diff --git a/enterprise/grafana/6.0.23/CHANGELOG.md b/enterprise/grafana/6.0.23/CHANGELOG.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/grafana/6.0.23/Chart.yaml b/enterprise/grafana/6.0.23/Chart.yaml new file mode 100644 index 0000000000..1cd6e262ef --- /dev/null +++ b/enterprise/grafana/6.0.23/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +appVersion: "9.3.2" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 11.1.2 +deprecated: false +description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. +home: https://truecharts.org/charts/stable/grafana +icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png +keywords: + - analytics + - monitoring + - metrics + - logs +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: grafana +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/grafana + - https://github.com/bitnami/bitnami-docker-grafana + - https://grafana.com/ +type: application +version: 6.0.23 +annotations: + truecharts.org/catagories: | + - metrics + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/grafana/6.0.23/README.md b/enterprise/grafana/6.0.23/README.md new file mode 100644 index 0000000000..701942c352 --- /dev/null +++ b/enterprise/grafana/6.0.23/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/grafana/6.0.23/app-changelog.md b/enterprise/grafana/6.0.23/app-changelog.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/grafana/6.0.23/app-readme.md b/enterprise/grafana/6.0.23/app-readme.md new file mode 100644 index 0000000000..b58f480f5b --- /dev/null +++ b/enterprise/grafana/6.0.23/app-readme.md @@ -0,0 +1,8 @@ +Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/grafana](https://truecharts.org/charts/enterprise/grafana) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/grafana/6.0.23/charts/common-11.1.2.tgz b/enterprise/grafana/6.0.23/charts/common-11.1.2.tgz new file mode 100644 index 0000000000..da62080e8a Binary files /dev/null and b/enterprise/grafana/6.0.23/charts/common-11.1.2.tgz differ diff --git a/enterprise/grafana/6.0.23/ix_values.yaml b/enterprise/grafana/6.0.23/ix_values.yaml new file mode 100644 index 0000000000..a5b686f32c --- /dev/null +++ b/enterprise/grafana/6.0.23/ix_values.yaml @@ -0,0 +1,79 @@ +image: + repository: tccr.io/truecharts/grafana + pullPolicy: IfNotPresent + tag: 9.3.2@sha256:21b9ef183533b4f4bec2f2b13b0e648086d8896aa3d2423fb99607965c713053 + +securityContext: + readOnlyRootFilesystem: false + +service: + main: + ports: + main: + protocol: HTTP + targetPort: 3000 + port: 10038 + +probes: + liveness: + path: "/api/health" + + readiness: + path: "/api/health" + + startup: + path: "/api/health" + +secretEnv: + GF_SECURITY_ADMIN_USER: "admin" + GF_SECURITY_ADMIN_PASSWORD: "testpassword" + +env: + GF_INSTALL_PLUGINS: "" + GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins" + GF_AUTH_LDAP_ENABLED: "false" + GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml" + GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" + GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning" + GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini" + GF_PATHS_DATA: "/opt/bitnami/grafana/data" + GF_PATHS_LOGS: "/opt/bitnami/grafana/logs" + +persistence: + config: + enabled: true + mountPath: "/opt/bitnami/grafana/data" + grafana-tmp: + enabled: true + type: emptyDir + mountPath: /opt/bitnami/grafana/tmp + +metrics: + # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. + # @default -- See values.yaml + enabled: false + serviceMonitor: + interval: 1m + scrapeTimeout: 30s + labels: {} + # -- Enable and configure Prometheus Rules for the chart under this key. + # @default -- See values.yaml + prometheusRule: + enabled: false + labels: {} + # -- Configure additionial rules for the chart under this key. + # @default -- See prometheusrules.yaml + rules: + [] + # - alert: UnifiPollerAbsent + # annotations: + # description: Unifi Poller has disappeared from Prometheus service discovery. + # summary: Unifi Poller is down. + # expr: | + # absent(up{job=~".*unifi-poller.*"} == 1) + # for: 5m + # labels: + # severity: critical + +portal: + enabled: true diff --git a/enterprise/grafana/6.0.23/questions.yaml b/enterprise/grafana/6.0.23/questions.yaml new file mode 100644 index 0000000000..703d2d7db8 --- /dev/null +++ b/enterprise/grafana/6.0.23/questions.yaml @@ -0,0 +1,1926 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: VPN + description: VPN + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: global + label: Global Settings + group: "General Settings" + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: Flag this is SCALE + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: "General Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: replicas + description: Number of desired pod replicas + label: Desired Replicas + schema: + type: int + required: true + default: 1 + - variable: customextraargs + group: "General Settings" + label: "Extra Args" + description: "Do not click this unless you know what you are doing" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: secretEnv + group: "App Configuration" + label: "Secret Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: GF_SECURITY_ADMIN_USER + label: "Admin User" + schema: + type: string + required: true + default: "admin" + - variable: GF_SECURITY_ADMIN_PASSWORD + label: "Admin Password" + schema: + type: string + required: true + private: true + default: "REPLACETHIS" + - variable: env + group: "App Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: GF_INSTALL_PLUGINS + label: "Extra Plugins to Install" + description: "comma seperated" + schema: + type: string + default: "" + - variable: GF_AUTH_LDAP_ENABLED + label: "enable LDAP" + schema: + type: boolean + default: false + - variable: GF_AUTH_LDAP_ALLOW_SIGN_UP + label: "Allow LDAP Signup" + schema: + type: boolean + default: false + - variable: GF_AUTH_LDAP_CONFIG_FILE + label: "LDAP Config Path" + schema: + type: string + default: "/opt/bitnami/grafana/conf/ldap.toml" + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + group: "General Settings" + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10038 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: Networking and Services + label: Host-Networking (Complicated) + schema: + type: boolean + default: false + - variable: externalInterfaces + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + show_subquestions_if: static + subquestions: + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: security + label: Container Security Settings + group: Security and Permissions + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: Change PUID / UMASK values + description: By enabling this you override default set values. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "002" + - variable: advancedSecurity + label: Show Advanced Security Settings + group: Security and Permissions + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: podSecurityContext + group: Security and Permissions + label: Pod Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: hostPath + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + # Specify GPU configuration + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: serviceMonitor + label: Service Monitor Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: interval + label: Scrape Interval + description: Scrape interval time + schema: + type: string + default: 1m + required: true + - variable: scrapeTimeout + label: Scrape Timeout + description: Scrape timeout Time + schema: + type: string + default: 30s + required: true + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section + - variable: horizontalPodAutoscaler + group: Advanced + label: (Advanced) Horizontal Pod Autoscaler + schema: + type: list + default: [] + items: + - variable: hpaEntry + label: HPA Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: Target + description: Deployment name, Defaults to Main Deployment + schema: + type: string + default: "" + - variable: minReplicas + label: Minimum Replicas + schema: + type: int + default: 1 + - variable: maxReplicas + label: Maximum Replicas + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: Target CPU Utilization Percentage + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: Target Memory Utilization Percentage + schema: + type: int + default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: Git Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: Raw SSH Private Key + label: Deploy Key + schema: + type: string + - variable: deployKeyBase64 + description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence + label: Deploy Key Base64 + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: nodePort + description: Leave Empty to Disable + label: nodePort DEPRECATED + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: openvpn + description: OpenVPN + - value: wireguard + description: Wireguard + - value: tailscale + description: Tailscale + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type + schema: + type: string + default: hostPath + hidden: true + - variable: hostPathType + label: hostPathType + schema: + type: string + default: File + hidden: true + - variable: noMount + label: noMount + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: Full Path to File + description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/grafana/6.0.23/templates/common.yaml b/enterprise/grafana/6.0.23/templates/common.yaml new file mode 100644 index 0000000000..c1a366e1cf --- /dev/null +++ b/enterprise/grafana/6.0.23/templates/common.yaml @@ -0,0 +1 @@ +{{ include "tc.common.loader.all" . }} diff --git a/enterprise/grafana/6.0.23/templates/prometheusrules.yaml b/enterprise/grafana/6.0.23/templates/prometheusrules.yaml new file mode 100644 index 0000000000..35b77edf0f --- /dev/null +++ b/enterprise/grafana/6.0.23/templates/prometheusrules.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "tc.common.names.fullname" . }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "tc.common.names.fullname" . }} + rules: + {{- with .Values.metrics.prometheusRule.rules }} + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/enterprise/grafana/6.0.23/templates/servicemonitor.yaml b/enterprise/grafana/6.0.23/templates/servicemonitor.yaml new file mode 100644 index 0000000000..cec4d36809 --- /dev/null +++ b/enterprise/grafana/6.0.23/templates/servicemonitor.yaml @@ -0,0 +1,24 @@ +{{- if .Values.metrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "tc.common.names.fullname" . }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "tc.common.labels.selectorLabels" . | nindent 6 }} + endpoints: + - port: main + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + path: /metrics +{{- end }} diff --git a/enterprise/grafana/6.0.23/values.yaml b/enterprise/grafana/6.0.23/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/grafana/item.yaml b/enterprise/grafana/item.yaml new file mode 100644 index 0000000000..f801010d9f --- /dev/null +++ b/enterprise/grafana/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png +categories: +- metrics + diff --git a/enterprise/prometheus/7.0.42/CHANGELOG.md b/enterprise/prometheus/7.0.42/CHANGELOG.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/prometheus/7.0.42/Chart.yaml b/enterprise/prometheus/7.0.42/Chart.yaml new file mode 100644 index 0000000000..7d9e730180 --- /dev/null +++ b/enterprise/prometheus/7.0.42/Chart.yaml @@ -0,0 +1,37 @@ +apiVersion: v2 +appVersion: "2.41.0" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 11.1.2 + - condition: exporters.enabled,exporters.node-exporter.enabled + name: node-exporter + repository: https://charts.bitnami.com/bitnami + version: 3.2.6 + - condition: exporters.enabled,exporters.kube-state-metrics.enabled + name: kube-state-metrics + repository: https://charts.bitnami.com/bitnami + version: 3.2.7 +deprecated: false +description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. +icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png +home: https://truecharts.org/charts/stable/prometheus +keywords: + - metrics +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: prometheus +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/prometheus + - https://github.com/prometheus-community/helm-charts + - https://github.com/prometheus-operator/kube-prometheus +type: application +version: 7.0.42 +annotations: + truecharts.org/catagories: | + - metrics + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/prometheus/7.0.42/README.md b/enterprise/prometheus/7.0.42/README.md new file mode 100644 index 0000000000..701942c352 --- /dev/null +++ b/enterprise/prometheus/7.0.42/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/prometheus/7.0.42/app-changelog.md b/enterprise/prometheus/7.0.42/app-changelog.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/prometheus/7.0.42/app-readme.md b/enterprise/prometheus/7.0.42/app-readme.md new file mode 100644 index 0000000000..76da35b355 --- /dev/null +++ b/enterprise/prometheus/7.0.42/app-readme.md @@ -0,0 +1,8 @@ +kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/prometheus](https://truecharts.org/charts/enterprise/prometheus) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/prometheus/7.0.42/charts/common-11.1.2.tgz b/enterprise/prometheus/7.0.42/charts/common-11.1.2.tgz new file mode 100644 index 0000000000..da62080e8a Binary files /dev/null and b/enterprise/prometheus/7.0.42/charts/common-11.1.2.tgz differ diff --git a/enterprise/prometheus/7.0.42/charts/kube-state-metrics-3.2.7.tgz b/enterprise/prometheus/7.0.42/charts/kube-state-metrics-3.2.7.tgz new file mode 100644 index 0000000000..2de30485be Binary files /dev/null and b/enterprise/prometheus/7.0.42/charts/kube-state-metrics-3.2.7.tgz differ diff --git a/enterprise/prometheus/7.0.42/charts/node-exporter-3.2.6.tgz b/enterprise/prometheus/7.0.42/charts/node-exporter-3.2.6.tgz new file mode 100644 index 0000000000..453a0c519f Binary files /dev/null and b/enterprise/prometheus/7.0.42/charts/node-exporter-3.2.6.tgz differ diff --git a/enterprise/prometheus/7.0.42/ix_values.yaml b/enterprise/prometheus/7.0.42/ix_values.yaml new file mode 100644 index 0000000000..a34b7d2429 --- /dev/null +++ b/enterprise/prometheus/7.0.42/ix_values.yaml @@ -0,0 +1,1364 @@ +image: + repository: tccr.io/truecharts/prometheus + tag: 2.41.0@sha256:948cd5bf9472e3ad2f66cc3a5dcb51662b714d1aabff8f1789a9cd34c8e2f525 + +thanosImage: + repository: tccr.io/truecharts/thanos + tag: 0.30.1@sha256:4d8f9be91494f5106462389dc70332c9a371ba871ea0d9cbddebebed62961cfa + +alertmanagerImage: + repository: tccr.io/truecharts/alertmanager + tag: 0.25.0@sha256:90fe7bfecee646e4feff31a6cd0f5212854cecfb525b47e4fd18c2d2b12d9735 + +global: + labels: {} + +controller: + enabled: false + +service: + main: + selector: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + main: + port: 10086 + targetPort: 9090 + protocol: HTTP + alertmanager: + enabled: true + selector: + app.kubernetes.io/name: alertmanager + alertmanager: '{{ template "kube-prometheus.alertmanager.fullname" . }}' + ports: + alertmanager: + enabled: true + port: 10087 + targetPort: 9093 + protocol: HTTP + thanos: + enabled: true + selector: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + thanos: + enabled: true + port: 10901 + targetPort: 10901 + protocol: HTTP + +ingress: + main: + enabled: false + alertmanager: + enabled: false + thanos: + enabled: false + +#### +## Operator Config +#### + +env: + PROMETHEUS_CONFIG_RELOADER: + configMapKeyRef: + name: prometheus-operator-config + key: prometheus-config-reloader + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - alertmanagers.monitoring.coreos.com + - podmonitors.monitoring.coreos.com + - prometheuses.monitoring.coreos.com + - prometheusrules.monitoring.coreos.com + - servicemonitors.monitoring.coreos.com + - thanosrulers.monitoring.coreos.com + - probes.monitoring.coreos.com + resources: + - customresourcedefinitions + verbs: + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - "*" + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - "*" + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete + - apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + +securityContext: + readOnlyRootFilesystem: false + +probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + + # -- Redainess probe configuration + # @default -- See below + readiness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + + # -- Startup probe configuration + # @default -- See below + startup: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + +operator: + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## @param operator.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus Operator + ## + enabled: false + ## @param operator.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param operator.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param operator.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + + ## Prometheus Configmap-reload image to use for reloading configmaps + ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/) + ## + prometheusConfigReloader: + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +#### +## Prometheus Config (Spawned by Operator) +#### + +## Deploy a Prometheus instance +## +prometheus: + ## @param prometheus.enabled Deploy Prometheus to the cluster + ## + enabled: true + ## Bitnami Prometheus image version + ## ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus/tags/ + ## @param prometheus.image.registry Prometheus image registry + ## @param prometheus.image.repository Prometheus image repository + ## @param prometheus.image.tag Prometheus Image tag (immutable tags are recommended) + ## @param prometheus.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Service account for Prometheus to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param prometheus.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus + ## + create: true + ## @param prometheus.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.prometheus.fullname template + name: "" + ## @param prometheus.serviceAccount.annotations Additional annotations for created Prometheus ServiceAccount + ## annotations: + ## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/prometheus + ## + annotations: {} + ## Prometheus pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param prometheus.podSecurityContext.enabled Enable security context + ## @param prometheus.podSecurityContext.runAsUser User ID for the container + ## @param prometheus.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.containerSecurityContext.enabled Enable container security context + ## @param prometheus.containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem + ## @param prometheus.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + + serviceMonitor: + ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself + ## + enabled: true + ## @param prometheus.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param prometheus.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param prometheus.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param prometheus.externalUrl External URL used to access Prometheus + ## If not creating an ingress but still exposing the service some other way (like a proxy) + ## let Prometheus know what its external URL is so that it can properly create links + ## externalUrl: https://prometheus.example.com + ## + externalUrl: "" + ## @param prometheus.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param prometheus.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param prometheus.podAntiAffinityPreset Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param prometheus.nodeAffinityPreset.type Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param prometheus.nodeAffinityPreset.key Prometheus Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param prometheus.nodeAffinityPreset.values Prometheus Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param prometheus.affinity Prometheus Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: prometheus.podAffinityPreset, prometheus.podAntiAffinityPreset, and prometheus.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param prometheus.nodeSelector Prometheus Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param prometheus.tolerations Prometheus Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param prometheus.scrapeInterval Interval between consecutive scrapes + ## + scrapeInterval: "15s" + ## @param prometheus.evaluationInterval Interval between consecutive evaluations + ## + evaluationInterval: "30s" + ## @param prometheus.listenLocal ListenLocal makes the Prometheus server listen on loopback + ## + listenLocal: false + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## @param prometheus.enableAdminAPI Enable Prometheus adminitrative API + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + ## @param prometheus.enableFeatures Enable access to Prometheus disabled features. + ## ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + ## + enableFeatures: [] + ## @param prometheus.alertingEndpoints Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints + ## + alertingEndpoints: [] + ## @param prometheus.externalLabels External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + ## @param prometheus.replicaExternalLabelName Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + ## @param prometheus.replicaExternalLabelNameClear Clear external label used to denote replica name + ## + replicaExternalLabelNameClear: false + ## @param prometheus.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param prometheus.prometheusExternalLabelName Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + ## @param prometheus.prometheusExternalLabelNameClear Clear external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + ## @param prometheus.secrets Secrets that should be mounted into the Prometheus Pods + ## + secrets: [] + ## @param prometheus.configMaps ConfigMaps that should be mounted into the Prometheus Pods + ## + configMaps: [] + ## @param prometheus.querySpec The query command line flags when starting Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec + ## + querySpec: {} + ## @param prometheus.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + ## @param prometheus.ruleSelector PrometheusRules to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + ruleSelector: {} + ## @param prometheus.serviceMonitorSelector ServiceMonitors to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## @param prometheus.matchLabels Matchlabels + ## + matchLabels: {} + ## @param prometheus.serviceMonitorNamespaceSelector Namespaces to be selected for ServiceMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + serviceMonitorNamespaceSelector: {} + ## @param prometheus.podMonitorSelector PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## @param prometheus.podMonitorNamespaceSelector Namespaces to be selected for PodMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + podMonitorNamespaceSelector: {} + ## @param prometheus.probeSelector Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## @param prometheus.probeNamespaceSelector Namespaces to be selected for Probe discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + probeNamespaceSelector: {} + ## @param prometheus.retention Metrics retention days + ## + retention: 31d + ## @param prometheus.retentionSize Maximum size of metrics + ## + retentionSize: "" + ## @param prometheus.disableCompaction Disable the compaction of the Prometheus TSDB + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## ref: https://prometheus.io/docs/prometheus/latest/storage/#compaction + ## + disableCompaction: false + ## @param prometheus.walCompression Enable compression of the write-ahead log using Snappy + ## + walCompression: false + ## @param prometheus.paused If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + ## @param prometheus.replicaCount Number of Prometheus replicas desired + ## + replicaCount: 1 + ## @param prometheus.logLevel Log level for Prometheus + ## + logLevel: info + ## @param prometheus.logFormat Log format for Prometheus + ## + logFormat: logfmt + ## @param prometheus.podMetadata [object] Standard object's metadata + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + ## labels: + ## app: prometheus + ## k8s-app: prometheus + ## + labels: {} + annotations: {} + ## @param prometheus.remoteRead The remote_read spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec + ## remoteRead: + ## - url: http://remote1/read + ## + remoteRead: [] + ## @param prometheus.remoteWrite The remote_write spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec + ## remoteWrite: + ## - url: http://remote1/push + ## + remoteWrite: [] + ## @param prometheus.storageSpec Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Prometheus persistence parameters + ## + persistence: + ## @param prometheus.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## + enabled: true + ## @param prometheus.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param prometheus.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param prometheus.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param prometheus.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param prometheus.containers Containers allows injecting additional containers + ## + containers: [] + ## @param prometheus.volumes Volumes allows configuration of additional volumes + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumes: [] + ## @param prometheus.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumeMounts: [] + ## @param prometheus.additionalPrometheusRules PrometheusRule defines recording and alerting rules for a Prometheus instance. + additionalPrometheusRules: [] + ## - name: custom-recording-rules + ## groups: + ## - name: sum_node_by_job + ## rules: + ## - record: job:kube_node_labels:sum + ## expr: sum(kube_node_labels) by (job) + ## - name: sum_prometheus_config_reload_by_pod + ## rules: + ## - record: job:prometheus_config_last_reload_successful:sum + ## expr: sum(prometheus_config_last_reload_successful) by (pod) + ## - name: custom-alerting-rules + ## groups: + ## - name: prometheus-config + ## rules: + ## - alert: PrometheusConfigurationReload + ## expr: prometheus_config_last_reload_successful > 0 + ## for: 1m + ## labels: + ## severity: error + ## annotations: + ## summary: "Prometheus configuration reload (instance {{ $labels.instance }})" + ## description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - name: custom-node-exporter-alerting-rules + ## rules: + ## - alert: PhysicalComponentTooHot + ## expr: node_hwmon_temp_celsius > 75 + ## for: 5m + ## labels: + ## severity: warning + ## annotations: + ## summary: "Physical component too hot (instance {{ $labels.instance }})" + ## description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - alert: NodeOvertemperatureAlarm + ## expr: node_hwmon_temp_alarm == 1 + ## for: 5m + ## labels: + ## severity: critical + ## annotations: + ## summary: "Node overtemperature alarm (instance {{ $labels.instance }})" + ## description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalScrapeConfigs.enabled Enable additional scrape configs + ## @param prometheus.additionalScrapeConfigs.type Indicates if the cart should use external additional scrape configs or internal configs + ## @param prometheus.additionalScrapeConfigs.external.name Name of the secret that Prometheus should use for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.external.key Name of the key inside the secret to be used for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.internal.jobList A list of Prometheus scrape jobs + ## + additionalScrapeConfigs: + enabled: false + type: external + external: + ## Name of the secret that Prometheus should use for the additional scrape configuration + ## + name: "" + ## Name of the key inside the secret to be used for the additional scrape configuration. + ## + key: "" + internal: + jobList: [] + ## @param prometheus.additionalScrapeConfigsExternal.enabled Deprecated: Enable additional scrape configs that are managed externally to this chart + ## @param prometheus.additionalScrapeConfigsExternal.name Deprecated: Name of the secret that Prometheus should use for the additional scrape configuration + ## @param prometheus.additionalScrapeConfigsExternal.key Deprecated: Name of the key inside the secret to be used for the additional scrape configuration + ## + additionalScrapeConfigsExternal: + enabled: false + name: "" + key: "" + ## Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalAlertRelabelConfigsExternal.enabled Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## @param prometheus.additionalAlertRelabelConfigsExternal.name Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration + ## @param prometheus.additionalAlertRelabelConfigsExternal.key Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration + ## + additionalAlertRelabelConfigsExternal: + enabled: false + name: "" + key: "" + ## Thanos sidecar container configuration + ## + thanos: + ## @param prometheus.thanos.create Create a Thanos sidecar container + ## + create: false + ## Bitnami Thanos image + ## ref: https://hub.docker.com/r/tccr.io/truecharts/thanos/tags/ + ## @param prometheus.thanos.image.registry Thanos image registry + ## @param prometheus.thanos.image.repository Thanos image name + ## @param prometheus.thanos.image.tag Thanos image tag + ## @param prometheus.thanos.image.pullPolicy Thanos image pull policy + ## @param prometheus.thanos.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Thanos Sidecar container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.thanos.containerSecurityContext.enabled Enable container security context + ## @param prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.thanos.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.thanos.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## @param prometheus.thanos.prometheusUrl Override default prometheus url "http://localhost:9090" + ## + prometheusUrl: "" + ## @param prometheus.thanos.extraArgs Additional arguments passed to the thanos sidecar container + ## extraArgs: + ## - --log.level=debug + ## - --tsdb.path=/data/ + ## + extraArgs: [] + ## @param prometheus.thanos.objectStorageConfig Support mounting a Secret for the objectStorageConfig of the sideCar container. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/thanos.md + ## objectStorageConfig: + ## secretName: thanos-objstore-config + ## secretKey: thanos.yaml + ## + objectStorageConfig: {} + ## ref: https://github.com/thanos-io/thanos/blob/main/docs/components/sidecar.md + ## @param prometheus.thanos.extraVolumeMounts Additional volumeMounts from `prometheus.volumes` for thanos sidecar container + ## extraVolumeMounts: + ## - name: my-secret-volume + ## mountPath: /etc/thanos/secrets/my-secret + ## + extraVolumeMounts: [] + ## Thanos sidecar container resource requests and limits. + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param prometheus.thanos.resources.limits The resources limits for the Thanos sidecar container + ## @param prometheus.thanos.resources.requests The resources requests for the Thanos sidecar container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.thanos.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.thanos.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.thanos.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.thanos.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.thanos.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.thanos.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Thanos Sidecar Service + ## + service: + ## @param prometheus.thanos.service.type Kubernetes service type + ## + type: ClusterIP + ## @param prometheus.thanos.service.port Thanos service port + ## + port: 10901 + ## @param prometheus.thanos.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default. + ## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests. + ## + clusterIP: None + ## @param prometheus.thanos.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## e.g: + ## nodePort: 30901 + ## + nodePort: "" + ## @param prometheus.thanos.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param prometheus.thanos.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param prometheus.thanos.service.annotations Additional annotations for Prometheus service + ## + annotations: {} + ## @param prometheus.thanos.service.extraPorts Additional ports to expose from the Thanos sidecar container + ## extraPorts: + ## - name: http + ## port: 10902 + ## targetPort: http + ## protocol: TCP + ## + extraPorts: [] + ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web + ## + portName: main + +#### +## Alert Manager Config +#### + +## @section Alertmanager Parameters + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + ## @param alertmanager.enabled Deploy Alertmanager to the cluster + ## + enabled: true + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param alertmanager.serviceAccount.create Specify whether to create a ServiceAccount for Alertmanager + ## + create: true + ## @param alertmanager.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.alertmanager.fullname template + name: "" + ## Prometheus Alertmanager pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param alertmanager.podSecurityContext.enabled Enable security context + ## @param alertmanager.podSecurityContext.runAsUser User ID for the container + ## @param alertmanager.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus Alertmanager container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param alertmanager.containerSecurityContext.enabled Enable container security context + ## @param alertmanager.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param alertmanager.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param alertmanager.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param alertmanager.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## @param alertmanager.podDisruptionBudget.enabled Create a pod disruption budget for Alertmanager + ## @param alertmanager.podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled + ## @param alertmanager.podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## @param alertmanager.serviceMonitor.enabled Creates a ServiceMonitor to monitor Alertmanager + ## + enabled: true + ## @param alertmanager.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param alertmanager.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param alertmanager.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param alertmanager.externalUrl External URL used to access Alertmanager + ## e.g: + ## externalUrl: https://alertmanager.example.com + ## + externalUrl: "" + ## @param alertmanager.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param alertmanager.podAffinityPreset Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param alertmanager.podAntiAffinityPreset Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param alertmanager.nodeAffinityPreset.type Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param alertmanager.nodeAffinityPreset.key Alertmanager Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param alertmanager.nodeAffinityPreset.values Alertmanager Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param alertmanager.affinity Alertmanager Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: alertmanager.podAffinityPreset, alertmanager.podAntiAffinityPreset, and alertmanager.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param alertmanager.nodeSelector Alertmanager Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param alertmanager.tolerations Alertmanager Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Alertmanager configuration + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## @param alertmanager.config [object] Alertmanager configuration directive + ## @skip alertmanager.config.route.group_by + ## @skip alertmanager.config.route.routes + ## @skip alertmanager.config.receivers + ## + config: + global: + resolve_timeout: 5m + route: + group_by: ["job"] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: "null" + routes: + - match: + alertname: Watchdog + receiver: "null" + receivers: + - name: "null" + ## @param alertmanager.externalConfig Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created. + ## Alertmanager requires a secret named `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}` + ## It must contain: + ## alertmanager.yaml: + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md#alerting + ## + externalConfig: false + ## @param alertmanager.replicaCount Number of Alertmanager replicas desired + ## + replicaCount: 1 + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.livenessProbe.enabled Turn on and off liveness probe + ## @param alertmanager.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param alertmanager.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param alertmanager.livenessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.livenessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.readinessProbe.enabled Turn on and off readiness probe + ## @param alertmanager.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param alertmanager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param alertmanager.readinessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.readinessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## @param alertmanager.logLevel Log level for Alertmanager + ## + logLevel: info + ## @param alertmanager.logFormat Log format for Alertmanager + ## + logFormat: logfmt + ## @param alertmanager.podMetadata [object] Standard object's metadata. + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + labels: {} + annotations: {} + ## @param alertmanager.secrets Secrets that should be mounted into the Alertmanager Pods + ## + secrets: [] + ## @param alertmanager.configMaps ConfigMaps that should be mounted into the Alertmanager Pods + ## + configMaps: [] + ## @param alertmanager.retention Metrics retention days + ## + retention: 240h + ## @param alertmanager.storageSpec Alertmanager StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Alertmanager persistence parameters + ## + persistence: + ## @param alertmanager.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## If you want to use this configuration make sure the storageSpec is not provided. + ## + enabled: true + ## @param alertmanager.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param alertmanager.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param alertmanager.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param alertmanager.paused If true, the Operator won't process any Alertmanager configuration changes + ## + paused: false + ## @param alertmanager.listenLocal ListenLocal makes the Alertmanager server listen on loopback + ## + listenLocal: false + ## @param alertmanager.containers Containers allows injecting additional containers + ## + containers: [] + ## @param alertmanager.volumes Volumes allows configuration of additional volumes. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec + ## + volumes: [] + ## @param alertmanager.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/pi.md#alertmanagerspec + ## + volumeMounts: [] + ## @param alertmanager.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param alertmanager.additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster + ## + additionalPeers: [] + ## @param alertmanager.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param alertmanager.portName Port name used for the pods and governing service. This defaults to web + ## + portName: alertmanager + ## @param alertmanager.configNamespaceSelector AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {} + ## + configNamespaceSelector: {} + ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {} + ## + configSelector: {} + +#### +## Exporters +#### + +## @section Exporters + +## Exporters +## +exporters: + node-exporter: + ## @param exporters.node-exporter.enabled Enable node-exporter + ## + enabled: true + kube-state-metrics: + ## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics + ## + enabled: true +## @param node-exporter [object] Node Exporter deployment configuration +## +node-exporter: + service: + port: 9910 + targetPort: 9910 + labels: + jobLabel: node-exporter + serviceMonitor: + enabled: true + jobLabel: jobLabel + extraArgs: + collector.filesystem.ignored-mount-points: "^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+|var/db/system/.+|mnt/[a-zA-Z0-9-_\\.]+/ix-applications/.+)($|/)" + collector.filesystem.ignored-fs-types: "^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$" + collector.netdev.device-exclude: "^veth.*$" + collector.netclass.ignored-devices: "^veth.*$" + path.rootfs: /host + extraVolumes: + - name: host + hostPath: + path: / + extraVolumeMounts: + - name: host + mountPath: /host + readOnly: true +## @param kube-state-metrics [object] Node Exporter deployment configuration +## +kube-state-metrics: + serviceMonitor: + enabled: true + honorLabels: true +## Component scraping for kubelet and kubelet hosted cAdvisor +## +kubelet: + ## @param kubelet.enabled Create a ServiceMonitor to scrape kubelet service + ## + enabled: true + ## @param kubelet.namespace Namespace where kubelet service is deployed. Related configuration `operator.kubeletService.namespace` + ## + namespace: kube-system + serviceMonitor: + ## @param kubelet.serviceMonitor.https Enable scraping of the kubelet over HTTPS + ## + https: true + ## @param kubelet.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubelet.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubelet.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param kubelet.serviceMonitor.cAdvisorMetricRelabelings Metric relabeling for scraping cAdvisor + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + cAdvisorMetricRelabelings: [] + ## @param kubelet.serviceMonitor.cAdvisorRelabelings Relabel configs for scraping cAdvisor + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + cAdvisorRelabelings: [] +## Component scraping the kube-apiserver +## +kubeApiServer: + ## @param kubeApiServer.enabled Create a ServiceMonitor to scrape kube-apiserver service + ## + enabled: true + serviceMonitor: + ## @param kubeApiServer.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubeApiServer.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubeApiServer.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] +## Component scraping the kube-controller-manager +## +kubeControllerManager: + ## @param kubeControllerManager.enabled Create a ServiceMonitor to scrape kube-controller-manager service + ## + enabled: false + ## @param kubeControllerManager.endpoints If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## endpoints: + ## - 10.141.4.22 + ## - 10.141.4.23 + ## - 10.141.4.24 + ## + endpoints: [] + ## @param kubeControllerManager.namespace Namespace where kube-controller-manager service is deployed. + ## + namespace: kube-system + ## Service ports and selector information + ## @param kubeControllerManager.service.enabled Whether or not to create a Service object for kube-controller-manager + ## @param kubeControllerManager.service.port Listening port of the kube-controller-manager Service object + ## @param kubeControllerManager.service.targetPort Port to target on the kube-controller-manager Pods. This should be the port that kube-controller-manager is exposing metrics on + ## @param kubeControllerManager.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 10252 + targetPort: 10252 + ## selector: + ## component: kube-controller-manager + ## + selector: {} + serviceMonitor: + ## @param kubeControllerManager.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubeControllerManager.serviceMonitor.https Enable scraping kube-controller-manager over https + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + ## @param kubeControllerManager.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping + ## + insecureSkipVerify: "" + ## @param kubeControllerManager.serviceMonitor.serverName Name of the server to use when validating TLS certificate + serverName: "" + ## @param kubeControllerManager.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubeControllerManager.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] +## Component scraping kube scheduler +## +kubeScheduler: + ## @param kubeScheduler.enabled Create a ServiceMonitor to scrape kube-scheduler service + ## + enabled: false + ## @param kubeScheduler.endpoints If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## endpoints: + ## - 10.141.4.22 + ## - 10.141.4.23 + ## - 10.141.4.24 + ## + endpoints: [] + ## @param kubeScheduler.namespace Namespace where kube-scheduler service is deployed. + ## + namespace: kube-system + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## @param kubeScheduler.service.enabled Whether or not to create a Service object for kube-scheduler + ## @param kubeScheduler.service.port Listening port of the kube scheduler Service object + ## @param kubeScheduler.service.targetPort Port to target on the kube scheduler Pods. This should be the port that kube scheduler is exposing metrics on + ## @param kubeScheduler.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 10251 + targetPort: 10251 + ## selector: + ## component: kube-scheduler + ## + selector: {} + serviceMonitor: + ## @param kubeScheduler.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## + interval: "" + ## @param kubeScheduler.serviceMonitor.https Enable scraping kube-scheduler over https + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + ## @param kubeScheduler.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping + ## + insecureSkipVerify: "" + ## @param kubeScheduler.serviceMonitor.serverName Name of the server to use when validating TLS certificate + ## + serverName: "" + ## @param kubeScheduler.serviceMonitor.metricRelabelings Metric relabeling + ## metricRelabelings: + ## - action: keep + ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + ## sourceLabels: [__name__] + ## + metricRelabelings: [] + ## @param kubeScheduler.serviceMonitor.relabelings Relabel configs + ## relabelings: + ## - sourceLabels: [__meta_kubernetes_pod_node_name] + ## separator: ; + ## regex: ^(.*)$ + ## targetLabel: nodename + ## replacement: $1 + ## action: replace + ## + relabelings: [] +## Component scraping coreDns +## +coreDns: + ## @param coreDns.enabled Create a ServiceMonitor to scrape coredns service + ## + enabled: true + ## @param coreDns.namespace Namespace where core dns service is deployed. + ## + namespace: kube-system + ## Create a ServiceMonitor to scrape coredns service + ## @param coreDns.service.enabled Whether or not to create a Service object for coredns + ## @param coreDns.service.port Listening port of the coredns Service object + ## @param coreDns.service.targetPort Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on + ## @param coreDns.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 9153 + targetPort: 9153 + ## selector: + ## component: kube-dns + ## + selector: {} + serviceMonitor: + ## @param coreDns.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## @param coreDns.serviceMonitor.metricRelabelings Metric relabel configs to apply to samples before ingestion. + ## metricRelabelings: + ## - action: keep + ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + ## sourceLabels: [__name__] + ## + metricRelabelings: [] + ## @param coreDns.serviceMonitor.relabelings Relabel configs to apply to samples before ingestion. + ## relabelings: + ## - sourceLabels: [__meta_kubernetes_pod_node_name] + ## separator: ; + ## regex: ^(.*)$ + ## targetLabel: nodename + ## replacement: $1 + ## action: replace + ## + relabelings: [] +## Component scraping the kube-proxy +## +kubeProxy: + ## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service + ## + enabled: false + +portal: + enabled: true diff --git a/enterprise/prometheus/7.0.42/questions.yaml b/enterprise/prometheus/7.0.42/questions.yaml new file mode 100644 index 0000000000..99e4563264 --- /dev/null +++ b/enterprise/prometheus/7.0.42/questions.yaml @@ -0,0 +1,1247 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: VPN + description: VPN + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: operator + group: "App Configuration" + label: "Operator Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Operator" + schema: + type: string + default: "info" + - variable: prometheus + group: "App Configuration" + label: "Prometheus Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Prometheus" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "31d" + - variable: retentionSize + label: "Max Retention Size" + description: "Maximum size of metrics" + schema: + type: string + default: "" + - variable: scrapeInterval + label: "Scrape interval" + description: "Interval between consecutive scrapes" + schema: + type: string + default: "15s" + - variable: evaluationInterval + label: "Evaluation interval" + description: "Interval between consecutive evaluations" + schema: + type: string + default: "30s" + - variable: disableCompaction + label: "Disable Compaction" + description: "Disable the compaction of the Prometheus TSDB" + schema: + type: boolean + default: false + - variable: walCompression + label: "WAL Compression" + description: "Enable compression of the write-ahead log using Snappy" + schema: + type: boolean + default: false + - variable: alertmanager + group: "App Configuration" + label: "Alertmanager Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Alertmanager" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "240h" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The serving the Prometheus WebUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10086 + required: true + - variable: alertmanager + label: "alertmanager Service" + description: "alertmanager service " + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: alertmanager + label: "alertmanager Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10087 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: Networking and Services + label: Host-Networking (Complicated) + schema: + type: boolean + default: false + - variable: externalInterfaces + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + show_subquestions_if: static + subquestions: + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: TCP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: setPermissions + label: Automatic Permissions + description: Automatically set permissions on install + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: horizontalPodAutoscaler + group: Advanced + label: (Advanced) Horizontal Pod Autoscaler + schema: + type: list + default: [] + items: + - variable: hpaEntry + label: HPA Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: Target + description: Deployment name, Defaults to Main Deployment + schema: + type: string + default: "" + - variable: minReplicas + label: Minimum Replicas + schema: + type: int + default: 1 + - variable: maxReplicas + label: Maximum Replicas + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: Target CPU Utilization Percentage + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: Target Memory Utilization Percentage + schema: + type: int + default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP diff --git a/enterprise/prometheus/7.0.42/templates/_helpers.tpl b/enterprise/prometheus/7.0.42/templates/_helpers.tpl new file mode 100644 index 0000000000..6ac4ea6367 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/_helpers.tpl @@ -0,0 +1,198 @@ +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.fullname" -}} +{{- printf "%s" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.name" -}} +{{- printf "%s" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.operator.name" -}} +{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.name" -}} +{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.name" -}} +{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with thanos */}} +{{- define "kube-prometheus.thanos.name" -}} +{{- printf "%s-thanos" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with operator */}} +{{- define "kube-prometheus.operator.fullname" -}} +{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.fullname" -}} +{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.fullname" -}} +{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with thanos */}} +{{- define "kube-prometheus.thanos.fullname" -}} +{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}} +{{- end }} + +{{- define "kube-prometheus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common Labels +*/}} +{{- define "kube-prometheus.labels" -}} +{{ include "tc.common.labels" . }} +{{- if .Values.global.labels }} +{{ toYaml .Values.global.labels }} +{{- end }} +{{- end -}} + +{{/* +Labels for operator +*/}} +{{- define "kube-prometheus.operator.labels" -}} +{{ include "tc.common.labels" . }} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +Labels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.labels" -}} +{{ include "tc.common.labels" . }} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +Labels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.labels" -}} +{{ include "tc.common.labels" . }} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +matchLabels for operator +*/}} +{{- define "kube-prometheus.operator.matchLabels" -}} +{{ include "tc.common.labels.selectorLabels" . }} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +matchLabels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.matchLabels" -}} +{{ include "tc.common.labels.selectorLabels" . }} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +matchLabels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.matchLabels" -}} +{{ include "tc.common.labels.selectorLabels" . }} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +Return the proper Prometheus Operator image name +*/}} +{{- define "kube-prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Prometheus Operator Reloader image name +*/}} +{{- define "kube-prometheus.prometheusConfigReloader.image" -}} +{{- include "kube-prometheus.image" . -}} +{{- end -}} + +{{/* +Return the proper Prometheus Image name +*/}} +{{- define "kube-prometheus.prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Thanos Image name +*/}} +{{- define "kube-prometheus.prometheus.thanosImage" -}} +{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Alertmanager Image name +*/}} +{{- define "kube-prometheus.alertmanager.image" -}} +{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "kube-prometheus.imagePullSecrets" -}} +{{- end -}} + +{{/* +Create the name of the operator service account to use +*/}} +{{- define "kube-prometheus.operator.serviceAccountName" -}} +{{- if .Values.operator.serviceAccount.create -}} + {{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.operator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the prometheus service account to use +*/}} +{{- define "kube-prometheus.prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the alertmanager service account to use +*/}} +{{- define "kube-prometheus.alertmanager.serviceAccountName" -}} +{{- if .Values.alertmanager.serviceAccount.create -}} + {{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.alertmanager.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "kube-prometheus.validateValues" -}} +{{- $messages := list -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/_alertmanager.tpl b/enterprise/prometheus/7.0.42/templates/alertmanager/_alertmanager.tpl new file mode 100644 index 0000000000..d85a8f0ad8 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/alertmanager/_alertmanager.tpl @@ -0,0 +1,183 @@ +{{- define "prometheus.alertmanager.alertmanager" -}} +{{- if .Values.alertmanager.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.alertmanager.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + {{- if .Values.alertmanager.image }} + image: {{ template "kube-prometheus.alertmanager.image" . }} + {{- end }} + listenLocal: {{ .Values.alertmanager.listenLocal }} + {{- if index .Values.alertmanager "externalUrl" }} + externalUrl: "{{ .Values.alertmanager.externalUrl }}" + {{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }} + externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }} + {{- end }} + portName: "{{ .Values.alertmanager.portName }}" + paused: {{ .Values.alertmanager.paused }} + logFormat: {{ .Values.alertmanager.logFormat }} + logLevel: {{ .Values.alertmanager.logLevel }} + retention: {{ .Values.alertmanager.retention }} + {{- if .Values.alertmanager.secrets }} + secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configMaps }} + configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }} + {{- end }} + resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }} + routePrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- if .Values.alertmanager.podSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.storageSpec }} + storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }} + {{- else }} + {{- if .Values.alertmanager.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.alertmanager.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.alertmanager.persistence.size | quote }} + {{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.alertmanager.persistence "global" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.alertmanager.podMetadata.labels }} + {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.alertmanager.podMetadata.annotations }} + annotations: + {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.affinity }} + affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }} + {{- else }} + affinity: + {{- if not (empty .Values.alertmanager.podAffinityPreset) }} + podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }} + {{- end }} + {{- if not (empty .Values.alertmanager.podAntiAffinityPreset) }} + podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAntiAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }} + {{- end }} + {{- if not (empty .Values.alertmanager.nodeAffinityPreset.values) }} + nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.alertmanager.nodeAffinityPreset.type "key" .Values.alertmanager.nodeAffinityPreset.key "values" .Values.alertmanager.nodeAffinityPreset.values) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumes }} + volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumeMounts }} + volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: alertmanager + {{- if .Values.alertmanager.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.alertmanager.livenessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.alertmanager.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.readinessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.containers }} + {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.priorityClassName }} + priorityClassName: {{ .Values.alertmanager.priorityClassName }} + {{- end }} + {{- if .Values.alertmanager.additionalPeers }} + additionalPeers: {{ .Values.alertmanager.additionalPeers }} + {{- end }} + {{- if .Values.alertmanager.configNamespaceSelector }} + alertmanagerConfigNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configSelector }} + alertmanagerConfigSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/secrets.yaml b/enterprise/prometheus/7.0.42/templates/alertmanager/secrets.yaml new file mode 100644 index 0000000000..9a6f518f35 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/alertmanager/secrets.yaml @@ -0,0 +1,13 @@ +{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }} +apiVersion: v1 +kind: Secret +metadata: + name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +data: + alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} +{{- range $key, $val := .Values.alertmanager.templateFiles }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/serviceaccount.yaml b/enterprise/prometheus/7.0.42/templates/alertmanager/serviceaccount.yaml new file mode 100644 index 0000000000..0086398a45 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} + {{- if index .Values.alertmanager.serviceAccount "annotations" }} + annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/alertmanager/servicemonitor.yaml new file mode 100644 index 0000000000..56071b8e18 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/alertmanager/servicemonitor.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics + {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/common.yaml b/enterprise/prometheus/7.0.42/templates/common.yaml new file mode 100644 index 0000000000..f3da376e1f --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/common.yaml @@ -0,0 +1,13 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{- include "prometheus.prometheus.prometheus" . }} +{{- include "prometheus.prometheus.additionalprometheusrules" . }} +{{- include "prometheus.prometheus.additionalscrapejobs" . }} +{{- include "prometheus.prometheus.servicemonitor" . }} + +{{- include "prometheus.alertmanager.alertmanager" . }} + + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/core-dns/service.yaml b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/service.yaml new file mode 100644 index 0000000000..359c945de4 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/service.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-coredns + namespace: {{ .Values.coreDns.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.coreDns.service.port }} + protocol: TCP + targetPort: {{ .Values.coreDns.service.targetPort }} + selector: + {{- if .Values.coreDns.service.selector }} +{{ toYaml .Values.coreDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/core-dns/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/servicemonitor.yaml new file mode 100644 index 0000000000..1c8a6d34a9 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-coredns + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns +spec: + jobLabel: k8s-app + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns + namespaceSelector: + matchNames: + - {{ .Values.coreDns.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.coreDns.serviceMonitor.interval}} + interval: {{ .Values.coreDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.coreDns.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.coreDns.serviceMonitor.relabelings }} + relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-apiserver/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-apiserver/servicemonitor.yaml new file mode 100644 index 0000000000..5ce8694e41 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-apiserver/servicemonitor.yaml @@ -0,0 +1,35 @@ +{{- if .Values.kubeApiServer.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-apiserver + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: apiserver +spec: + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes + namespaceSelector: + matchNames: + - default + endpoints: + - port: https + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeApiServer.serviceMonitor.interval }} + interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubeApiServer.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/endpoints.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/endpoints.yaml new file mode 100644 index 0000000000..13aa60ebf6 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Values.kubeControllerManager.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kube-controller-manager +subsets: + - addresses: + {{- range .Values.kubeControllerManager.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/service.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/service.yaml new file mode 100644 index 0000000000..6a45535983 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/service.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Values.kubeControllerManager.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeControllerManager.service.targetPort }} +{{- if .Values.kubeControllerManager.endpoints }}{{- else }} + selector: + {{- if .Values.kubeControllerManager.service.selector }} +{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} + {{- else}} + component: kube-controller-manager + {{- end}} +{{- end }} + type: ClusterIP +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/servicemonitor.yaml new file mode 100644 index 0000000000..5557af6395 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.kubeControllerManager.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager +spec: + jobLabel: component + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespaceSelector: + matchNames: + - {{ .Values.kubeControllerManager.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.kubeControllerManager.serviceMonitor.interval }} + interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeControllerManager.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} + serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} + {{- end }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} + relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/endpoints.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/endpoints.yaml new file mode 100644 index 0000000000..dde3d8b911 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Values.kubeScheduler.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kube-scheduler +subsets: + - addresses: + {{- range .Values.kubeScheduler.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port }} + protocol: TCP +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/service.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/service.yaml new file mode 100644 index 0000000000..aad5969f5f --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/service.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Values.kubeScheduler.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port}} + protocol: TCP + targetPort: {{ .Values.kubeScheduler.service.targetPort}} +{{- if .Values.kubeScheduler.endpoints }}{{- else }} + selector: + {{- if .Values.kubeScheduler.service.selector }} +{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} + {{- else}} + component: kube-scheduler + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/servicemonitor.yaml new file mode 100644 index 0000000000..757ce98b7c --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.kubeScheduler.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler +spec: + jobLabel: component + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespaceSelector: + matchNames: + - {{ .Values.kubeScheduler.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.kubeScheduler.serviceMonitor.interval }} + interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeScheduler.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.serverName }} + serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} + {{- end}} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.kubeScheduler.serviceMonitor.relabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kubelet/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kubelet/servicemonitor.yaml new file mode 100644 index 0000000000..30668f3048 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/exporters/kubelet/servicemonitor.yaml @@ -0,0 +1,85 @@ +{{- if .Values.kubelet.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kubelet + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kubelet +spec: + jobLabel: k8s-app + selector: + matchLabels: + k8s-app: kubelet + namespaceSelector: + matchNames: + - {{ .Values.kubelet.namespace }} + endpoints: + {{- if .Values.kubelet.serviceMonitor.https }} + - port: https-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + - port: https-metrics + path: /metrics/cadvisor + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} + {{- end }} + {{- else }} + - port: http-metrics + scheme: http + tlsConfig: + insecureSkipVerify: false + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + - port: http-metrics + path: /metrics/cadvisor + scheme: http + tlsConfig: + insecureSkipVerify: false + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_additionalPrometheusRules.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalPrometheusRules.tpl new file mode 100644 index 0000000000..121048d87c --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalPrometheusRules.tpl @@ -0,0 +1,15 @@ +{{- define "prometheus.prometheus.additionalprometheusrules" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}} + {{- range .Values.prometheus.additionalPrometheusRules }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "kube-prometheus.name" $ }}-{{ .name }} + namespace: {{ $.Release.Namespace }} + labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }} +spec: + groups: {{- toYaml .groups | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_additionalScrapeJobs.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalScrapeJobs.tpl new file mode 100644 index 0000000000..0a85943034 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalScrapeJobs.tpl @@ -0,0 +1,13 @@ +{{- define "prometheus.prometheus.additionalscrapejobs" -}} +{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +data: + scrape-jobs.yaml: {{ include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_prometheus.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_prometheus.tpl new file mode 100644 index 0000000000..828c9a53c2 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/prometheus/_prometheus.tpl @@ -0,0 +1,361 @@ +{{- define "prometheus.prometheus.prometheus" -}} +{{- if .Values.prometheus.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.prometheus.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + {{- if .Values.prometheus.serviceMonitorSelector }} + serviceMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorSelector }} + podMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.probeSelector }} + probeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }} + {{- else }} + probeSelector: {} + {{- end }} + alerting: + alertmanagers: + {{- if .Values.prometheus.alertingEndpoints }} + {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }} + {{- else if .Values.alertmanager.enabled }} + - namespace: {{ .Release.Namespace }} + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + port: http + pathPrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- else }} + [] + {{- end }} + {{- if .Values.prometheus.image }} + image: {{ template "kube-prometheus.prometheus.image" . }} + {{- end }} + {{- if .Values.prometheus.externalLabels }} + externalLabels: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.prometheusExternalLabelNameClear }} + prometheusExternalLabelName: "" + {{- else if .Values.prometheus.prometheusExternalLabelName }} + prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}" + {{- end }} + {{- if .Values.prometheus.replicaExternalLabelNameClear }} + replicaExternalLabelName: "" + {{- else if .Values.prometheus.replicaExternalLabelName }} + replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}" + {{- end }} + {{- if index .Values.prometheus "externalUrl" }} + externalUrl: "{{ .Values.prometheus.externalUrl }}" + {{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }} + externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }} + {{- end }} + paused: {{ .Values.prometheus.paused }} + logLevel: {{ .Values.prometheus.logLevel }} + logFormat: {{ .Values.prometheus.logFormat }} + listenLocal: {{ .Values.prometheus.listenLocal }} + enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }} + {{- if .Values.prometheus.enableFeatures }} + enableFeatures: + {{- range .Values.prometheus.enableFeatures }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.scrapeInterval }} + {{- end }} + {{- if .Values.prometheus.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.evaluationInterval }} + {{- end }} + {{- if .Values.prometheus.resources }} + resources: {{- toYaml .Values.prometheus.resources | nindent 4 }} + {{- end }} + retention: {{ .Values.prometheus.retention }} + {{- if .Values.prometheus.retentionSize }} + retentionSize: {{ .Values.prometheus.retentionSize }} + {{- end }} + {{- if .Values.prometheus.disableCompaction }} + disableCompaction: {{ .Values.prometheus.disableCompaction }} + {{- end }} + {{- if .Values.prometheus.walCompression }} + walCompression: {{ .Values.prometheus.walCompression }} + {{- end }} + portName: "{{ .Values.prometheus.portName }}" + routePrefix: "{{ .Values.prometheus.routePrefix }}" + {{- if .Values.prometheus.secrets }} + secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.configMaps }} + configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorNamespaceSelector }} + podMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.probeNamespaceSelector }} + probeNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + probeNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.remoteRead }} + remoteRead: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.remoteWrite }} + remoteWrite: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.podSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.ruleNamespaceSelector }} + ruleNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + ruleNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.ruleSelector }} + ruleSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }} + {{- else }} + ruleSelector: {} + {{- end }} + {{- if .Values.prometheus.storageSpec }} + storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }} + {{- else if .Values.prometheus.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.prometheus.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.prometheus.persistence.size | quote }} + {{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.prometheus.persistence "global" $ ) | nindent 8 }} + {{- end }} + {{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.prometheus.podMetadata.labels }} + {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.prometheus.podMetadata.annotations }} + annotations: + {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.querySpec }} + query: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.affinity }} + affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }} + {{- else }} + affinity: + {{- if not (empty .Values.prometheus.podAffinityPreset) }} + podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAffinityPreset "component" "prometheus" "context" $) | nindent 6 }} + {{- end }} + {{- if not (empty .Values.prometheus.podAntiAffinityPreset) }} + podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAntiAffinityPreset "component" "prometheus" "context" $) | nindent 6 }} + {{- end }} + {{- if not (empty .Values.prometheus.nodeAffinityPreset.values) }} + nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.prometheus.nodeAffinityPreset.type "key" .Values.prometheus.nodeAffinityPreset.key "values" .Values.prometheus.nodeAffinityPreset.values) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.nodeSelector }} + nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.tolerations }} + tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumes }} + volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumeMounts }} + volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + additionalScrapeConfigs: + {{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }} + name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }} + key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }} + {{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }} + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + key: scrape-jobs.yaml + {{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }} + key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }} + additionalAlertRelabelConfigs: + name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }} + key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if .Values.prometheus.thanos.create }} + - name: thanos-sidecar + image: {{ template "kube-prometheus.prometheus.thanosImage" . }} + imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }} + args: + - sidecar + - --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }} + - --grpc-address=0.0.0.0:10901 + - --http-address=0.0.0.0:10902 + - --tsdb.path=/prometheus/ + {{- if .Values.prometheus.thanos.objectStorageConfig }} + - --objstore.config=$(OBJSTORE_CONFIG) + {{- end }} + {{- if .Values.prometheus.thanos.extraArgs }} + {{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }} + {{- end }} + {{- if .Values.prometheus.thanos.objectStorageConfig }} + env: + - name: OBJSTORE_CONFIG + valueFrom: + secretKeyRef: + name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }} + key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }} + {{- end }} + {{- if .Values.prometheus.thanos.resources }} + resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }} + {{- end }} + ports: + - name: thanos + containerPort: 10901 + protocol: TCP + - name: http + containerPort: 10902 + protocol: TCP + volumeMounts: + - mountPath: /prometheus + name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db + {{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }} + subPath: prometheus-db + {{- end }} + {{- if .Values.prometheus.thanos.extraVolumeMounts }} + {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.thanos.containerSecurityContext.enabled }} + # yamllint disable rule:indentation + securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + {{- if .Values.prometheus.thanos.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.livenessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.thanos.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.readinessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: prometheus + {{- if .Values.prometheus.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.livenessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.readinessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.containers }} + {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.priorityClassName }} + priorityClassName: {{ .Values.prometheus.priorityClassName }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_servicemonitor.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_servicemonitor.tpl new file mode 100644 index 0000000000..d9a5702353 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/prometheus/_servicemonitor.tpl @@ -0,0 +1,29 @@ +{{- define "prometheus.prometheus.servicemonitor" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics + {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/clusterrole.yaml b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrole.yaml new file mode 100644 index 0000000000..ae96e2d45f --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrole.yaml @@ -0,0 +1,41 @@ +{{- if .Values.prometheus.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - extensions + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - "get" +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/clusterrolebinding.yaml b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrolebinding.yaml new file mode 100644 index 0000000000..7ca10743f4 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus.prometheus.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/serviceaccount.yaml b/enterprise/prometheus/7.0.42/templates/prometheus/serviceaccount.yaml new file mode 100644 index 0000000000..02b175f2b4 --- /dev/null +++ b/enterprise/prometheus/7.0.42/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} + {{- if index .Values.prometheus.serviceAccount "annotations" }} + annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/enterprise/prometheus/7.0.42/values.yaml b/enterprise/prometheus/7.0.42/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/prometheus/item.yaml b/enterprise/prometheus/item.yaml new file mode 100644 index 0000000000..4d843e0cab --- /dev/null +++ b/enterprise/prometheus/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png +categories: +- metrics + diff --git a/enterprise/traefik/16.0.11/CHANGELOG.md b/enterprise/traefik/16.0.11/CHANGELOG.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/traefik/16.0.11/Chart.yaml b/enterprise/traefik/16.0.11/Chart.yaml new file mode 100644 index 0000000000..a086379b3d --- /dev/null +++ b/enterprise/traefik/16.0.11/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +appVersion: "2.9.6" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 11.1.2 +deprecated: false +description: Traefik is a flexible reverse proxy and Ingress Provider. +home: https://truecharts.org/charts/stable/traefik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +keywords: + - traefik + - ingress +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: traefik +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/traefik + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + - https://traefik.io/ +type: application +version: 16.0.11 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/traefik/16.0.11/README.md b/enterprise/traefik/16.0.11/README.md new file mode 100644 index 0000000000..701942c352 --- /dev/null +++ b/enterprise/traefik/16.0.11/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/traefik/16.0.11/app-changelog.md b/enterprise/traefik/16.0.11/app-changelog.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/traefik/16.0.11/app-readme.md b/enterprise/traefik/16.0.11/app-readme.md new file mode 100644 index 0000000000..fe2ab2ae52 --- /dev/null +++ b/enterprise/traefik/16.0.11/app-readme.md @@ -0,0 +1,8 @@ +Traefik is a flexible reverse proxy and Ingress Provider. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/traefik/16.0.11/charts/common-11.1.2.tgz b/enterprise/traefik/16.0.11/charts/common-11.1.2.tgz new file mode 100644 index 0000000000..da62080e8a Binary files /dev/null and b/enterprise/traefik/16.0.11/charts/common-11.1.2.tgz differ diff --git a/enterprise/traefik/16.0.11/ix_values.yaml b/enterprise/traefik/16.0.11/ix_values.yaml new file mode 100644 index 0000000000..bd211b479b --- /dev/null +++ b/enterprise/traefik/16.0.11/ix_values.yaml @@ -0,0 +1,406 @@ +image: + repository: tccr.io/truecharts/traefik + # defaults to appVersion + tag: 2.9.6@sha256:a4f065a7a34902e7d8179680b8c344e70cf90ed80c7a396b5f42ecabfa3c0321 + pullPolicy: IfNotPresent + +# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 + enabled: false + isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: "" + +# -- Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} + +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "9180" + +# +# -- Configure providers +providers: + kubernetesCRD: + enabled: true + namespaces: + [] + # - "default" + kubernetesIngress: + enabled: true + # labelSelector: environment=production,method=traefik + namespaces: + [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + +# -- Logs +# https://docs.traefik.io/observability/logs/ +logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format + format: common + access: + # To enable access logs + enabled: false + # To write the logs in an asynchronous fashion, specify a bufferingSize option. + # This option represents the number of log lines Traefik will keep in memory before writing + # them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + # Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: + {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + # Fields + # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: + {} + # Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: + {} + # Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format + format: common + +metrics: + # datadog: + # address: 127.0.0.1:8125 + # influxdb: + # address: localhost:8089 + # protocol: udp + prometheus: + entryPoint: metrics + # statsd: + # address: localhost:8125 + +globalArguments: + - "--global.checknewversion" + +## +# -- Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: + - "--metrics.prometheus" + - "--ping" + - "--serverstransport.insecureskipverify=true" + - "--providers.kubernetesingress.allowexternalnameservices=true" + +# -- TLS Options to be created as TLSOption CRDs +# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options +# Example: +tlsOptions: + default: + sniStrict: false + minVersion: VersionTLS12 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + +# -- Options for the main traefik service, where the entrypoints traffic comes from +# from. +service: + main: + type: LoadBalancer + ports: + main: + port: 9000 + targetPort: 9000 + protocol: HTTP + # -- Forwarded Headers should never be enabled on Main entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Main entrypoint + proxyProtocol: + enabled: false + tcp: + enabled: true + type: LoadBalancer + ports: + web: + enabled: true + port: 9080 + protocol: HTTP + redirectTo: websecure + # Options: Empty, 0 (ingore), or positive int + # redirectPort: + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + websecure: + enabled: true + port: 9443 + protocol: HTTPS + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + # tcpexample: + # enabled: true + # targetPort: 9443 + # protocol: TCP + # tls: + # enabled: false + # # this is the name of a TLSOption definition + # options: "" + # certResolver: "" + # domains: [] + # # - main: example.com + # # sans: + # # - foo.example.com + # # - bar.example.com + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + port: 9180 + targetPort: 9180 + protocol: HTTP + # -- Forwarded Headers should never be enabled on Metrics entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Metrics entrypoint + proxyProtocol: + enabled: false + udp: + enabled: false + +# probes: +# # -- Liveness probe configuration +# # @default -- See below +# liveness: +# # -- sets the probe type when not using a custom probe +# # @default -- "TCP" +# type: HTTP +# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used +# # @default -- "/" +# path: "/ping" + +# # -- Redainess probe configuration +# # @default -- See below +# readiness: +# # -- sets the probe type when not using a custom probe +# # @default -- "TCP" +# type: HTTP +# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used +# # @default -- "/" +# path: "/ping" + +# # -- Startup probe configuration +# # @default -- See below +# startup: +# # -- sets the probe type when not using a custom probe +# # @default -- "TCP" +# type: HTTP +# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used +# # @default -- "/" +# path: "/ping" + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + resources: + - ingressroutes + - ingressroutetcps + - ingressrouteudps + - middlewares + - middlewaretcps + - tlsoptions + - tlsstores + - traefikservices + - serverstransports + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + +# -- SCALE Middleware Handlers +middlewares: + basicAuth: [] + # - name: basicauthexample + # users: + # - username: testuser + # password: testpassword + forwardAuth: [] + # - name: forwardAuthexample + # address: https://auth.example.com/ + # authResponseHeaders: + # - X-Secret + # - X-Auth-User + # authRequestHeaders: + # - "Accept" + # - "X-CustomHeader" + # authResponseHeadersRegex: "^X-" + # trustForwardHeader: true + chain: [] + # - name: chainname + # middlewares: + # - name: compress + redirectScheme: [] + # - name: redirectSchemeName + # scheme: https + # permanent: true + rateLimit: [] + # - name: rateLimitName + # average: 300 + # burst: 200 + redirectRegex: [] + # - name: redirectRegexName + # regex: putregexhere + # replacement: replacementurlhere + # permanent: false + stripPrefixRegex: [] + # - name: stripPrefixRegexName + # regex: [] + ipWhiteList: [] + # - name: ipWhiteListName + # sourceRange: [] + # ipStrategy: + # depth: 2 + # excludedIPs: [] + themeParkVersion: v1.3.0 + themePark: [] + # - name: themeParkName + # -- Supported apps, lower case name + # -- https://docs.theme-park.dev/themes + # app: appnamehere + # -- Supported themes, lower case name + # -- https://docs.theme-park.dev/themes/APPNAMEHERE + # -- https://docs.theme-park.dev/community-themes + # theme: themenamehere + # -- https://theme-park.dev or a self hosted url + # baseUrl: https://theme-park.dev + realIPVersion: v1.0.3 + # Sets X-Real-Ip with an IP from the X-Forwarded-For or + # Cf-Connecting-Ip (If from Cloudflare) + # Evaluation of those headers will go from last to first + realIP: [] + # - name: realIPName + # -- The real IP will be the first one that is + # -- not included in any of the CIDRs passed here + # excludedNetworks: + # - 1.1.1.1/24 + addPrefix: [] + # - name: addPrefixName + # prefix: "/foo" + geoBlockVersion: v0.2.3 + geoBlock: [] + # -- https://github.com/PascalMinder/geoblock + # - name: geoBlockName + # allowLocalRequests: true + # logLocalRequests: false + # logAllowedRequests: false + # logApiRequests: false + # api: https://get.geojs.io/v1/ip/country/{ip} + # apiTimeoutMs: 500 + # cacheSize: 25 + # forceMonthlyUpdate: true + # allowUnknownCountries: false + # unknownCountryApiResponse: nil + # countries: + # - RU + +portalhook: + enabled: true + +persistence: + plugins: + enabled: true + mountPath: "/plugins-storage" + type: emptyDir + +portal: + enabled: true diff --git a/enterprise/traefik/16.0.11/questions.yaml b/enterprise/traefik/16.0.11/questions.yaml new file mode 100644 index 0000000000..bc64ab449d --- /dev/null +++ b/enterprise/traefik/16.0.11/questions.yaml @@ -0,0 +1,2487 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: VPN + description: VPN + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "http" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "/dashboard/" +questions: + - variable: global + label: Global Settings + group: "General Settings" + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: Flag this is SCALE + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: "General Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: replicas + description: Number of desired pod replicas + label: Desired Replicas + schema: + type: int + required: true + default: 1 + - variable: customextraargs + group: "General Settings" + label: "Extra Args" + description: "Do not click this unless you know what you are doing" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + group: "General Settings" + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingressClass + label: "ingressClass" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + description: "When enabled, ingressClass will match the entered name of this app" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: isDefaultClass + label: "isDefaultClass" + schema: + type: boolean + default: false + - variable: logs + label: "Logs" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "ERROR" + enum: + - value: "INFO" + description: "Info" + - value: "WARN" + description: "Warnings" + - value: "ERROR" + description: "Errors" + - value: "FATAL" + description: "Fatal Errors" + - value: "PANIC" + description: "Panics" + - value: "DEBUG" + description: "Debug" + - variable: format + label: "General Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: access + label: "Access Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabledFilters + label: "Enable Filters" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filters + label: "Filters" + schema: + additional_attrs: true + type: dict + attrs: + - variable: statuscodes + label: "Status codes" + schema: + type: string + default: "200,300-302" + - variable: retryattempts + label: "retryattempts" + schema: + type: boolean + default: true + - variable: minduration + label: "minduration" + schema: + type: string + default: "10ms" + - variable: fields + label: "Fields" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "keep" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: headers + label: "Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "drop" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: format + label: "Access Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: middlewares + label: "" + group: "Middlewares" + schema: + additional_attrs: true + type: dict + attrs: + - variable: basicAuth + label: basicAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: users + label: Users + schema: + type: list + default: [] + items: + - variable: usersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: Username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + schema: + type: string + required: true + default: "" + - variable: forwardAuth + label: forwardAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: address + label: Address + schema: + type: string + required: true + default: "" + - variable: trustForwardHeader + label: trustForwardHeader + schema: + type: boolean + default: false + - variable: tls + label: TLS + schema: + additional_attrs: true + type: dict + attrs: + - variable: insecureSkipVerify + label: insecureSkipVerify (expert) + description: >- + This disables all TLS certificate validation on communications with the authentication endpoint. + This could be a security risk and should only be used if you know what you are doing. + schema: + type: boolean + default: false + - variable: authResponseHeadersRegex + label: authResponseHeadersRegex + schema: + type: string + default: "" + - variable: authResponseHeaders + label: authResponseHeaders + schema: + type: list + default: [] + items: + - variable: authResponseHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: authRequestHeaders + label: authRequestHeaders + schema: + type: list + default: [] + items: + - variable: authRequestHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: chain + label: Chain + schema: + type: list + default: [] + items: + - variable: chainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: middlewares + label: Middlewares to Chain + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: redirectScheme + label: redirectScheme + schema: + type: list + default: [] + items: + - variable: redirectSchemeEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: scheme + label: Scheme + schema: + type: string + required: true + default: https + enum: + - value: https + description: https + - value: http + description: http + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: rateLimit + label: rateLimit + schema: + type: list + default: [] + items: + - variable: rateLimitEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: average + label: Average + schema: + type: int + required: true + default: 300 + - variable: burst + label: Burst + schema: + type: int + required: true + default: 200 + - variable: redirectRegex + label: redirectRegex + schema: + type: list + default: [] + items: + - variable: redirectRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: string + required: true + default: "" + - variable: replacement + label: Replacement + schema: + type: string + required: true + default: "" + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: stripPrefixRegex + label: stripPrefixRegex + schema: + type: list + default: [] + items: + - variable: stripPrefixRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: list + default: [] + items: + - variable: regexEntry + label: Regex + schema: + type: string + required: true + default: "" + - variable: ipWhiteList + label: ipWhiteList + schema: + type: list + default: [] + items: + - variable: ipWhiteListEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: sourceRange + label: Source Range + schema: + type: list + default: [] + items: + - variable: sourceRangeEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: ipStrategy + label: IP Strategy + schema: + additional_attrs: true + type: dict + attrs: + - variable: depth + label: Depth + schema: + type: int + required: true + - variable: excludedIPs + label: Excluded IPs + schema: + type: list + default: [] + items: + - variable: excludedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: themePark + label: theme.park + schema: + type: list + default: [] + items: + - variable: themeParkEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-themepark + schema: + type: string + required: true + default: "" + - variable: appName + label: App Name + description: Lower case, name of the app to be themed. +
Go to https://docs.theme-park.dev/themes/ to see supported apps. + schema: + type: string + required: true + default: "" + - variable: themeName + label: Theme Name + description: Lower case, name of the theme to be applied. +
Go to https://docs.theme-park.dev/theme-options/ to see supported themes. + schema: + type: string + required: true + default: "" + - variable: baseUrl + label: Base URL + description: Replace `https://theme-park.dev` URL for self-hosting reference. + schema: + type: string + required: true + default: https://theme-park.dev + - variable: addons + label: Addons + schema: + type: list + default: [] + items: + - variable: addonEntry + label: Addon + description: Currently only supports 'darker' and '4k-logo' for *arr apps. +
Go to https://docs.theme-park.dev/themes/addons/ for Addon information. +
Go to https://github.com/packruler/traefik-themepark for more context on plugin + schema: + type: string + required: true + default: "" + - variable: realIP + label: Real IP + schema: + type: list + default: [] + items: + - variable: realIPEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: excludedNetworks + label: Excluded Networks + schema: + type: list + default: [] + items: + - variable: excludedNetEntry + label: Excluded Network Entry + description: Network to exclude setting it to X-Real-Ip + schema: + type: string + required: true + default: "" + - variable: geoBlock + label: GeoBlock + schema: + type: list + default: [] + items: + - variable: geoBlockEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to geoblock + schema: + type: string + required: true + default: "" + - variable: allowLocalRequests + label: Allow Local Requests + description: If set to true, will not block request from Private IP Ranges + schema: + type: boolean + default: true + - variable: logLocalRequests + label: Log Local Requests + description: If set to true, will log every connection from any IP in the private IP range + schema: + type: boolean + default: false + - variable: logAllowedRequests + label: Log Allowed Requests + description: If set to true, will show a log message with the IP and the country of origin if a request is allowed. + schema: + type: boolean + default: false + - variable: logApiRequests + label: Log API Requests + description: If set to true, will show a log message for every API hit. + schema: + type: boolean + default: false + - variable: api + label: API + description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL. + schema: + type: string + required: true + default: https://get.geojs.io/v1/ip/country/{ip} + - variable: apiTimeoutMs + label: API Timeout in ms + description: Timeout for the call to the api uri. + schema: + type: int + required: true + default: 500 + - variable: cacheSize + label: Cache Size + description: Defines the max size of the LRU (least recently used) cache. + schema: + type: int + required: true + default: 25 + - variable: forceMonthlyUpdate + label: Force Monthly Update + description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month. + schema: + type: boolean + default: true + - variable: allowUnknownCountries + label: Allow Unknown Countries + description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed. + schema: + type: boolean + default: false + - variable: unknownCountryApiResponse + label: Unknown Countries API Response + description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested. + schema: + type: string + required: true + default: nil + - variable: countries + label: Blocked Countries + schema: + type: list + default: [] + items: + - variable: blockedCountryEntry + label: Blocked Country + description: Country codes (2 characters) from which connections to the service should be allowed. + schema: + type: string + required: true + # Allow only 2 Characters + valid_chars: '^[a-zA-Z]{2}$' + default: "" + - variable: addPrefix + label: Add Prefix + schema: + type: list + default: [] + items: + - variable: addPrefixEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: prefix + label: Prefix + schema: + type: string + required: true + default: "" + - variable: service + group: "Networking and Services" + label: "Configure Service Entrypoint" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9000 + required: true + - variable: tcp + label: "TCP Service" + description: "The tcp Entrypoint service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: web + label: "web Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9080 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + default: "websecure" + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: websecure + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9443 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + hidden: true + - variable: portsList + label: "Additional TCP Entrypoints" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom Entrypoints" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Entrypoints Name" + schema: + type: string + default: "" + - variable: protocol + label: "Entrypoints Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: security + label: Container Security Settings + group: Security and Permissions + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: Change PUID / UMASK values + description: By enabling this you override default set values. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "002" + - variable: advancedSecurity + label: Show Advanced Security Settings + group: Security and Permissions + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: podSecurityContext + group: Security and Permissions + label: Pod Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: hostPath + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + # Specify GPU configuration + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: horizontalPodAutoscaler + group: Advanced + label: (Advanced) Horizontal Pod Autoscaler + schema: + type: list + default: [] + items: + - variable: hpaEntry + label: HPA Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: Target + description: Deployment name, Defaults to Main Deployment + schema: + type: string + default: "" + - variable: minReplicas + label: Minimum Replicas + schema: + type: int + default: 1 + - variable: maxReplicas + label: Maximum Replicas + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: Target CPU Utilization Percentage + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: Target Memory Utilization Percentage + schema: + type: int + default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: Git Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: Raw SSH Private Key + label: Deploy Key + schema: + type: string + - variable: deployKeyBase64 + description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence + label: Deploy Key Base64 + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: nodePort + description: Leave Empty to Disable + label: nodePort DEPRECATED + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: openvpn + description: OpenVPN + - value: wireguard + description: Wireguard + - value: tailscale + description: Tailscale + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type + schema: + type: string + default: hostPath + hidden: true + - variable: hostPathType + label: hostPathType + schema: + type: string + default: File + hidden: true + - variable: noMount + label: noMount + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: Full Path to File + description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/traefik/16.0.11/templates/_args.tpl b/enterprise/traefik/16.0.11/templates/_args.tpl new file mode 100644 index 0000000000..98cc63897b --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/_args.tpl @@ -0,0 +1,178 @@ +{{/* Define the args */}} +{{- define "traefik.args" -}} +args: + {{/* merge all ports */}} + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{/* start of actual arguments */}} + {{- with .Values.globalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- range $name, $config := $ports }} + {{- if $config }} + {{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }} + {{- $_ := set $config "protocol" "TCP" }} + {{- end }} + - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- end }} + {{- end }} + - "--api.dashboard=true" + - "--ping=true" + {{- if .Values.metrics }} + {{- if .Values.metrics.datadog }} + - "--metrics.datadog=true" + - "--metrics.datadog.address={{ .Values.metrics.datadog.address }}" + {{- end }} + {{- if .Values.metrics.influxdb }} + - "--metrics.influxdb=true" + - "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}" + - "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}" + {{- end }} + {{- if .Values.metrics.prometheus }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}" + {{- end }} + {{- if .Values.metrics.statsd }} + - "--metrics.statsd=true" + - "--metrics.statsd.address={{ .Values.metrics.statsd.address }}" + {{- end }} + {{- end }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress" + {{- if .Values.providers.kubernetesIngress.publishedService.enabled }} + - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.labelSelector }} + - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}" + {{- end }} + {{- end }} + {{- if and .Values.rbac.enabled .Values.rbac.namespaced }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}" + {{- end }} + {{- end }} + {{- if .Values.ingressClass.enabled }} + - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}" + {{- end }} + {{- range $entrypoint, $config := $ports }} + {{/* add args for proxyProtocol support */}} + {{- if $config.proxyProtocol }} + {{- if $config.proxyProtocol.enabled }} + {{- if $config.proxyProtocol.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure" + {{- end }} + {{- if not ( empty $config.proxyProtocol.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" + {{- end }} + {{- end }} + {{- end }} + {{/* add args for forwardedHeaders support */}} + {{- if $config.forwardedHeaders.enabled }} + {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + {{- end }} + {{- if $config.forwardedHeaders.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + {{- end }} + {{- end }} + {{/* end forwardedHeaders configuration */}} + {{- if $config.redirectTo }} + {{- $toPort := index $ports $config.redirectTo }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- else if $config.redirectPort }} + {{ if gt $config.redirectPort 0.0 }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- end }} + {{- end }} + {{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }} + {{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }} + - "--entrypoints.{{ $entrypoint }}.http.tls=true" + {{- if $config.tls.options }} + - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + {{- end }} + {{- if $config.tls.certResolver }} + - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + {{- end }} + {{- if $config.tls.domains }} + {{- range $index, $domain := $config.tls.domains }} + {{- if $domain.main }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + {{- end }} + {{- if $domain.sans }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.logs }} + - "--log.format={{ .general.format }}" + {{- if ne .general.level "ERROR" }} + - "--log.level={{ .general.level | upper }}" + {{- end }} + {{- if .access.enabled }} + - "--accesslog=true" + - "--accesslog.format={{ .access.format }}" + {{- if .access.bufferingsize }} + - "--accesslog.bufferingsize={{ .access.bufferingsize }}" + {{- end }} + {{- if .access.filters }} + {{- if .access.filters.statuscodes }} + - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" + {{- end }} + {{- if .access.filters.retryattempts }} + - "--accesslog.filters.retryattempts" + {{- end }} + {{- if .access.filters.minduration }} + - "--accesslog.filters.minduration={{ .access.filters.minduration }}" + {{- end }} + {{- end }} + - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.general.names }} + - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + {{- end }} + {{- end }} + {{/* theme.park */}} + {{- if .Values.middlewares.themePark }} + - "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark" + - "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}" + {{- end }} + {{/* End of theme.park */}} + {{/* GeoBlock */}} + {{- if .Values.middlewares.geoBlock }} + - "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock" + - "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}" + {{- end }} + {{/* End of GeoBlock */}} + {{/* RealIP */}} + {{- if .Values.middlewares.realIP }} + - "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip" + - "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}" + {{- end }} + {{/* End of RealIP */}} + {{- with .Values.additionalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/16.0.11/templates/_helpers.tpl b/enterprise/traefik/16.0.11/templates/_helpers.tpl new file mode 100644 index 0000000000..ab55e4e7ec --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* +Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice. +By convention this will simply use the / to match the name of the +service generated. +Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride` +*/}} +{{- define "providers.kubernetesIngress.publishedServicePath" -}} +{{- $fullName := include "tc.common.names.fullname" . -}} +{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}} +{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct a comma-separated list of whitelisted namespaces +*/}} +{{- define "providers.kubernetesIngress.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }} +{{- end -}} +{{- define "providers.kubernetesCRD.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }} +{{- end -}} diff --git a/enterprise/traefik/16.0.11/templates/_ingressclass.tpl b/enterprise/traefik/16.0.11/templates/_ingressclass.tpl new file mode 100644 index 0000000000..909e249d6a --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/_ingressclass.tpl @@ -0,0 +1,24 @@ +{{/* Define the ingressClass */}} +{{- define "traefik.ingressClass" -}} +--- +{{ if .Values.ingressClass.enabled }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }} +apiVersion: networking.k8s.io/v1beta1 + {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }} +apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }} + {{- else }} + {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }} + {{- end }} +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + controller: traefik.io/ingress-controller +{{- end }} +{{- end }} diff --git a/enterprise/traefik/16.0.11/templates/_ingressroute.tpl b/enterprise/traefik/16.0.11/templates/_ingressroute.tpl new file mode 100644 index 0000000000..7f012c9235 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/_ingressroute.tpl @@ -0,0 +1,25 @@ +{{/* Define the ingressRoute */}} +{{- define "traefik.ingressRoute" -}} +{{ if .Values.ingressRoute.dashboard.enabled }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "tc.common.names.fullname" . }}-dashboard + annotations: + {{- with .Values.ingressRoute.dashboard.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +spec: + entryPoints: + - main + routes: + - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + kind: Rule + services: + - name: api@internal + kind: TraefikService +{{ end }} +{{- end -}} diff --git a/enterprise/traefik/16.0.11/templates/_portalhook.tpl b/enterprise/traefik/16.0.11/templates/_portalhook.tpl new file mode 100644 index 0000000000..e3586c5d4e --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/_portalhook.tpl @@ -0,0 +1,26 @@ +{{/* Define the portalHook */}} +{{- define "traefik.portalhook" -}} +{{- if .Values.portalhook.enabled }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: portalhook + namespace: {{ $namespace }} +data: + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{- range $name, $value := $ports }} + {{ $name }}: {{ $value.port | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/16.0.11/templates/_tlsoptions.tpl b/enterprise/traefik/16.0.11/templates/_tlsoptions.tpl new file mode 100644 index 0000000000..3e5aad3bee --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/_tlsoptions.tpl @@ -0,0 +1,12 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsOptions" -}} +{{- range $name, $config := .Values.tlsOptions }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: TLSOption +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/16.0.11/templates/common.yaml b/enterprise/traefik/16.0.11/templates/common.yaml new file mode 100644 index 0000000000..c933a3d08e --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/common.yaml @@ -0,0 +1,24 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{- if .Values.metrics }} +{{- if .Values.metrics.prometheus }} +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/port" "9180" -}} +{{- end }} +{{- end }} + +{{- $newArgs := (include "traefik.args" . | fromYaml) }} +{{- $_ := set .Values "newArgs" $newArgs -}} +{{- $mergedargs := concat .Values.args .Values.newArgs.args }} +{{- $_ := set .Values "args" $mergedargs -}} + +{{- include "traefik.portalhook" . }} +{{- include "traefik.tlsOptions" . }} +{{- include "traefik.ingressRoute" . }} +{{- include "traefik.ingressClass" . }} + + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/addPrefix.yaml b/enterprise/traefik/16.0.11/templates/middlewares/addPrefix.yaml new file mode 100644 index 0000000000..233b23834c --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/addPrefix.yaml @@ -0,0 +1,17 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{- range $index, $middlewareData := .Values.middlewares.addPrefix }} + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + addPrefix: + prefix: {{ $middlewareData.prefix }} +{{- end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/basic-middleware.yaml b/enterprise/traefik/16.0.11/templates/middlewares/basic-middleware.yaml new file mode 100644 index 0000000000..9ba8e5c5d9 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/basic-middleware.yaml @@ -0,0 +1,62 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: compress + namespace: {{ $namespace }} +spec: + compress: {} +--- +# Here, an average of 300 requests per second is allowed. +# In addition, a burst of 200 requests is allowed. +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-ratelimit + namespace: {{ $namespace }} +spec: + rateLimit: + average: 600 + burst: 400 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-secure-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: chain-basic + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: basic-secure-headers + - name: compress diff --git a/enterprise/traefik/16.0.11/templates/middlewares/basicauth.yaml b/enterprise/traefik/16.0.11/templates/middlewares/basicauth.yaml new file mode 100644 index 0000000000..ccb541742f --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/basicauth.yaml @@ -0,0 +1,34 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.basicAuth }} +--- +{{- $users := list }} +{{ range $index, $userdata := $middlewareData.users }} + {{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }} +{{ end }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{printf "%v-%v" $middlewareData.name "secret" }} + namespace: {{ $namespace }} +type: Opaque +stringData: + users: | + {{- range $index, $user := $users }} + {{ printf "%s" $user }} + {{- end }} +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + basicAuth: + secret: {{printf "%v-%v" $middlewareData.name "secret" }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/chain.yaml b/enterprise/traefik/16.0.11/templates/middlewares/chain.yaml new file mode 100644 index 0000000000..f87994f795 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/chain.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.chain }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + chain: + middlewares: + {{ range $index, $middleware := .middlewares }} + - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }} + {{ end }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/forwardauth.yaml b/enterprise/traefik/16.0.11/templates/middlewares/forwardauth.yaml new file mode 100644 index 0000000000..4bdefbd5c0 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/forwardauth.yaml @@ -0,0 +1,34 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + forwardAuth: + address: {{ $middlewareData.address }} + {{- with $middlewareData.authResponseHeaders }} + authResponseHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $middlewareData.authRequestHeaders }} + authRequestHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $middlewareData.authResponseHeadersRegex }} + authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }} + {{- end }} + {{- if $middlewareData.trustForwardHeader }} + trustForwardHeader: true + {{- end }} + {{- with $middlewareData.tls }} + tls: + insecureSkipVerify: {{ .insecureSkipVerify | default false }} + {{- end }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/geoblock.yaml b/enterprise/traefik/16.0.11/templates/middlewares/geoblock.yaml new file mode 100644 index 0000000000..1f0fb75276 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/geoblock.yaml @@ -0,0 +1,34 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{- range $index, $middlewareData := .Values.middlewares.geoBlock }} + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + plugin: + GeoBlock: + allowLocalRequests: {{ $middlewareData.allowLocalRequests }} + logLocalRequests: {{ $middlewareData.logLocalRequests }} + logAllowedRequests: {{ $middlewareData.logAllowedRequests }} + logApiRequests: {{ $middlewareData.logApiRequests }} + api: {{ $middlewareData.api }} + apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }} + cacheSize: {{ $middlewareData.cacheSize }} + forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }} + allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }} + unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }} + {{- if not $middlewareData.countries }} + {{- fail "You have to define at least one country..." }} + {{- end }} + countries: + {{- range $middlewareData.countries }} + - {{ . }} + {{- end }} +{{- end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/ipwhitelist.yaml b/enterprise/traefik/16.0.11/templates/middlewares/ipwhitelist.yaml new file mode 100644 index 0000000000..1179245017 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/ipwhitelist.yaml @@ -0,0 +1,33 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + ipWhiteList: + sourceRange: + {{- range $middlewareData.sourceRange }} + - {{ . }} + {{- end }} + {{- if $middlewareData.ipStrategy }} + ipStrategy: + {{- if $middlewareData.ipStrategy.depth }} + depth: {{ $middlewareData.ipStrategy.depth }} + {{- end }} + {{- if $middlewareData.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $middlewareData.ipStrategy.excludedIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/ratelimit.yaml b/enterprise/traefik/16.0.11/templates/middlewares/ratelimit.yaml new file mode 100644 index 0000000000..144b9d8bf3 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/ratelimit.yaml @@ -0,0 +1,19 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.rateLimit }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + rateLimit: + average: {{ $middlewareData.average }} + burst: {{ $middlewareData.burst }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/real-ip.yaml b/enterprise/traefik/16.0.11/templates/middlewares/real-ip.yaml new file mode 100644 index 0000000000..2dd1ae030a --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/real-ip.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{- range $index, $middlewareData := .Values.middlewares.realIP }} + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + plugin: + traefik-real-ip: + excludednets: + {{- range $middlewareData.excludedNetworks }} + - {{ . | quote }} + {{- end }} +{{- end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/redirectScheme.yaml b/enterprise/traefik/16.0.11/templates/middlewares/redirectScheme.yaml new file mode 100644 index 0000000000..f2413f84e1 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/redirectScheme.yaml @@ -0,0 +1,19 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + redirectScheme: + scheme: {{ $middlewareData.scheme }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/redirectregex.yaml b/enterprise/traefik/16.0.11/templates/middlewares/redirectregex.yaml new file mode 100644 index 0000000000..46e3e724dd --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/redirectregex.yaml @@ -0,0 +1,20 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + redirectRegex: + regex: {{ $middlewareData.regex | quote }} + replacement: {{ $middlewareData.replacement | quote }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/stripPrefixRegex.yaml b/enterprise/traefik/16.0.11/templates/middlewares/stripPrefixRegex.yaml new file mode 100644 index 0000000000..007c166ff3 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/stripPrefixRegex.yaml @@ -0,0 +1,20 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} + +{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + stripPrefixRegex: + regex: + {{- range $middlewareData.regex }} + - {{ . | quote }} + {{- end }} +{{ end }} diff --git a/enterprise/traefik/16.0.11/templates/middlewares/tc-chains.yaml b/enterprise/traefik/16.0.11/templates/middlewares/tc-chains.yaml new file mode 100644 index 0000000000..409766daa8 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/tc-chains.yaml @@ -0,0 +1,29 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-opencors-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: tc-opencors-headers + - name: compress +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-closedcors-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: tc-closedcors-headers + - name: compress diff --git a/enterprise/traefik/16.0.11/templates/middlewares/tc-headers.yaml b/enterprise/traefik/16.0.11/templates/middlewares/tc-headers.yaml new file mode 100644 index 0000000000..a0462f1fd7 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/tc-headers.yaml @@ -0,0 +1,62 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-opencors-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowHeaders: + - '*' + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + - POST + accessControlAllowOriginList: + - '*' + accessControlMaxAge: 100 + browserXssFilter: true + contentTypeNosniff: true + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + server: "" + forceSTSHeader: true + referrerPolicy: same-origin + sslForceHost: true + sslRedirect: true + stsSeconds: 63072000 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-closedcors-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' diff --git a/enterprise/traefik/16.0.11/templates/middlewares/tc-nextcloud.yaml b/enterprise/traefik/16.0.11/templates/middlewares/tc-nextcloud.yaml new file mode 100644 index 0000000000..6a3019d56c --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/tc-nextcloud.yaml @@ -0,0 +1,25 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-nextcloud-redirectregex-dav + namespace: {{ $namespace }} +spec: + redirectRegex: + regex: "https://(.*)/.well-known/(card|cal)dav" + replacement: "https://${1}/remote.php/dav/" +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-nextcloud-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: tc-nextcloud-redirectregex-dav diff --git a/enterprise/traefik/16.0.11/templates/middlewares/theme-park.yaml b/enterprise/traefik/16.0.11/templates/middlewares/theme-park.yaml new file mode 100644 index 0000000000..92a4257e27 --- /dev/null +++ b/enterprise/traefik/16.0.11/templates/middlewares/theme-park.yaml @@ -0,0 +1,26 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{- range $index, $middlewareData := .Values.middlewares.themePark }} + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + plugin: + traefik-themepark: + app: {{ $middlewareData.appName }} + theme: {{ $middlewareData.themeName }} + baseUrl: {{ $middlewareData.baseUrl }} + {{- if $middlewareData.addons }} + addons: + {{- range $middlewareData.addons }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/enterprise/traefik/16.0.11/values.yaml b/enterprise/traefik/16.0.11/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/enterprise/traefik/item.yaml b/enterprise/traefik/item.yaml new file mode 100644 index 0000000000..73af68c031 --- /dev/null +++ b/enterprise/traefik/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +categories: +- network +