(\d+)
907 # replacement: ${1}:2379
908 # - source_labels: [__meta_kubernetes_node_name]
911 # - source_labels: [__meta_kubernetes_node_name]
916 # metric_relabel_configs:
917 # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)
921 ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified
922 ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#<alertmanager_config>.
923 ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.
924 ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this
925 ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release
926 ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
928 additionalAlertManagerConfigs: []
929 # - consul_sd_configs:
930 # - server: consul.dev.test:8500
935 # - metrics-prometheus-alertmanager
937 ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended
938 ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the
939 ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
940 ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the
941 ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel
942 ## configs are going to break Prometheus after the upgrade.
944 additionalAlertRelabelConfigs: []
946 # regex: prometheus_replica
950 ## SecurityContext holds pod-level security attributes and common container settings.
951 ## This defaults to non root user with uid 1000 and gid 2000.
952 ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
959 ## Priority class assigned to the Pods
961 priorityClassName: ""
963 ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.
964 ## This section is experimental, it may change significantly without deprecation notice in any release.
965 ## This is experimental and may change significantly without backward compatibility in any release.
966 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#thanosspec
970 ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.
974 ## Enable additional scrape configs that are managed externally to this chart. Note that the prometheus
975 ## will fail to provision if the correct secret does not exist.
977 additionalScrapeConfigsExternal: false
979 additionalServiceMonitors:
980 - name: collectd-prometheus
990 - port: collectd-prometheus
995 ## Name of the ServiceMonitor to create
999 ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from
1002 # additionalLabels: {}
1004 ## Service label for use in assembling a job name of the form <label value>-<port>
1005 ## If no label is specified, the service name is used.
1009 ## Label selector for services to which this ServiceMonitor applies
1013 ## Namespaces from which services are selected
1015 # namespaceSelector:
1016 ## Match any namespace
1020 ## Explicit list of namespace names to select
1024 ## Endpoints of the selected service to be monitored
1027 ## Name of the endpoint's service port
1028 ## Mutually exclusive with targetPort
1031 ## Name or number of the endpoint's target port
1032 ## Mutually exclusive with port
1035 ## File containing bearer token to be used when scraping targets
1037 # bearerTokenFile: ""
1039 ## Interval at which metrics should be scraped
1043 ## HTTP path to scrape for metrics
1047 ## HTTP scheme to use for scraping
1051 ## TLS configuration to use when scraping the endpoint
1055 ## Path to the CA file
1059 ## Path to client certificate file
1063 ## Skip certificate verification
1065 # insecureSkipVerify: false
1067 ## Path to client key file
1071 ## Server name used to verify host name