Created
October 23, 2025 23:10
-
-
Save nctiggy/aebb98fe393404e590890e9e164cbe57 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"metadata":{"name":"VMO-RA-Core-PXKE-Agent","description":"Core layers for VMO Reference Architecture. The VMO pack has a volumeSnapshotClass for Longhorn and Multus configured for PXK-E in Agent Mode","labels":{"refarch":"vmo-core"}},"spec":{"version":"1.7.1-longhorn","template":{"type":"add-on","cloudType":"all","packs":[{"name":"lb-metallb-helm","type":"oci","layer":"addon","version":"0.15.2","tag":"0.15.2","values":"pack:\n content:\n images:\n - image: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/controller:v0.15.2\n - image: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/speaker:v0.15.2\n - image: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/frr:10.2.3\n - image: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/kube-rbac-proxy:v0.12.0\n charts:\n - repo: https://metallb.github.io/metallb\n name: metallb\n version: 0.15.2\n namespace: metallb-system\n namespaceLabels:\n \"metallb-system\": \"pod-security.kubernetes.io/enforce=privileged,pod-security.kubernetes.io/enforce-version=v{{ .spectro.system.kubernetes.version | substr 0 4 }}\" # Do not change this namespace, since CRDs expect the namespace to be metallb-system\n spectrocloud.com/install-priority: \"10\"\n\ncharts:\n metallb-full:\n configuration:\n ipaddresspools:\n first-pool:\n spec:\n addresses:\n - '{{ .spectro.var.metallbIpRange }}'\n avoidBuggyIPs: true\n autoAssign: true\n l2advertisements:\n default:\n spec:\n ipAddressPools:\n - first-pool\n interfaces:\n - '{{ .spectro.var.metallbL2Interface }}'\n bgpadvertisements: {}\n # external:\n # spec:\n # ipAddressPools:\n # - bgp-pool\n # # communities:\n # # - vpn-only\n\n bgppeers: {}\n # bgp-peer-1:\n # spec:\n # myASN: 64512\n # peerASN: 64512\n # peerAddress: 172.30.0.3\n # peerPort: 180\n # # BFD profiles can only be used in FRR mode\n # # bfdProfile: bfd-profile-1\n\n communities: {}\n # community-1:\n # spec:\n # communities:\n # - name: vpn-only\n # value: 1234:1\n\n bfdprofiles: {}\n # bfd-profile-1:\n # spec:\n # receiveInterval: 380\n # transmitInterval: 270\n metallb:\n # Default values for metallb.\n # This is a YAML-formatted file.\n # Declare variables to be passed into your templates.\n imagePullSecrets: []\n nameOverride: \"\"\n fullnameOverride: \"\"\n loadBalancerClass: \"\"\n # To configure MetalLB, you must specify ONE of the following two\n # options.\n rbac:\n # create specifies whether to install and use RBAC rules.\n create: true\n prometheus:\n # scrape annotations specifies whether to add Prometheus metric\n # auto-collection annotations to pods. See\n # https://github.com/prometheus/prometheus/blob/release-2.1/documentation/examples/prometheus-kubernetes.yml\n # for a corresponding Prometheus configuration. Alternatively, you\n # may want to use the Prometheus Operator\n # (https://github.com/coreos/prometheus-operator) for more powerful\n # monitoring configuration. If you use the Prometheus operator, this\n # can be left at false.\n scrapeAnnotations: false\n # port both controller and speaker will listen on for metrics\n metricsPort: 7472\n # if set, enables rbac proxy on the controller and speaker to expose\n # the metrics via tls.\n # secureMetricsPort: 9120\n\n # the name of the secret to be mounted in the speaker pod\n # to expose the metrics securely. If not present, a self signed\n # certificate to be used.\n speakerMetricsTLSSecret: \"\"\n # the name of the secret to be mounted in the controller pod\n # to expose the metrics securely. If not present, a self signed\n # certificate to be used.\n controllerMetricsTLSSecret: \"\"\n # prometheus doesn't have the permission to scrape all namespaces so we give it permission to scrape metallb's one\n rbacPrometheus: true\n # the service account used by prometheus\n # required when \" .Values.prometheus.rbacPrometheus == true \" and \" .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true \"\n serviceAccount: \"\"\n # the namespace where prometheus is deployed\n # required when \" .Values.prometheus.rbacPrometheus == true \" and \" .Values.prometheus.podMonitor.enabled=true or prometheus.serviceMonitor.enabled=true \"\n namespace: \"\"\n # the image to be used for the kuberbacproxy container\n rbacProxy:\n repository: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/kube-rbac-proxy\n tag: v0.12.0\n pullPolicy:\n # Prometheus Operator PodMonitors\n podMonitor:\n # enable support for Prometheus Operator\n enabled: false\n # optional additional labels for podMonitors\n additionalLabels: {}\n # optional annotations for podMonitors\n annotations: {}\n # Job label for scrape target\n jobLabel: \"app.kubernetes.io/name\"\n # Scrape interval. If not set, the Prometheus default scrape interval is used.\n interval:\n # \tmetric relabel configs to apply to samples before ingestion.\n metricRelabelings: []\n # - action: keep\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n # sourceLabels: [__name__]\n\n # \trelabel configs to apply to samples before ingestion.\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n # separator: ;\n # regex: ^(.*)$\n # target_label: nodename\n # replacement: $1\n # action: replace\n # Prometheus Operator ServiceMonitors. To be used as an alternative\n # to podMonitor, supports secure metrics.\n serviceMonitor:\n # enable support for Prometheus Operator\n enabled: false\n speaker:\n # optional additional labels for the speaker serviceMonitor\n additionalLabels: {}\n # optional additional annotations for the speaker serviceMonitor\n annotations: {}\n # optional tls configuration for the speaker serviceMonitor, in case\n # secure metrics are enabled.\n tlsConfig:\n insecureSkipVerify: true\n controller:\n # optional additional labels for the controller serviceMonitor\n additionalLabels: {}\n # optional additional annotations for the controller serviceMonitor\n annotations: {}\n # optional tls configuration for the controller serviceMonitor, in case\n # secure metrics are enabled.\n tlsConfig:\n insecureSkipVerify: true\n # Job label for scrape target\n jobLabel: \"app.kubernetes.io/name\"\n # Scrape interval. If not set, the Prometheus default scrape interval is used.\n interval:\n # \tmetric relabel configs to apply to samples before ingestion.\n metricRelabelings: []\n # - action: keep\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n # sourceLabels: [__name__]\n\n # \trelabel configs to apply to samples before ingestion.\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n # separator: ;\n # regex: ^(.*)$\n # target_label: nodename\n # replacement: $1\n # action: replace\n # Prometheus Operator alertmanager alerts\n prometheusRule:\n # enable alertmanager alerts\n enabled: false\n # optional additional labels for prometheusRules\n additionalLabels: {}\n # optional annotations for prometheusRules\n annotations: {}\n # MetalLBStaleConfig\n staleConfig:\n enabled: true\n labels:\n severity: warning\n # MetalLBConfigNotLoaded\n configNotLoaded:\n enabled: true\n labels:\n severity: warning\n # MetalLBAddressPoolExhausted\n addressPoolExhausted:\n enabled: true\n labels:\n severity: critical\n addressPoolUsage:\n enabled: true\n thresholds:\n - percent: 75\n labels:\n severity: warning\n - percent: 85\n labels:\n severity: warning\n - percent: 95\n labels:\n severity: critical\n # MetalLBBGPSessionDown\n bgpSessionDown:\n enabled: true\n labels:\n severity: critical\n extraAlerts: []\n # controller contains configuration specific to the MetalLB cluster\n # controller.\n controller:\n enabled: true\n # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`\n logLevel: info\n # command: /controller\n # webhookMode: enabled\n image:\n repository: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/controller\n tag: v0.15.2\n pullPolicy:\n ## @param controller.updateStrategy.type Metallb controller deployment strategy type.\n ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy\n ## e.g:\n ## strategy:\n ## type: RollingUpdate\n ## rollingUpdate:\n ## maxSurge: 25%\n ## maxUnavailable: 25%\n ##\n strategy:\n type: RollingUpdate\n serviceAccount:\n # Specifies whether a ServiceAccount should be created\n create: true\n # The name of the ServiceAccount to use. If not set and create is\n # true, a name is generated using the fullname template\n name: \"\"\n annotations: {}\n securityContext:\n runAsNonRoot: true\n # nobody\n runAsUser: 65534\n fsGroup: 65534\n resources: {}\n # limits:\n # cpu: 100m\n # memory: 100Mi\n nodeSelector: {}\n tolerations: []\n priorityClassName: \"\"\n runtimeClassName: \"\"\n affinity: {}\n podAnnotations: {}\n labels: {}\n livenessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n readinessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n tlsMinVersion: \"VersionTLS12\"\n tlsCipherSuites: \"\"\n extraContainers: []\n # speaker contains configuration specific to the MetalLB speaker\n # daemonset.\n speaker:\n enabled: true\n # command: /speaker\n # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none`\n logLevel: info\n tolerateMaster: true\n memberlist:\n enabled: true\n mlBindPort: 7946\n mlBindAddrOverride: \"\"\n mlSecretKeyPath: \"/etc/ml_secret_key\"\n excludeInterfaces:\n enabled: true\n # ignore the exclude-from-external-loadbalancer label\n ignoreExcludeLB: true\n image:\n repository: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/speaker\n tag: v0.15.2\n pullPolicy:\n ## @param speaker.updateStrategy.type Speaker daemonset strategy type\n ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/\n ##\n updateStrategy:\n ## StrategyType\n ## Can be set to RollingUpdate or OnDelete\n ##\n type: RollingUpdate\n serviceAccount:\n # Specifies whether a ServiceAccount should be created\n create: true\n # The name of the ServiceAccount to use. If not set and create is\n # true, a name is generated using the fullname template\n name: \"\"\n annotations: {}\n securityContext: {}\n ## Defines a secret name for the controller to generate a memberlist encryption secret\n ## By default secretName: {{ \"metallb.fullname\" }}-memberlist\n ##\n # secretName:\n resources: {}\n # limits:\n # cpu: 100m\n # memory: 100Mi\n nodeSelector: {}\n tolerations: []\n priorityClassName: \"\"\n affinity: {}\n ## Selects which runtime class will be used by the pod.\n runtimeClassName: \"\"\n podAnnotations: {}\n labels: {}\n livenessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n readinessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n startupProbe:\n enabled: true\n failureThreshold: 30\n periodSeconds: 5\n # frr contains configuration specific to the MetalLB FRR container,\n # for speaker running alongside FRR.\n frr:\n enabled: false\n image:\n repository: us-docker.pkg.dev/palette-images/packs/metallb/0.15.2/frr\n tag: 10.2.3\n pullPolicy:\n metricsPort: 7473\n resources: {}\n # if set, enables a rbac proxy sidecar container on the speaker to\n # expose the frr metrics via tls.\n # secureMetricsPort: 9121\n reloader:\n resources: {}\n frrMetrics:\n resources: {}\n extraContainers: []\n crds:\n enabled: true\n validationFailurePolicy: Fail\n # frrk8s contains the configuration related to using an frrk8s instance\n # (github.com/metallb/frr-k8s) as the backend for the BGP implementation.\n # This allows configuring additional frr parameters in combination to those\n # applied by MetalLB.\n frrk8s:\n # if set, enables frrk8s as a backend. This is mutually exclusive to frr\n # mode.\n enabled: false\n external: false\n namespace: \"\"","registry":{"metadata":{"uid":"64eaff453040297344bcad5d","name":"Palette Registry","kind":"oci","isPrivate":true,"providerType":"pack","isSyncSupported":true}}},{"name":"nginx","type":"oci","layer":"addon","version":"1.12.2","tag":"1.12.2","values":"pack:\n content:\n images:\n - image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/ingress-nginx-controller:v1.12.2\n - image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/nginx:release-1.28.0\n - image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/lemonldap-ng-controller:0.2.0\n - image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/busybox:1.37.0\n - image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/defaultbackend-amd64:1.5\n charts:\n - repo: https://kubernetes.github.io/ingress-nginx\n name: ingress-nginx\n version: 4.12.2\n namespace: \"nginx\"\n spectrocloud.com/install-priority: \"10\"\ncharts:\n ingress-nginx:\n ## nginx configuration\n ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md\n ##\n \n ## Overrides for generated resource names\n # See templates/_helpers.tpl\n # nameOverride:\n # fullnameOverride:\n\n # -- Override the deployment namespace; defaults to .Release.Namespace\n namespaceOverride: \"\"\n ## Labels to apply to all resources\n ##\n commonLabels: {}\n # scmhash: abc123\n # myLabel: aakkmd\n\n controller:\n name: controller\n enableAnnotationValidations: true\n image:\n ## Keep false as default for now!\n chroot: false\n image: ingress-nginx-controller\n ## for backwards compatibility consider setting the full image url via the repository value below\n ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail\n ## repository:\n tag: \"v1.12.2\"\n digest: \"\"\n digestChroot: sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574\n pullPolicy: IfNotPresent\n runAsNonRoot: true\n # -- This value must not be changed using the official image.\n # uid=101(www-data) gid=82(www-data) groups=82(www-data)\n runAsUser: 101\n # -- This value must not be changed using the official image.\n # uid=101(www-data) gid=82(www-data) groups=82(www-data)\n runAsGroup: 82\n allowPrivilegeEscalation: false\n seccompProfile:\n type: RuntimeDefault\n readOnlyRootFilesystem: false\n registry: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2\n # -- Configures the controller container name\n containerName: controller\n # -- Configures the ports that the nginx-controller listens on\n containerPort:\n http: 80\n https: 443\n # -- Global configuration passed to the ConfigMap consumed by the controller. Values may contain Helm templates.\n # Ref.: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/\n config:\n enable-annotation-validation: true\n strict-validate-path-type: true\n # -- Annotations to be added to the controller config configuration configmap.\n configAnnotations: {}\n # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers\n proxySetHeaders: {}\n # -- Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers\n addHeaders: {}\n # -- Optionally customize the pod dnsConfig.\n dnsConfig: {}\n # -- Optionally customize the pod hostAliases.\n hostAliases: []\n # - ip: 127.0.0.1\n # hostnames:\n # - foo.local\n # - bar.local\n # - ip: 10.1.2.3\n # hostnames:\n # - foo.remote\n # - bar.remote\n # -- Optionally customize the pod hostname.\n hostname: {}\n # -- Optionally change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true'.\n # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller\n # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet.\n dnsPolicy: ClusterFirst\n # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network\n # Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply\n reportNodeInternalIp: false\n # -- Process Ingress objects without ingressClass annotation/ingressClassName field\n # Overrides value for --watch-ingress-without-class flag of the controller binary\n # Defaults to false\n watchIngressWithoutClass: false\n # -- Process IngressClass per name (additionally as per spec.controller).\n ingressClassByName: false\n # -- This configuration enables Topology Aware Routing feature, used together with service annotation service.kubernetes.io/topology-mode=\"auto\"\n # Defaults to false\n enableTopologyAwareRouting: false\n # -- This configuration disable Nginx Controller Leader Election\n disableLeaderElection: false\n # -- Duration a leader election is valid before it's getting re-elected, e.g. `15s`, `10m` or `1h`. (Default: 30s)\n electionTTL: \"\"\n # -- This configuration defines if Ingress Controller should allow users to set\n # their own *-snippet annotations, otherwise this is forbidden / dropped\n # when users add those annotations.\n # Global snippets in ConfigMap are still respected\n allowSnippetAnnotations: false\n # -- Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),\n # since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920\n # is merged\n hostNetwork: false\n ## Use host ports 80 and 443\n ## Disabled by default\n hostPort:\n # -- Enable 'hostPort' or not\n enabled: false\n ports:\n # -- 'hostPort' http port\n http: 80\n # -- 'hostPort' https port\n https: 443\n # NetworkPolicy for controller component.\n networkPolicy:\n # -- Enable 'networkPolicy' or not\n enabled: false\n # -- Election ID to use for status update, by default it uses the controller name combined with a suffix of 'leader'\n electionID: \"\"\n # -- This section refers to the creation of the IngressClass resource.\n # IngressClasses are immutable and cannot be changed after creation.\n # We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required.\n ingressClassResource:\n # -- Name of the IngressClass\n name: nginx\n # -- Create the IngressClass or not\n enabled: true\n # -- If true, Ingresses without `ingressClassName` get assigned to this IngressClass on creation.\n # Ingress creation gets rejected if there are multiple default IngressClasses.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class\n default: true\n # -- Annotations to be added to the IngressClass resource.\n annotations: {}\n # -- Controller of the IngressClass. An Ingress Controller looks for IngressClasses it should reconcile by this value.\n # This value is also being set as the `--controller-class` argument of this Ingress Controller.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class\n controllerValue: k8s.io/ingress-nginx\n # -- Aliases of this IngressClass. Creates copies with identical settings but the respective alias as name.\n # Useful for development environments with only one Ingress Controller but production-like Ingress resources.\n # `default` gets enabled on the original IngressClass only.\n aliases: []\n # aliases:\n # - nginx-alias-1\n # - nginx-alias-2\n # -- A link to a custom resource containing additional configuration for the controller.\n # This is optional if the controller consuming this IngressClass does not require additional parameters.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class\n parameters: {}\n # parameters:\n # apiGroup: k8s.example.com\n # kind: IngressParameters\n # name: external-lb\n # -- For backwards compatibility with ingress.class annotation, use ingressClass.\n # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation\n ingressClass: nginx\n # -- Labels to add to the pod container metadata\n podLabels: {}\n # key: value\n\n # -- Security context for controller pods\n podSecurityContext: {}\n # -- sysctls for controller pods\n ## Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/\n sysctls: {}\n # sysctls:\n # \"net.core.somaxconn\": \"8192\"\n # -- Security context for controller containers\n containerSecurityContext: {}\n # -- Allows customization of the source of the IP address or FQDN to report\n # in the ingress status field. By default, it reads the information provided\n # by the service. If disable, the status field reports the IP address of the\n # node or nodes where an ingress controller pod is running.\n publishService:\n # -- Enable 'publishService' or not\n enabled: true\n # -- Allows overriding of the publish service to bind to\n # Must be \u003cnamespace\u003e/\u003cservice_name\u003e\n pathOverride: \"\"\n # Limit the scope of the controller to a specific namespace\n scope:\n # -- Enable 'scope' or not\n enabled: false\n # -- Namespace to limit the controller to; defaults to $(POD_NAMESPACE)\n namespace: \"\"\n # -- When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels\n # only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces.\n namespaceSelector: \"\"\n # -- Allows customization of the configmap / nginx-configmap namespace; defaults to $(POD_NAMESPACE)\n configMapNamespace: \"\"\n tcp:\n # -- Allows customization of the tcp-services-configmap; defaults to $(POD_NAMESPACE)\n configMapNamespace: \"\"\n # -- Annotations to be added to the tcp config configmap\n annotations: {}\n udp:\n # -- Allows customization of the udp-services-configmap; defaults to $(POD_NAMESPACE)\n configMapNamespace: \"\"\n # -- Annotations to be added to the udp config configmap\n annotations: {}\n # -- Maxmind license key to download GeoLite2 Databases.\n ## https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geolite2-databases/\n maxmindLicenseKey: \"\"\n # -- Additional command line arguments to pass to Ingress-Nginx Controller\n # E.g. to specify the default SSL certificate you can use\n extraArgs:\n enable-ssl-passthrough: true\n ## extraArgs:\n ## default-ssl-certificate: \"\u003cnamespace\u003e/\u003csecret_name\u003e\"\n ## time-buckets: \"0.005,0.01,0.025,0.05,0.1,0.25,0.5,1,2.5,5,10\"\n ## length-buckets: \"10,20,30,40,50,60,70,80,90,100\"\n ## size-buckets: \"10,100,1000,10000,100000,1e+06,1e+07\"\n\n # -- Additional environment variables to set\n extraEnvs: []\n # extraEnvs:\n # - name: FOO\n # valueFrom:\n # secretKeyRef:\n # key: FOO\n # name: secret-resource\n\n # -- Use a `DaemonSet` or `Deployment`\n kind: Deployment\n # -- Annotations to be added to the controller Deployment or DaemonSet\n ##\n annotations: {}\n # keel.sh/pollSchedule: \"@every 60m\"\n\n # -- Labels to be added to the controller Deployment or DaemonSet and other resources that do not have option to specify labels\n ##\n labels: {}\n # keel.sh/policy: patch\n # keel.sh/trigger: poll\n\n # -- The update strategy to apply to the Deployment or DaemonSet\n ##\n updateStrategy: {}\n # rollingUpdate:\n # maxUnavailable: 1\n # type: RollingUpdate\n\n # -- Specifies the number of seconds you want to wait for the controller deployment to progress before the system reports back that it has failed.\n # Ref.: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#progress-deadline-seconds\n progressDeadlineSeconds: 0\n # -- `minReadySeconds` to avoid killing pods before we are ready\n ##\n minReadySeconds: 0\n # -- Node tolerations for server scheduling to nodes with taints\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n ##\n tolerations: []\n # - key: \"key\"\n # operator: \"Equal|Exists\"\n # value: \"value\"\n # effect: \"NoSchedule|PreferNoSchedule|NoExecute(1.6 only)\"\n\n # -- Affinity and anti-affinity rules for server scheduling to nodes\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n ##\n affinity: {}\n # # An example of preferred pod anti-affinity, weight is in the range 1-100\n # podAntiAffinity:\n # preferredDuringSchedulingIgnoredDuringExecution:\n # - weight: 100\n # podAffinityTerm:\n # labelSelector:\n # matchExpressions:\n # - key: app.kubernetes.io/name\n # operator: In\n # values:\n # - '{{ include \"ingress-nginx.name\" . }}'\n # - key: app.kubernetes.io/instance\n # operator: In\n # values:\n # - '{{ .Release.Name }}'\n # - key: app.kubernetes.io/component\n # operator: In\n # values:\n # - controller\n # topologyKey: kubernetes.io/hostname\n\n # # An example of required pod anti-affinity\n # podAntiAffinity:\n # requiredDuringSchedulingIgnoredDuringExecution:\n # - labelSelector:\n # matchExpressions:\n # - key: app.kubernetes.io/name\n # operator: In\n # values:\n # - '{{ include \"ingress-nginx.name\" . }}'\n # - key: app.kubernetes.io/instance\n # operator: In\n # values:\n # - '{{ .Release.Name }}'\n # - key: app.kubernetes.io/component\n # operator: In\n # values:\n # - controller\n # topologyKey: kubernetes.io/hostname\n\n # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.\n ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n ##\n topologySpreadConstraints: []\n # - labelSelector:\n # matchLabels:\n # app.kubernetes.io/name: '{{ include \"ingress-nginx.name\" . }}'\n # app.kubernetes.io/instance: '{{ .Release.Name }}'\n # app.kubernetes.io/component: controller\n # matchLabelKeys:\n # - pod-template-hash\n # topologyKey: topology.kubernetes.io/zone\n # maxSkew: 1\n # whenUnsatisfiable: ScheduleAnyway\n # - labelSelector:\n # matchLabels:\n # app.kubernetes.io/name: '{{ include \"ingress-nginx.name\" . }}'\n # app.kubernetes.io/instance: '{{ .Release.Name }}'\n # app.kubernetes.io/component: controller\n # matchLabelKeys:\n # - pod-template-hash\n # topologyKey: kubernetes.io/hostname\n # maxSkew: 1\n # whenUnsatisfiable: ScheduleAnyway\n\n # -- `terminationGracePeriodSeconds` to avoid killing pods before we are ready\n ## wait up to five minutes for the drain of connections\n ##\n terminationGracePeriodSeconds: 300\n # -- Node labels for controller pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/\n ##\n nodeSelector:\n kubernetes.io/os: linux\n ## Liveness and readiness probe values\n ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes\n ##\n ## startupProbe:\n ## httpGet:\n ## # should match container.healthCheckPath\n ## path: \"/healthz\"\n ## port: 10254\n ## scheme: HTTP\n ## initialDelaySeconds: 5\n ## periodSeconds: 5\n ## timeoutSeconds: 2\n ## successThreshold: 1\n ## failureThreshold: 5\n livenessProbe:\n httpGet:\n # should match container.healthCheckPath\n path: \"/healthz\"\n port: 10254\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 10\n timeoutSeconds: 1\n successThreshold: 1\n failureThreshold: 5\n readinessProbe:\n httpGet:\n # should match container.healthCheckPath\n path: \"/healthz\"\n port: 10254\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 10\n timeoutSeconds: 1\n successThreshold: 1\n failureThreshold: 3\n # -- Path of the health check endpoint. All requests received on the port defined by\n # the healthz-port parameter are forwarded internally to this path.\n healthCheckPath: \"/healthz\"\n # -- Address to bind the health check endpoint.\n # It is better to set this option to the internal node address\n # if the Ingress-Nginx Controller is running in the `hostNetwork: true` mode.\n healthCheckHost: \"\"\n # -- Annotations to be added to controller pods\n ##\n podAnnotations: {}\n replicaCount: 1\n # -- Minimum available pods set in PodDisruptionBudget.\n # Define either 'minAvailable' or 'maxUnavailable', never both.\n minAvailable: 1\n # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored.\n # maxUnavailable: 1\n # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget.\n # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/\n unhealthyPodEvictionPolicy: \"\"\n ## Define requests resources to avoid probe issues due to CPU utilization in busy nodes\n ## ref: https://github.com/kubernetes/ingress-nginx/issues/4735#issuecomment-551204903\n ## Ideally, there should be no limits.\n ## https://engineering.indeedblog.com/blog/2019/12/cpu-throttling-regression-fix/\n resources:\n ## limits:\n ## cpu: 100m\n ## memory: 90Mi\n requests:\n cpu: 100m\n memory: 90Mi\n # Mutually exclusive with keda autoscaling\n autoscaling:\n enabled: false\n annotations: {}\n minReplicas: 1\n maxReplicas: 11\n targetCPUUtilizationPercentage: 50\n targetMemoryUtilizationPercentage: 50\n behavior: {}\n # scaleDown:\n # stabilizationWindowSeconds: 300\n # policies:\n # - type: Pods\n # value: 1\n # periodSeconds: 180\n # scaleUp:\n # stabilizationWindowSeconds: 300\n # policies:\n # - type: Pods\n # value: 2\n # periodSeconds: 60\n autoscalingTemplate: []\n # Custom or additional autoscaling metrics\n # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics\n # - type: Pods\n # pods:\n # metric:\n # name: nginx_ingress_controller_nginx_process_requests_total\n # target:\n # type: AverageValue\n # averageValue: 10000m\n\n # Mutually exclusive with hpa autoscaling\n keda:\n apiVersion: \"keda.sh/v1alpha1\"\n ## apiVersion changes with keda 1.x vs 2.x\n ## 2.x = keda.sh/v1alpha1\n ## 1.x = keda.k8s.io/v1alpha1\n enabled: false\n minReplicas: 1\n maxReplicas: 11\n pollingInterval: 30\n cooldownPeriod: 300\n # fallback:\n # failureThreshold: 3\n # replicas: 11\n restoreToOriginalReplicaCount: false\n scaledObject:\n annotations: {}\n # Custom annotations for ScaledObject resource\n # annotations:\n # key: value\n triggers: []\n # - type: prometheus\n # metadata:\n # serverAddress: http://\u003cprometheus-host\u003e:9090\n # metricName: http_requests_total\n # threshold: '100'\n # query: sum(rate(http_requests_total{deployment=\"my-deployment\"}[2m]))\n\n behavior: {}\n # scaleDown:\n # stabilizationWindowSeconds: 300\n # policies:\n # - type: Pods\n # value: 1\n # periodSeconds: 180\n # scaleUp:\n # stabilizationWindowSeconds: 300\n # policies:\n # - type: Pods\n # value: 2\n # periodSeconds: 60\n # -- Enable mimalloc as a drop-in replacement for malloc.\n ## ref: https://github.com/microsoft/mimalloc\n ##\n enableMimalloc: true\n ## Override NGINX template\n customTemplate:\n configMapName: \"\"\n configMapKey: \"\"\n service:\n # -- Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service.\n enabled: true\n external:\n # -- Enable the external controller service or not. Useful for internal-only deployments.\n enabled: true\n # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service.\n annotations: {}\n # -- Labels to be added to both controller services.\n labels: {}\n # -- Type of the external controller service.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n type: LoadBalancer\n # -- Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services.\n # This value is immutable. Set once, it can not be changed without deleting and re-creating the service.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address\n clusterIP: \"\"\n # -- List of node IP addresses at which the external controller service is available.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips\n externalIPs: []\n # -- Deprecated: Pre-defined IP address of the external controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n loadBalancerIP: \"\"\n # -- Restrict access to the external controller service. Values must be CIDRs. Allows any source address by default.\n loadBalancerSourceRanges: []\n # -- Load balancer class of the external controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class\n loadBalancerClass: \"\"\n # -- Enable node port allocation for the external controller service or not. Applies to type `LoadBalancer` only.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation\n # allocateLoadBalancerNodePorts: true\n\n # -- External traffic policy of the external controller service. Set to \"Local\" to preserve source IP on providers supporting it.\n # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip\n externalTrafficPolicy: \"\"\n # -- Session affinity of the external controller service. Must be either \"None\" or \"ClientIP\" if set. Defaults to \"None\".\n # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity\n sessionAffinity: \"\"\n # -- Specifies the health check node port (numeric port number) for the external controller service.\n # If not specified, the service controller allocates a port from your cluster's node port range.\n # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip\n # healthCheckNodePort: 0\n\n # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack.\n # Fields `ipFamilies` and `clusterIP` depend on the value of this field.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services\n ipFamilyPolicy: SingleStack\n # -- List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services\n ipFamilies:\n - IPv4\n # -- Enable the HTTP listener on both controller services or not.\n enableHttp: true\n # -- Enable the HTTPS listener on both controller services or not.\n enableHttps: true\n ports:\n # -- Port the external HTTP listener is published with.\n http: 80\n # -- Port the external HTTPS listener is published with.\n https: 443\n targetPorts:\n # -- Port of the ingress controller the external HTTP listener is mapped to.\n http: http\n # -- Port of the ingress controller the external HTTPS listener is mapped to.\n https: https\n # -- Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol\n appProtocol: true\n nodePorts:\n # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.\n http: \"\"\n # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.\n https: \"\"\n # -- Node port mapping for external TCP listeners. If left empty, the service controller allocates them from the configured node port range.\n # Example:\n # tcp:\n # 8080: 30080\n tcp: {}\n # -- Node port mapping for external UDP listeners. If left empty, the service controller allocates them from the configured node port range.\n # Example:\n # udp:\n # 53: 30053\n udp: {}\n internal:\n # -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this.\n enabled: false\n # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer\n annotations: {}\n # -- Type of the internal controller service.\n # Defaults to the value of `controller.service.type`.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n type: \"\"\n # -- Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services.\n # This value is immutable. Set once, it can not be changed without deleting and re-creating the service.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address\n clusterIP: \"\"\n # -- List of node IP addresses at which the internal controller service is available.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips\n externalIPs: []\n # -- Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n loadBalancerIP: \"\"\n # -- Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default.\n loadBalancerSourceRanges: []\n # -- Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class\n loadBalancerClass: \"\"\n # -- Enable node port allocation for the internal controller service or not. Applies to type `LoadBalancer` only.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation\n # allocateLoadBalancerNodePorts: true\n\n # -- External traffic policy of the internal controller service. Set to \"Local\" to preserve source IP on providers supporting it.\n # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip\n externalTrafficPolicy: \"\"\n # -- Session affinity of the internal controller service. Must be either \"None\" or \"ClientIP\" if set. Defaults to \"None\".\n # Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity\n sessionAffinity: \"\"\n # -- Specifies the health check node port (numeric port number) for the internal controller service.\n # If not specified, the service controller allocates a port from your cluster's node port range.\n # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip\n # healthCheckNodePort: 0\n\n # -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack.\n # Fields `ipFamilies` and `clusterIP` depend on the value of this field.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services\n ipFamilyPolicy: SingleStack\n # -- List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services\n ipFamilies:\n - IPv4\n ports: {}\n # -- Port the internal HTTP listener is published with.\n # Defaults to the value of `controller.service.ports.http`.\n # http: 80\n # -- Port the internal HTTPS listener is published with.\n # Defaults to the value of `controller.service.ports.https`.\n # https: 443\n\n targetPorts: {}\n # -- Port of the ingress controller the internal HTTP listener is mapped to.\n # Defaults to the value of `controller.service.targetPorts.http`.\n # http: http\n # -- Port of the ingress controller the internal HTTPS listener is mapped to.\n # Defaults to the value of `controller.service.targetPorts.https`.\n # https: https\n\n # -- Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol\n appProtocol: true\n nodePorts:\n # -- Node port allocated for the internal HTTP listener. If left empty, the service controller allocates one from the configured node port range.\n http: \"\"\n # -- Node port allocated for the internal HTTPS listener. If left empty, the service controller allocates one from the configured node port range.\n https: \"\"\n # -- Node port mapping for internal TCP listeners. If left empty, the service controller allocates them from the configured node port range.\n # Example:\n # tcp:\n # 8080: 30080\n tcp: {}\n # -- Node port mapping for internal UDP listeners. If left empty, the service controller allocates them from the configured node port range.\n # Example:\n # udp:\n # 53: 30053\n udp: {}\n # shareProcessNamespace enables process namespace sharing within the pod.\n # This can be used for example to signal log rotation using `kill -USR1` from a sidecar.\n shareProcessNamespace: false\n # -- Additional containers to be added to the controller pod.\n # See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.\n extraContainers: []\n # - name: my-sidecar\n # image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/nginx:release-1.28.0\n # - name: lemonldap-ng-controller\n # image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/lemonldap-ng-controller:0.2.0\n # args:\n # - /lemonldap-ng-controller\n # - --alsologtostderr\n # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration\n # env:\n # - name: POD_NAME\n # valueFrom:\n # fieldRef:\n # fieldPath: metadata.name\n # - name: POD_NAMESPACE\n # valueFrom:\n # fieldRef:\n # fieldPath: metadata.namespace\n # volumeMounts:\n # - name: copy-portal-skins\n # mountPath: /srv/var/lib/lemonldap-ng/portal/skins\n\n # -- Additional volumeMounts to the controller main container.\n extraVolumeMounts: []\n # - name: copy-portal-skins\n # mountPath: /var/lib/lemonldap-ng/portal/skins\n\n # -- Additional volumes to the controller pod.\n extraVolumes: []\n # - name: copy-portal-skins\n # emptyDir: {}\n\n # -- Containers, which are run before the app containers are started.\n extraInitContainers: []\n # - name: init-myservice\n # image: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2/busybox:1.37.0\n # command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']\n\n # -- Modules, which are mounted into the core nginx image.\n extraModules: []\n # - name: mytestmodule\n # image:\n # # registry: registry.k8s.io\n # image: ingress-nginx/mytestmodule\n # ## for backwards compatibility consider setting the full image url via the repository value below\n # ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail\n # ## repository:\n # tag: \"v1.0.0\"\n # digest: \"\"\n # distroless: false\n # containerSecurityContext:\n # runAsNonRoot: true\n # runAsUser: \u003cuser-id\u003e\n # runAsGroup: \u003cgroup-id\u003e\n # allowPrivilegeEscalation: false\n # seccompProfile:\n # type: RuntimeDefault\n # capabilities:\n # drop:\n # - ALL\n # readOnlyRootFilesystem: true\n # resources: {}\n #\n # The image must contain a `/usr/local/bin/init_module.sh` executable, which\n # will be executed as initContainers, to move its config files within the\n # mounted volume.\n\n admissionWebhooks:\n name: admission\n annotations: {}\n # ignore-check.kube-linter.io/no-read-only-rootfs: \"This deployment needs write access to root filesystem\".\n\n ## Additional annotations to the admission webhooks.\n ## These annotations will be added to the ValidatingWebhookConfiguration and\n ## the Jobs Spec of the admission webhooks.\n enabled: true\n # -- Additional environment variables to set\n extraEnvs: []\n # extraEnvs:\n # - name: FOO\n # valueFrom:\n # secretKeyRef:\n # key: FOO\n # name: secret-resource\n # -- Admission Webhook failure policy to use\n failurePolicy: Fail\n # timeoutSeconds: 10\n port: 8443\n certificate: \"/usr/local/certificates/cert\"\n key: \"/usr/local/certificates/key\"\n namespaceSelector: {}\n objectSelector: {}\n # -- Labels to be added to admission webhooks\n labels: {}\n service:\n annotations: {}\n # clusterIP: \"\"\n externalIPs: []\n # loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n servicePort: 443\n type: ClusterIP \n # Use certmanager to generate webhook certs\n certManager:\n enabled: true\n # self-signed root certificate\n rootCert:\n # default to be 5y\n duration: \"\"\n admissionCert:\n # default to be 1y\n duration: \"78894h\"\n # issuerRef:\n # name: \"issuer\"\n # kind: \"ClusterIssuer\"\n metrics:\n port: 10254\n portName: metrics\n # if this port is changed, change healthz-port: in extraArgs: accordingly\n enabled: true\n service:\n # -- Enable the metrics service or not.\n enabled: true\n annotations: {}\n # prometheus.io/scrape: \"true\"\n # prometheus.io/port: \"10254\"\n # -- Labels to be added to the metrics service resource\n labels: {}\n # clusterIP: \"\"\n\n # -- List of IP addresses at which the stats-exporter service is available\n ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips\n ##\n externalIPs: []\n # loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n servicePort: 10254\n type: ClusterIP\n # externalTrafficPolicy: \"\"\n # nodePort: \"\"\n serviceMonitor:\n enabled: false\n additionalLabels: {}\n # -- Annotations to be added to the ServiceMonitor.\n annotations: {}\n ## The label to use to retrieve the job name from.\n ## jobLabel: \"app.kubernetes.io/name\"\n namespace: \"\"\n namespaceSelector: {}\n ## Default: scrape .Release.Namespace or namespaceOverride only\n ## To scrape all, use the following:\n ## namespaceSelector:\n ## any: true\n scrapeInterval: 30s\n # honorLabels: true\n targetLabels: []\n relabelings: []\n metricRelabelings: []\n prometheusRule:\n enabled: false\n additionalLabels: {}\n # -- Annotations to be added to the PrometheusRule.\n annotations: {}\n # namespace: \"\"\n rules: []\n # # These are just examples rules, please adapt them to your needs\n # - alert: NGINXConfigFailed\n # expr: count(nginx_ingress_controller_config_last_reload_successful == 0) \u003e 0\n # for: 1s\n # labels:\n # severity: critical\n # annotations:\n # description: bad ingress config - nginx config test failed\n # summary: uninstall the latest ingress changes to allow config reloads to resume\n # # By default a fake self-signed certificate is generated as default and\n # # it is fine if it expires. If `--default-ssl-certificate` flag is used\n # # and a valid certificate passed please do not filter for `host` label!\n # # (i.e. delete `{host!=\"_\"}` so also the default SSL certificate is\n # # checked for expiration)\n # - alert: NGINXCertificateExpiry\n # expr: (avg(nginx_ingress_controller_ssl_expire_time_seconds{host!=\"_\"}) by (host) - time()) \u003c 604800\n # for: 1s\n # labels:\n # severity: critical\n # annotations:\n # description: ssl certificate(s) will expire in less then a week\n # summary: renew expiring certificates to avoid downtime\n # - alert: NGINXTooMany500s\n # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~\"5.+\"} ) / sum(nginx_ingress_controller_requests) ) \u003e 5\n # for: 1m\n # labels:\n # severity: warning\n # annotations:\n # description: Too many 5XXs\n # summary: More than 5% of all requests returned 5XX, this requires your attention\n # - alert: NGINXTooMany400s\n # expr: 100 * ( sum( nginx_ingress_controller_requests{status=~\"4.+\"} ) / sum(nginx_ingress_controller_requests) ) \u003e 5\n # for: 1m\n # labels:\n # severity: warning\n # annotations:\n # description: Too many 4XXs\n # summary: More than 5% of all requests returned 4XX, this requires your attention\n # -- Improve connection draining when ingress controller pod is deleted using a lifecycle hook:\n # With this new hook, we increased the default terminationGracePeriodSeconds from 30 seconds\n # to 300, allowing the draining of connections up to five minutes.\n # If the active connections end before that, the pod will terminate gracefully at that time.\n # To effectively take advantage of this feature, the Configmap feature\n # worker-shutdown-timeout new value is 240s instead of 10s.\n ##\n lifecycle:\n preStop:\n exec:\n command:\n - /wait-shutdown\n priorityClassName: \"\"\n # -- Rollback limit\n ##\n revisionHistoryLimit: 10\n ## Default 404 backend\n ##\n defaultBackend:\n ##\n enabled: false\n name: defaultbackend\n image:\n image: defaultbackend-amd64\n ## for backwards compatibility consider setting the full image url via the repository value below\n ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail\n ## repository:\n tag: \"1.5\"\n pullPolicy: IfNotPresent\n runAsNonRoot: true\n # nobody user -\u003e uid 65534\n runAsUser: 65534\n runAsGroup: 65534\n allowPrivilegeEscalation: false\n seccompProfile:\n type: RuntimeDefault\n readOnlyRootFilesystem: true\n registry: us-docker.pkg.dev/palette-images/packs/nginx/1.12.2\n extraArgs: {}\n serviceAccount:\n create: true\n name: \"\"\n automountServiceAccountToken: true\n # -- Additional environment variables to set for defaultBackend pods\n extraEnvs: []\n port: 8080\n ## Readiness and liveness probes for default backend\n ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/\n ##\n livenessProbe:\n failureThreshold: 3\n initialDelaySeconds: 30\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 5\n readinessProbe:\n failureThreshold: 6\n initialDelaySeconds: 0\n periodSeconds: 5\n successThreshold: 1\n timeoutSeconds: 5\n # -- The update strategy to apply to the Deployment or DaemonSet\n ##\n updateStrategy: {}\n # rollingUpdate:\n # maxUnavailable: 1\n # type: RollingUpdate\n\n # -- `minReadySeconds` to avoid killing pods before we are ready\n ##\n minReadySeconds: 0\n # -- Node tolerations for server scheduling to nodes with taints\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n ##\n tolerations: []\n # - key: \"key\"\n # operator: \"Equal|Exists\"\n # value: \"value\"\n # effect: \"NoSchedule|PreferNoSchedule|NoExecute(1.6 only)\"\n\n # -- Affinity and anti-affinity rules for server scheduling to nodes\n ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity\n affinity: {}\n # # An example of preferred pod anti-affinity, weight is in the range 1-100\n # podAntiAffinity:\n # preferredDuringSchedulingIgnoredDuringExecution:\n # - weight: 100\n # podAffinityTerm:\n # labelSelector:\n # matchExpressions:\n # - key: app.kubernetes.io/name\n # operator: In\n # values:\n # - '{{ include \"ingress-nginx.name\" . }}'\n # - key: app.kubernetes.io/instance\n # operator: In\n # values:\n # - '{{ .Release.Name }}'\n # - key: app.kubernetes.io/component\n # operator: In\n # values:\n # - default-backend\n # topologyKey: kubernetes.io/hostname\n\n # # An example of required pod anti-affinity\n # podAntiAffinity:\n # requiredDuringSchedulingIgnoredDuringExecution:\n # - labelSelector:\n # matchExpressions:\n # - key: app.kubernetes.io/name\n # operator: In\n # values:\n # - '{{ include \"ingress-nginx.name\" . }}'\n # - key: app.kubernetes.io/instance\n # operator: In\n # values:\n # - '{{ .Release.Name }}'\n # - key: app.kubernetes.io/component\n # operator: In\n # values:\n # - default-backend\n # topologyKey: kubernetes.io/hostname\n\n # -- Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in.\n # Ref.: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n topologySpreadConstraints: []\n # - labelSelector:\n # matchLabels:\n # app.kubernetes.io/name: '{{ include \"ingress-nginx.name\" . }}'\n # app.kubernetes.io/instance: '{{ .Release.Name }}'\n # app.kubernetes.io/component: default-backend\n # matchLabelKeys:\n # - pod-template-hash\n # topologyKey: topology.kubernetes.io/zone\n # maxSkew: 1\n # whenUnsatisfiable: ScheduleAnyway\n # - labelSelector:\n # matchLabels:\n # app.kubernetes.io/name: '{{ include \"ingress-nginx.name\" . }}'\n # app.kubernetes.io/instance: '{{ .Release.Name }}'\n # app.kubernetes.io/component: default-backend\n # matchLabelKeys:\n # - pod-template-hash\n # topologyKey: kubernetes.io/hostname\n # maxSkew: 1\n # whenUnsatisfiable: ScheduleAnyway\n # -- Security context for default backend pods\n podSecurityContext: {}\n # -- Security context for default backend containers\n containerSecurityContext: {}\n # -- Labels to add to the pod container metadata\n podLabels: {}\n # key: value\n\n # -- Node labels for default backend pod assignment\n ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/\n ##\n nodeSelector:\n kubernetes.io/os: linux\n # -- Annotations to be added to default backend pods\n ##\n podAnnotations: {}\n replicaCount: 1\n # -- Minimum available pods set in PodDisruptionBudget.\n # Define either 'minAvailable' or 'maxUnavailable', never both.\n minAvailable: 1\n # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored.\n # maxUnavailable: 1\n # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget.\n # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/\n unhealthyPodEvictionPolicy: \"\"\n resources: {}\n # limits:\n # cpu: 10m\n # memory: 20Mi\n # requests:\n # cpu: 10m\n # memory: 20Mi\n\n extraVolumeMounts: []\n ## Additional volumeMounts to the default backend container.\n # - name: copy-portal-skins\n # mountPath: /var/lib/lemonldap-ng/portal/skins\n\n extraVolumes: []\n ## Additional volumes to the default backend pod.\n # - name: copy-portal-skins\n # emptyDir: {}\n\n extraConfigMaps: []\n ## Additional configmaps to the default backend pod.\n # - name: my-extra-configmap-1\n # labels:\n # type: config-1\n # data:\n # extra_file_1.html: |\n # \u003c!-- Extra HTML content for ConfigMap 1 --\u003e\n # - name: my-extra-configmap-2\n # labels:\n # type: config-2\n # data:\n # extra_file_2.html: |\n # \u003c!-- Extra HTML content for ConfigMap 2 --\u003e\n\n autoscaling:\n annotations: {}\n enabled: false\n minReplicas: 1\n maxReplicas: 2\n targetCPUUtilizationPercentage: 50\n targetMemoryUtilizationPercentage: 50\n # NetworkPolicy for default backend component.\n networkPolicy:\n # -- Enable 'networkPolicy' or not\n enabled: false\n service:\n annotations: {}\n # clusterIP: \"\"\n\n # -- List of IP addresses at which the default backend service is available\n ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips\n ##\n externalIPs: []\n # loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n servicePort: 80\n type: ClusterIP\n priorityClassName: \"\"\n # -- Labels to be added to the default backend resources\n labels: {}\n ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266\n rbac:\n create: true\n scope: false\n serviceAccount:\n create: true\n name: \"\"\n automountServiceAccountToken: true\n # -- Annotations for the controller service account\n annotations: {}\n # -- Optional array of imagePullSecrets containing private registry credentials\n ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n imagePullSecrets: []\n # - name: secretName\n\n # -- TCP service key-value pairs\n ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md\n ##\n tcp:\n 6443: \"nginx/nginx-ingress-nginx-controller:443\"\n # \"8080\": \"default/example-tcp-svc:9000\"\n\n # -- UDP service key-value pairs\n ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md\n ##\n udp: {}\n # \"53\": \"kube-system/kube-dns:53\"\n\n # -- Prefix for TCP and UDP ports names in ingress controller service\n ## Some cloud providers, like Yandex Cloud may have a requirements for a port name regex to support cloud load balancer integration\n portNamePrefix: \"\"\n # -- (string) A base64-encoded Diffie-Hellman parameter.\n # This can be generated with: `openssl dhparam 4096 2\u003e /dev/null | base64`\n ## Ref: https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/ssl-dh-param\n dhParam: \"\"","registry":{"metadata":{"uid":"64eaff453040297344bcad5d","name":"Palette Registry","kind":"oci","isPrivate":true,"providerType":"pack","isSyncSupported":true}}},{"name":"prometheus-operator","type":"oci","layer":"addon","version":"70.2.1","tag":"70.2.1","values":"# spectrocloud.com/enabled-presets: Email Alerts: disable-email-alert,Grafana - Ingress: grafana-ingress-disabled,Object Store: none-objectstore,Remote Monitoring: disable-remote-monitoring,Thanos Ruler Object Store: same-objectstore,Thanos SideCar: disable-thanos-sidecar\npack:\n content:\n images:\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/grafana:11.5.2\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/grafana-image-renderer:latest\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/k8s-sidecar:1.30.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/busybox:1.31.1\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/bats:v1.4.1\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/curl:8.9.1\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/prometheus-config-reloader:v0.81.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/prometheus-operator:v0.81.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/alertmanager:v0.28.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/node-exporter:v1.9.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/prometheus:v3.1.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/kube-state-metrics:v2.15.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/kube-rbac-proxy:v0.19.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/kube-webhook-certgen:v1.5.1\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/configmap-reload:v0.4.0\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/thanos:v0.37.2\n - image: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/admission-webhook:v0.81.0\n charts:\n - repo: https://prometheus-community.github.io/helm-charts\n name: kube-prometheus-stack\n version: 70.2.1\n #The namespace (on the target cluster) to install this chart\n\n #When not found, a new namespace will be created\n namespace: \"monitoring\"\n namespaceLabels:\n \"monitoring\": \"pod-security.kubernetes.io/enforce=privileged,pod-security.kubernetes.io/enforce-version=v{{ .spectro.system.kubernetes.version | substr 0 4 }}\"\n spectrocloud.com/install-priority: \"20\"\ncharts:\n kube-prometheus-stack:\n ## Provide a name in place of kube-prometheus-stack for `app:` labels\n\n ##\n nameOverride: \"\"\n ## Override the deployment namespace\n\n ##\n namespaceOverride: \"\"\n ## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.26.6\n\n ##\n kubeTargetVersionOverride: \"\"\n ## Allow kubeVersion to be overridden while creating the ingress\n\n ##\n kubeVersionOverride: \"\"\n ## Provide a name to substitute for the full names of resources\n\n ##\n fullnameOverride: \"prometheus-operator\"\n ## Labels to apply to all resources\n\n ##\n commonLabels: {}\n # scmhash: abc123\n\n # myLabel: aakkmd\n\n ## Install Prometheus Operator CRDs\n\n ##\n crds:\n enabled: true\n ## The CRD upgrade job mitigates the limitation of helm not being able to upgrade CRDs.\n\n ## The job will apply the CRDs to the cluster before the operator is deployed, using helm hooks.\n\n ## It deploy a corresponding clusterrole, clusterrolebinding and serviceaccount to apply the CRDs.\n\n ## This feature is in preview, off by default and may change in the future.\n upgradeJob:\n enabled: false\n image:\n busybox:\n registry: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1\n repository: busybox\n tag: \"1.31.1\"\n sha: \"\"\n pullPolicy: IfNotPresent\n kubectl:\n registry: registry.k8s.io\n repository: kubectl\n tag: \"\" # defaults to the Kubernetes version\n sha: \"\"\n pullPolicy: IfNotPresent\n env: {}\n ## Define resources requests and limits for single Pods.\n\n ## ref: https://kubernetes.io/docs/user-guide/compute-resources/\n\n ##\n resources: {}\n ## Additional volumes\n\n ##\n extraVolumes: []\n ## Additional volume mounts\n\n ##\n extraVolumeMounts: []\n ## Define which Nodes the Pods are scheduled on.\n\n ## ref: https://kubernetes.io/docs/user-guide/node-selection/\n\n ##\n nodeSelector: {}\n ## Assign custom affinity rules to the upgrade-crd job\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\n ##\n affinity: {}\n # nodeAffinity:\n\n # requiredDuringSchedulingIgnoredDuringExecution:\n\n # nodeSelectorTerms:\n\n # - matchExpressions:\n\n # - key: kubernetes.io/e2e-az-name\n\n # operator: In\n\n # values:\n\n # - e2e-az1\n\n # - e2e-az2\n\n ## If specified, the pod's tolerations.\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n\n ##\n tolerations: []\n # - key: \"key\"\n\n # operator: \"Equal\"\n\n # value: \"value\"\n\n # effect: \"NoSchedule\"\n\n ## If specified, the pod's topology spread constraints.\n\n ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n\n ##\n topologySpreadConstraints: []\n # - maxSkew: 1\n\n # topologyKey: topology.kubernetes.io/zone\n\n # whenUnsatisfiable: DoNotSchedule\n\n # labelSelector:\n\n # matchLabels:\n\n # app: alertmanager\n\n # ## Labels to add to the upgrade-crd job\n\n # ##\n labels: {}\n ## Annotations to add to the upgrade-crd job\n\n ##\n annotations: {}\n ## Labels to add to the upgrade-crd pod\n\n ##\n podLabels: {}\n ## Annotations to add to the upgrade-crd pod\n\n ##\n podAnnotations: {}\n ## Service account for upgrade crd job to use.\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n\n ##\n serviceAccount:\n create: true\n name: \"\"\n annotations: {}\n labels: {}\n automountServiceAccountToken: true\n ## Container-specific security context configuration\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n\n ##\n containerSecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n capabilities:\n drop:\n - ALL\n ## SecurityContext holds pod-level security attributes and common container settings.\n\n ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n\n ##\n securityContext:\n fsGroup: 65534\n runAsGroup: 65534\n runAsNonRoot: true\n runAsUser: 65534\n seccompProfile:\n type: RuntimeDefault\n ## custom Rules to override \"for\" and \"severity\" in defaultRules\n\n ##\n customRules: {}\n # AlertmanagerFailedReload:\n\n # for: 3m\n\n # AlertmanagerMembersInconsistent:\n\n # for: 5m\n\n # severity: \"warning\"\n\n ## Create default rules for monitoring the cluster\n\n ##\n defaultRules:\n create: true\n rules:\n alertmanager: true\n etcd: true\n configReloaders: true\n general: true\n k8sContainerCpuUsageSecondsTotal: true\n k8sContainerMemoryCache: true\n k8sContainerMemoryRss: true\n k8sContainerMemorySwap: true\n k8sContainerResource: true\n k8sContainerMemoryWorkingSetBytes: true\n k8sPodOwner: true\n kubeApiserverAvailability: true\n kubeApiserverBurnrate: true\n kubeApiserverHistogram: true\n kubeApiserverSlos: true\n kubeControllerManager: true\n kubelet: true\n kubeProxy: true\n kubePrometheusGeneral: true\n kubePrometheusNodeRecording: true\n kubernetesApps: true\n kubernetesResources: true\n kubernetesStorage: true\n kubernetesSystem: true\n kubeSchedulerAlerting: true\n kubeSchedulerRecording: true\n kubeStateMetrics: true\n network: true\n node: true\n nodeExporterAlerting: true\n nodeExporterRecording: true\n prometheus: true\n prometheusOperator: true\n windows: true\n time: true\n genericNetworkAlerts: true\n genericNodeAlerts: true\n nginxAlerts: true\n ## Reduce app namespace alert scope\n\n appNamespacesTarget: \".*\"\n ## Set keep_firing_for for all alerts\n\n keepFiringFor: \"\"\n ## Labels for default rules\n\n labels: {}\n ## Annotations for default rules\n\n annotations: {}\n ## Additional labels for PrometheusRule alerts\n\n additionalRuleLabels: {}\n ## Additional annotations for PrometheusRule alerts\n\n additionalRuleAnnotations: {}\n ## Additional labels for specific PrometheusRule alert groups\n\n additionalRuleGroupLabels:\n alertmanager: {}\n etcd: {}\n configReloaders: {}\n general: {}\n k8sContainerCpuUsageSecondsTotal: {}\n k8sContainerMemoryCache: {}\n k8sContainerMemoryRss: {}\n k8sContainerMemorySwap: {}\n k8sContainerResource: {}\n k8sPodOwner: {}\n kubeApiserverAvailability: {}\n kubeApiserverBurnrate: {}\n kubeApiserverHistogram: {}\n kubeApiserverSlos: {}\n kubeControllerManager: {}\n kubelet: {}\n kubeProxy: {}\n kubePrometheusGeneral: {}\n kubePrometheusNodeRecording: {}\n kubernetesApps: {}\n kubernetesResources: {}\n kubernetesStorage: {}\n kubernetesSystem: {}\n kubeSchedulerAlerting: {}\n kubeSchedulerRecording: {}\n kubeStateMetrics: {}\n network: {}\n node: {}\n nodeExporterAlerting: {}\n nodeExporterRecording: {}\n prometheus: {}\n prometheusOperator: {}\n k8s: {}\n ## Additional annotations for specific PrometheusRule alerts groups\n\n additionalRuleGroupAnnotations:\n alertmanager: {}\n etcd: {}\n configReloaders: {}\n general: {}\n k8sContainerCpuUsageSecondsTotal: {}\n k8sContainerMemoryCache: {}\n k8sContainerMemoryRss: {}\n k8sContainerMemorySwap: {}\n k8sContainerResource: {}\n k8sPodOwner: {}\n kubeApiserverAvailability: {}\n kubeApiserverBurnrate: {}\n kubeApiserverHistogram: {}\n kubeApiserverSlos: {}\n kubeControllerManager: {}\n kubelet: {}\n kubeProxy: {}\n kubePrometheusGeneral: {}\n kubePrometheusNodeRecording: {}\n kubernetesApps: {}\n kubernetesResources: {}\n kubernetesStorage: {}\n kubernetesSystem: {}\n kubeSchedulerAlerting: {}\n kubeSchedulerRecording: {}\n kubeStateMetrics: {}\n network: {}\n node: {}\n nodeExporterAlerting: {}\n nodeExporterRecording: {}\n prometheus: {}\n prometheusOperator: {}\n k8s: {}\n additionalAggregationLabels: []\n ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules.\n\n runbookUrl: \"https://runbooks.prometheus-operator.dev/runbooks\"\n node:\n fsSelector: 'fstype!=\"\"'\n # fsSelector: 'fstype=~\"ext[234]|btrfs|xfs|zfs\"'\n ## Disabled PrometheusRule alerts\n disabled: {}\n # KubeAPIDown: true\n # NodeRAIDDegraded: true\n\n ## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster.\n\n ##\n\n # additionalPrometheusRules: []\n\n # - name: my-rule-file\n\n # groups:\n\n # - name: my_group\n\n # rules:\n\n # - record: my_record\n\n # expr: 100 * my_record\n\n ## Provide custom recording or alerting rules to be deployed into the cluster.\n\n ##\n additionalPrometheusRulesMap: {}\n # rule-name:\n\n # groups:\n\n # - name: my_group\n\n # rules:\n\n # - record: my_record\n\n # expr: 100 * my_record\n\n ##\n global:\n rbac:\n create: true\n ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs\n\n ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles\n createAggregateClusterRoles: false\n pspEnabled: true\n pspAnnotations: {}\n ## Specify pod annotations\n ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor\n\n ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp\n\n ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl\n\n ##\n\n # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'\n\n # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'\n\n # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'\n\n ## Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...)\n\n ##\n imageRegistry: \"\"\n ## Reference to one or more secrets to be used when pulling images\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/\n\n ##\n imagePullSecrets: []\n # - name: \"image-pull-secret\"\n # or\n\n # - \"image-pull-secret\"\n windowsMonitoring:\n ## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter')\n enabled: false\n ## Configuration for prometheus-windows-exporter\n\n ## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter\n\n ##\n prometheus-windows-exporter:\n ## Enable ServiceMonitor and set Kubernetes label to use as a job label\n\n ##\n prometheus:\n monitor:\n enabled: true\n jobLabel: jobLabel\n releaseLabel: true\n ## Set job label to 'windows-exporter' as required by the default Prometheus rules and Grafana dashboards\n\n ##\n podLabels:\n jobLabel: windows-exporter\n ## Enable memory and container metrics as required by the default Prometheus rules and Grafana dashboards\n\n ##\n config: |-\n collectors:\n enabled: '[defaults],memory,container'\n ## Configuration for alertmanager\n\n ## ref: https://prometheus.io/docs/alerting/alertmanager/\n\n ##\n alertmanager:\n ## Deploy alertmanager\n\n ##\n enabled: true\n ## Annotations for Alertmanager\n\n ##\n annotations: {}\n ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2\n\n ##\n apiVersion: v2\n ## @param alertmanager.enableFeatures Enable access to Alertmanager disabled features.\n\n ##\n enableFeatures: []\n ## Create dashboard configmap even if alertmanager deployment has been disabled\n\n ##\n forceDeployDashboards: false\n ## Service account for Alertmanager to use.\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n\n ##\n serviceAccount:\n create: true\n name: \"\"\n annotations: {}\n automountServiceAccountToken: true\n ## Configure pod disruption budgets for Alertmanager\n\n ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget\n\n ##\n podDisruptionBudget:\n enabled: false\n minAvailable: 1\n maxUnavailable: \"\"\n ## Alertmanager configuration directives\n\n ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file\n\n ## https://prometheus.io/webtools/alerting/routing-tree-editor/\n\n ##\n config:\n global:\n resolve_timeout: 5m\n inhibit_rules:\n - source_matchers:\n - 'severity = critical'\n target_matchers:\n - 'severity =~ warning|info'\n equal:\n - 'namespace'\n - 'alertname'\n - source_matchers:\n - 'severity = warning'\n target_matchers:\n - 'severity = info'\n equal:\n - 'namespace'\n - 'alertname'\n - source_matchers:\n - 'alertname = InfoInhibitor'\n target_matchers:\n - 'severity = info'\n equal:\n - 'namespace'\n - target_matchers:\n - 'alertname = InfoInhibitor'\n route:\n group_by: ['namespace']\n group_wait: 30s\n group_interval: 5m\n repeat_interval: 12h\n receiver: 'null'\n routes:\n - receiver: 'null'\n matchers:\n - alertname =~ \"InfoInhibitor|Watchdog\"\n receivers:\n - name: 'null'\n templates:\n - '/etc/alertmanager/config/*.tmpl'\n ## Alertmanager configuration directives (as string type, preferred over the config hash map)\n\n ## stringConfig will be used only, if tplConfig is true\n\n ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file\n\n ## https://prometheus.io/webtools/alerting/routing-tree-editor/\n\n ##\n stringConfig: \"\"\n ## Pass the Alertmanager configuration directives through Helm's templating\n\n ## engine. If the Alertmanager configuration contains Alertmanager templates,\n\n ## they'll need to be properly escaped so that they are not interpreted by\n\n ## Helm\n\n ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function\n\n ## https://prometheus.io/docs/alerting/configuration/#tmpl_string\n\n ## https://prometheus.io/docs/alerting/notifications/\n\n ## https://prometheus.io/docs/alerting/notification_examples/\n tplConfig: false\n ## Alertmanager template files to format alerts\n\n ## By default, templateFiles are placed in /etc/alertmanager/config/ and if\n\n ## they have a .tmpl file suffix will be loaded. See config.templates above\n\n ## to change, add other suffixes. If adding other suffixes, be sure to update\n\n ## config.templates above to include those suffixes.\n\n ## ref: https://prometheus.io/docs/alerting/notifications/\n\n ## https://prometheus.io/docs/alerting/notification_examples/\n\n ##\n templateFiles: {}\n #\n\n ## An example template:\n\n # template_1.tmpl: |-\n\n # {{ define \"cluster\" }}{{ .ExternalURL | reReplaceAll \".*alertmanager\\\\.(.*)\" \"$1\" }}{{ end }}\n\n #\n\n # {{ define \"slack.myorg.text\" }}\n\n # {{- $root := . -}}\n\n # {{ range .Alerts }}\n\n # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`\n\n # *Cluster:* {{ template \"cluster\" $root }}\n\n # *Description:* {{ .Annotations.description }}\n\n # *Graph:* \u003c{{ .GeneratorURL }}|:chart_with_upwards_trend:\u003e\n\n # *Runbook:* \u003c{{ .Annotations.runbook }}|:spiral_note_pad:\u003e\n\n # *Details:*\n\n # {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}`\n\n # {{ end }}\n\n # {{ end }}\n\n # {{ end }}\n ingress:\n enabled: false\n # For Kubernetes \u003e= 1.18 you should specify the ingress-controller via the field ingressClassName\n\n # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress\n\n # ingressClassName: nginx\n annotations: {}\n labels: {}\n ## Override ingress to a different defined port on the service\n\n # servicePort: 8081\n\n ## Override ingress to a different service then the default, this is useful if you need to\n\n ## point to a specific instance of the alertmanager (eg kube-prometheus-stack-alertmanager-0)\n\n # serviceName: kube-prometheus-stack-alertmanager-0\n\n ## Hosts must be provided if Ingress is enabled.\n\n ##\n hosts: []\n # - alertmanager.domain.com\n\n ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix\n\n ##\n paths: []\n # - /\n\n ## For Kubernetes \u003e= 1.18 you should specify the pathType (determines how Ingress paths should be matched)\n\n ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types\n\n # pathType: ImplementationSpecific\n\n ## TLS configuration for Alertmanager Ingress\n\n ## Secret must be manually created in the namespace\n\n ##\n tls: []\n # - secretName: alertmanager-general-tls\n # hosts:\n\n # - alertmanager.example.com\n\n # -- BETA: Configure the gateway routes for the chart here.\n\n # More routes can be added by adding a dictionary key like the 'main' route.\n\n # Be aware that this is an early beta of this feature,\n\n # kube-prometheus-stack does not guarantee this works and is subject to change.\n\n # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk\n\n # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)\n route:\n main:\n # -- Enables or disables the route\n enabled: false\n # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2\n\n apiVersion: gateway.networking.k8s.io/v1\n # -- Set the route kind\n\n # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute\n kind: HTTPRoute\n annotations: {}\n labels: {}\n hostnames: []\n # - my-filter.example.com\n\n parentRefs: []\n # - name: acme-gw\n\n matches:\n - path:\n type: PathPrefix\n value: /\n ## Filters define the filters that are applied to requests that match this rule.\n\n filters: []\n ## Additional custom rules that can be added to the route\n\n additionalRules: []\n ## Configuration for Alertmanager secret\n\n ##\n secret:\n annotations: {}\n ## Configuration for creating an Ingress that will map to each Alertmanager replica service\n\n ## alertmanager.servicePerReplica must be enabled\n\n ##\n ingressPerReplica:\n enabled: false\n # For Kubernetes \u003e= 1.18 you should specify the ingress-controller via the field ingressClassName\n\n # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress\n\n # ingressClassName: nginx\n annotations: {}\n labels: {}\n ## Final form of the hostname for each per replica ingress is\n\n ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}\n\n ##\n\n ## Prefix for the per replica ingress that will have `-$replicaNumber`\n\n ## appended to the end\n hostPrefix: \"\"\n ## Domain that will be used for the per replica ingress\n\n hostDomain: \"\"\n ## Paths to use for ingress rules\n\n ##\n paths: []\n # - /\n\n ## For Kubernetes \u003e= 1.18 you should specify the pathType (determines how Ingress paths should be matched)\n\n ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types\n\n # pathType: ImplementationSpecific\n\n ## Secret name containing the TLS certificate for alertmanager per replica ingress\n\n ## Secret must be manually created in the namespace\n tlsSecretName: \"\"\n ## Separated secret for each per replica Ingress. Can be used together with cert-manager\n\n ##\n tlsSecretPerReplica:\n enabled: false\n ## Final form of the secret for each per replica ingress is\n\n ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}\n\n ##\n prefix: \"alertmanager\"\n ## Configuration for Alertmanager service\n\n ##\n service:\n annotations: {}\n labels: {}\n clusterIP: \"\"\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n ## Port for Alertmanager Service to listen on\n\n ##\n port: 9093\n ## To be used with a proxy extraContainer port\n\n ##\n targetPort: 9093\n ## Port to expose on each node\n\n ## Only used if service.type is 'NodePort'\n\n ##\n nodePort: 30903\n ## List of IP addresses at which the Prometheus server service is available\n\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n\n ##\n\n ## Additional ports to open for Alertmanager service\n\n ##\n additionalPorts: []\n # - name: oauth-proxy\n\n # port: 8081\n\n # targetPort: 8081\n\n # - name: oauth-metrics\n\n # port: 8082\n\n # targetPort: 8082\n externalIPs: []\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## If you want to make sure that connections from a particular client are passed to the same Pod each time\n\n ## Accepts 'ClientIP' or 'None'\n\n ##\n sessionAffinity: None\n ## If you want to modify the ClientIP sessionAffinity timeout\n\n ## The value must be \u003e0 \u0026\u0026 \u003c=86400(for 1 day) if ServiceAffinity == \"ClientIP\"\n\n ##\n sessionAffinityConfig:\n clientIP:\n timeoutSeconds: 10800\n ## Service type\n\n ##\n type: ClusterIP\n ## Configuration for creating a separate Service for each statefulset Alertmanager replica\n\n ##\n servicePerReplica:\n enabled: false\n annotations: {}\n ## Port for Alertmanager Service per replica to listen on\n\n ##\n port: 9093\n ## To be used with a proxy extraContainer port\n\n targetPort: 9093\n ## Port to expose on each node\n\n ## Only used if servicePerReplica.type is 'NodePort'\n\n ##\n nodePort: 30904\n ## Loadbalancer source IP ranges\n\n ## Only used if servicePerReplica.type is \"LoadBalancer\"\n loadBalancerSourceRanges: []\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ##\n type: ClusterIP\n ## Configuration for creating a ServiceMonitor for AlertManager\n\n ##\n serviceMonitor:\n ## If true, a ServiceMonitor will be created for the AlertManager service.\n\n ##\n selfMonitor: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## Additional labels\n\n ##\n additionalLabels: {}\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.\n\n scheme: \"\"\n ## enableHttp2: Whether to enable HTTP2.\n\n ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#endpoint\n enableHttp2: true\n ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.\n\n ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig\n tlsConfig: {}\n bearerTokenFile:\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings: []\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional Endpoints\n\n ##\n additionalEndpoints: []\n # - port: oauth-metrics\n # path: /metrics\n\n ## Settings affecting alertmanagerSpec\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerspec\n\n ##\n alertmanagerSpec:\n ## Statefulset's persistent volume claim retention policy\n\n ## whenDeleted and whenScaled determine whether\n\n ## statefulset's PVCs are deleted (true) or retained (false)\n\n ## on scaling down and deleting statefulset, respectively.\n\n ## Requires Kubernetes version 1.27.0+.\n\n ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention\n persistentVolumeClaimRetentionPolicy: {}\n # whenDeleted: Retain\n\n # whenScaled: Retain\n\n ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata\n\n ## Metadata Labels and Annotations gets propagated to the Alertmanager pods.\n\n ##\n podMetadata: {}\n ## Image of Alertmanager\n\n ##\n image:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/alertmanager\n tag: v0.28.0\n sha: \"\"\n ## If true then the user will be responsible to provide a secret with alertmanager configuration\n\n ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used\n\n ##\n useExistingSecret: false\n ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the\n\n ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.\n\n ##\n secrets: []\n ## If false then the user will opt out of automounting API credentials.\n\n ##\n automountServiceAccountToken: true\n ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.\n\n ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.\n\n ##\n configMaps: []\n ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for\n\n ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config.\n\n ##\n\n # configSecret:\n\n ## WebTLSConfig defines the TLS parameters for HTTPS\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerwebspec\n web: {}\n ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with.\n\n ##\n alertmanagerConfigSelector: {}\n ## Example which selects all alertmanagerConfig resources\n\n ## with label \"alertconfig\" with values any of \"example-config\" or \"example-config-2\"\n\n # alertmanagerConfigSelector:\n\n # matchExpressions:\n\n # - key: alertconfig\n\n # operator: In\n\n # values:\n\n # - example-config\n\n # - example-config-2\n\n #\n\n ## Example which selects all alertmanagerConfig resources with label \"role\" set to \"example-config\"\n\n # alertmanagerConfigSelector:\n\n # matchLabels:\n\n # role: example-config\n\n ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.\n\n ##\n alertmanagerConfigNamespaceSelector: {}\n ## Example which selects all namespaces\n\n ## with label \"alertmanagerconfig\" with values any of \"example-namespace\" or \"example-namespace-2\"\n\n # alertmanagerConfigNamespaceSelector:\n\n # matchExpressions:\n\n # - key: alertmanagerconfig\n\n # operator: In\n\n # values:\n\n # - example-namespace\n\n # - example-namespace-2\n\n ## Example which selects all namespaces with label \"alertmanagerconfig\" set to \"enabled\"\n\n # alertmanagerConfigNamespaceSelector:\n\n # matchLabels:\n\n # alertmanagerconfig: enabled\n\n ## AlermanagerConfig to be used as top level configuration\n\n ##\n alertmanagerConfiguration: {}\n ## Example with select a global alertmanagerconfig\n\n # alertmanagerConfiguration:\n\n # name: global-alertmanager-Configuration\n\n ## Defines the strategy used by AlertmanagerConfig objects to match alerts. eg:\n\n ##\n alertmanagerConfigMatcherStrategy: {}\n ## Example with use OnNamespace strategy\n\n # alertmanagerConfigMatcherStrategy:\n\n # type: OnNamespace\n\n ## Define Log Format\n\n # Use logfmt (default) or json logging\n logFormat: logfmt\n ## Log level for Alertmanager to be configured with.\n\n ##\n logLevel: info\n ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the\n\n ## running cluster equal to the expected size.\n replicas: 1\n ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression\n\n ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).\n\n ##\n retention: 120h\n ## Storage is the definition of how storage will be used by the Alertmanager instances.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md\n\n ##\n storage: {}\n # volumeClaimTemplate:\n\n # spec:\n\n # storageClassName: gluster\n\n # accessModes: [\"ReadWriteOnce\"]\n\n # resources:\n\n # requests:\n\n # storage: 50Gi\n\n # selector: {}\n\n ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false\n\n ##\n externalUrl:\n ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,\n\n ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.\n\n ##\n routePrefix: /\n ## scheme: HTTP scheme to use. Can be used with `tlsConfig` for example if using istio mTLS.\n\n scheme: \"\"\n ## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS.\n\n ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig\n tlsConfig: {}\n ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.\n\n ##\n paused: false\n ## Define which Nodes the Pods are scheduled on.\n\n ## ref: https://kubernetes.io/docs/user-guide/node-selection/\n\n ##\n nodeSelector: {}\n ## Define resources requests and limits for single Pods.\n\n ## ref: https://kubernetes.io/docs/user-guide/compute-resources/\n\n ##\n resources: {}\n # requests:\n\n # memory: 400Mi\n\n ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.\n\n ## The default value \"soft\" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.\n\n ## The value \"hard\" means that the scheduler is *required* to not schedule two replica pods onto the same node.\n\n ## The value \"\" will disable pod anti-affinity so that no anti-affinity rules will be configured.\n\n ##\n podAntiAffinity: \"soft\"\n ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.\n\n ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone\n\n ##\n podAntiAffinityTopologyKey: kubernetes.io/hostname\n ## Assign custom affinity rules to the alertmanager instance\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\n ##\n affinity: {}\n # nodeAffinity:\n\n # requiredDuringSchedulingIgnoredDuringExecution:\n\n # nodeSelectorTerms:\n\n # - matchExpressions:\n\n # - key: kubernetes.io/e2e-az-name\n\n # operator: In\n\n # values:\n\n # - e2e-az1\n\n # - e2e-az2\n\n ## If specified, the pod's tolerations.\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n\n ##\n tolerations: []\n # - key: \"key\"\n\n # operator: \"Equal\"\n\n # value: \"value\"\n\n # effect: \"NoSchedule\"\n\n ## If specified, the pod's topology spread constraints.\n\n ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n\n ##\n topologySpreadConstraints: []\n # - maxSkew: 1\n\n # topologyKey: topology.kubernetes.io/zone\n\n # whenUnsatisfiable: DoNotSchedule\n\n # labelSelector:\n\n # matchLabels:\n\n # app: alertmanager\n\n ## SecurityContext holds pod-level security attributes and common container settings.\n\n ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n\n ##\n securityContext:\n runAsGroup: 2000\n runAsNonRoot: true\n runAsUser: 1000\n fsGroup: 2000\n seccompProfile:\n type: RuntimeDefault\n ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.\n\n ## Note this is only for the Alertmanager UI, not the gossip communication.\n\n ##\n listenLocal: false\n ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.\n\n ##\n containers: []\n # containers:\n\n # - name: oauth-proxy\n\n # image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1\n\n # args:\n\n # - --upstream=http://127.0.0.1:9093\n\n # - --http-address=0.0.0.0:8081\n\n # - --metrics-address=0.0.0.0:8082\n\n # - ...\n\n # ports:\n\n # - containerPort: 8081\n\n # name: oauth-proxy\n\n # protocol: TCP\n\n # - containerPort: 8082\n\n # name: oauth-metrics\n\n # protocol: TCP\n\n # resources: {}\n\n # Additional volumes on the output StatefulSet definition.\n volumes: []\n # Additional VolumeMounts on the output StatefulSet definition.\n\n volumeMounts: []\n ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes\n\n ## (permissions, dir tree) on mounted volumes before starting prometheus\n initContainers: []\n ## Priority class assigned to the Pods\n\n ##\n priorityClassName: \"\"\n ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.\n\n ##\n additionalPeers: []\n ## PortName to use for Alert Manager.\n\n ##\n portName: \"http-web\"\n ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918\n\n ##\n clusterAdvertiseAddress: false\n ## clusterGossipInterval determines interval between gossip attempts.\n\n ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)\n clusterGossipInterval: \"\"\n ## clusterPeerTimeout determines timeout for cluster peering.\n\n ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)\n clusterPeerTimeout: \"\"\n ## clusterPushpullInterval determines interval between pushpull attempts.\n\n ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s)\n clusterPushpullInterval: \"\"\n ## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster.\n\n clusterLabel: \"\"\n ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.\n\n ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.\n forceEnableClusterMode: false\n ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to\n\n ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).\n minReadySeconds: 0\n ## Additional configuration which is not covered by the properties above. (passed through tpl)\n\n additionalConfig: {}\n ## Additional configuration which is not covered by the properties above.\n\n ## Useful, if you need advanced templating inside alertmanagerSpec.\n\n ## Otherwise, use alertmanager.alertmanagerSpec.additionalConfig (passed through tpl)\n additionalConfigString: \"\"\n ## ExtraSecret can be used to store various data in an extra secret\n\n ## (use it for example to store hashed basic auth credentials)\n extraSecret:\n ## if not set, name will be auto generated\n\n # name: \"\"\n annotations: {}\n data: {}\n # auth: |\n # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0\n\n # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.\n\n ## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml\n\n ##\n grafana:\n enabled: true\n namespaceOverride: \"\"\n ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled\n\n ##\n forceDeployDatasources: false\n ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled\n\n ##\n forceDeployDashboards: false\n ## Deploy default dashboards\n\n ##\n defaultDashboardsEnabled: true\n ## Timezone for the default dashboards\n\n ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg\n\n ##\n defaultDashboardsTimezone: utc\n ## Editable flag for the default dashboards\n\n ##\n defaultDashboardsEditable: true\n adminPassword: \"welcome\"\n rbac:\n ## If true, Grafana PSPs will be created\n\n ##\n pspEnabled: false\n ingress:\n ## If true, Grafana Ingress will be created\n\n ##\n enabled: true\n ## IngressClassName for Grafana Ingress.\n\n ## Should be provided if Ingress is enable.\n\n ##\n\n # ingressClassName: nginx\n\n ## Annotations for Grafana Ingress\n\n ##\n annotations:\n cert-manager.io/issuer: selfsigned-issuer\n kubernetes.io/ingress.class: nginx\n nginx.ingress.kubernetes.io/ssl-passthrough: \"false\"\n nginx.ingress.kubernetes.io/ssl-redirect: \"true\"\n ## Labels to be added to the Ingress\n\n ##\n labels: {}\n ## Hostnames.\n\n ## Must be provided if Ingress is enable.\n\n ##\n\n # hosts:\n\n # - grafana.domain.com\n hosts:\n - '{{ .spectro.var.grafanaFqdn }}'\n ## Path for grafana ingress\n\n path: /\n ## TLS configuration for grafana Ingress\n\n ## Secret must be manually created in the namespace\n\n ##\n tls:\n - secretName: grafana-general-tls\n hosts:\n - '{{ .spectro.var.grafanaFqdn }}'\n # - secretName: grafana-general-tls\n # hosts:\n\n # - grafana.example.com\n\n # # To make Grafana persistent (Using Statefulset)\n\n # #\n\n # persistence:\n\n # enabled: true\n\n # type: sts\n\n # storageClassName: \"storageClassName\"\n\n # accessModes:\n\n # - ReadWriteOnce\n\n # size: 20Gi\n\n # finalizers:\n\n # - kubernetes.io/pvc-protection\n serviceAccount:\n create: true\n autoMount: true\n sidecar:\n dashboards:\n enabled: true\n label: grafana_dashboard\n labelValue: \"1\"\n # Allow discovery in all namespaces for dashboards\n\n searchNamespace: ALL\n # Support for new table panels, when enabled grafana auto migrates the old table panels to newer table panels\n\n enableNewTablePanelSyntax: false\n ## Annotations for Grafana dashboard configmaps\n\n ##\n annotations: {}\n multicluster:\n global:\n enabled: false\n etcd:\n enabled: false\n provider:\n allowUiUpdates: false\n foldersFromFilesStructure: true\n folderAnnotation: grafana_folder\n datasources:\n enabled: true\n defaultDatasourceEnabled: true\n isDefaultDatasource: true\n name: Prometheus\n uid: prometheus\n ## URL of prometheus datasource\n\n ##\n\n # url: http://prometheus-stack-prometheus:9090/\n\n ## Prometheus request timeout in seconds\n\n # timeout: 30\n\n # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default\n\n # defaultDatasourceScrapeInterval: 15s\n\n ## Annotations for Grafana datasource configmaps\n\n ##\n annotations: {}\n ## Set method for HTTP to send query to datasource\n\n httpMethod: POST\n ## Create datasource for each Pod of Prometheus StatefulSet;\n\n ## this uses headless service `prometheus-operated` which is\n\n ## created by Prometheus Operator\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286\n createPrometheusReplicasDatasources: false\n label: grafana_datasource\n labelValue: \"1\"\n ## Field with internal link pointing to existing data source in Grafana.\n\n ## Can be provisioned via additionalDataSources\n exemplarTraceIdDestinations: {}\n # datasourceUid: Jaeger\n\n # traceIdLabelName: trace_id\n alertmanager:\n enabled: true\n name: Alertmanager\n uid: alertmanager\n handleGrafanaManagedAlerts: false\n implementation: prometheus\n extraConfigmapMounts: []\n # - name: certs-configmap\n\n # mountPath: /etc/grafana/ssl/\n\n # configMap: certs-configmap\n\n # readOnly: true\n deleteDatasources: []\n # - name: example-datasource\n\n # orgId: 1\n\n ## Configure additional grafana datasources (passed through tpl)\n\n ## ref: http://docs.grafana.org/administration/provisioning/#datasources\n additionalDataSources: []\n # - name: prometheus-sample\n\n # access: proxy\n\n # basicAuth: true\n\n # secureJsonData:\n\n # basicAuthPassword: pass\n\n # basicAuthUser: daco\n\n # editable: false\n\n # jsonData:\n\n # tlsSkipVerify: true\n\n # orgId: 1\n\n # type: prometheus\n\n # url: https://{{ printf \"%s-prometheus.svc\" .Release.Name }}:9090\n\n # version: 1\n\n # Flag to mark provisioned data sources for deletion if they are no longer configured.\n\n # It takes no effect if data sources are already listed in the deleteDatasources section.\n\n # ref: https://grafana.com/docs/grafana/latest/administration/provisioning/#example-data-source-config-file\n prune: false\n ## Passed to grafana subchart and used by servicemonitor below\n\n ##\n service:\n type: ClusterIP\n port: 80\n targetPort: 3000\n # targetPort: 4181 To be used with a proxy extraContainer\n\n annotations: {}\n labels: {}\n portName: service\n serviceMonitor:\n # If true, a ServiceMonitor CRD is created for a prometheus operator\n\n # https://github.com/coreos/prometheus-operator\n\n #\n enabled: true\n # Path to use for scraping metrics. Might be different if server.root_url is set\n\n # in grafana.ini\n path: \"/metrics\"\n # namespace: monitoring (defaults to use the namespace this chart is deployed to)\n\n # labels for the ServiceMonitor\n labels: {}\n # Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n #\n interval: \"\"\n scheme: http\n tlsConfig: {}\n scrapeTimeout: 30s\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n podLabels:\n spectrocloud.com/connection: proxy\n plugins:\n - grafana-piechart-panel\n ## Flag to disable all the kubernetes component scrapers\n\n ##\n kubernetesServiceMonitors:\n enabled: true\n ## Component scraping the kube api server\n\n ##\n kubeApiServer:\n enabled: true\n tlsConfig:\n serverName: kubernetes\n insecureSkipVerify: false\n serviceMonitor:\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n jobLabel: component\n selector:\n matchLabels:\n component: apiserver\n provider: kubernetes\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n # Drop excessively noisy apiserver buckets.\n - action: drop\n regex: (etcd_request|apiserver_request_slo|apiserver_request_sli|apiserver_request)_duration_seconds_bucket;(0\\.15|0\\.2|0\\.3|0\\.35|0\\.4|0\\.45|0\\.6|0\\.7|0\\.8|0\\.9|1\\.25|1\\.5|1\\.75|2|3|3\\.5|4|4\\.5|6|7|8|9|15|20|30|40|45|50)(\\.0)?\n sourceLabels:\n - __name__\n - le\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - sourceLabels:\n\n # - __meta_kubernetes_namespace\n\n # - __meta_kubernetes_service_name\n\n # - __meta_kubernetes_endpoint_port_name\n\n # action: keep\n\n # regex: default;kubernetes;https\n\n # - targetLabel: __address__\n\n # replacement: kubernetes.default.svc:443\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping the kubelet and kubelet-hosted cAdvisor\n\n ##\n kubelet:\n enabled: true\n namespace: kube-system\n serviceMonitor:\n ## Enable scraping /metrics from kubelet's service\n kubelet: true\n ## Attach metadata to discovered targets. Requires Prometheus v2.45 for endpoints created by the operator.\n\n ##\n attachMetadata:\n node: false\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## If true, Prometheus use (respect) labels provided by exporter.\n\n ##\n honorLabels: true\n ## If true, Prometheus ingests metrics with timestamp provided by exporter. If false, Prometheus ingests metrics with timestamp of scrape.\n\n ##\n honorTimestamps: true\n ## If true, defines whether Prometheus tracks staleness of the metrics that have an explicit timestamp present in scraped data. Has no effect if `honorTimestamps` is false.\n\n ## We recommend enabling this if you want the best possible accuracy for container_ metrics scraped from cadvisor.\n\n ## For more details see: https://github.com/prometheus-community/helm-charts/pull/5063#issuecomment-2545374849\n trackTimestampsStaleness: true\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## Enable scraping the kubelet over https. For requirements to enable this see\n\n ## https://github.com/prometheus-operator/prometheus-operator/issues/926\n\n ##\n https: true\n ## Skip TLS certificate validation when scraping.\n\n ## This is enabled by default because kubelet serving certificate deployed by kubeadm is by default self-signed\n\n ## ref: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs\n\n ##\n insecureSkipVerify: true\n ## Enable scraping /metrics/probes from kubelet's service\n\n ##\n probes: true\n ## Enable scraping /metrics/resource from kubelet's service\n\n ## This is disabled by default because container metrics are already exposed by cAdvisor\n\n ##\n resource: false\n # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource\n\n resourcePath: \"/metrics/resource/v1alpha1\"\n ## Configure the scrape interval for resource metrics. This is configured to the default Kubelet cAdvisor\n\n ## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored\n\n ## if kubelet.serviceMonitor.interval is not empty.\n resourceInterval: 10s\n ## Enable scraping /metrics/cadvisor from kubelet's service\n\n ##\n cAdvisor: true\n ## Configure the scrape interval for cAdvisor. This is configured to the default Kubelet cAdvisor\n\n ## minimum housekeeping interval in order to avoid missing samples. Note, this value is ignored\n\n ## if kubelet.serviceMonitor.interval is not empty.\n cAdvisorInterval: 10s\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n cAdvisorMetricRelabelings:\n # Drop less useful container CPU metrics.\n - sourceLabels: [__name__]\n action: drop\n regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)'\n - sourceLabels: [__name__]\n # Drop less useful container / always zero filesystem metrics.\n\n action: drop\n regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)'\n - sourceLabels: [__name__]\n # Drop less useful / always zero container memory metrics.\n\n action: drop\n regex: 'container_memory_(mapped_file|swap)'\n - sourceLabels: [__name__]\n # Drop less useful container process metrics.\n\n action: drop\n regex: 'container_(file_descriptors|tasks_state|threads_max)'\n # we only need the container scope.\n - sourceLabels: [__name__, scope]\n # Drop container_memory_failures_total{scope=\"hierarchy\"} metrics,\n\n action: drop\n regex: 'container_memory_failures_total;hierarchy'\n # metrics for host network containers.\n - sourceLabels: [__name__, interface]\n # Drop container_network_... metrics that match various interfaces that\n\n # correspond to CNI and similar interfaces. This avoids capturing network\n\n action: drop\n regex: 'container_network_.*;(cali|cilium|cni|lxc|nodelocaldns|tunl).*'\n - sourceLabels: [__name__]\n # Drop container spec metrics that overlap with kube-state-metrics.\n\n action: drop\n regex: 'container_spec.*'\n - sourceLabels: [id, pod]\n # Drop cgroup metrics with no pod.\n\n action: drop\n regex: '.+;'\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - sourceLabels: [__name__, image]\n\n # separator: ;\n\n # regex: container_([a-z_]+);\n\n # replacement: $1\n\n # action: drop\n\n # - sourceLabels: [__name__]\n\n # separator: ;\n\n # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)\n\n # replacement: $1\n\n # action: drop\n\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n probesMetricRelabelings: []\n # - sourceLabels: [__name__, image]\n\n # separator: ;\n\n # regex: container_([a-z_]+);\n\n # replacement: $1\n\n # action: drop\n\n # - sourceLabels: [__name__]\n\n # separator: ;\n\n # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)\n\n # replacement: $1\n\n # action: drop\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n\n ## metrics_path is required to match upstream rules and charts\n cAdvisorRelabelings:\n - action: replace\n sourceLabels: [__metrics_path__]\n targetLabel: metrics_path\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n probesRelabelings:\n - action: replace\n sourceLabels: [__metrics_path__]\n targetLabel: metrics_path\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n resourceRelabelings:\n - action: replace\n sourceLabels: [__metrics_path__]\n targetLabel: metrics_path\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n # Reduce bucket cardinality of kubelet storage operations.\n - action: drop\n sourceLabels: [__name__, le]\n regex: (csi_operations|storage_operation_duration)_seconds_bucket;(0.25|2.5|15|25|120|600)(\\.0)?\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - sourceLabels: [__name__, image]\n\n # separator: ;\n\n # regex: container_([a-z_]+);\n\n # replacement: $1\n\n # action: drop\n\n # - sourceLabels: [__name__]\n\n # separator: ;\n\n # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)\n\n # replacement: $1\n\n # action: drop\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n\n ## metrics_path is required to match upstream rules and charts\n relabelings:\n - action: replace\n sourceLabels: [__metrics_path__]\n targetLabel: metrics_path\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping the kube controller manager\n\n ##\n kubeControllerManager:\n enabled: true\n ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on\n\n ##\n endpoints: []\n # - 10.141.4.22\n\n # - 10.141.4.23\n\n # - 10.141.4.24\n\n ## If using kubeControllerManager.endpoints only the port and targetPort are used\n\n ##\n service:\n enabled: true\n ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change\n\n ## of default port in Kubernetes 1.22.\n\n ##\n port: 10257\n targetPort: 10257\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n # selector:\n # component: kube-controller-manager\n\n serviceMonitor:\n enabled: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## port: Name of the port the metrics will be scraped from\n\n ##\n port: http-metrics\n jobLabel: jobLabel\n selector: {}\n # matchLabels:\n\n # component: kube-controller-manager\n\n ## Enable scraping kube-controller-manager over https.\n\n ## Requires proper certs (not self-signed) and delegated authentication/authorization checks.\n\n ## If null or unset, the value is determined dynamically based on target Kubernetes version.\n\n ##\n https: true\n # Skip TLS certificate validation when scraping\n\n insecureSkipVerify: true\n # Name of the server to use when validating TLS certificate\n\n serverName: null\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping coreDns. Use either this or kubeDns\n\n ##\n coreDns:\n enabled: true\n service:\n enabled: true\n port: 9153\n targetPort: 9153\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n # selector:\n # k8s-app: kube-dns\n\n serviceMonitor:\n enabled: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## port: Name of the port the metrics will be scraped from\n\n ##\n port: http-metrics\n jobLabel: jobLabel\n selector: {}\n # matchLabels:\n\n # k8s-app: kube-dns\n\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping kubeDns. Use either this or coreDns\n\n ##\n kubeDns:\n enabled: false\n service:\n dnsmasq:\n port: 10054\n targetPort: 10054\n skydns:\n port: 10055\n targetPort: 10055\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n # selector:\n # k8s-app: kube-dns\n\n serviceMonitor:\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n jobLabel: jobLabel\n selector: {}\n # matchLabels:\n\n # k8s-app: kube-dns\n\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n dnsmasqMetricRelabelings: []\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n dnsmasqRelabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping etcd\n\n ##\n kubeEtcd:\n enabled: true\n ## If your etcd is not deployed as a pod, specify IPs it can be found on\n\n ##\n endpoints: []\n # - 10.141.4.22\n\n # - 10.141.4.23\n\n # - 10.141.4.24\n\n ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used\n\n ##\n service:\n enabled: true\n port: 2381\n targetPort: 2381\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n # selector:\n # component: etcd\n\n ## Configure secure access to the etcd cluster by loading a secret into prometheus and\n\n ## specifying security configuration below. For example, with a secret named etcd-client-cert\n\n ##\n\n ## serviceMonitor:\n\n ## scheme: https\n\n ## insecureSkipVerify: false\n\n ## serverName: localhost\n\n ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca\n\n ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client\n\n ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key\n\n ##\n serviceMonitor:\n enabled: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n scheme: http\n insecureSkipVerify: false\n serverName: \"\"\n caFile: \"\"\n certFile: \"\"\n keyFile: \"\"\n ## port: Name of the port the metrics will be scraped from\n\n ##\n port: http-metrics\n jobLabel: jobLabel\n selector: {}\n # matchLabels:\n\n # component: etcd\n\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping kube scheduler\n\n ##\n kubeScheduler:\n enabled: true\n ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on\n\n ##\n endpoints: []\n # - 10.141.4.22\n\n # - 10.141.4.23\n\n # - 10.141.4.24\n\n ## If using kubeScheduler.endpoints only the port and targetPort are used\n\n ##\n service:\n enabled: true\n ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change\n\n ## of default port in Kubernetes 1.23.\n\n ##\n port: 10259\n targetPort: 10259\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n # selector:\n # component: kube-scheduler\n\n serviceMonitor:\n enabled: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## Enable scraping kube-scheduler over https.\n\n ## Requires proper certs (not self-signed) and delegated authentication/authorization checks.\n\n ## If null or unset, the value is determined dynamically based on target Kubernetes version.\n\n ##\n https: true\n ## port: Name of the port the metrics will be scraped from\n\n ##\n port: http-metrics\n jobLabel: jobLabel\n selector: {}\n # matchLabels:\n\n # component: kube-scheduler\n\n ## Skip TLS certificate validation when scraping\n insecureSkipVerify: true\n ## Name of the server to use when validating TLS certificate\n\n serverName: null\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping kube proxy\n\n ##\n kubeProxy:\n enabled: true\n ## If your kube proxy is not deployed as a pod, specify IPs it can be found on\n\n ##\n endpoints: []\n # - 10.141.4.22\n\n # - 10.141.4.23\n\n # - 10.141.4.24\n service:\n enabled: true\n port: 10249\n targetPort: 10249\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n # selector:\n # k8s-app: kube-proxy\n\n serviceMonitor:\n enabled: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## port: Name of the port the metrics will be scraped from\n\n ##\n port: http-metrics\n jobLabel: jobLabel\n selector: {}\n # matchLabels:\n\n # k8s-app: kube-proxy\n\n ## Enable scraping kube-proxy over https.\n\n ## Requires proper certs (not self-signed) and delegated authentication/authorization checks\n\n ##\n https: false\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## Additional labels\n\n ##\n additionalLabels: {}\n # foo: bar\n\n ## defines the labels which are transferred from the associated Kubernetes Service object onto the ingested metrics.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#servicemonitor\n targetLabels: []\n ## Component scraping kube state metrics\n\n ##\n kubeStateMetrics:\n enabled: true\n ## Configuration for kube-state-metrics subchart\n\n ##\n kube-state-metrics:\n namespaceOverride: \"\"\n rbac:\n create: true\n releaseLabel: true\n ## Enable scraping via kubernetes-service-endpoints\n\n ## Disabled by default as we service monitor is enabled below\n\n ##\n prometheusScrape: false\n prometheus:\n monitor:\n ## Enable scraping via service monitor\n\n ## Disable to prevent duplication if you enable prometheusScrape above\n\n ##\n enabled: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## Scrape Timeout. If not set, the Prometheus default scrape timeout is used.\n\n ##\n scrapeTimeout: \"\"\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n # Keep labels from scraped data, overriding server-side labels\n\n ##\n honorLabels: true\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n selfMonitor:\n enabled: false\n ## Deploy node exporter as a daemonset to all nodes\n\n ##\n nodeExporter:\n enabled: true\n operatingSystems:\n linux:\n enabled: true\n aix:\n enabled: true\n darwin:\n enabled: true\n ## ForceDeployDashboard Create dashboard configmap even if nodeExporter deployment has been disabled\n\n ##\n forceDeployDashboards: false\n ## Configuration for prometheus-node-exporter subchart\n\n ##\n prometheus-node-exporter:\n namespaceOverride: \"\"\n podLabels:\n ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards\n\n ##\n jobLabel: node-exporter\n releaseLabel: true\n extraArgs:\n - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)\n - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$\n service:\n portName: http-metrics\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n labels:\n jobLabel: node-exporter\n prometheus:\n monitor:\n enabled: true\n jobLabel: jobLabel\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.\n\n ##\n scrapeTimeout: \"\"\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - sourceLabels: [__name__]\n\n # separator: ;\n\n # regex: ^node_mountstats_nfs_(event|operations|transport)_.+\n\n # replacement: $1\n\n # action: drop\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Attach node metadata to discovered targets. Requires Prometheus v2.35.0 and above.\n\n ##\n\n # attachMetadata:\n\n # node: false\n rbac:\n ## If true, create PSPs for node-exporter\n\n ##\n pspEnabled: false\n ## Manages Prometheus and Alertmanager components\n\n ##\n prometheusOperator:\n enabled: true\n ## Use '{{ template \"kube-prometheus-stack.fullname\" . }}-operator' by default\n\n fullnameOverride: \"\"\n ## Number of old replicasets to retain ##\n\n ## The default value is 10, 0 will garbage-collect old replicasets ##\n revisionHistoryLimit: 10\n ## Strategy of the deployment\n\n ##\n strategy: {}\n ## Prometheus-Operator v0.39.0 and later support TLS natively.\n\n ##\n tls:\n enabled: true\n # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants\n\n tlsMinVersion: VersionTLS13\n # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.\n\n internalPort: 10250\n ## Liveness probe for the prometheusOperator deployment\n\n ##\n livenessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 0\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n ## Readiness probe for the prometheusOperator deployment\n\n ##\n readinessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 0\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted\n\n ## rules from making their way into prometheus and potentially preventing the container from starting\n admissionWebhooks:\n ## Valid values: Fail, Ignore, IgnoreOnInstallOnly\n\n ## IgnoreOnInstallOnly - If Release.IsInstall returns \"true\", set \"Ignore\" otherwise \"Fail\"\n failurePolicy: \"\"\n ## The default timeoutSeconds is 10 and the maximum value is 30.\n\n timeoutSeconds: 10\n enabled: true\n ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.\n\n ## If unspecified, system trust roots on the apiserver are used.\n caBundle: \"\"\n ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.\n\n ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own\n\n ## certs ahead of time if you wish.\n\n ##\n annotations: {}\n # argocd.argoproj.io/hook: PreSync\n\n # argocd.argoproj.io/hook-delete-policy: HookSucceeded\n namespaceSelector: {}\n objectSelector: {}\n mutatingWebhookConfiguration:\n annotations: {}\n # argocd.argoproj.io/hook: PreSync\n validatingWebhookConfiguration:\n annotations: {}\n # argocd.argoproj.io/hook: PreSync\n deployment:\n enabled: false\n ## Number of replicas\n\n ##\n replicas: 1\n ## Strategy of the deployment\n\n ##\n strategy: {}\n # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/\n\n podDisruptionBudget: {}\n # maxUnavailable: 1\n\n # minAvailable: 1\n\n ## Number of old replicasets to retain ##\n\n ## The default value is 10, 0 will garbage-collect old replicasets ##\n revisionHistoryLimit: 10\n ## Prometheus-Operator v0.39.0 and later support TLS natively.\n\n ##\n tls:\n enabled: true\n # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants\n\n tlsMinVersion: VersionTLS13\n # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.\n\n internalPort: 10250\n ## Service account for Prometheus Operator Webhook to use.\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n\n ##\n serviceAccount:\n annotations: {}\n automountServiceAccountToken: false\n create: true\n name: \"\"\n ## Configuration for Prometheus operator Webhook service\n\n ##\n service:\n annotations: {}\n labels: {}\n clusterIP: \"\"\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n ## Port to expose on each node\n\n ## Only used if service.type is 'NodePort'\n\n ##\n nodePort: 31080\n nodePortTls: 31443\n ## Additional ports to open for Prometheus operator Webhook service\n\n ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services\n\n ##\n additionalPorts: []\n ## Loadbalancer IP\n\n ## Only use if service.type is \"LoadBalancer\"\n\n ##\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ## NodePort, ClusterIP, LoadBalancer\n\n ##\n type: ClusterIP\n ## List of IP addresses at which the Prometheus server service is available\n\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n\n ##\n externalIPs: []\n # ## Labels to add to the operator webhook deployment\n\n # ##\n labels: {}\n ## Annotations to add to the operator webhook deployment\n\n ##\n annotations: {}\n ## Labels to add to the operator webhook pod\n\n ##\n podLabels: {}\n ## Annotations to add to the operator webhook pod\n\n ##\n podAnnotations: {}\n ## Assign a PriorityClassName to pods if set\n\n # priorityClassName: \"\"\n\n ## Define Log Format\n\n # Use logfmt (default) or json logging\n\n # logFormat: logfmt\n\n ## Decrease log verbosity to errors only\n\n # logLevel: error\n\n ## Prometheus-operator webhook image\n\n ##\n image:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/admission-webhook\n # if not set appVersion field from Chart.yaml is used\n\n tag: \"\"\n sha: \"\"\n pullPolicy: IfNotPresent\n ## Define Log Format\n\n # Use logfmt (default) or json logging\n\n # logFormat: logfmt\n\n ## Decrease log verbosity to errors only\n\n # logLevel: error\n\n ## Liveness probe\n\n ##\n livenessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 30\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n ## Readiness probe\n\n ##\n readinessProbe:\n enabled: true\n failureThreshold: 3\n initialDelaySeconds: 5\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n ## Resource limits \u0026 requests\n\n ##\n resources: {}\n # limits:\n\n # cpu: 200m\n\n # memory: 200Mi\n\n # requests:\n\n # cpu: 100m\n\n # memory: 100Mi\n\n # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),\n\n # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working\n\n ##\n hostNetwork: false\n ## Define which Nodes the Pods are scheduled on.\n\n ## ref: https://kubernetes.io/docs/user-guide/node-selection/\n\n ##\n nodeSelector: {}\n ## Tolerations for use with node taints\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n\n ##\n tolerations: []\n # - key: \"key\"\n\n # operator: \"Equal\"\n\n # value: \"value\"\n\n # effect: \"NoSchedule\"\n\n ## Assign custom affinity rules to the prometheus operator\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\n ##\n affinity: {}\n # nodeAffinity:\n\n # requiredDuringSchedulingIgnoredDuringExecution:\n\n # nodeSelectorTerms:\n\n # - matchExpressions:\n\n # - key: kubernetes.io/e2e-az-name\n\n # operator: In\n\n # values:\n\n # - e2e-az1\n\n # - e2e-az2\n dnsConfig: {}\n # nameservers:\n\n # - 1.2.3.4\n\n # searches:\n\n # - ns1.svc.cluster-domain.example\n\n # - my.dns.search.suffix\n\n # options:\n\n # - name: ndots\n\n # value: \"2\"\n\n # - name: edns0\n securityContext:\n fsGroup: 65534\n runAsGroup: 65534\n runAsNonRoot: true\n runAsUser: 65534\n seccompProfile:\n type: RuntimeDefault\n ## Container-specific security context configuration\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n\n ##\n containerSecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n capabilities:\n drop:\n - ALL\n ## If false then the user will opt out of automounting API credentials.\n\n ##\n automountServiceAccountToken: true\n patch:\n enabled: true\n image:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/kube-webhook-certgen\n tag: v1.5.1 # latest tag: https://github.com/kubernetes/ingress-nginx/blob/main/images/kube-webhook-certgen/TAG\n sha: \"\"\n pullPolicy: IfNotPresent\n resources: {}\n ## Provide a priority class name to the webhook patching job\n\n ##\n priorityClassName: \"\"\n ttlSecondsAfterFinished: 60\n annotations: {}\n # argocd.argoproj.io/hook: PreSync\n\n # argocd.argoproj.io/hook-delete-policy: HookSucceeded\n podAnnotations: {}\n nodeSelector: {}\n affinity: {}\n tolerations: []\n ## SecurityContext holds pod-level security attributes and common container settings.\n\n ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n\n ##\n securityContext:\n runAsGroup: 2000\n runAsNonRoot: true\n runAsUser: 2000\n seccompProfile:\n type: RuntimeDefault\n ## Service account for Prometheus Operator Webhook Job Patch to use.\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n\n ##\n serviceAccount:\n create: true\n annotations: {}\n automountServiceAccountToken: true\n # Security context for create job container\n\n createSecretJob:\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n capabilities:\n drop:\n - ALL\n # Security context for patch job container\n patchWebhookJob:\n securityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n capabilities:\n drop:\n - ALL\n # Use certmanager to generate webhook certs\n\n certManager:\n enabled: false\n # self-signed root certificate\n\n rootCert:\n duration: \"\" # default to be 5y\n admissionCert:\n duration: \"\" # default to be 1y\n # issuerRef:\n # name: \"issuer\"\n\n # kind: \"ClusterIssuer\"\n\n ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list).\n\n ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration\n\n ##\n namespaces: {}\n # releaseNamespace: true\n\n # additional:\n\n # - kube-system\n\n ## Namespaces not to scope the interaction of the Prometheus Operator (deny list).\n\n ##\n denyNamespaces: []\n ## Filter namespaces to look for prometheus-operator custom resources\n\n ##\n alertmanagerInstanceNamespaces: []\n alertmanagerConfigNamespaces: []\n prometheusInstanceNamespaces: []\n thanosRulerInstanceNamespaces: []\n ## The clusterDomain value will be added to the cluster.peer option of the alertmanager.\n\n ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value)\n\n ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094\n\n ##\n\n # clusterDomain: \"cluster.local\"\n networkPolicy:\n ## Enable creation of NetworkPolicy resources.\n\n ##\n enabled: false\n ## Flavor of the network policy to use.\n\n # Can be:\n\n # * kubernetes for networking.k8s.io/v1/NetworkPolicy\n\n # * cilium for cilium.io/v2/CiliumNetworkPolicy\n flavor: kubernetes\n # cilium:\n # egress:\n\n ## match labels used in selector\n\n # matchLabels: {}\n\n ## Service account for Prometheus Operator to use.\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n\n ##\n serviceAccount:\n create: true\n name: \"\"\n automountServiceAccountToken: true\n annotations: {}\n # -- terminationGracePeriodSeconds for container lifecycle hook\n\n terminationGracePeriodSeconds: 30\n # -- Specify lifecycle hooks for the controller\n\n lifecycle: {}\n ## Configuration for Prometheus operator service\n\n ##\n service:\n annotations: {}\n labels: {}\n clusterIP: \"\"\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n ## Port to expose on each node\n ## Only used if service.type is 'NodePort'\n\n ##\n nodePort: 30080\n nodePortTls: 30443\n ## Additional ports to open for Prometheus operator service\n\n ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services\n\n ##\n additionalPorts: []\n ## Loadbalancer IP\n\n ## Only use if service.type is \"LoadBalancer\"\n\n ##\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ## NodePort, ClusterIP, LoadBalancer\n\n ##\n type: ClusterIP\n ## List of IP addresses at which the Prometheus server service is available\n\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n\n ##\n externalIPs: []\n # ## Labels to add to the operator deployment\n\n # ##\n labels: {}\n ## Annotations to add to the operator deployment\n\n ##\n annotations: {}\n ## Labels to add to the operator pod\n\n ##\n podLabels: {}\n ## Annotations to add to the operator pod\n\n ##\n podAnnotations: {}\n ## Assign a PriorityClassName to pods if set\n\n # priorityClassName: \"\"\n\n ## Define Log Format\n\n # Use logfmt (default) or json logging\n\n # logFormat: logfmt\n\n ## Decrease log verbosity to errors only\n\n # logLevel: error\n kubeletService:\n ## If true, the operator will create and maintain a service for scraping kubelets\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md\n\n ##\n enabled: true\n namespace: kube-system\n selector: \"\"\n ## Use '{{ template \"kube-prometheus-stack.fullname\" . }}-kubelet' by default\n\n name: \"\"\n ## Create Endpoints objects for kubelet targets.\n\n kubeletEndpointsEnabled: true\n ## Create EndpointSlice objects for kubelet targets.\n\n kubeletEndpointSliceEnabled: false\n ## Extra arguments to pass to prometheusOperator\n\n # https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/operator.md\n extraArgs: []\n # - --labels=\"cluster=talos-cluster\"\n\n ## Create a servicemonitor for the operator\n\n ##\n serviceMonitor:\n ## If true, create a serviceMonitor for prometheus operator\n\n ##\n selfMonitor: true\n ## Labels for ServiceMonitor\n\n additionalLabels: {}\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## Scrape timeout. If not set, the Prometheus default scrape timeout is used.\n\n scrapeTimeout: \"\"\n ## Metric relabel configs to apply to samples before ingestion.\n\n ##\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n # relabel configs to apply to samples before ingestion.\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Resource limits \u0026 requests\n\n ##\n resources: {}\n # limits:\n\n # cpu: 200m\n\n # memory: 200Mi\n\n # requests:\n\n # cpu: 100m\n\n # memory: 100Mi\n\n ## Operator Environment\n\n ## env:\n\n ## VARIABLE: value\n env:\n GOGC: \"30\"\n # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),\n\n # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working\n\n ##\n hostNetwork: false\n ## Define which Nodes the Pods are scheduled on.\n\n ## ref: https://kubernetes.io/docs/user-guide/node-selection/\n\n ##\n nodeSelector: {}\n ## Tolerations for use with node taints\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n\n ##\n tolerations: []\n # - key: \"key\"\n\n # operator: \"Equal\"\n\n # value: \"value\"\n\n # effect: \"NoSchedule\"\n\n ## Assign custom affinity rules to the prometheus operator\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\n ##\n affinity: {}\n # nodeAffinity:\n\n # requiredDuringSchedulingIgnoredDuringExecution:\n\n # nodeSelectorTerms:\n\n # - matchExpressions:\n\n # - key: kubernetes.io/e2e-az-name\n\n # operator: In\n\n # values:\n\n # - e2e-az1\n\n # - e2e-az2\n dnsConfig: {}\n # nameservers:\n\n # - 1.2.3.4\n\n # searches:\n\n # - ns1.svc.cluster-domain.example\n\n # - my.dns.search.suffix\n\n # options:\n\n # - name: ndots\n\n # value: \"2\"\n\n # - name: edns0\n securityContext:\n fsGroup: 65534\n runAsGroup: 65534\n runAsNonRoot: true\n runAsUser: 65534\n seccompProfile:\n type: RuntimeDefault\n ## Container-specific security context configuration\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n\n ##\n containerSecurityContext:\n allowPrivilegeEscalation: false\n readOnlyRootFilesystem: true\n capabilities:\n drop:\n - ALL\n # Enable vertical pod autoscaler support for prometheus-operator\n\n verticalPodAutoscaler:\n enabled: false\n # Recommender responsible for generating recommendation for the object.\n\n # List should be empty (then the default recommender will generate the recommendation)\n\n # or contain exactly one recommender.\n\n # recommenders:\n\n # - name: custom-recommender-performance\n\n # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory\n controlledResources: []\n # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.\n\n # controlledValues: RequestsAndLimits\n\n # Define the max allowed resources for the pod\n maxAllowed: {}\n # cpu: 200m\n\n # memory: 100Mi\n\n # Define the min allowed resources for the pod\n minAllowed: {}\n # cpu: 200m\n\n # memory: 100Mi\n updatePolicy:\n # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction\n\n # minReplicas: 1\n\n # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates\n\n # are applied during the life of a Pod. Possible values are \"Off\", \"Initial\", \"Recreate\", and \"Auto\".\n updateMode: Auto\n ## Prometheus-operator image\n\n ##\n image:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/prometheus-operator\n # if not set appVersion field from Chart.yaml is used\n\n tag: \"\"\n sha: \"\"\n pullPolicy: IfNotPresent\n ## Prometheus image to use for prometheuses managed by the operator\n\n ##\n\n # prometheusDefaultBaseImage: prometheus/prometheus\n\n ## Prometheus image registry to use for prometheuses managed by the operator\n\n ##\n\n # prometheusDefaultBaseImageRegistry: quay.io\n\n ## Alertmanager image to use for alertmanagers managed by the operator\n\n ##\n\n # alertmanagerDefaultBaseImage: prometheus/alertmanager\n\n ## Alertmanager image registry to use for alertmanagers managed by the operator\n\n ##\n\n # alertmanagerDefaultBaseImageRegistry: quay.io\n\n ## Prometheus-config-reloader\n\n ##\n prometheusConfigReloader:\n image:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/prometheus-config-reloader\n # if not set appVersion field from Chart.yaml is used\n\n tag: \"\"\n sha: \"\"\n # add prometheus config reloader liveness and readiness probe. Default: false\n\n enableProbe: false\n # resource config for prometheusConfigReloader\n\n resources:\n requests:\n cpu: 200m\n memory: 50Mi\n limits:\n cpu: 200m\n memory: 50Mi\n # requests:\n # cpu: 200m\n\n # memory: 50Mi\n\n # limits:\n\n # cpu: 200m\n\n # memory: 50Mi\n\n ## Thanos side-car image when configured\n\n ##\n thanosImage:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/thanos\n tag: v0.37.2\n sha: \"\"\n ## Set a Label Selector to filter watched prometheus and prometheusAgent\n\n ##\n prometheusInstanceSelector: \"\"\n ## Set a Label Selector to filter watched alertmanager\n\n ##\n alertmanagerInstanceSelector: \"\"\n ## Set a Label Selector to filter watched thanosRuler\n\n thanosRulerInstanceSelector: \"\"\n ## Set a Field Selector to filter watched secrets\n\n ##\n secretFieldSelector: \"type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1\"\n ## If false then the user will opt out of automounting API credentials.\n\n ##\n automountServiceAccountToken: true\n ## Additional volumes\n\n ##\n extraVolumes: []\n ## Additional volume mounts\n\n ##\n extraVolumeMounts: []\n configmapReloadImage:\n repository: us-docker.pkg.dev/palette-images/packs/prometheus-operator/70.2.1/configmap-reload\n tag: v0.4.0\n sha: \"\"\n ## Deploy a Prometheus instance\n\n ##\n prometheus:\n enabled: true\n ## Toggle prometheus into agent mode\n\n ## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/designs/prometheus-agent.md\n\n ##\n agentMode: false\n ## Annotations for Prometheus\n\n ##\n annotations: {}\n ## Configure network policy for the prometheus\n\n networkPolicy:\n enabled: false\n ## Flavor of the network policy to use.\n\n # Can be:\n\n # * kubernetes for networking.k8s.io/v1/NetworkPolicy\n\n # * cilium for cilium.io/v2/CiliumNetworkPolicy\n flavor: kubernetes\n # cilium:\n # endpointSelector:\n\n # egress:\n\n # ingress:\n\n # egress:\n\n # - {}\n\n # ingress:\n\n # - {}\n\n # podSelector:\n\n # matchLabels:\n\n # app: prometheus\n\n ## Service account for Prometheuses to use.\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n\n ##\n serviceAccount:\n create: true\n name: \"\"\n annotations: {}\n automountServiceAccountToken: true\n # Service for thanos service discovery on sidecar\n\n # Enable this can make Thanos Query can use\n\n # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery\n\n # Thanos sidecar on prometheus nodes\n\n # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!)\n thanosService:\n enabled: false\n annotations: {}\n labels: {}\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ##\n type: ClusterIP\n ## Service dual stack\n\n ##\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n ## gRPC port config\n\n portName: grpc\n port: 10901\n targetPort: \"grpc\"\n ## HTTP port config (for metrics)\n\n httpPortName: http\n httpPort: 10902\n targetHttpPort: \"http\"\n ## ClusterIP to assign\n\n # Default is to make this a headless service (\"None\")\n clusterIP: \"None\"\n ## Port to expose on each node, if service type is NodePort\n\n ##\n nodePort: 30901\n httpNodePort: 30902\n # ServiceMonitor to scrape Sidecar metrics\n\n # Needs thanosService to be enabled as well\n thanosServiceMonitor:\n enabled: false\n interval: \"\"\n ## Additional labels\n\n ##\n additionalLabels: {}\n ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.\n\n scheme: \"\"\n ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.\n\n ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig\n tlsConfig: {}\n bearerTokenFile:\n ## Metric relabel configs to apply to samples before ingestion.\n metricRelabelings:\n - sourceLabels:\n - instance\n targetLabel: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n ## relabel configs to apply to samples before ingestion.\n\n relabelings: []\n # Service for external access to sidecar\n\n # Enabling this creates a service to expose thanos-sidecar outside the cluster.\n thanosServiceExternal:\n enabled: false\n annotations: {}\n labels: {}\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n ## gRPC port config\n\n portName: grpc\n port: 10901\n targetPort: \"grpc\"\n ## HTTP port config (for metrics)\n\n httpPortName: http\n httpPort: 10902\n targetHttpPort: \"http\"\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ##\n type: LoadBalancer\n ## Port to expose on each node\n\n ##\n nodePort: 30901\n httpNodePort: 30902\n ## Configuration for Prometheus service\n\n ##\n service:\n annotations: {}\n labels: {}\n clusterIP: \"\"\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n ## Port for Prometheus Service to listen on\n\n ##\n port: 9090\n ## To be used with a proxy extraContainer port\n\n targetPort: 9090\n ## Port for Prometheus Reloader to listen on\n\n ##\n reloaderWebPort: 8080\n ## List of IP addresses at which the Prometheus server service is available\n\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n\n ##\n externalIPs: []\n ## Port to expose on each node\n\n ## Only used if service.type is 'NodePort'\n\n ##\n nodePort: 30090\n ## Loadbalancer IP\n\n ## Only use if service.type is \"LoadBalancer\"\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ##\n type: ClusterIP\n ## Additional ports to open for Prometheus service\n\n ##\n additionalPorts: []\n # additionalPorts:\n\n # - name: oauth-proxy\n\n # port: 8081\n\n # targetPort: 8081\n\n # - name: oauth-metrics\n\n # port: 8082\n\n # targetPort: 8082\n\n ## Consider that all endpoints are considered \"ready\" even if the Pods themselves are not\n\n ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec\n publishNotReadyAddresses: false\n ## If you want to make sure that connections from a particular client are passed to the same Pod each time\n\n ## Accepts 'ClientIP' or 'None'\n\n ##\n sessionAffinity: \"\"\n ## If you want to modify the ClientIP sessionAffinity timeout\n\n ## The value must be \u003e0 \u0026\u0026 \u003c=86400(for 1 day) if ServiceAffinity == \"ClientIP\"\n\n ##\n sessionAffinityConfig:\n clientIP:\n timeoutSeconds: 10800\n ## Configuration for creating a separate Service for each statefulset Prometheus replica\n\n ##\n servicePerReplica:\n enabled: false\n annotations: {}\n ## Port for Prometheus Service per replica to listen on\n\n ##\n port: 9090\n ## To be used with a proxy extraContainer port\n\n targetPort: 9090\n ## Port to expose on each node\n\n ## Only used if servicePerReplica.type is 'NodePort'\n\n ##\n nodePort: 30091\n ## Loadbalancer source IP ranges\n\n ## Only used if servicePerReplica.type is \"LoadBalancer\"\n loadBalancerSourceRanges: []\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ##\n type: ClusterIP\n ## Service dual stack\n\n ##\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n ## Configure pod disruption budgets for Prometheus\n\n ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget\n\n ##\n podDisruptionBudget:\n enabled: false\n minAvailable: 1\n maxUnavailable: \"\"\n # Ingress exposes thanos sidecar outside the cluster\n\n thanosIngress:\n enabled: false\n # For Kubernetes \u003e= 1.18 you should specify the ingress-controller via the field ingressClassName\n\n # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress\n\n # ingressClassName: nginx\n annotations: {}\n labels: {}\n servicePort: 10901\n ## Port to expose on each node\n\n ## Only used if service.type is 'NodePort'\n\n ##\n nodePort: 30901\n ## Hosts must be provided if Ingress is enabled.\n\n ##\n hosts: []\n # - thanos-gateway.domain.com\n\n ## Paths to use for ingress rules\n\n ##\n paths: []\n # - /\n\n ## For Kubernetes \u003e= 1.18 you should specify the pathType (determines how Ingress paths should be matched)\n\n ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types\n\n # pathType: ImplementationSpecific\n\n ## TLS configuration for Thanos Ingress\n\n ## Secret must be manually created in the namespace\n\n ##\n tls: []\n # - secretName: thanos-gateway-tls\n # hosts:\n\n # - thanos-gateway.domain.com\n\n #\n\n ## ExtraSecret can be used to store various data in an extra secret\n\n ## (use it for example to store hashed basic auth credentials)\n extraSecret:\n ## if not set, name will be auto generated\n\n # name: \"\"\n annotations: {}\n data: {}\n # auth: |\n\n # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0\n\n # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.\n ingress:\n enabled: false\n # For Kubernetes \u003e= 1.18 you should specify the ingress-controller via the field ingressClassName\n\n # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress\n\n # ingressClassName: nginx\n annotations: {}\n labels: {}\n ## Redirect ingress to an additional defined port on the service\n\n # servicePort: 8081\n\n ## Hostnames.\n\n ## Must be provided if Ingress is enabled.\n\n ##\n\n # hosts:\n\n # - prometheus.domain.com\n hosts: []\n ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix\n\n ##\n paths: []\n # - /\n\n ## For Kubernetes \u003e= 1.18 you should specify the pathType (determines how Ingress paths should be matched)\n\n ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types\n\n # pathType: ImplementationSpecific\n\n ## TLS configuration for Prometheus Ingress\n\n ## Secret must be manually created in the namespace\n\n ##\n tls: []\n # - secretName: prometheus-general-tls\n # hosts:\n\n # - prometheus.example.com\n\n # -- BETA: Configure the gateway routes for the chart here.\n\n # More routes can be added by adding a dictionary key like the 'main' route.\n\n # Be aware that this is an early beta of this feature,\n\n # kube-prometheus-stack does not guarantee this works and is subject to change.\n\n # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk\n\n # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)\n route:\n main:\n # -- Enables or disables the route\n enabled: false\n # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2\n\n apiVersion: gateway.networking.k8s.io/v1\n # -- Set the route kind\n\n # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute\n kind: HTTPRoute\n annotations: {}\n labels: {}\n hostnames: []\n # - my-filter.example.com\n\n parentRefs: []\n # - name: acme-gw\n\n matches:\n - path:\n type: PathPrefix\n value: /\n ## Filters define the filters that are applied to requests that match this rule.\n\n filters: []\n ## Additional custom rules that can be added to the route\n\n additionalRules: []\n ## Configuration for creating an Ingress that will map to each Prometheus replica service\n\n ## prometheus.servicePerReplica must be enabled\n\n ##\n ingressPerReplica:\n enabled: false\n # For Kubernetes \u003e= 1.18 you should specify the ingress-controller via the field ingressClassName\n\n # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress\n\n # ingressClassName: nginx\n annotations: {}\n labels: {}\n ## Final form of the hostname for each per replica ingress is\n\n ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}\n\n ##\n\n ## Prefix for the per replica ingress that will have `-$replicaNumber`\n\n ## appended to the end\n hostPrefix: \"\"\n ## Domain that will be used for the per replica ingress\n\n hostDomain: \"\"\n ## Paths to use for ingress rules\n\n ##\n paths: []\n # - /\n\n ## For Kubernetes \u003e= 1.18 you should specify the pathType (determines how Ingress paths should be matched)\n\n ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types\n\n # pathType: ImplementationSpecific\n\n ## Secret name containing the TLS certificate for Prometheus per replica ingress\n\n ## Secret must be manually created in the namespace\n tlsSecretName: \"\"\n ## Separated secret for each per replica Ingress. Can be used together with cert-manager\n\n ##\n tlsSecretPerReplica:\n enabled: false\n ## Final form of the secret for each per replica ingress is\n\n ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}\n\n ##\n prefix: \"prometheus\"\n ## Configure additional options for default pod security policy for Prometheus\n\n ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/\n podSecurityPolicy:\n allowedCapabilities: []\n allowedHostPaths: []\n volumes: []\n serviceMonitor:\n ## If true, create a serviceMonitor for prometheus\n\n ##\n selfMonitor: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## Additional labels\n\n ##\n additionalLabels: {}\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.\n\n scheme: \"\"\n ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.\n\n ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig\n tlsConfig: {}\n bearerTokenFile:\n ## Metric relabel configs to apply to samples before ingestion.\n\n ##\n metricRelabelings: []\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n # relabel configs to apply to samples before ingestion.\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional Endpoints\n\n ##\n additionalEndpoints: []\n # - port: oauth-metrics\n # path: /metrics\n\n ## Settings affecting prometheusSpec\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheusspec\n\n ##\n prometheusSpec:\n ## Statefulset's persistent volume claim retention policy\n\n ## whenDeleted and whenScaled determine whether\n\n ## statefulset's PVCs are deleted (true) or retained (false)\n\n ## on scaling down and deleting statefulset, respectively.\n\n ## Requires Kubernetes version 1.27.0+.\n\n ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention\n persistentVolumeClaimRetentionPolicy: {}\n # whenDeleted: Retain\n\n # whenScaled: Retain\n\n ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos\n\n ##\n disableCompaction: false\n ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod,\n\n ## If the field isn’t set, the operator mounts the service account token by default.\n\n ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery,\n\n ## It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container.\n automountServiceAccountToken: true\n ## APIServerConfig\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#apiserverconfig\n\n ##\n apiserverConfig: {}\n ## Allows setting additional arguments for the Prometheus container\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.Prometheus\n additionalArgs: []\n ## Interval between consecutive scrapes.\n\n ## Defaults to 30s.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183\n\n ##\n scrapeInterval: \"\"\n ## Number of seconds to wait for target to respond before erroring\n\n ##\n scrapeTimeout: \"\"\n ## List of scrape classes to expose to scraping objects such as\n\n ## PodMonitors, ServiceMonitors, Probes and ScrapeConfigs.\n\n ##\n scrapeClasses: []\n # - name: istio-mtls\n\n # default: false\n\n # tlsConfig:\n\n # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem\n\n # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem\n\n ## Interval between consecutive evaluations.\n\n ##\n evaluationInterval: \"\"\n ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.\n\n ##\n listenLocal: false\n ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series.\n\n ## This is disabled by default.\n\n ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis\n\n ##\n enableAdminAPI: false\n ## Sets version of Prometheus overriding the Prometheus version as derived\n\n ## from the image tag. Useful in cases where the tag does not follow semver v2.\n version: \"\"\n ## WebTLSConfig defines the TLS parameters for HTTPS\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#webtlsconfig\n web: {}\n ## Exemplars related settings that are runtime reloadable.\n\n ## It requires to enable the exemplar storage feature to be effective.\n exemplars: {}\n ## Maximum number of exemplars stored in memory for all series.\n\n ## If not set, Prometheus uses its default value.\n\n ## A value of zero or less than zero disables the storage.\n\n # maxSize: 100000\n\n # EnableFeatures API enables access to Prometheus disabled features.\n\n # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/\n enableFeatures: []\n # - exemplar-storage\n\n ## Image of Prometheus.\n\n ##\n image:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/prometheus\n tag: v3.1.0\n sha: \"\"\n ## Tolerations for use with node taints\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n\n ##\n tolerations: []\n # - key: \"key\"\n\n # operator: \"Equal\"\n\n # value: \"value\"\n\n # effect: \"NoSchedule\"\n\n ## If specified, the pod's topology spread constraints.\n\n ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n\n ##\n topologySpreadConstraints: []\n # - maxSkew: 1\n\n # topologyKey: topology.kubernetes.io/zone\n\n # whenUnsatisfiable: DoNotSchedule\n\n # labelSelector:\n\n # matchLabels:\n\n # app: prometheus\n\n ## Alertmanagers to which alerts will be sent\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#alertmanagerendpoints\n\n ##\n\n ## Default configuration will connect to the alertmanager deployed as part of this release\n\n ##\n alertingEndpoints: []\n # - name: \"\"\n\n # namespace: \"\"\n\n # port: http\n\n # scheme: http\n\n # pathPrefix: \"\"\n\n # tlsConfig: {}\n\n # bearerTokenFile: \"\"\n\n # apiVersion: v2\n\n ## External labels to add to any time series or alerts when communicating with external systems\n\n ##\n externalLabels: {}\n ## enable --web.enable-remote-write-receiver flag on prometheus-server\n\n ##\n enableRemoteWriteReceiver: false\n ## Name of the external label used to denote replica name\n\n ##\n replicaExternalLabelName: \"\"\n ## If true, the Operator won't add the external label used to denote replica name\n\n ##\n replicaExternalLabelNameClear: false\n ## Name of the external label used to denote Prometheus instance name\n\n ##\n prometheusExternalLabelName: \"\"\n ## If true, the Operator won't add the external label used to denote Prometheus instance name\n\n ##\n prometheusExternalLabelNameClear: false\n ## External URL at which Prometheus will be reachable.\n\n ##\n externalUrl: \"\"\n ## Define which Nodes the Pods are scheduled on.\n\n ## ref: https://kubernetes.io/docs/user-guide/node-selection/\n\n ##\n nodeSelector: {}\n ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.\n\n ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not\n\n ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated\n\n ## with the new list of secrets.\n\n ##\n secrets: []\n ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.\n\n ## The ConfigMaps are mounted into /etc/prometheus/configmaps/.\n\n ##\n configMaps: []\n ## QuerySpec defines the query command line flags when starting Prometheus.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#queryspec\n\n ##\n query: {}\n ## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery.\n\n ruleNamespaceSelector: {}\n ## Example which selects PrometheusRules in namespaces with label \"prometheus\" set to \"somelabel\"\n\n # ruleNamespaceSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the\n\n ## prometheus resource to be created with selectors based on values in the helm deployment,\n\n ## which will also match the PrometheusRule resources created\n\n ##\n ruleSelectorNilUsesHelmValues: false\n ## PrometheusRules to be selected for target discovery.\n\n ## If {}, select all PrometheusRules\n\n ##\n ruleSelector: {}\n ## Example which select all PrometheusRules resources\n\n ## with label \"prometheus\" with values any of \"example-rules\" or \"example-rules-2\"\n\n # ruleSelector:\n\n # matchExpressions:\n\n # - key: prometheus\n\n # operator: In\n\n # values:\n\n # - example-rules\n\n # - example-rules-2\n\n #\n\n ## Example which select all PrometheusRules resources with label \"role\" set to \"example-rules\"\n\n # ruleSelector:\n\n # matchLabels:\n\n # role: example-rules\n\n ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the\n\n ## prometheus resource to be created with selectors based on values in the helm deployment,\n\n ## which will also match the servicemonitors created\n\n ##\n serviceMonitorSelectorNilUsesHelmValues: false\n ## ServiceMonitors to be selected for target discovery.\n\n ## If {}, select all ServiceMonitors\n\n ##\n serviceMonitorSelector: {}\n ## Example which selects ServiceMonitors with label \"prometheus\" set to \"somelabel\"\n\n # serviceMonitorSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## Namespaces to be selected for ServiceMonitor discovery.\n\n ##\n serviceMonitorNamespaceSelector: {}\n ## Example which selects ServiceMonitors in namespaces with label \"prometheus\" set to \"somelabel\"\n\n # serviceMonitorNamespaceSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the\n\n ## prometheus resource to be created with selectors based on values in the helm deployment,\n\n ## which will also match the podmonitors created\n\n ##\n podMonitorSelectorNilUsesHelmValues: false\n ## PodMonitors to be selected for target discovery.\n\n ## If {}, select all PodMonitors\n\n ##\n podMonitorSelector: {}\n ## Example which selects PodMonitors with label \"prometheus\" set to \"somelabel\"\n\n # podMonitorSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery.\n podMonitorNamespaceSelector: {}\n ## Example which selects PodMonitor in namespaces with label \"prometheus\" set to \"somelabel\"\n\n # podMonitorNamespaceSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the\n\n ## prometheus resource to be created with selectors based on values in the helm deployment,\n\n ## which will also match the probes created\n\n ##\n probeSelectorNilUsesHelmValues: false\n ## Probes to be selected for target discovery.\n\n ## If {}, select all Probes\n\n ##\n probeSelector: {}\n ## Example which selects Probes with label \"prometheus\" set to \"somelabel\"\n\n # probeSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## If nil, select own namespace. Namespaces to be selected for Probe discovery.\n probeNamespaceSelector: {}\n ## Example which selects Probe in namespaces with label \"prometheus\" set to \"somelabel\"\n\n # probeNamespaceSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## If true, a nil or {} value for prometheus.prometheusSpec.scrapeConfigSelector will cause the\n\n ## prometheus resource to be created with selectors based on values in the helm deployment,\n\n ## which will also match the scrapeConfigs created\n\n ##\n\n ## If null and scrapeConfigSelector is also null, exclude field from the prometheusSpec\n\n ## (keeping downward compatibility with older versions of CRD)\n\n ##\n scrapeConfigSelectorNilUsesHelmValues: false\n ## scrapeConfigs to be selected for target discovery.\n\n ## If {}, select all scrapeConfigs\n\n ##\n scrapeConfigSelector: {}\n ## Example which selects scrapeConfigs with label \"prometheus\" set to \"somelabel\"\n\n # scrapeConfigSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## If nil, select own namespace. Namespaces to be selected for scrapeConfig discovery.\n\n ## If null, exclude the field from the prometheusSpec (keeping downward compatibility with older versions of CRD)\n scrapeConfigNamespaceSelector: {}\n ## Example which selects scrapeConfig in namespaces with label \"prometheus\" set to \"somelabel\"\n\n # scrapeConfigNamespaceSelector:\n\n # matchLabels:\n\n # prometheus: somelabel\n\n ## How long to retain metrics\n\n ##\n retention: 10d\n ## Maximum size of metrics\n\n ##\n retentionSize: \"\"\n ## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration\n\n ## See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb\n tsdb:\n outOfOrderTimeWindow: 0s\n ## Enable compression of the write-ahead log using Snappy.\n\n ##\n walCompression: true\n ## If true, the Operator won't process any Prometheus configuration changes\n\n ##\n paused: false\n ## Number of replicas of each shard to deploy for a Prometheus deployment.\n\n ## Number of replicas multiplied by shards is the total number of Pods created.\n\n ##\n replicas: 1\n ## EXPERIMENTAL: Number of shards to distribute targets onto.\n\n ## Number of replicas multiplied by shards is the total number of Pods created.\n\n ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved.\n\n ## Increasing shards will not reshard data either but it will continue to be available from the same instances.\n\n ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location.\n\n ## Sharding is done on the content of the `__address__` target meta-label.\n\n ##\n\n # shards: 1\n\n ## Log level for Prometheus be configured in\n\n ##\n logLevel: info\n ## Log format for Prometheus be configured in\n\n ##\n logFormat: logfmt\n ## Prefix used to register routes, overriding externalUrl route.\n\n ## Useful for proxies that rewrite URLs.\n\n ##\n routePrefix: /\n ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata\n\n ## Metadata Labels and Annotations gets propagated to the prometheus pods.\n\n ##\n podMetadata: {}\n # labels:\n\n # app: prometheus\n\n # k8s-app: prometheus\n\n ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.\n\n ## The default value \"soft\" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.\n\n ## The value \"hard\" means that the scheduler is *required* to not schedule two replica pods onto the same node.\n\n ## The value \"\" will disable pod anti-affinity so that no anti-affinity rules will be configured.\n podAntiAffinity: \"soft\"\n ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.\n\n ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone\n\n ##\n podAntiAffinityTopologyKey: kubernetes.io/hostname\n ## Assign custom affinity rules to the prometheus instance\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\n ##\n affinity: {}\n # nodeAffinity:\n\n # requiredDuringSchedulingIgnoredDuringExecution:\n\n # nodeSelectorTerms:\n\n # - matchExpressions:\n\n # - key: kubernetes.io/e2e-az-name\n\n # operator: In\n\n # values:\n\n # - e2e-az1\n\n # - e2e-az2\n\n ## The remote_read spec configuration for Prometheus.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotereadspec\n remoteRead: []\n # - url: http://remote1/read\n\n ## additionalRemoteRead is appended to remoteRead\n additionalRemoteRead: []\n ## The remote_write spec configuration for Prometheus.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#remotewritespec\n remoteWrite: []\n # - url: http://remote1/push\n\n ## additionalRemoteWrite is appended to remoteWrite\n additionalRemoteWrite: []\n ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature\n\n remoteWriteDashboards: false\n ## Resource limits \u0026 requests\n\n ##\n resources: {}\n # requests:\n\n # memory: 400Mi\n\n ## Prometheus StorageSpec for persistent data\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md\n\n ##\n storageSpec: {}\n ## Using PersistentVolumeClaim\n\n ##\n\n # volumeClaimTemplate:\n\n # spec:\n\n # storageClassName: gluster\n\n # accessModes: [\"ReadWriteOnce\"]\n\n # resources:\n\n # requests:\n\n # storage: 50Gi\n\n # selector: {}\n\n ## Using tmpfs volume\n\n ##\n\n # emptyDir:\n\n # medium: Memory\n\n # Additional volumes on the output StatefulSet definition.\n volumes: []\n # Additional VolumeMounts on the output StatefulSet definition.\n\n volumeMounts: []\n ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations\n\n ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form\n\n ## as specified in the official Prometheus documentation:\n\n ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are\n\n ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility\n\n ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible\n\n ## scrape configs are going to break Prometheus after the upgrade.\n\n ## AdditionalScrapeConfigs can be defined as a list or as a templated string.\n\n ##\n\n ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the\n\n ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes\n\n ##\n additionalScrapeConfigs:\n - job_name: spectrocloud-service-endpoints\n honor_labels: true\n kubernetes_sd_configs:\n - role: endpoints\n relabel_configs:\n - source_labels:\n - __meta_kubernetes_service_annotation_spectrocloud_com_scrape\n action: keep\n regex: \"true\"\n - source_labels:\n - __meta_kubernetes_service_annotation_spectrocloud_com_scrape_slow\n action: drop\n regex: \"true\"\n - source_labels:\n - __meta_kubernetes_service_annotation_spectrocloud_com_scheme\n action: replace\n target_label: __scheme__\n regex: (https?)\n - source_labels:\n - __meta_kubernetes_service_annotation_spectrocloud_com_path\n action: replace\n target_label: __metrics_path__\n regex: (.+)\n - source_labels:\n - __address__\n - __meta_kubernetes_service_annotation_spectrocloud_com_port\n action: replace\n target_label: __address__\n regex: (.+?)(?::\\d+)?;(\\d+)\n replacement: $1:$2\n - action: labelmap\n regex: __meta_kubernetes_service_annotation_spectrocloud_com_param_(.+)\n replacement: __param_$1\n - action: labelmap\n regex: __meta_kubernetes_service_label_(.+)\n - source_labels:\n - __meta_kubernetes_namespace\n action: replace\n target_label: namespace\n - source_labels:\n - __meta_kubernetes_service_name\n action: replace\n target_label: service\n - source_labels:\n - instance\n target_label: cluster_name\n replacement: '{{ .spectro.system.cluster.name }}'\n # - job_name: kube-etcd\n\n # kubernetes_sd_configs:\n\n # - role: node\n\n # scheme: https\n\n # tls_config:\n\n # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca\n\n # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client\n\n # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key\n\n # relabel_configs:\n\n # - action: labelmap\n\n # regex: __meta_kubernetes_node_label_(.+)\n\n # - source_labels: [__address__]\n\n # action: replace\n\n # targetLabel: __address__\n\n # regex: ([^:;]+):(\\d+)\n\n # replacement: ${1}:2379\n\n # - source_labels: [__meta_kubernetes_node_name]\n\n # action: keep\n\n # regex: .*mst.*\n\n # - source_labels: [__meta_kubernetes_node_name]\n\n # action: replace\n\n # targetLabel: node\n\n # regex: (.*)\n\n # replacement: ${1}\n\n # metric_relabel_configs:\n\n # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)\n\n # action: labeldrop\n\n #\n\n ## If scrape config contains a repetitive section, you may want to use a template.\n\n ## In the following example, you can see how to define `gce_sd_configs` for multiple zones\n\n # additionalScrapeConfigs: |\n\n # - job_name: \"node-exporter\"\n\n # gce_sd_configs:\n\n # {{range $zone := .Values.gcp_zones}}\n\n # - project: \"project1\"\n\n # zone: \"{{$zone}}\"\n\n # port: 9100\n\n # {{end}}\n\n # relabel_configs:\n\n # ...\n\n ## If additional scrape configurations are already deployed in a single secret file you can use this section.\n\n ## Expected values are the secret name and key\n\n ## Cannot be used with additionalScrapeConfigs\n additionalScrapeConfigsSecret: {}\n # enabled: false\n\n # name:\n\n # key:\n\n ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful\n\n ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false'\n additionalPrometheusSecretsAnnotations: {}\n ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified\n\n ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#\u003calertmanager_config\u003e.\n\n ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.\n\n ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this\n\n ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release\n\n ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.\n\n ##\n additionalAlertManagerConfigs: []\n # - consul_sd_configs:\n\n # - server: consul.dev.test:8500\n\n # scheme: http\n\n # datacenter: dev\n\n # tag_separator: ','\n\n # services:\n\n # - metrics-prometheus-alertmanager\n\n ## If additional alertmanager configurations are already deployed in a single secret, or you want to manage\n\n ## them separately from the helm deployment, you can use this section.\n\n ## Expected values are the secret name and key\n\n ## Cannot be used with additionalAlertManagerConfigs\n additionalAlertManagerConfigsSecret: {}\n # name:\n\n # key:\n\n # optional: false\n\n ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended\n\n ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the\n\n ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.\n\n ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the\n\n ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel\n\n ## configs are going to break Prometheus after the upgrade.\n\n ##\n additionalAlertRelabelConfigs: []\n # - separator: ;\n\n # regex: prometheus_replica\n\n # replacement: $1\n\n # action: labeldrop\n\n ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage\n\n ## them separately from the helm deployment, you can use this section.\n\n ## Expected values are the secret name and key\n\n ## Cannot be used with additionalAlertRelabelConfigs\n additionalAlertRelabelConfigsSecret: {}\n # name:\n\n # key:\n\n ## SecurityContext holds pod-level security attributes and common container settings.\n\n ## This defaults to non root user with uid 1000 and gid 2000.\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md\n\n ##\n securityContext:\n runAsGroup: 2000\n runAsNonRoot: true\n runAsUser: 1000\n fsGroup: 2000\n seccompProfile:\n type: RuntimeDefault\n ## Priority class assigned to the Pods\n\n ##\n priorityClassName: \"\"\n ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.\n\n ## This section is experimental, it may change significantly without deprecation notice in any release.\n\n ## This is experimental and may change significantly without backward compatibility in any release.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosspec\n\n ##\n thanos: {}\n # secretProviderClass:\n\n # provider: gcp\n\n # parameters:\n\n # secrets: |\n\n # - resourceName: \"projects/$PROJECT_ID/secrets/testsecret/versions/latest\"\n\n # fileName: \"objstore.yaml\"\n\n ## ObjectStorageConfig configures object storage in Thanos.\n\n # objectStorageConfig:\n\n # # use existing secret, if configured, objectStorageConfig.secret will not be used\n\n # existingSecret: {}\n\n # # name: \"\"\n\n # # key: \"\"\n\n # # will render objectStorageConfig secret data and configure it to be used by Thanos custom resource,\n\n # # ignored when prometheusspec.thanos.objectStorageConfig.existingSecret is set\n\n # # https://thanos.io/tip/thanos/storage.md/#s3\n\n # secret: {}\n\n # # type: S3\n\n # # config:\n\n # # bucket: \"\"\n\n # # endpoint: \"\"\n\n # # region: \"\"\n\n # # access_key: \"\"\n\n # # secret_key: \"\"\n\n ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.\n\n ## if using proxy extraContainer update targetPort with proxy container port\n containers: []\n # containers:\n\n # - name: oauth-proxy\n\n # image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1\n\n # args:\n\n # - --upstream=http://127.0.0.1:9090\n\n # - --http-address=0.0.0.0:8081\n\n # - --metrics-address=0.0.0.0:8082\n\n # - ...\n\n # ports:\n\n # - containerPort: 8081\n\n # name: oauth-proxy\n\n # protocol: TCP\n\n # - containerPort: 8082\n\n # name: oauth-metrics\n\n # protocol: TCP\n\n # resources: {}\n\n ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes\n\n ## (permissions, dir tree) on mounted volumes before starting prometheus\n initContainers: []\n ## PortName to use for Prometheus.\n\n ##\n portName: \"http-web\"\n ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files\n\n ## on the file system of the Prometheus container e.g. bearer token files.\n arbitraryFSAccessThroughSMs: false\n ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor\n\n ## or PodMonitor to true, this overrides honor_labels to false.\n overrideHonorLabels: false\n ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.\n\n overrideHonorTimestamps: false\n ## When ignoreNamespaceSelectors is set to true, namespaceSelector from all PodMonitor, ServiceMonitor and Probe objects will be ignored,\n\n ## they will only discover targets within the namespace of the PodMonitor, ServiceMonitor and Probe object,\n\n ## and servicemonitors will be installed in the default service namespace.\n\n ## Defaults to false.\n ignoreNamespaceSelectors: false\n ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created.\n\n ## The label value will always be the namespace of the object that is being created.\n\n ## Disabled by default\n enforcedNamespaceLabel: \"\"\n ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels.\n\n ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair\n\n ## Deprecated, use `excludedFromEnforcement` instead\n prometheusRulesExcludedFromEnforce: []\n ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\n\n ## to be excluded from enforcing a namespace label of origin.\n\n ## Works only if enforcedNamespaceLabel set to true.\n\n ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#objectreference\n excludedFromEnforcement: []\n ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable,\n\n ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such\n\n ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions\n\n ## of Prometheus \u003e= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)\n queryLogFile: false\n # Use to set global sample_limit for Prometheus. This act as default SampleLimit for ServiceMonitor or/and PodMonitor.\n\n # Set to 'false' to disable global sample_limit. or set to a number to override the default value.\n sampleLimit: false\n # EnforcedKeepDroppedTargetsLimit defines on the number of targets dropped by relabeling that will be kept in memory.\n\n # The value overrides any spec.keepDroppedTargets set by ServiceMonitor, PodMonitor, Probe objects unless spec.keepDroppedTargets\n\n # is greater than zero and less than spec.enforcedKeepDroppedTargets. 0 means no limit.\n enforcedKeepDroppedTargets: 0\n ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit\n\n ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall\n\n ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.\n enforcedSampleLimit: false\n ## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set\n\n ## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall\n\n ## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except\n\n ## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced.\n enforcedTargetLimit: false\n ## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present\n\n ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions\n\n ## 2.27.0 and newer.\n enforcedLabelLimit: false\n ## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number\n\n ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions\n\n ## 2.27.0 and newer.\n enforcedLabelNameLengthLimit: false\n ## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this\n\n ## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus\n\n ## versions 2.27.0 and newer.\n enforcedLabelValueLengthLimit: false\n ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental\n\n ## in Prometheus so it may change in any upcoming release.\n allowOverlappingBlocks: false\n ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to\n\n ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).\n minReadySeconds: 0\n # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),\n\n # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working\n\n # Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it.\n\n # When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically.\n hostNetwork: false\n # HostAlias holds the mapping between IP and hostnames that will be injected\n\n # as an entry in the pod’s hosts file.\n hostAliases: []\n # - ip: 10.10.0.100\n\n # hostnames:\n\n # - a1.app.local\n\n # - b1.app.local\n\n ## TracingConfig configures tracing in Prometheus.\n\n ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#prometheustracingconfig\n tracingConfig: {}\n ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints.\n\n ## If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role.\n serviceDiscoveryRole: \"\"\n ## Additional configuration which is not covered by the properties above. (passed through tpl)\n\n additionalConfig: {}\n ## Additional configuration which is not covered by the properties above.\n\n ## Useful, if you need advanced templating inside alertmanagerSpec.\n\n ## Otherwise, use prometheus.prometheusSpec.additionalConfig (passed through tpl)\n additionalConfigString: \"\"\n ## Defines the maximum time that the `prometheus` container's startup probe\n\n ## will wait before being considered failed. The startup probe will return\n\n ## success after the WAL replay is complete. If set, the value should be\n\n ## greater than 60 (seconds). Otherwise it will be equal to 900 seconds (15\n\n ## minutes).\n maximumStartupDurationSeconds: 0\n additionalRulesForClusterRole: []\n # - apiGroups: [ \"\" ]\n\n # resources:\n\n # - nodes/proxy\n\n # verbs: [ \"get\", \"list\", \"watch\" ]\n additionalServiceMonitors: []\n ## Name of the ServiceMonitor to create\n\n ##\n\n # - name: \"\"\n\n ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from\n\n ## the chart\n\n ##\n\n # additionalLabels: {}\n\n ## Service label for use in assembling a job name of the form \u003clabel value\u003e-\u003cport\u003e\n\n ## If no label is specified, the service name is used.\n\n ##\n\n # jobLabel: \"\"\n\n ## labels to transfer from the kubernetes service to the target\n\n ##\n\n # targetLabels: []\n\n ## labels to transfer from the kubernetes pods to the target\n\n ##\n\n # podTargetLabels: []\n\n ## Label selector for services to which this ServiceMonitor applies\n\n ##\n\n # selector: {}\n\n ## Example which selects all services to be monitored\n\n ## with label \"monitoredby\" with values any of \"example-service-1\" or \"example-service-2\"\n\n # matchExpressions:\n\n # - key: \"monitoredby\"\n\n # operator: In\n\n # values:\n\n # - example-service-1\n\n # - example-service-2\n\n ## label selector for services\n\n ##\n\n # matchLabels: {}\n\n ## Namespaces from which services are selected\n\n ##\n\n # namespaceSelector:\n\n ## Match any namespace\n\n ##\n\n # any: false\n\n ## Explicit list of namespace names to select\n\n ##\n\n # matchNames: []\n\n ## Endpoints of the selected service to be monitored\n\n ##\n\n # endpoints: []\n\n ## Name of the endpoint's service port\n\n ## Mutually exclusive with targetPort\n\n # - port: \"\"\n\n ## Name or number of the endpoint's target port\n\n ## Mutually exclusive with port\n\n # - targetPort: \"\"\n\n ## File containing bearer token to be used when scraping targets\n\n ##\n\n # bearerTokenFile: \"\"\n\n ## Interval at which metrics should be scraped\n\n ##\n\n # interval: 30s\n\n ## HTTP path to scrape for metrics\n\n ##\n\n # path: /metrics\n\n ## HTTP scheme to use for scraping\n\n ##\n\n # scheme: http\n\n ## TLS configuration to use when scraping the endpoint\n\n ##\n\n # tlsConfig:\n\n ## Path to the CA file\n\n ##\n\n # caFile: \"\"\n\n ## Path to client certificate file\n\n ##\n\n # certFile: \"\"\n\n ## Skip certificate verification\n\n ##\n\n # insecureSkipVerify: false\n\n ## Path to client key file\n\n ##\n\n # keyFile: \"\"\n\n ## Server name used to verify host name\n\n ##\n\n # serverName: \"\"\n\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n\n # metricRelabelings: []\n\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n\n # relabelings: []\n\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Fallback scrape protocol used by Prometheus for scraping metrics\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol\n\n ##\n\n # fallbackScrapeProtocol: \"\"\n additionalPodMonitors: []\n ## Name of the PodMonitor to create\n ##\n\n # - name: \"\"\n\n ## Additional labels to set used for the PodMonitorSelector. Together with standard labels from\n\n ## the chart\n\n ##\n\n # additionalLabels: {}\n\n ## Pod label for use in assembling a job name of the form \u003clabel value\u003e-\u003cport\u003e\n\n ## If no label is specified, the pod endpoint name is used.\n\n ##\n\n # jobLabel: \"\"\n\n ## Label selector for pods to which this PodMonitor applies\n\n ##\n\n # selector: {}\n\n ## Example which selects all Pods to be monitored\n\n ## with label \"monitoredby\" with values any of \"example-pod-1\" or \"example-pod-2\"\n\n # matchExpressions:\n\n # - key: \"monitoredby\"\n\n # operator: In\n\n # values:\n\n # - example-pod-1\n\n # - example-pod-2\n\n ## label selector for pods\n\n ##\n\n # matchLabels: {}\n\n ## PodTargetLabels transfers labels on the Kubernetes Pod onto the target.\n\n ##\n\n # podTargetLabels: {}\n\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n\n # sampleLimit: 0\n\n ## Namespaces from which pods are selected\n\n ##\n\n # namespaceSelector:\n\n ## Match any namespace\n\n ##\n\n # any: false\n\n ## Explicit list of namespace names to select\n\n ##\n\n # matchNames: []\n\n ## Endpoints of the selected pods to be monitored\n\n ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#podmetricsendpoint\n\n ##\n\n # podMetricsEndpoints: []\n\n ## Fallback scrape protocol used by Prometheus for scraping metrics\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#monitoring.coreos.com/v1.ScrapeProtocol\n\n ##\n\n # fallbackScrapeProtocol: \"\"\n\n ## Configuration for thanosRuler\n\n ## ref: https://thanos.io/tip/components/rule.md/\n\n ##\n thanosRuler:\n ## Deploy thanosRuler\n\n ##\n enabled: false\n ## Annotations for ThanosRuler\n\n ##\n annotations: {}\n ## Service account for ThanosRuler to use.\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\n\n ##\n serviceAccount:\n create: true\n name: \"\"\n annotations: {}\n ## Configure pod disruption budgets for ThanosRuler\n\n ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget\n\n ##\n podDisruptionBudget:\n enabled: false\n minAvailable: 1\n maxUnavailable: \"\"\n ingress:\n enabled: false\n # For Kubernetes \u003e= 1.18 you should specify the ingress-controller via the field ingressClassName\n\n # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress\n\n # ingressClassName: nginx\n annotations: {}\n labels: {}\n ## Hosts must be provided if Ingress is enabled.\n\n ##\n hosts: []\n # - thanosruler.domain.com\n\n ## Paths to use for ingress rules - one path should match the thanosruler.routePrefix\n\n ##\n paths: []\n # - /\n\n ## For Kubernetes \u003e= 1.18 you should specify the pathType (determines how Ingress paths should be matched)\n\n ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types\n\n # pathType: ImplementationSpecific\n\n ## TLS configuration for ThanosRuler Ingress\n\n ## Secret must be manually created in the namespace\n\n ##\n tls: []\n # - secretName: thanosruler-general-tls\n # hosts:\n\n # - thanosruler.example.com\n\n # -- BETA: Configure the gateway routes for the chart here.\n\n # More routes can be added by adding a dictionary key like the 'main' route.\n\n # Be aware that this is an early beta of this feature,\n\n # kube-prometheus-stack does not guarantee this works and is subject to change.\n\n # Being BETA this can/will change in the future without notice, do not use unless you want to take that risk\n\n # [[ref]](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1alpha2)\n route:\n main:\n # -- Enables or disables the route\n enabled: false\n # -- Set the route apiVersion, e.g. gateway.networking.k8s.io/v1 or gateway.networking.k8s.io/v1alpha2\n\n apiVersion: gateway.networking.k8s.io/v1\n # -- Set the route kind\n\n # Valid options are GRPCRoute, HTTPRoute, TCPRoute, TLSRoute, UDPRoute\n kind: HTTPRoute\n annotations: {}\n labels: {}\n hostnames: []\n # - my-filter.example.com\n\n parentRefs: []\n # - name: acme-gw\n\n matches:\n - path:\n type: PathPrefix\n value: /\n ## Filters define the filters that are applied to requests that match this rule.\n\n filters: []\n ## Additional custom rules that can be added to the route\n\n additionalRules: []\n ## Configuration for ThanosRuler service\n\n ##\n service:\n annotations: {}\n labels: {}\n clusterIP: \"\"\n ipDualStack:\n enabled: false\n ipFamilies: [\"IPv6\", \"IPv4\"]\n ipFamilyPolicy: \"PreferDualStack\"\n ## Port for ThanosRuler Service to listen on\n\n ##\n port: 10902\n ## To be used with a proxy extraContainer port\n\n ##\n targetPort: 10902\n ## Port to expose on each node\n\n ## Only used if service.type is 'NodePort'\n\n ##\n nodePort: 30905\n ## List of IP addresses at which the Prometheus server service is available\n\n ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips\n\n ##\n\n ## Additional ports to open for ThanosRuler service\n additionalPorts: []\n externalIPs: []\n loadBalancerIP: \"\"\n loadBalancerSourceRanges: []\n ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints\n\n ##\n externalTrafficPolicy: Cluster\n ## Service type\n\n ##\n type: ClusterIP\n ## Configuration for creating a ServiceMonitor for the ThanosRuler service\n\n ##\n serviceMonitor:\n ## If true, create a serviceMonitor for thanosRuler\n\n ##\n selfMonitor: true\n ## Scrape interval. If not set, the Prometheus default scrape interval is used.\n\n ##\n interval: \"\"\n ## Additional labels\n\n ##\n additionalLabels: {}\n ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\n\n ##\n sampleLimit: 0\n ## TargetLimit defines a limit on the number of scraped targets that will be accepted.\n\n ##\n targetLimit: 0\n ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelLimit: 0\n ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelNameLengthLimit: 0\n ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.\n\n ##\n labelValueLengthLimit: 0\n ## proxyUrl: URL of a proxy that should be used for scraping.\n\n ##\n proxyUrl: \"\"\n ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.\n\n scheme: \"\"\n ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.\n\n ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api-reference/api.md#tlsconfig\n tlsConfig: {}\n bearerTokenFile:\n ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n metricRelabelings: []\n # - action: keep\n\n # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'\n\n # sourceLabels: [__name__]\n\n ## RelabelConfigs to apply to samples before scraping\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#relabelconfig\n\n ##\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n\n # separator: ;\n\n # regex: ^(.*)$\n\n # targetLabel: nodename\n\n # replacement: $1\n\n # action: replace\n\n ## Additional Endpoints\n\n ##\n additionalEndpoints: []\n # - port: oauth-metrics\n # path: /metrics\n\n ## Settings affecting thanosRulerpec\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerspec\n\n ##\n thanosRulerSpec:\n ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata\n\n ## Metadata Labels and Annotations gets propagated to the ThanosRuler pods.\n\n ##\n podMetadata: {}\n ## Image of ThanosRuler\n\n ##\n image:\n registry: us-docker.pkg.dev\n repository: palette-images/packs/prometheus-operator/70.2.1/thanos\n tag: v0.37.2\n sha: \"\"\n ## Namespaces to be selected for PrometheusRules discovery.\n\n ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.\n\n ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#namespaceselector for usage\n\n ##\n ruleNamespaceSelector: {}\n ## If true, a nil or {} value for thanosRuler.thanosRulerSpec.ruleSelector will cause the\n\n ## prometheus resource to be created with selectors based on values in the helm deployment,\n\n ## which will also match the PrometheusRule resources created\n\n ##\n ruleSelectorNilUsesHelmValues: false\n ## PrometheusRules to be selected for target discovery.\n\n ## If {}, select all PrometheusRules\n\n ##\n ruleSelector: {}\n ## Example which select all PrometheusRules resources\n\n ## with label \"prometheus\" with values any of \"example-rules\" or \"example-rules-2\"\n\n # ruleSelector:\n\n # matchExpressions:\n\n # - key: prometheus\n\n # operator: In\n\n # values:\n\n # - example-rules\n\n # - example-rules-2\n\n #\n\n ## Example which select all PrometheusRules resources with label \"role\" set to \"example-rules\"\n\n # ruleSelector:\n\n # matchLabels:\n\n # role: example-rules\n\n ## Define Log Format\n\n # Use logfmt (default) or json logging\n logFormat: logfmt\n ## Log level for ThanosRuler to be configured with.\n\n ##\n logLevel: info\n ## Size is the expected size of the thanosRuler cluster. The controller will eventually make the size of the\n\n ## running cluster equal to the expected size.\n replicas: 1\n ## Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression\n\n ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).\n\n ##\n retention: 24h\n ## Interval between consecutive evaluations.\n\n ##\n evaluationInterval: \"\"\n ## Storage is the definition of how storage will be used by the ThanosRuler instances.\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md\n\n ##\n storage: {}\n # volumeClaimTemplate:\n\n # spec:\n\n # storageClassName: gluster\n\n # accessModes: [\"ReadWriteOnce\"]\n\n # resources:\n\n # requests:\n\n # storage: 50Gi\n\n # selector: {}\n\n ## AlertmanagerConfig define configuration for connecting to alertmanager.\n\n ## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg.\n alertmanagersConfig:\n # use existing secret, if configured, alertmanagersConfig.secret will not be used\n existingSecret: {}\n # name: \"\"\n\n # key: \"\"\n\n # will render alertmanagersConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when alertmanagersConfig.existingSecret is set\n\n # https://thanos.io/tip/components/rule.md/#alertmanager\n secret: {}\n # alertmanagers:\n # - api_version: v2\n\n # http_config:\n\n # basic_auth:\n\n # username: some_user\n\n # password: some_pass\n\n # static_configs:\n\n # - alertmanager.thanos.io\n\n # scheme: http\n\n # timeout: 10s\n\n ## DEPRECATED. Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, alertmanagersConfig should be used instead.\n\n ## Note: this field will be ignored if alertmanagersConfig is specified. Maps to the alertmanagers.url Thanos Ruler arg.\n\n # alertmanagersUrl:\n\n ## The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. string false\n\n ##\n externalPrefix:\n ## If true, http://{{ template \"kube-prometheus-stack.thanosRuler.name\" . }}.{{ template \"kube-prometheus-stack.namespace\" . }}:{{ .Values.thanosRuler.service.port }}\n\n ## will be used as value for externalPrefix\n externalPrefixNilUsesHelmValues: false\n ## The route prefix ThanosRuler registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,\n\n ## but the server serves requests under a different route prefix. For example for use with kubectl proxy.\n\n ##\n routePrefix: /\n ## ObjectStorageConfig configures object storage in Thanos\n\n objectStorageConfig:\n # use existing secret, if configured, objectStorageConfig.secret will not be used\n existingSecret: {}\n # name: \"\"\n\n # key: \"\"\n\n # will render objectStorageConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when objectStorageConfig.existingSecret is set\n\n # https://thanos.io/tip/thanos/storage.md/#s3\n secret: {}\n # type: S3\n # config:\n\n # bucket: \"\"\n\n # endpoint: \"\"\n\n # region: \"\"\n\n # access_key: \"\"\n\n # secret_key: \"\"\n\n ## Labels by name to drop before sending to alertmanager\n\n ## Maps to the --alert.label-drop flag of thanos ruler.\n alertDropLabels: []\n ## QueryEndpoints defines Thanos querier endpoints from which to query metrics.\n\n ## Maps to the --query flag of thanos ruler.\n queryEndpoints: []\n ## Define configuration for connecting to thanos query instances. If this is defined, the queryEndpoints field will be ignored.\n\n ## Maps to the query.config CLI argument. Only available with thanos v0.11.0 and higher.\n queryConfig:\n # use existing secret, if configured, queryConfig.secret will not be used\n existingSecret: {}\n # name: \"\"\n\n # key: \"\"\n\n # render queryConfig secret data and configure it to be used by Thanos Ruler custom resource, ignored when queryConfig.existingSecret is set\n\n # https://thanos.io/tip/components/rule.md/#query-api\n secret: {}\n # - http_config:\n # basic_auth:\n\n # username: some_user\n\n # password: some_pass\n\n # static_configs:\n\n # - URL\n\n # scheme: http\n\n # timeout: 10s\n\n ## Labels configure the external label pairs to ThanosRuler. A default replica\n\n ## label `thanos_ruler_replica` will be always added as a label with the value\n\n ## of the pod's name and it will be dropped in the alerts.\n labels: {}\n ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.\n\n ##\n paused: false\n ## Allows setting additional arguments for the ThanosRuler container\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosruler\n\n ##\n additionalArgs: []\n # - name: remote-write.config\n\n # value: |-\n\n # \"remote_write\":\n\n # - \"name\": \"receiver-0\"\n\n # \"remote_timeout\": \"30s\"\n\n # \"url\": \"http://thanos-receiver-0.thanos-receiver:8081/api/v1/receive\"\n\n ## Define which Nodes the Pods are scheduled on.\n\n ## ref: https://kubernetes.io/docs/user-guide/node-selection/\n\n ##\n nodeSelector: {}\n ## Define resources requests and limits for single Pods.\n\n ## ref: https://kubernetes.io/docs/user-guide/compute-resources/\n\n ##\n resources: {}\n # requests:\n\n # memory: 400Mi\n\n ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.\n\n ## The default value \"soft\" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.\n\n ## The value \"hard\" means that the scheduler is *required* to not schedule two replica pods onto the same node.\n\n ## The value \"\" will disable pod anti-affinity so that no anti-affinity rules will be configured.\n\n ##\n podAntiAffinity: \"soft\"\n ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.\n\n ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone\n\n ##\n podAntiAffinityTopologyKey: kubernetes.io/hostname\n ## Assign custom affinity rules to the thanosRuler instance\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/\n\n ##\n affinity: {}\n # nodeAffinity:\n\n # requiredDuringSchedulingIgnoredDuringExecution:\n\n # nodeSelectorTerms:\n\n # - matchExpressions:\n\n # - key: kubernetes.io/e2e-az-name\n\n # operator: In\n\n # values:\n\n # - e2e-az1\n\n # - e2e-az2\n\n ## If specified, the pod's tolerations.\n\n ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/\n\n ##\n tolerations: []\n # - key: \"key\"\n\n # operator: \"Equal\"\n\n # value: \"value\"\n\n # effect: \"NoSchedule\"\n\n ## If specified, the pod's topology spread constraints.\n\n ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/\n\n ##\n topologySpreadConstraints: []\n # - maxSkew: 1\n\n # topologyKey: topology.kubernetes.io/zone\n\n # whenUnsatisfiable: DoNotSchedule\n\n # labelSelector:\n\n # matchLabels:\n\n # app: thanos-ruler\n\n ## SecurityContext holds pod-level security attributes and common container settings.\n\n ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false\n\n ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n\n ##\n securityContext:\n runAsGroup: 2000\n runAsNonRoot: true\n runAsUser: 1000\n fsGroup: 2000\n seccompProfile:\n type: RuntimeDefault\n ## ListenLocal makes the ThanosRuler server listen on loopback, so that it does not bind against the Pod IP.\n\n ## Note this is only for the ThanosRuler UI, not the gossip communication.\n\n ##\n listenLocal: false\n ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an ThanosRuler pod.\n\n ##\n containers: []\n # Additional volumes on the output StatefulSet definition.\n\n volumes: []\n # Additional VolumeMounts on the output StatefulSet definition.\n\n volumeMounts: []\n ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes\n\n ## (permissions, dir tree) on mounted volumes before starting prometheus\n initContainers: []\n ## Priority class assigned to the Pods\n\n ##\n priorityClassName: \"\"\n ## PortName to use for ThanosRuler.\n\n ##\n portName: \"web\"\n ## WebTLSConfig defines the TLS parameters for HTTPS\n\n ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#thanosrulerwebspec\n web: {}\n ## Additional configuration which is not covered by the properties above. (passed through tpl)\n\n additionalConfig: {}\n ## Additional configuration which is not covered by the properties above.\n\n ## Useful, if you need advanced templating\n additionalConfigString: \"\"\n ## ExtraSecret can be used to store various data in an extra secret\n\n ## (use it for example to store hashed basic auth credentials)\n extraSecret:\n ## if not set, name will be auto generated\n\n # name: \"\"\n annotations: {}\n data: {}\n # auth: |\n # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0\n\n # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c.\n\n ## Setting to true produces cleaner resource names, but requires a data migration because the name of the persistent volume changes. Therefore this should only be set once on initial installation.\n\n ##\n cleanPrometheusOperatorObjectNames: false\n ## Extra manifests to deploy as an array\n\n extraManifests: []\n # - apiVersion: v1\n# kind: ConfigMap\n\n# metadata:\n\n# labels:\n\n# name: prometheus-extra\n\n# data:\n\n# extra-data: \"value\"\n","registry":{"metadata":{"uid":"64eaff453040297344bcad5d","name":"Palette Registry","kind":"oci","isPrivate":true,"providerType":"pack","isSyncSupported":true}},"manifests":[{"name":"issuer-selfsigned","content":"apiVersion: cert-manager.io/v1\nkind: Issuer\nmetadata:\n name: selfsigned-issuer\n namespace: monitoring\nspec:\n selfSigned: {}"}]},{"name":"virtual-machine-orchestrator","type":"oci","layer":"addon","version":"4.7.1","tag":"4.7.1","values":"pack:\n content:\n images:\n - image: us-docker.pkg.dev/palette-images/palette/spectro-vm-dashboard:4.7.1\n - image: us-docker.pkg.dev/palette-images/third-party/kubevirt-ui:v25\n - image: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-operator:v1.5.0\n - image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v8.1.0\n - image: registry.k8s.io/sig-storage/snapshot-controller:v8.1.0\n - image: registry.k8s.io/descheduler/descheduler:v0.33.0\n - image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.1.4-thick\n - image: ghcr.io/k8snetworkplumbingwg/multus-dynamic-networks-controller:latest-amd64\n - image: quay.io/kubevirt/cdi-operator:v1.62.0\n - image: quay.io/kubevirt/cdi-uploadproxy:v1.62.0\n - image: quay.io/kubevirt/cdi-controller:v1.62.0\n - image: quay.io/kubevirt/cdi-apiserver:v1.62.0\n - image: quay.io/kubevirt/cdi-importer:v1.62.0\n - image: quay.io/kubevirt/cdi-uploadserver:v1.62.0\n - image: quay.io/kubevirt/cdi-cloner:v1.62.0\n - image: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-handler:v1.5.0\n - image: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-launcher:v1.5.0\n - image: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-exportproxy:v1.5.0\n - image: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-exportserver:v1.5.0\n - image: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-controller:v1.5.0\n - image: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-api:v1.5.0\n - image: us-docker.pkg.dev/palette-images/palette/virtual-machine-orchestrator/os/ubuntu-container-disk:22.04\n - image: us-docker.pkg.dev/palette-images/palette/virtual-machine-orchestrator/os/fedora-container-disk:37\n - image: us-docker.pkg.dev/palette-images/palette/virtual-machine-orchestrator/vlan-filtering/ubuntu:latest\n - image: us-docker.pkg.dev/palette-images/palette/spectro-cleanup:1.0.3\n - image: us-docker.pkg.dev/palette-images/palette/spectro-kubectl:v1.31.5-vmo\n namespace: vm-dashboard\n palette:\n config:\n dashboard:\n access: private\n spectrocloud.com/install-priority: \"30\"\ncharts:\n virtual-machine-orchestrator:\n image:\n repository: us-docker.pkg.dev/palette-images/palette/spectro-vm-dashboard\n tag: \"4.7.1\"\n service:\n type: \"ClusterIP\"\n appConfig:\n clusterInfo:\n consoleBaseAddress: \"\"\n fullnameOverride: \"virtual-machine-orchestrator\"\n serviceAccount:\n # Specifies whether a service account should be created\n create: true\n # Annotations to add to the service account\n annotations: {}\n # The name of the service account to use.\n # If not set and create is true, a name is generated using the fullname template\n name: \"virtual-machine-orchestrator\"\n # Create MachineDrainRule(s) for Cluster API so repaves go smoothly\n machineDrainRules:\n create: true\n namespace: \"cluster-{{ .spectro.system.cluster.uid }}\"\n sampleTemplates:\n fedora37: false\n ubuntu2204: false\n ubuntu2204WithVol: false\n ubuntu2204staticIP: false\n fedora37staticIP: false\n # To create additional vm templates refer to https://docs.spectrocloud.com/vm-management/create-manage-vm/create-vm-template\n # This namespace will be used to store golden images\n goldenImagesNamespace: \"vmo-golden-images\"\n # These namespaces will be created and set up to deploy VMs into\n vmEnabledNamespaces:\n - \"default\"\n - \"virtual-machines\"\n privateCaCertificate:\n enabled: false\n configmapName: custom-ca\n certificateKey: cert\n mountPath: /etc/ssl/certs/\n grafana:\n namespace: monitoring\n vlanFiltering:\n enabled: true\n namespace: kube-system\n image:\n repository: us-docker.pkg.dev/palette-images/palette/virtual-machine-orchestrator/vlan-filtering/ubuntu\n pullPolicy: IfNotPresent\n tag: \"latest\"\n env:\n # Which bridge interface to control\n bridgeIF: \"br0\"\n # Beginning of VLAN range to enable\n allowedVlans: '{{ .spectro.var.vmoAllowedVLANsforVMs }}'\n # Set to \"true\" to enable VLANs on the br0 interface for the host to use itself\n allowVlansOnSelf: '{{ .spectro.var.vmoRunningOnBr0 }}'\n # Beginning of VLAN range to enable for use by the node itself\n allowedVlansOnSelf: '{{ .spectro.var.vmoRunningOnBr0VLANsforK8s }},{{ .spectro.var.vmoAllowedVLANsforVMs }}'\n snapshot-controller:\n enabled: true\n replicas: 1\n # controller image and policies\n image:\n repository: registry.k8s.io/sig-storage/snapshot-controller\n pullPolicy: IfNotPresent\n tag: \"v8.1.0\"\n # A list/array of extra args that should be used\n # when running the controller. Default args include log verbose level\n # and leader election\n extraArgs: []\n # snapshot webhook config\n webhook:\n # all below values take effect only if webhook is enabled\n enabled: true\n # webhook controller image and policies\n image:\n # change the image if you wish to use your own custom validation server image\n repository: registry.k8s.io/sig-storage/snapshot-validation-webhook\n pullPolicy: IfNotPresent\n # Overrides the image tag whose default is the chart appVersion.\n tag: \"v8.1.0\"\n validatingWebhook:\n failurePolicy: Fail\n timeoutSeconds: 2\n # Validating webhook is exposed on an HTTPS endpoint, and so\n # TLS certificate is required. This Helm chart relies on\n # cert-manager.io for managing TLS certificates.\n tls:\n # If not empty, this issuer will be used to sign the certificate.\n # If none is provided, a new, self-signing issuer will be created.\n issuerRef: {}\n # name: \u003cISSUER NAME\u003e\n # kind: \u003cClusterIssuer|Issuer\u003e\n # group: cert-manager.io\n\n # Certificate duration. The generated certificate will be automatically\n # renewed 1/3 of `certDuration` before its expiry.\n # Value must be in units accepted by Go time.ParseDuration.\n # See https://golang.org/pkg/time/#ParseDuration for allowed formats.\n # Minimum accepted duration is `1h`.\n # This option may be ignored/overridden by some issuer types.\n certDuration: 8760h\n service:\n # when running in cluster webhook service is recommended to be of type ClusterIP\n type: ClusterIP\n port: 443\n serviceAccount:\n # Specifies whether a service account should be created.\n create: true\n # Annotations to add to the service account.\n annotations: {}\n # The name of the service account to use.\n # If not set and create is true, a name is generated using the fullname template.\n name: \"\"\n # Log verbosity level.\n # See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md\n # for description of individual verbosity levels.\n logVerbosityLevel: 2\n podAnnotations: {}\n resources: {}\n nodeSelector: {}\n tolerations: []\n affinity: {}\n nameOverride: \"\"\n fullnameOverride: \"\"\n imagePullSecrets: []\n nameOverride: \"\"\n fullnameOverride: \"\"\n resources: {}\n # We usually recommend not to specify default resources and to leave this as a conscious\n # choice for the user. This also increases chances charts run on environments with little\n # resources, such as Minikube. If you do want to specify resources, uncomment the following\n # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n # limits:\n # cpu: 100m\n # memory: 128Mi\n # requests:\n # cpu: 100m\n # memory: 128Mi\n\n nodeSelector: {}\n tolerations: []\n affinity: {}\n # create a default volume snapshot class\n volumeSnapshotClass:\n create: true\n name: \"lh-snapshot-class\"\n driver: \"driver.longhorn.io\"\n # deletionPolicy determines whether a VolumeSnapshotContent created through\n # the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.\n # Supported values are \"Retain\" and \"Delete\".\n deletionPolicy: \"Delete\"\n # params is a key-value map with storage driver specific parameters for creating snapshots.\n params:\n type: snap\n # key-value pair of extra labels to apply to the volumesnapshotclass\n extraLabels:\n velero.io/csi-volumesnapshot-class: \"true\"\n # time for sleep hook in seconds\n hooksleepTime: 12\n kubevirt:\n enabled: true\n # defaults to kubevirt\n namespace: kubevirt\n namespaceLabels:\n pod-security.kubernetes.io/enforce: privileged\n pod-security.kubernetes.io/enforce-version: v{{ .spectro.system.kubernetes.version | substr 0 4 }}\n replicas: 1\n service:\n type: ClusterIP\n port: 443\n targetPort: 8443\n image:\n repository: us-docker.pkg.dev/palette-images/palette/kubevirt/virt-operator\n pullPolicy: IfNotPresent\n # Overrides the image tag whose default is the chart appVersion.\n tag: \"v1.5.0\"\n ## The Kubevirt CR that gets created\n kubevirtResource:\n name: kubevirt\n useEmulation: false\n # below gates are required for virtual machine orchestrator pack, users can append additional gates\n additionalFeatureGates:\n - LiveMigration\n - HotplugVolumes\n - Snapshot\n - VMExport\n - ExpandDisks\n - HotplugNICs\n - VMLiveUpdateFeatures\n - VMPersistentState\n - VolumesUpdateStrategy\n - VolumeMigration\n - CPUManager\n - HypervStrictCheck\n # for additional feature gates refer to https://docs.spectrocloud.com/vm-management#featuregates\n config:\n evictionStrategy: \"LiveMigrate\"\n # additionalConfig lets you define any configuration other than developerConfiguration and evictionStrategy\n additionalConfig:\n #cpuModel: IvyBridge-IBRS\n vmStateStorageClass: \"longhorn\"\n migrations:\n allowAutoConverge: true\n completionTimeoutPerGiB: 150\n #parallelMigrationsPerCluster: 5\n #parallelOutboundMigrationsPerNode: 2\n #bandwidthPerMigration: 512Mi\n #progressTimeout: 150\n #disableTLS: false\n #nodeDrainTaintKey: \"kubevirt.io/drain\"\n #allowPostCopy: false\n #unsafeMigrationOverride: false\n # additionalDevConfig lets you define dev config other than emulation and feature gate\n additionalDevConfig: {}\n # vmRolloutStrategy lets you define how changes to a VM object propagate to its VMI objects\n vmRolloutStrategy: LiveUpdate\n certificateRotateStrategy: {}\n customizeComponents: {}\n # flags:\n # api:\n # v:\n # \"5\"\n # port:\n # \"8443\"\n imagePullPolicy: IfNotPresent\n infra: {}\n # The name of the Prometheus service account that needs read-access to KubeVirt endpoints\n monitorAccount: \"prometheus-operator-prometheus\"\n # The namespace Prometheus is deployed in\n monitorNamespace: \"monitoring\"\n # The namespace the service monitor will be deployed. Either specify this or the monitorNamespace\n serviceMonitorNamespace: \"monitoring\"\n workloads: {}\n workloadsUpdateStrategy:\n workloadUpdateMethods:\n - LiveMigrate\n # uninstallStrategy to use, options are RemoveWorkloads, BlockUninstallIfWorkloadsExist\n uninstallStrategy: \"BlockUninstallIfWorkloadsExist\"\n ingress:\n enabled: true\n ingressClassName: nginx\n annotations:\n cert-manager.io/issuer: kubevirt-selfsigned-issuer\n nginx.ingress.kubernetes.io/backend-protocol: \"HTTPS\"\n labels: {}\n hosts:\n - host: '{{ .spectro.var.vmoKubevirtExportProxyFqdn }}'\n paths:\n - path: /\n pathType: ImplementationSpecific\n # tls:\n # - secretName: virt-exportproxy-tls\n # hosts:\n # - '{{ .spectro.var.vmoKubevirtExportProxyFqdn }}'\n cdi:\n enabled: true\n namespaceLabels:\n pod-security.kubernetes.io/enforce: privileged\n pod-security.kubernetes.io/enforce-version: v{{ .spectro.system.kubernetes.version | substr 0 4 }}\n replicas: 1\n image:\n repository: quay.io/kubevirt/cdi-operator\n pullPolicy: IfNotPresent\n # Overrides the image tag whose default is the chart appVersion.\n tag: \"v1.62.0\"\n # set enabled to true and add private registry details to bring up VMs in airgap environment\n privateRegistry:\n enabled: false\n registryIP: #Ex: 10.10.225.20\n registryBasePath: #Ex: specto-images\n serviceAccount:\n # Specifies whether a service account should be created\n create: true\n # Annotations to add to the service account\n annotations: {}\n # The name of the service account to use.\n # If not set and create is true, a name is generated using the fullname template\n name: \"\"\n service:\n type: ClusterIP\n port: 443\n targetPort: 8443\n ingress:\n enabled: true\n className: \"nginx\"\n annotations:\n cert-manager.io/issuer: cdi-selfsigned-issuer\n nginx.ingress.kubernetes.io/proxy-body-size: \"0\"\n nginx.ingress.kubernetes.io/proxy-read-timeout: \"600\"\n nginx.ingress.kubernetes.io/proxy-send-timeout: \"600\"\n nginx.ingress.kubernetes.io/proxy-request-buffering: \"off\"\n nginx.ingress.kubernetes.io/backend-protocol: \"HTTPS\"\n hosts:\n - host: '{{ .spectro.var.vmoKubevirtUploadProxyFqdn }}'\n paths:\n - path: /\n pathType: ImplementationSpecific\n tls: []\n # - secretName: cdi-uploadproxy-tls\n # hosts:\n # - '{{ .spectro.var.vmoKubevirtUploadProxyFqdn }}'\n resources: {}\n # We usually recommend not to specify default resources and to leave this as a conscious\n # choice for the user. This also increases chances charts run on environments with little\n # resources, such as Minikube. If you do want to specify resources, uncomment the following\n # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n # limits:\n # cpu: 100m\n # memory: 128Mi\n # requests:\n # cpu: 100m\n # memory: 128Mi\n\n ## The CDI CR that gets created\n cdiResource:\n additionalFeatureGates: []\n # - FeatureName\n additionalConfig:\n filesystemOverhead:\n global: \"0.08\"\n storageClass:\n portworx-block: \"0.08\"\n spectro-storage-class: \"0.08\"\n podResourceRequirements:\n requests:\n cpu: 250m\n memory: 1G\n limits:\n cpu: 1\n memory: 8G\n insecureRegistries: [] # List of insecure registries to allow in the CDI importer, preffered in air-gapped environments\n importProxy: {}\n # HTTPProxy: \"http://username:password@your-proxy-server:3128\"\n # HTTPSProxy: \"http://username:password@your-proxy-server:3128\"\n # noProxy: \"127.0.0.1,localhost,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.company.local\"\n # trustedCAProxy: configmap-name # optional: the ConfigMap name of an user-provided trusted certificate authority (CA) bundle to be added to the importer pod CA bundle\n # Note: when setting trustedCAProxy, the file extension used for the cert in the configmap MUST be .crt\n additionalSpec:\n infra:\n nodeSelector:\n kubernetes.io/os: linux\n tolerations:\n - key: CriticalAddonsOnly\n operator: Exists\n workload:\n nodeSelector:\n kubernetes.io/os: linux\n imagePullPolicy: IfNotPresent\n multus:\n enabled: true\n image:\n repository: ghcr.io/k8snetworkplumbingwg/multus-cni\n pullPolicy: IfNotPresent\n # Overrides the image tag whose default is the chart appVersion.\n tag: \"v4.1.4-thick\"\n networkController:\n criSocket:\n enableK3SHostPath: false # true for K3S and RKE2, false for PXK-E\n paletteAgentMode: true # true for running Palette Agent Mode clusters with PXK-E\n # criSocketHostPathOverride: /run/containerd/containerd.sock\n imagePullSecrets: []\n podAnnotations: {}\n resources:\n # We usually recommend not to specify default resources and to leave this as a conscious\n # choice for the user. This also increases chances charts run on environments with little\n # resources, such as Minikube. If you do want to specify resources, uncomment the following\n # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n limits:\n cpu: 100m\n memory: 1Gi\n requests:\n cpu: 100m\n memory: 50Mi\n nodeSelector: {}\n affinity: {}\n dpdkCompatibility: false\n cleanup:\n image: us-docker.pkg.dev/palette-images/palette/spectro-cleanup\n tag: \"1.0.3\"\n networkAttachDef:\n create: false\n # a json string to apply\n config: ''\n # a sample config\n # '{\n # \"cniVersion\": \"0.3.0\",\n # \"type\": \"macvlan\",\n # \"master\": \"ens5\",\n # \"mode\": \"bridge\",\n # \"ipam\": {\n # \"type\": \"host-local\",\n # \"subnet\": \"192.168.1.0/24\",\n # \"rangeStart\": \"192.168.1.200\",\n # \"rangeEnd\": \"192.168.1.216\",\n # \"routes\": [\n # { \"dst\": \"0.0.0.0/0\" }\n # ],\n # \"gateway\": \"192.168.1.1\"\n # }\n # }'\n descheduler:\n enabled: true\n namespace: \"kube-system\"\n # CronJob or Deployment\n kind: CronJob\n image:\n repository: registry.k8s.io/descheduler/descheduler\n # Overrides the image tag whose default is the chart version\n tag: \"v0.33.0\"\n pullPolicy: IfNotPresent\n imagePullSecrets: []\n # - name: container-registry-secret\n resources:\n requests:\n cpu: 500m\n memory: 256Mi\n limits:\n cpu: 500m\n memory: 256Mi\n ports:\n - containerPort: 10258\n protocol: TCP\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n drop:\n - ALL\n privileged: false\n readOnlyRootFilesystem: true\n runAsNonRoot: true\n runAsUser: 1000\n # podSecurityContext -- [Security context for pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)\n podSecurityContext: {}\n # fsGroup: 1000\n\n nameOverride: \"\"\n fullnameOverride: \"descheduler\"\n # -- Override the deployment namespace; defaults to .Release.Namespace\n namespaceOverride: \"\"\n # labels that'll be applied to all resources\n commonLabels: {}\n cronJobApiVersion: \"batch/v1\"\n schedule: \"*/15 * * * *\"\n suspend: false\n # startingDeadlineSeconds: 200\n # successfulJobsHistoryLimit: 3\n # failedJobsHistoryLimit: 1\n # ttlSecondsAfterFinished 600\n # timeZone: Etc/UTC\n\n # Required when running as a Deployment\n deschedulingInterval: 15m\n # Specifies the replica count for Deployment\n # Set leaderElection if you want to use more than 1 replica\n # Set affinity.podAntiAffinity rule if you want to schedule onto a node\n # only if that node is in the same zone as at least one already-running descheduler\n replicas: 1\n # Specifies whether Leader Election resources should be created\n # Required when running as a Deployment\n # NOTE: Leader election can't be activated if DryRun enabled\n leaderElection: {}\n # enabled: true\n # leaseDuration: 15s\n # renewDeadline: 10s\n # retryPeriod: 2s\n # resourceLock: \"leases\"\n # resourceName: \"descheduler\"\n # resourceNamespace: \"kube-system\"\n\n command:\n - \"/bin/descheduler\"\n cmdOptions:\n v: 3\n # Recommended to use the latest Policy API version supported by the Descheduler app version\n deschedulerPolicyAPIVersion: \"descheduler/v1alpha2\"\n # deschedulerPolicy contains the policies the descheduler will execute.\n # To use policies stored in an existing configMap use:\n # NOTE: The name of the cm should comply to {{ template \"descheduler.fullname\" . }}\n # deschedulerPolicy: {}\n deschedulerPolicy:\n nodeSelector: kubevirt.io/schedulable=true\n maxNoOfPodsToEvictPerNode: 10\n # maxNoOfPodsToEvictPerNamespace: 10\n metricsCollector:\n enabled: true\n # ignorePvcPods: true\n # evictLocalStoragePods: true\n # evictDaemonSetPods: true\n # tracing:\n # collectorEndpoint: otel-collector.observability.svc.cluster.local:4317\n # transportCert: \"\"\n # serviceName: \"\"\n # serviceNamespace: \"\"\n # sampleRate: 1.0\n # fallbackToNoOpProviderOnError: true\n profiles:\n - name: default\n pluginConfig:\n - name: DefaultEvictor\n args:\n ignorePvcPods: true\n evictLocalStoragePods: true\n nodeFit: true\n ignorePodsWithoutPDB: true\n - name: RemoveDuplicates\n - name: RemovePodsHavingTooManyRestarts\n args:\n podRestartThreshold: 100\n includingInitContainers: true\n - name: RemovePodsViolatingNodeAffinity\n args:\n nodeAffinityType:\n - requiredDuringSchedulingIgnoredDuringExecution\n - name: RemovePodsViolatingNodeTaints\n args:\n excludedTaints:\n - node.kubernetes.io/unschedulable\n - name: RemovePodsViolatingInterPodAntiAffinity\n - name: RemovePodsViolatingTopologySpreadConstraint\n - name: LowNodeUtilization\n args:\n thresholds:\n cpu: 20\n memory: 25\n pods: 100\n targetThresholds:\n cpu: 60\n memory: 75\n pods: 100\n metricsUtilization:\n metricsServer: true\n evictableNamespaces:\n exclude:\n - \"cert-manager\"\n - \"kube-system\"\n - \"palette-system\"\n - \"metallb-system\"\n - \"cluster-{{ .spectro.system.cluster.uid }}\"\n - \"kubevirt\"\n - \"monitoring\"\n - \"nginx\"\n - \"vm-dashboard\"\n plugins:\n balance:\n enabled:\n - RemoveDuplicates\n - RemovePodsViolatingTopologySpreadConstraint\n - LowNodeUtilization\n deschedule:\n enabled:\n - RemovePodsHavingTooManyRestarts\n - RemovePodsViolatingNodeTaints\n - RemovePodsViolatingNodeAffinity\n - RemovePodsViolatingInterPodAntiAffinity\n priorityClassName: system-cluster-critical\n nodeSelector: {}\n # foo: bar\n\n affinity: {}\n # nodeAffinity:\n # requiredDuringSchedulingIgnoredDuringExecution:\n # nodeSelectorTerms:\n # - matchExpressions:\n # - key: kubernetes.io/e2e-az-name\n # operator: In\n # values:\n # - e2e-az1\n # - e2e-az2\n # podAntiAffinity:\n # requiredDuringSchedulingIgnoredDuringExecution:\n # - labelSelector:\n # matchExpressions:\n # - key: app.kubernetes.io/name\n # operator: In\n # values:\n # - descheduler\n # topologyKey: \"kubernetes.io/hostname\"\n topologySpreadConstraints: []\n # - maxSkew: 1\n # topologyKey: kubernetes.io/hostname\n # whenUnsatisfiable: DoNotSchedule\n # labelSelector:\n # matchLabels:\n # app.kubernetes.io/name: descheduler\n tolerations: []\n # - key: 'management'\n # operator: 'Equal'\n # value: 'tool'\n # effect: 'NoSchedule'\n\n rbac:\n # Specifies whether RBAC resources should be created\n create: true\n serviceAccount:\n # Specifies whether a ServiceAccount should be created\n create: true\n # The name of the ServiceAccount to use.\n # If not set and create is true, a name is generated using the fullname template\n name:\n # Specifies custom annotations for the serviceAccount\n annotations: {}\n podAnnotations: {}\n podLabels:\n spectrocloud.com/connection: proxy\n dnsConfig: {}\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10258\n scheme: HTTPS\n initialDelaySeconds: 3\n periodSeconds: 10\n service:\n enabled: false\n # @param service.ipFamilyPolicy [string], support SingleStack, PreferDualStack and RequireDualStack\n #\n ipFamilyPolicy: \"\"\n # @param service.ipFamilies [array] List of IP families (e.g. IPv4, IPv6) assigned to the service.\n # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/\n # E.g.\n # ipFamilies:\n # - IPv6\n # - IPv4\n ipFamilies: []\n serviceMonitor:\n enabled: false\n # The namespace where Prometheus expects to find service monitors.\n # namespace: \"\"\n # Add custom labels to the ServiceMonitor resource\n additionalLabels: {}\n # prometheus: kube-prometheus-stack\n interval: \"\"\n # honorLabels: true\n insecureSkipVerify: true\n serverName: null\n metricRelabelings: []\n # - action: keep\n # regex: 'descheduler_(build_info|pods_evicted)'\n # sourceLabels: [__name__]\n relabelings: []\n # - sourceLabels: [__meta_kubernetes_pod_node_name]\n # separator: ;\n # regex: ^(.*)$\n # targetLabel: nodename\n # replacement: $1\n # action: replace\n","registry":{"metadata":{"uid":"64eaff453040297344bcad5d","name":"Palette Registry","kind":"oci","isPrivate":true,"providerType":"pack","isSyncSupported":true}}}]},"variables":[{"name":"grafanaFqdn","displayName":"Grafana FQDN","description":"The FQDN specified here will be configured on the Ingress resource for Grafana. You need to define a DNS record for this FQDN, pointing to the external IP address of the Nginx ingress controller.","format":"string","required":true,"defaultValue":"grafana.company.vmo","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345263655832"},{"name":"metallbIpRange","displayName":"MetalLB IP range","description":"IP range that MetalLB can use to assign IP addresses to Kubernetes services. Can be a range or a CIDR.","format":"string","required":true,"defaultValue":"10.20.30.100-10.20.30.200","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345272937256"},{"name":"metallbL2Interface","displayName":"MetalLB interface","description":"Network interface that MetalLB uses for L2 advertisements. Ensure this points to the appropriate interface on the cluster nodes.","format":"string","required":true,"defaultValue":"bond_data.20","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345275015704"},{"name":"vmoAllowedVLANsforVMs","displayName":"VLAN range for VMs","description":"Range of allowed VLANs specifically for VMs. Supports comma separation and ranges, e.g. \"12,13,15-20\".","format":"string","required":true,"defaultValue":"21-100","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345276808664"},{"name":"vmoKubevirtExportProxyFqdn","displayName":"Kubevirt export-proxy FQDN","description":"The FQDN specified here will be configured on the Ingress resource for the Kubevirt export-proxy. You need to define a DNS record for this FQDN, pointing to the external IP address of the Nginx ingress controller.","format":"string","required":true,"defaultValue":"virt-exportproxy.company.vmo","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345278601432"},{"name":"vmoKubevirtUploadProxyFqdn","displayName":"CDI upload-proxy FQDN","description":"The FQDN specified here will be configured on the Ingress resource for the Kubevirt CDI upload-proxy. You need to define a DNS record for this FQDN, pointing to the external IP address of the Nginx ingress controller.","format":"string","required":true,"defaultValue":"cdi-uploadproxy.company.vmo","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345280264848"},{"name":"vmoRunningOnBr0","displayName":"Cluster runs on br0","description":"If you need to run the Kubernetes cluster on the br0 interface (or on a vlan-subinterface of br0), enable this setting.","format":"boolean","required":true,"defaultValue":"false","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345281932896"},{"name":"vmoRunningOnBr0VLANsforK8s","displayName":"VLANs on top of br0","description":"If there are vlan-subinterfaces defined on br0 on the cluster nodes, enter them here. Always include VLAN 1.","format":"string","required":true,"defaultValue":"1,10,20","immutable":false,"hidden":false,"isSensitive":false,"order":"1755511653345283976416"}]}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment