Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot
2023-01-14 15:13:31 +00:00
parent b45975ccb9
commit aab09fa62f
81 changed files with 9824 additions and 0 deletions

View File

View File

@@ -0,0 +1,32 @@
apiVersion: v2
appVersion: "9.3.2"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
deprecated: false
description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
home: https://truecharts.org/charts/stable/grafana
icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png
keywords:
- analytics
- monitoring
- metrics
- logs
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: grafana
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/grafana
- https://github.com/bitnami/bitnami-docker-grafana
- https://grafana.com/
type: application
version: 6.0.23
annotations:
truecharts.org/catagories: |
- metrics
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

View File

@@ -0,0 +1,8 @@
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/grafana](https://truecharts.org/charts/enterprise/grafana)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can!

Binary file not shown.

View File

@@ -0,0 +1,79 @@
image:
repository: tccr.io/truecharts/grafana
pullPolicy: IfNotPresent
tag: 9.3.2@sha256:21b9ef183533b4f4bec2f2b13b0e648086d8896aa3d2423fb99607965c713053
securityContext:
readOnlyRootFilesystem: false
service:
main:
ports:
main:
protocol: HTTP
targetPort: 3000
port: 10038
probes:
liveness:
path: "/api/health"
readiness:
path: "/api/health"
startup:
path: "/api/health"
secretEnv:
GF_SECURITY_ADMIN_USER: "admin"
GF_SECURITY_ADMIN_PASSWORD: "testpassword"
env:
GF_INSTALL_PLUGINS: ""
GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins"
GF_AUTH_LDAP_ENABLED: "false"
GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml"
GF_AUTH_LDAP_ALLOW_SIGN_UP: "false"
GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning"
GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini"
GF_PATHS_DATA: "/opt/bitnami/grafana/data"
GF_PATHS_LOGS: "/opt/bitnami/grafana/logs"
persistence:
config:
enabled: true
mountPath: "/opt/bitnami/grafana/data"
grafana-tmp:
enabled: true
type: emptyDir
mountPath: /opt/bitnami/grafana/tmp
metrics:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
# @default -- See values.yaml
enabled: false
serviceMonitor:
interval: 1m
scrapeTimeout: 30s
labels: {}
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
enabled: false
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules:
[]
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
# summary: Unifi Poller is down.
# expr: |
# absent(up{job=~".*unifi-poller.*"} == 1)
# for: 5m
# labels:
# severity: critical
portal:
enabled: true

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1 @@
{{ include "tc.common.loader.all" . }}

View File

@@ -0,0 +1,18 @@
{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "tc.common.names.fullname" . }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
{{- with .Values.metrics.prometheusRule.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
groups:
- name: {{ include "tc.common.names.fullname" . }}
rules:
{{- with .Values.metrics.prometheusRule.rules }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,24 @@
{{- if .Values.metrics.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "tc.common.names.fullname" . }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
{{- with .Values.metrics.serviceMonitor.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "tc.common.labels.selectorLabels" . | nindent 6 }}
endpoints:
- port: main
{{- with .Values.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
path: /metrics
{{- end }}

View File

View File

@@ -0,0 +1,4 @@
icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png
categories:
- metrics

View File

@@ -0,0 +1,37 @@
apiVersion: v2
appVersion: "2.41.0"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
- condition: exporters.enabled,exporters.node-exporter.enabled
name: node-exporter
repository: https://charts.bitnami.com/bitnami
version: 3.2.6
- condition: exporters.enabled,exporters.kube-state-metrics.enabled
name: kube-state-metrics
repository: https://charts.bitnami.com/bitnami
version: 3.2.7
deprecated: false
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
home: https://truecharts.org/charts/stable/prometheus
keywords:
- metrics
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: prometheus
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/prometheus
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 7.0.42
annotations:
truecharts.org/catagories: |
- metrics
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

View File

@@ -0,0 +1,8 @@
kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/prometheus](https://truecharts.org/charts/enterprise/prometheus)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can!

Binary file not shown.

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,198 @@
{{/* Name suffixed with operator */}}
{{- define "kube-prometheus.fullname" -}}
{{- printf "%s" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with operator */}}
{{- define "kube-prometheus.name" -}}
{{- printf "%s" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with operator */}}
{{- define "kube-prometheus.operator.name" -}}
{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with prometheus */}}
{{- define "kube-prometheus.prometheus.name" -}}
{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with alertmanager */}}
{{- define "kube-prometheus.alertmanager.name" -}}
{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Name suffixed with thanos */}}
{{- define "kube-prometheus.thanos.name" -}}
{{- printf "%s-thanos" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with operator */}}
{{- define "kube-prometheus.operator.fullname" -}}
{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with prometheus */}}
{{- define "kube-prometheus.prometheus.fullname" -}}
{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with alertmanager */}}
{{- define "kube-prometheus.alertmanager.fullname" -}}
{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}}
{{- end }}
{{/* Fullname suffixed with thanos */}}
{{- define "kube-prometheus.thanos.fullname" -}}
{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}}
{{- end }}
{{- define "kube-prometheus.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common Labels
*/}}
{{- define "kube-prometheus.labels" -}}
{{ include "tc.common.labels" . }}
{{- if .Values.global.labels }}
{{ toYaml .Values.global.labels }}
{{- end }}
{{- end -}}
{{/*
Labels for operator
*/}}
{{- define "kube-prometheus.operator.labels" -}}
{{ include "tc.common.labels" . }}
app.kubernetes.io/component: operator
{{- end -}}
{{/*
Labels for prometheus
*/}}
{{- define "kube-prometheus.prometheus.labels" -}}
{{ include "tc.common.labels" . }}
app.kubernetes.io/component: prometheus
{{- end -}}
{{/*
Labels for alertmanager
*/}}
{{- define "kube-prometheus.alertmanager.labels" -}}
{{ include "tc.common.labels" . }}
app.kubernetes.io/component: alertmanager
{{- end -}}
{{/*
matchLabels for operator
*/}}
{{- define "kube-prometheus.operator.matchLabels" -}}
{{ include "tc.common.labels.selectorLabels" . }}
app.kubernetes.io/component: operator
{{- end -}}
{{/*
matchLabels for prometheus
*/}}
{{- define "kube-prometheus.prometheus.matchLabels" -}}
{{ include "tc.common.labels.selectorLabels" . }}
app.kubernetes.io/component: prometheus
{{- end -}}
{{/*
matchLabels for alertmanager
*/}}
{{- define "kube-prometheus.alertmanager.matchLabels" -}}
{{ include "tc.common.labels.selectorLabels" . }}
app.kubernetes.io/component: alertmanager
{{- end -}}
{{/*
Return the proper Prometheus Operator image name
*/}}
{{- define "kube-prometheus.image" -}}
{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }}
{{- end -}}
{{/*
Return the proper Prometheus Operator Reloader image name
*/}}
{{- define "kube-prometheus.prometheusConfigReloader.image" -}}
{{- include "kube-prometheus.image" . -}}
{{- end -}}
{{/*
Return the proper Prometheus Image name
*/}}
{{- define "kube-prometheus.prometheus.image" -}}
{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }}
{{- end -}}
{{/*
Return the proper Thanos Image name
*/}}
{{- define "kube-prometheus.prometheus.thanosImage" -}}
{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }}
{{- end -}}
{{/*
Return the proper Alertmanager Image name
*/}}
{{- define "kube-prometheus.alertmanager.image" -}}
{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "kube-prometheus.imagePullSecrets" -}}
{{- end -}}
{{/*
Create the name of the operator service account to use
*/}}
{{- define "kube-prometheus.operator.serviceAccountName" -}}
{{- if .Values.operator.serviceAccount.create -}}
{{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.operator.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the prometheus service account to use
*/}}
{{- define "kube-prometheus.prometheus.serviceAccountName" -}}
{{- if .Values.prometheus.serviceAccount.create -}}
{{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.prometheus.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the alertmanager service account to use
*/}}
{{- define "kube-prometheus.alertmanager.serviceAccountName" -}}
{{- if .Values.alertmanager.serviceAccount.create -}}
{{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.alertmanager.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "kube-prometheus.validateValues" -}}
{{- $messages := list -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}

View File

@@ -0,0 +1,183 @@
{{- define "prometheus.alertmanager.alertmanager" -}}
{{- if .Values.alertmanager.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: Alertmanager
metadata:
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.alertmanager.replicaCount }}
serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
{{- if .Values.alertmanager.image }}
image: {{ template "kube-prometheus.alertmanager.image" . }}
{{- end }}
listenLocal: {{ .Values.alertmanager.listenLocal }}
{{- if index .Values.alertmanager "externalUrl" }}
externalUrl: "{{ .Values.alertmanager.externalUrl }}"
{{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }}
externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }}
{{- else }}
externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }}
{{- end }}
portName: "{{ .Values.alertmanager.portName }}"
paused: {{ .Values.alertmanager.paused }}
logFormat: {{ .Values.alertmanager.logFormat }}
logLevel: {{ .Values.alertmanager.logLevel }}
retention: {{ .Values.alertmanager.retention }}
{{- if .Values.alertmanager.secrets }}
secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.configMaps }}
configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }}
{{- end }}
resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }}
routePrefix: "{{ .Values.alertmanager.routePrefix }}"
{{- if .Values.alertmanager.podSecurityContext.enabled }}
securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.storageSpec }}
storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }}
{{- else }}
{{- if .Values.alertmanager.persistence.enabled }}
storage:
volumeClaimTemplate:
spec:
accessModes:
{{- range .Values.alertmanager.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.alertmanager.persistence.size | quote }}
{{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.alertmanager.persistence "global" $ ) | nindent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
podMetadata:
labels:
{{- if .Values.alertmanager.podMetadata.labels }}
{{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }}
{{- end }}
{{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
{{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
{{- end }}
{{- if .Values.alertmanager.podMetadata.annotations }}
annotations:
{{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.affinity }}
affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }}
{{- else }}
affinity:
{{- if not (empty .Values.alertmanager.podAffinityPreset) }}
podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.alertmanager.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAntiAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.alertmanager.nodeAffinityPreset.values) }}
nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.alertmanager.nodeAffinityPreset.type "key" .Values.alertmanager.nodeAffinityPreset.key "values" .Values.alertmanager.nodeAffinityPreset.values) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.volumes }}
volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.volumeMounts }}
volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
{{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
containers:
{{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: alertmanager
{{- if .Values.alertmanager.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.alertmanager.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.alertmanager.livenessProbe.path }}
port: alertmanager
scheme: HTTP
initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.alertmanager.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.readinessProbe.path }}
port: alertmanager
scheme: HTTP
initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: config-reloader
{{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.containers }}
{{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: {{ .Values.alertmanager.priorityClassName }}
{{- end }}
{{- if .Values.alertmanager.additionalPeers }}
additionalPeers: {{ .Values.alertmanager.additionalPeers }}
{{- end }}
{{- if .Values.alertmanager.configNamespaceSelector }}
alertmanagerConfigNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.alertmanager.configSelector }}
alertmanagerConfigSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,13 @@
{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }}
apiVersion: v1
kind: Secret
metadata:
name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
data:
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
{{- range $key, $val := .Values.alertmanager.templateFiles }}
{{ $key }}: {{ $val | b64enc | quote }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,12 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
{{- if index .Values.alertmanager.serviceAccount "annotations" }}
annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . }}
{{- end }}

View File

@@ -0,0 +1,26 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
endpoints:
- port: http
{{- if .Values.alertmanager.serviceMonitor.interval }}
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
{{- end }}
path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,13 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{- include "prometheus.prometheus.prometheus" . }}
{{- include "prometheus.prometheus.additionalprometheusrules" . }}
{{- include "prometheus.prometheus.additionalscrapejobs" . }}
{{- include "prometheus.prometheus.servicemonitor" . }}
{{- include "prometheus.alertmanager.alertmanager" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

View File

@@ -0,0 +1,22 @@
{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus.fullname" . }}-coredns
namespace: {{ .Values.coreDns.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.coreDns.service.port }}
protocol: TCP
targetPort: {{ .Values.coreDns.service.targetPort }}
selector:
{{- if .Values.coreDns.service.selector }}
{{ toYaml .Values.coreDns.service.selector | indent 4 }}
{{- else}}
k8s-app: kube-dns
{{- end}}
{{- end }}

View File

@@ -0,0 +1,29 @@
{{- if .Values.coreDns.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-coredns
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
spec:
jobLabel: k8s-app
selector:
matchLabels:
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
namespaceSelector:
matchNames:
- {{ .Values.coreDns.namespace }}
endpoints:
- port: http-metrics
{{- if .Values.coreDns.serviceMonitor.interval}}
interval: {{ .Values.coreDns.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.coreDns.serviceMonitor.relabelings }}
relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,35 @@
{{- if .Values.kubeApiServer.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-apiserver
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: apiserver
spec:
jobLabel: component
selector:
matchLabels:
component: apiserver
provider: kubernetes
namespaceSelector:
matchNames:
- default
endpoints:
- port: https
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
serverName: kubernetes
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,18 @@
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespace: {{ .Values.kubeControllerManager.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: kube-controller-manager
subsets:
- addresses:
{{- range .Values.kubeControllerManager.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeControllerManager.service.port }}
protocol: TCP
{{- end }}

View File

@@ -0,0 +1,25 @@
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespace: {{ .Values.kubeControllerManager.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeControllerManager.service.port }}
protocol: TCP
targetPort: {{ .Values.kubeControllerManager.service.targetPort }}
{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
selector:
{{- if .Values.kubeControllerManager.service.selector }}
{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
{{- else}}
component: kube-controller-manager
{{- end}}
{{- end }}
type: ClusterIP
{{- end }}

View File

@@ -0,0 +1,40 @@
{{- if .Values.kubeControllerManager.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
spec:
jobLabel: component
selector:
matchLabels:
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
namespaceSelector:
matchNames:
- {{ .Values.kubeControllerManager.namespace }}
endpoints:
- port: http-metrics
{{- if .Values.kubeControllerManager.serviceMonitor.interval }}
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeControllerManager.serviceMonitor.https }}
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
{{- end }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,18 @@
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespace: {{ .Values.kubeScheduler.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: kube-scheduler
subsets:
- addresses:
{{- range .Values.kubeScheduler.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeScheduler.service.port }}
protocol: TCP
{{- end }}

View File

@@ -0,0 +1,25 @@
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespace: {{ .Values.kubeScheduler.namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeScheduler.service.port}}
protocol: TCP
targetPort: {{ .Values.kubeScheduler.service.targetPort}}
{{- if .Values.kubeScheduler.endpoints }}{{- else }}
selector:
{{- if .Values.kubeScheduler.service.selector }}
{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
{{- else}}
component: kube-scheduler
{{- end}}
{{- end }}
type: ClusterIP
{{- end -}}

View File

@@ -0,0 +1,40 @@
{{- if .Values.kubeScheduler.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
spec:
jobLabel: component
selector:
matchLabels:
app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
namespaceSelector:
matchNames:
- {{ .Values.kubeScheduler.namespace }}
endpoints:
- port: http-metrics
{{- if .Values.kubeScheduler.serviceMonitor.interval }}
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeScheduler.serviceMonitor.https }}
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
{{- end}}
{{- if .Values.kubeScheduler.serviceMonitor.serverName }}
serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
{{- end}}
{{- end}}
{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
{{- end }}
{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,85 @@
{{- if .Values.kubelet.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.fullname" . }}-kubelet
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
app.kubernetes.io/component: kubelet
spec:
jobLabel: k8s-app
selector:
matchLabels:
k8s-app: kubelet
namespaceSelector:
matchNames:
- {{ .Values.kubelet.namespace }}
endpoints:
{{- if .Values.kubelet.serviceMonitor.https }}
- port: https-metrics
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
serverName: kubernetes
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
- port: https-metrics
path: /metrics/cadvisor
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
serverName: kubernetes
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
{{- end }}
{{- else }}
- port: http-metrics
scheme: http
tlsConfig:
insecureSkipVerify: false
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
- port: http-metrics
path: /metrics/cadvisor
scheme: http
tlsConfig:
insecureSkipVerify: false
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,15 @@
{{- define "prometheus.prometheus.additionalprometheusrules" -}}
{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}}
{{- range .Values.prometheus.additionalPrometheusRules }}
---
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "kube-prometheus.name" $ }}-{{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }}
spec:
groups: {{- toYaml .groups | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,13 @@
{{- define "prometheus.prometheus.additionalscrapejobs" -}}
{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }}
---
apiVersion: v1
kind: Secret
metadata:
name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
data:
scrape-jobs.yaml: {{ include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,361 @@
{{- define "prometheus.prometheus.prometheus" -}}
{{- if .Values.prometheus.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.prometheus.replicaCount }}
serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
{{- if .Values.prometheus.serviceMonitorSelector }}
serviceMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }}
{{- else }}
serviceMonitorSelector: {}
{{- end }}
{{- if .Values.prometheus.podMonitorSelector }}
podMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }}
{{- else }}
podMonitorSelector: {}
{{- end }}
{{- if .Values.prometheus.probeSelector }}
probeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }}
{{- else }}
probeSelector: {}
{{- end }}
alerting:
alertmanagers:
{{- if .Values.prometheus.alertingEndpoints }}
{{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }}
{{- else if .Values.alertmanager.enabled }}
- namespace: {{ .Release.Namespace }}
name: {{ template "kube-prometheus.alertmanager.fullname" . }}
port: http
pathPrefix: "{{ .Values.alertmanager.routePrefix }}"
{{- else }}
[]
{{- end }}
{{- if .Values.prometheus.image }}
image: {{ template "kube-prometheus.prometheus.image" . }}
{{- end }}
{{- if .Values.prometheus.externalLabels }}
externalLabels: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusExternalLabelNameClear }}
prometheusExternalLabelName: ""
{{- else if .Values.prometheus.prometheusExternalLabelName }}
prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}"
{{- end }}
{{- if .Values.prometheus.replicaExternalLabelNameClear }}
replicaExternalLabelName: ""
{{- else if .Values.prometheus.replicaExternalLabelName }}
replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}"
{{- end }}
{{- if index .Values.prometheus "externalUrl" }}
externalUrl: "{{ .Values.prometheus.externalUrl }}"
{{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }}
externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }}
{{- else }}
externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }}
{{- end }}
paused: {{ .Values.prometheus.paused }}
logLevel: {{ .Values.prometheus.logLevel }}
logFormat: {{ .Values.prometheus.logFormat }}
listenLocal: {{ .Values.prometheus.listenLocal }}
enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }}
{{- if .Values.prometheus.enableFeatures }}
enableFeatures:
{{- range .Values.prometheus.enableFeatures }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.scrapeInterval }}
scrapeInterval: {{ .Values.prometheus.scrapeInterval }}
{{- end }}
{{- if .Values.prometheus.evaluationInterval }}
evaluationInterval: {{ .Values.prometheus.evaluationInterval }}
{{- end }}
{{- if .Values.prometheus.resources }}
resources: {{- toYaml .Values.prometheus.resources | nindent 4 }}
{{- end }}
retention: {{ .Values.prometheus.retention }}
{{- if .Values.prometheus.retentionSize }}
retentionSize: {{ .Values.prometheus.retentionSize }}
{{- end }}
{{- if .Values.prometheus.disableCompaction }}
disableCompaction: {{ .Values.prometheus.disableCompaction }}
{{- end }}
{{- if .Values.prometheus.walCompression }}
walCompression: {{ .Values.prometheus.walCompression }}
{{- end }}
portName: "{{ .Values.prometheus.portName }}"
routePrefix: "{{ .Values.prometheus.routePrefix }}"
{{- if .Values.prometheus.secrets }}
secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.configMaps }}
configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.serviceMonitorNamespaceSelector }}
serviceMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
serviceMonitorNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.podMonitorNamespaceSelector }}
podMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
podMonitorNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.probeNamespaceSelector }}
probeNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
probeNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.remoteRead }}
remoteRead: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.remoteWrite }}
remoteWrite: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.podSecurityContext.enabled }}
securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.ruleNamespaceSelector }}
ruleNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }}
{{- else }}
ruleNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.ruleSelector }}
ruleSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }}
{{- else }}
ruleSelector: {}
{{- end }}
{{- if .Values.prometheus.storageSpec }}
storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }}
{{- else if .Values.prometheus.persistence.enabled }}
storage:
volumeClaimTemplate:
spec:
accessModes:
{{- range .Values.prometheus.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.prometheus.persistence.size | quote }}
{{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.prometheus.persistence "global" $ ) | nindent 8 }}
{{- end }}
{{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
podMetadata:
labels:
{{- if .Values.prometheus.podMetadata.labels }}
{{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }}
{{- end }}
{{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
{{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
{{- end }}
{{- if .Values.prometheus.podMetadata.annotations }}
annotations:
{{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.querySpec }}
query: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.affinity }}
affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }}
{{- else }}
affinity:
{{- if not (empty .Values.prometheus.podAffinityPreset) }}
podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.prometheus.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAntiAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
{{- end }}
{{- if not (empty .Values.prometheus.nodeAffinityPreset.values) }}
nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.prometheus.nodeAffinityPreset.type "key" .Values.prometheus.nodeAffinityPreset.key "values" .Values.prometheus.nodeAffinityPreset.values) | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.nodeSelector }}
nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.tolerations }}
tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.volumes }}
volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.prometheus.volumeMounts }}
volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }}
{{- end }}
{{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
additionalScrapeConfigs:
{{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }}
name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }}
key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }}
{{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }}
name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
key: scrape-jobs.yaml
{{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }}
key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }}
additionalAlertRelabelConfigs:
name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }}
key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
{{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
containers:
{{- if .Values.prometheus.thanos.create }}
- name: thanos-sidecar
image: {{ template "kube-prometheus.prometheus.thanosImage" . }}
imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }}
args:
- sidecar
- --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }}
- --grpc-address=0.0.0.0:10901
- --http-address=0.0.0.0:10902
- --tsdb.path=/prometheus/
{{- if .Values.prometheus.thanos.objectStorageConfig }}
- --objstore.config=$(OBJSTORE_CONFIG)
{{- end }}
{{- if .Values.prometheus.thanos.extraArgs }}
{{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }}
{{- end }}
{{- if .Values.prometheus.thanos.objectStorageConfig }}
env:
- name: OBJSTORE_CONFIG
valueFrom:
secretKeyRef:
name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }}
key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }}
{{- end }}
{{- if .Values.prometheus.thanos.resources }}
resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }}
{{- end }}
ports:
- name: thanos
containerPort: 10901
protocol: TCP
- name: http
containerPort: 10902
protocol: TCP
volumeMounts:
- mountPath: /prometheus
name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db
{{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }}
subPath: prometheus-db
{{- end }}
{{- if .Values.prometheus.thanos.extraVolumeMounts }}
{{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.thanos.containerSecurityContext.enabled }}
# yamllint disable rule:indentation
securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }}
# yamllint enable rule:indentation
{{- end }}
{{- if .Values.prometheus.thanos.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.prometheus.thanos.livenessProbe.path }}
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.prometheus.thanos.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.prometheus.thanos.readinessProbe.path }}
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: prometheus
{{- if .Values.prometheus.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.prometheus.livenessProbe.path }}
port: main
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.prometheus.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.prometheus.readinessProbe.path }}
port: main
scheme: HTTP
initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
## This monkey patching is needed until the securityContexts are
## directly patchable via the CRD.
## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
## currently implemented with strategic merge
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
- name: config-reloader
{{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
livenessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: reloader-web
initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.containers }}
{{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.priorityClassName }}
priorityClassName: {{ .Values.prometheus.priorityClassName }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,29 @@
{{- define "prometheus.prometheus.servicemonitor" -}}
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
endpoints:
- port: http
{{- if .Values.prometheus.serviceMonitor.interval }}
interval: {{ .Values.prometheus.serviceMonitor.interval }}
{{- end }}
path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics
{{- if .Values.prometheus.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.serviceMonitor.relabelings }}
relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,41 @@
{{- if .Values.prometheus.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs:
- "get"
- "list"
- "watch"
- apiGroups:
- extensions
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- "/metrics"
verbs:
- "get"
{{- end }}

View File

@@ -0,0 +1,15 @@
{{- if .Values.prometheus.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kube-prometheus.prometheus.fullname" . }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kube-prometheus.prometheus.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

View File

@@ -0,0 +1,12 @@
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
{{- if index .Values.prometheus.serviceAccount "annotations" }}
annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- include "kube-prometheus.imagePullSecrets" . }}
{{- end }}

View File

View File

@@ -0,0 +1,4 @@
icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
categories:
- metrics

View File

View File

@@ -0,0 +1,31 @@
apiVersion: v2
appVersion: "2.9.6"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
deprecated: false
description: Traefik is a flexible reverse proxy and Ingress Provider.
home: https://truecharts.org/charts/stable/traefik
icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
keywords:
- traefik
- ingress
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: traefik
sources:
- https://github.com/truecharts/charts/tree/master/charts/stable/traefik
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
- https://traefik.io/
type: application
version: 16.0.11
annotations:
truecharts.org/catagories: |
- network
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

@@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

View File

@@ -0,0 +1,8 @@
Traefik is a flexible reverse proxy and Ingress Provider.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can!

Binary file not shown.

View File

@@ -0,0 +1,406 @@
image:
repository: tccr.io/truecharts/traefik
# defaults to appVersion
tag: 2.9.6@sha256:a4f065a7a34902e7d8179680b8c344e70cf90ed80c7a396b5f42ecabfa3c0321
pullPolicy: IfNotPresent
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false
isDefaultClass: false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
fallbackApiVersion: ""
# -- Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "9180"
#
# -- Configure providers
providers:
kubernetesCRD:
enabled: true
namespaces:
[]
# - "default"
kubernetesIngress:
enabled: true
# labelSelector: environment=production,method=traefik
namespaces:
[]
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
# -- Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
format: common
access:
# To enable access logs
enabled: false
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters:
{}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names:
{}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names:
{}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
format: common
metrics:
# datadog:
# address: 127.0.0.1:8125
# influxdb:
# address: localhost:8089
# protocol: udp
prometheus:
entryPoint: metrics
# statsd:
# address: localhost:8125
globalArguments:
- "--global.checknewversion"
##
# -- Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
- "--metrics.prometheus"
- "--ping"
- "--serverstransport.insecureskipverify=true"
- "--providers.kubernetesingress.allowexternalnameservices=true"
# -- TLS Options to be created as TLSOption CRDs
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
# Example:
tlsOptions:
default:
sniStrict: false
minVersion: VersionTLS12
curvePreferences:
- CurveP521
- CurveP384
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# -- Options for the main traefik service, where the entrypoints traffic comes from
# from.
service:
main:
type: LoadBalancer
ports:
main:
port: 9000
targetPort: 9000
protocol: HTTP
# -- Forwarded Headers should never be enabled on Main entrypoint
forwardedHeaders:
enabled: false
# -- Proxy Protocol should never be enabled on Main entrypoint
proxyProtocol:
enabled: false
tcp:
enabled: true
type: LoadBalancer
ports:
web:
enabled: true
port: 9080
protocol: HTTP
redirectTo: websecure
# Options: Empty, 0 (ingore), or positive int
# redirectPort:
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders:
enabled: false
# -- List of trusted IP and CIDR references
trustedIPs: []
# -- Trust all forwarded headers
insecureMode: false
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol:
enabled: false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs: []
# -- Trust every incoming connection
insecureMode: false
websecure:
enabled: true
port: 9443
protocol: HTTPS
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders:
enabled: false
# -- List of trusted IP and CIDR references
trustedIPs: []
# -- Trust all forwarded headers
insecureMode: false
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol:
enabled: false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs: []
# -- Trust every incoming connection
insecureMode: false
# tcpexample:
# enabled: true
# targetPort: 9443
# protocol: TCP
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
metrics:
enabled: true
type: ClusterIP
ports:
metrics:
enabled: true
port: 9180
targetPort: 9180
protocol: HTTP
# -- Forwarded Headers should never be enabled on Metrics entrypoint
forwardedHeaders:
enabled: false
# -- Proxy Protocol should never be enabled on Metrics entrypoint
proxyProtocol:
enabled: false
udp:
enabled: false
# probes:
# # -- Liveness probe configuration
# # @default -- See below
# liveness:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# # -- Redainess probe configuration
# # @default -- See below
# readiness:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# # -- Startup probe configuration
# # @default -- See below
# startup:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
main:
enabled: true
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
main:
enabled: true
# -- SCALE Middleware Handlers
middlewares:
basicAuth: []
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth: []
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
chain: []
# - name: chainname
# middlewares:
# - name: compress
redirectScheme: []
# - name: redirectSchemeName
# scheme: https
# permanent: true
rateLimit: []
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex: []
# - name: redirectRegexName
# regex: putregexhere
# replacement: replacementurlhere
# permanent: false
stripPrefixRegex: []
# - name: stripPrefixRegexName
# regex: []
ipWhiteList: []
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
themeParkVersion: v1.3.0
themePark: []
# - name: themeParkName
# -- Supported apps, lower case name
# -- https://docs.theme-park.dev/themes
# app: appnamehere
# -- Supported themes, lower case name
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
# -- https://docs.theme-park.dev/community-themes
# theme: themenamehere
# -- https://theme-park.dev or a self hosted url
# baseUrl: https://theme-park.dev
realIPVersion: v1.0.3
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
# Cf-Connecting-Ip (If from Cloudflare)
# Evaluation of those headers will go from last to first
realIP: []
# - name: realIPName
# -- The real IP will be the first one that is
# -- not included in any of the CIDRs passed here
# excludedNetworks:
# - 1.1.1.1/24
addPrefix: []
# - name: addPrefixName
# prefix: "/foo"
geoBlockVersion: v0.2.3
geoBlock: []
# -- https://github.com/PascalMinder/geoblock
# - name: geoBlockName
# allowLocalRequests: true
# logLocalRequests: false
# logAllowedRequests: false
# logApiRequests: false
# api: https://get.geojs.io/v1/ip/country/{ip}
# apiTimeoutMs: 500
# cacheSize: 25
# forceMonthlyUpdate: true
# allowUnknownCountries: false
# unknownCountryApiResponse: nil
# countries:
# - RU
portalhook:
enabled: true
persistence:
plugins:
enabled: true
mountPath: "/plugins-storage"
type: emptyDir
portal:
enabled: true

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,178 @@
{{/* Define the args */}}
{{- define "traefik.args" -}}
args:
{{/* merge all ports */}}
{{- $ports := dict }}
{{- range $.Values.service }}
{{- range $name, $value := .ports }}
{{- $_ := set $ports $name $value }}
{{- end }}
{{- end }}
{{/* start of actual arguments */}}
{{- with .Values.globalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- range $name, $config := $ports }}
{{- if $config }}
{{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
{{- $_ := set $config "protocol" "TCP" }}
{{- end }}
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
{{- end }}
{{- end }}
- "--api.dashboard=true"
- "--ping=true"
{{- if .Values.metrics }}
{{- if .Values.metrics.datadog }}
- "--metrics.datadog=true"
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
{{- end }}
{{- if .Values.metrics.influxdb }}
- "--metrics.influxdb=true"
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
{{- end }}
{{- if .Values.metrics.prometheus }}
- "--metrics.prometheus=true"
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
{{- end }}
{{- if .Values.metrics.statsd }}
- "--metrics.statsd=true"
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
{{- end }}
{{- end }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress"
{{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.labelSelector }}
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
{{- end }}
{{- end }}
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
{{- end }}
{{- end }}
{{- if .Values.ingressClass.enabled }}
- "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
{{- end }}
{{- range $entrypoint, $config := $ports }}
{{/* add args for proxyProtocol support */}}
{{- if $config.proxyProtocol }}
{{- if $config.proxyProtocol.enabled }}
{{- if $config.proxyProtocol.insecureMode }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
{{- end }}
{{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
{{- end }}
{{- end }}
{{- end }}
{{/* add args for forwardedHeaders support */}}
{{- if $config.forwardedHeaders.enabled }}
{{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
{{- end }}
{{- if $config.forwardedHeaders.insecureMode }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
{{- end }}
{{- end }}
{{/* end forwardedHeaders configuration */}}
{{- if $config.redirectTo }}
{{- $toPort := index $ports $config.redirectTo }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- else if $config.redirectPort }}
{{ if gt $config.redirectPort 0.0 }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- end }}
{{- end }}
{{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
{{- if $config.tls.options }}
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
{{- end }}
{{- if $config.tls.certResolver }}
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
{{- end }}
{{- if $config.tls.domains }}
{{- range $index, $domain := $config.tls.domains }}
{{- if $domain.main }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
{{- end }}
{{- if $domain.sans }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.logs }}
- "--log.format={{ .general.format }}"
{{- if ne .general.level "ERROR" }}
- "--log.level={{ .general.level | upper }}"
{{- end }}
{{- if .access.enabled }}
- "--accesslog=true"
- "--accesslog.format={{ .access.format }}"
{{- if .access.bufferingsize }}
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
{{- end }}
{{- if .access.filters }}
{{- if .access.filters.statuscodes }}
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
{{- end }}
{{- if .access.filters.retryattempts }}
- "--accesslog.filters.retryattempts"
{{- end }}
{{- if .access.filters.minduration }}
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
{{- end }}
{{- end }}
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
{{- end }}
{{- end }}
{{/* theme.park */}}
{{- if .Values.middlewares.themePark }}
- "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
- "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}"
{{- end }}
{{/* End of theme.park */}}
{{/* GeoBlock */}}
{{- if .Values.middlewares.geoBlock }}
- "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock"
- "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}"
{{- end }}
{{/* End of GeoBlock */}}
{{/* RealIP */}}
{{- if .Values.middlewares.realIP }}
- "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip"
- "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}"
{{- end }}
{{/* End of RealIP */}}
{{- with .Values.additionalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,22 @@
{{/*
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
By convention this will simply use the <namespace>/<service-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
*/}}
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
{{- $fullName := include "tc.common.names.fullname" . -}}
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct a comma-separated list of whitelisted namespaces
*/}}
{{- define "providers.kubernetesIngress.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
{{- end -}}
{{- define "providers.kubernetesCRD.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
{{- end -}}

View File

@@ -0,0 +1,24 @@
{{/* Define the ingressClass */}}
{{- define "traefik.ingressClass" -}}
---
{{ if .Values.ingressClass.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
apiVersion: networking.k8s.io/v1beta1
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
{{- else }}
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
{{- end }}
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
name: {{ .Release.Name }}
spec:
controller: traefik.io/ingress-controller
{{- end }}
{{- end }}

View File

@@ -0,0 +1,25 @@
{{/* Define the ingressRoute */}}
{{- define "traefik.ingressRoute" -}}
{{ if .Values.ingressRoute.dashboard.enabled }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ include "tc.common.names.fullname" . }}-dashboard
annotations:
{{- with .Values.ingressRoute.dashboard.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
spec:
entryPoints:
- main
routes:
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
{{ end }}
{{- end -}}

View File

@@ -0,0 +1,26 @@
{{/* Define the portalHook */}}
{{- define "traefik.portalhook" -}}
{{- if .Values.portalhook.enabled }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portalhook
namespace: {{ $namespace }}
data:
{{- $ports := dict }}
{{- range $.Values.service }}
{{- range $name, $value := .ports }}
{{- $_ := set $ports $name $value }}
{{- end }}
{{- end }}
{{- range $name, $value := $ports }}
{{ $name }}: {{ $value.port | quote }}
{{- end }}
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,12 @@
{{/* Define the tlsOptions */}}
{{- define "traefik.tlsOptions" -}}
{{- range $name, $config := .Values.tlsOptions }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: {{ $name }}
spec:
{{- toYaml $config | nindent 2 }}
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,24 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{- if .Values.metrics }}
{{- if .Values.metrics.prometheus }}
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/port" "9180" -}}
{{- end }}
{{- end }}
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
{{- $_ := set .Values "newArgs" $newArgs -}}
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
{{- $_ := set .Values "args" $mergedargs -}}
{{- include "traefik.portalhook" . }}
{{- include "traefik.tlsOptions" . }}
{{- include "traefik.ingressRoute" . }}
{{- include "traefik.ingressClass" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

View File

@@ -0,0 +1,17 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
addPrefix:
prefix: {{ $middlewareData.prefix }}
{{- end }}

View File

@@ -0,0 +1,62 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: compress
namespace: {{ $namespace }}
spec:
compress: {}
---
# Here, an average of 300 requests per second is allowed.
# In addition, a burst of 200 requests is allowed.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basic-ratelimit
namespace: {{ $namespace }}
spec:
rateLimit:
average: 600
burst: 400
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basic-secure-headers
namespace: {{ $namespace }}
spec:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
accessControlMaxAge: 100
stsSeconds: 63072000
# stsIncludeSubdomains: false
# stsPreload: false
forceSTSHeader: true
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
server: ''
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: chain-basic
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: basic-ratelimit
- name: basic-secure-headers
- name: compress

View File

@@ -0,0 +1,34 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
---
{{- $users := list }}
{{ range $index, $userdata := $middlewareData.users }}
{{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }}
{{ end }}
apiVersion: v1
kind: Secret
metadata:
name: {{printf "%v-%v" $middlewareData.name "secret" }}
namespace: {{ $namespace }}
type: Opaque
stringData:
users: |
{{- range $index, $user := $users }}
{{ printf "%s" $user }}
{{- end }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
basicAuth:
secret: {{printf "%v-%v" $middlewareData.name "secret" }}
{{ end }}

View File

@@ -0,0 +1,21 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.chain }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
chain:
middlewares:
{{ range $index, $middleware := .middlewares }}
- name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
{{ end }}
{{ end }}

View File

@@ -0,0 +1,34 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
forwardAuth:
address: {{ $middlewareData.address }}
{{- with $middlewareData.authResponseHeaders }}
authResponseHeaders:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $middlewareData.authRequestHeaders }}
authRequestHeaders:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $middlewareData.authResponseHeadersRegex }}
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
{{- end }}
{{- if $middlewareData.trustForwardHeader }}
trustForwardHeader: true
{{- end }}
{{- with $middlewareData.tls }}
tls:
insecureSkipVerify: {{ .insecureSkipVerify | default false }}
{{- end }}
{{ end }}

View File

@@ -0,0 +1,34 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.geoBlock }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
plugin:
GeoBlock:
allowLocalRequests: {{ $middlewareData.allowLocalRequests }}
logLocalRequests: {{ $middlewareData.logLocalRequests }}
logAllowedRequests: {{ $middlewareData.logAllowedRequests }}
logApiRequests: {{ $middlewareData.logApiRequests }}
api: {{ $middlewareData.api }}
apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }}
cacheSize: {{ $middlewareData.cacheSize }}
forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }}
allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }}
unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }}
{{- if not $middlewareData.countries }}
{{- fail "You have to define at least one country..." }}
{{- end }}
countries:
{{- range $middlewareData.countries }}
- {{ . }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,33 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
ipWhiteList:
sourceRange:
{{- range $middlewareData.sourceRange }}
- {{ . }}
{{- end }}
{{- if $middlewareData.ipStrategy }}
ipStrategy:
{{- if $middlewareData.ipStrategy.depth }}
depth: {{ $middlewareData.ipStrategy.depth }}
{{- end }}
{{- if $middlewareData.ipStrategy.excludedIPs }}
excludedIPs:
{{- range $middlewareData.ipStrategy.excludedIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{ end }}

View File

@@ -0,0 +1,19 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
rateLimit:
average: {{ $middlewareData.average }}
burst: {{ $middlewareData.burst }}
{{ end }}

View File

@@ -0,0 +1,21 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.realIP }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
plugin:
traefik-real-ip:
excludednets:
{{- range $middlewareData.excludedNetworks }}
- {{ . | quote }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,19 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
redirectScheme:
scheme: {{ $middlewareData.scheme }}
permanent: {{ $middlewareData.permanent }}
{{ end }}

View File

@@ -0,0 +1,20 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
redirectRegex:
regex: {{ $middlewareData.regex | quote }}
replacement: {{ $middlewareData.replacement | quote }}
permanent: {{ $middlewareData.permanent }}
{{ end }}

View File

@@ -0,0 +1,20 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
stripPrefixRegex:
regex:
{{- range $middlewareData.regex }}
- {{ . | quote }}
{{- end }}
{{ end }}

View File

@@ -0,0 +1,29 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-opencors-chain
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: basic-ratelimit
- name: tc-opencors-headers
- name: compress
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-closedcors-chain
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: basic-ratelimit
- name: tc-closedcors-headers
- name: compress

View File

@@ -0,0 +1,62 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-opencors-headers
namespace: {{ $namespace }}
spec:
headers:
accessControlAllowHeaders:
- '*'
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
- POST
accessControlAllowOriginList:
- '*'
accessControlMaxAge: 100
browserXssFilter: true
contentTypeNosniff: true
customRequestHeaders:
X-Forwarded-Proto: https
customResponseHeaders:
server: ""
forceSTSHeader: true
referrerPolicy: same-origin
sslForceHost: true
sslRedirect: true
stsSeconds: 63072000
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-closedcors-headers
namespace: {{ $namespace }}
spec:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
accessControlMaxAge: 100
sslRedirect: true
stsSeconds: 63072000
# stsIncludeSubdomains: false
# stsPreload: false
forceSTSHeader: true
contentTypeNosniff: true
browserXssFilter: true
sslForceHost: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
server: ''

View File

@@ -0,0 +1,25 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-nextcloud-redirectregex-dav
namespace: {{ $namespace }}
spec:
redirectRegex:
regex: "https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-nextcloud-chain
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: tc-nextcloud-redirectregex-dav

View File

@@ -0,0 +1,26 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.themePark }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
plugin:
traefik-themepark:
app: {{ $middlewareData.appName }}
theme: {{ $middlewareData.themeName }}
baseUrl: {{ $middlewareData.baseUrl }}
{{- if $middlewareData.addons }}
addons:
{{- range $middlewareData.addons }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}

View File

View File

@@ -0,0 +1,4 @@
icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
categories:
- network