diff --git a/enterprise/grafana/6.0.23/CHANGELOG.md b/enterprise/grafana/6.0.23/CHANGELOG.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/grafana/6.0.23/Chart.yaml b/enterprise/grafana/6.0.23/Chart.yaml
new file mode 100644
index 0000000000..1cd6e262ef
--- /dev/null
+++ b/enterprise/grafana/6.0.23/Chart.yaml
@@ -0,0 +1,32 @@
+apiVersion: v2
+appVersion: "9.3.2"
+dependencies:
+ - name: common
+ repository: https://library-charts.truecharts.org
+ version: 11.1.2
+deprecated: false
+description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
+home: https://truecharts.org/charts/stable/grafana
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png
+keywords:
+ - analytics
+ - monitoring
+ - metrics
+ - logs
+kubeVersion: ">=1.16.0-0"
+maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: grafana
+sources:
+ - https://github.com/truecharts/charts/tree/master/charts/stable/grafana
+ - https://github.com/bitnami/bitnami-docker-grafana
+ - https://grafana.com/
+type: application
+version: 6.0.23
+annotations:
+ truecharts.org/catagories: |
+ - metrics
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/grade: U
diff --git a/enterprise/grafana/6.0.23/README.md b/enterprise/grafana/6.0.23/README.md
new file mode 100644
index 0000000000..701942c352
--- /dev/null
+++ b/enterprise/grafana/6.0.23/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/enterprise/grafana/6.0.23/app-changelog.md b/enterprise/grafana/6.0.23/app-changelog.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/grafana/6.0.23/app-readme.md b/enterprise/grafana/6.0.23/app-readme.md
new file mode 100644
index 0000000000..b58f480f5b
--- /dev/null
+++ b/enterprise/grafana/6.0.23/app-readme.md
@@ -0,0 +1,8 @@
+Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/grafana](https://truecharts.org/charts/enterprise/grafana)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can!
diff --git a/enterprise/grafana/6.0.23/charts/common-11.1.2.tgz b/enterprise/grafana/6.0.23/charts/common-11.1.2.tgz
new file mode 100644
index 0000000000..da62080e8a
Binary files /dev/null and b/enterprise/grafana/6.0.23/charts/common-11.1.2.tgz differ
diff --git a/enterprise/grafana/6.0.23/ix_values.yaml b/enterprise/grafana/6.0.23/ix_values.yaml
new file mode 100644
index 0000000000..a5b686f32c
--- /dev/null
+++ b/enterprise/grafana/6.0.23/ix_values.yaml
@@ -0,0 +1,79 @@
+image:
+ repository: tccr.io/truecharts/grafana
+ pullPolicy: IfNotPresent
+ tag: 9.3.2@sha256:21b9ef183533b4f4bec2f2b13b0e648086d8896aa3d2423fb99607965c713053
+
+securityContext:
+ readOnlyRootFilesystem: false
+
+service:
+ main:
+ ports:
+ main:
+ protocol: HTTP
+ targetPort: 3000
+ port: 10038
+
+probes:
+ liveness:
+ path: "/api/health"
+
+ readiness:
+ path: "/api/health"
+
+ startup:
+ path: "/api/health"
+
+secretEnv:
+ GF_SECURITY_ADMIN_USER: "admin"
+ GF_SECURITY_ADMIN_PASSWORD: "testpassword"
+
+env:
+ GF_INSTALL_PLUGINS: ""
+ GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins"
+ GF_AUTH_LDAP_ENABLED: "false"
+ GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml"
+ GF_AUTH_LDAP_ALLOW_SIGN_UP: "false"
+ GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning"
+ GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini"
+ GF_PATHS_DATA: "/opt/bitnami/grafana/data"
+ GF_PATHS_LOGS: "/opt/bitnami/grafana/logs"
+
+persistence:
+ config:
+ enabled: true
+ mountPath: "/opt/bitnami/grafana/data"
+ grafana-tmp:
+ enabled: true
+ type: emptyDir
+ mountPath: /opt/bitnami/grafana/tmp
+
+metrics:
+ # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
+ # @default -- See values.yaml
+ enabled: false
+ serviceMonitor:
+ interval: 1m
+ scrapeTimeout: 30s
+ labels: {}
+ # -- Enable and configure Prometheus Rules for the chart under this key.
+ # @default -- See values.yaml
+ prometheusRule:
+ enabled: false
+ labels: {}
+ # -- Configure additionial rules for the chart under this key.
+ # @default -- See prometheusrules.yaml
+ rules:
+ []
+ # - alert: UnifiPollerAbsent
+ # annotations:
+ # description: Unifi Poller has disappeared from Prometheus service discovery.
+ # summary: Unifi Poller is down.
+ # expr: |
+ # absent(up{job=~".*unifi-poller.*"} == 1)
+ # for: 5m
+ # labels:
+ # severity: critical
+
+portal:
+ enabled: true
diff --git a/enterprise/grafana/6.0.23/questions.yaml b/enterprise/grafana/6.0.23/questions.yaml
new file mode 100644
index 0000000000..703d2d7db8
--- /dev/null
+++ b/enterprise/grafana/6.0.23/questions.yaml
@@ -0,0 +1,1926 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: VPN
+ description: VPN
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_portal_protocol"
+ host:
+ - "$kubernetes-resource_configmap_portal_host"
+ ports:
+ - "$kubernetes-resource_configmap_portal_port"
+questions:
+ - variable: global
+ label: Global Settings
+ group: "General Settings"
+ schema:
+ type: dict
+ hidden: true
+ attrs:
+ - variable: isSCALE
+ label: Flag this is SCALE
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: controller
+ group: "General Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: replicas
+ description: Number of desired pod replicas
+ label: Desired Replicas
+ schema:
+ type: int
+ required: true
+ default: 1
+ - variable: customextraargs
+ group: "General Settings"
+ label: "Extra Args"
+ description: "Do not click this unless you know what you are doing"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: secretEnv
+ group: "App Configuration"
+ label: "Secret Image Environment"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: GF_SECURITY_ADMIN_USER
+ label: "Admin User"
+ schema:
+ type: string
+ required: true
+ default: "admin"
+ - variable: GF_SECURITY_ADMIN_PASSWORD
+ label: "Admin Password"
+ schema:
+ type: string
+ required: true
+ private: true
+ default: "REPLACETHIS"
+ - variable: env
+ group: "App Configuration"
+ label: "Image Environment"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: GF_INSTALL_PLUGINS
+ label: "Extra Plugins to Install"
+ description: "comma seperated"
+ schema:
+ type: string
+ default: ""
+ - variable: GF_AUTH_LDAP_ENABLED
+ label: "enable LDAP"
+ schema:
+ type: boolean
+ default: false
+ - variable: GF_AUTH_LDAP_ALLOW_SIGN_UP
+ label: "Allow LDAP Signup"
+ schema:
+ type: boolean
+ default: false
+ - variable: GF_AUTH_LDAP_CONFIG_FILE
+ label: "LDAP Config Path"
+ schema:
+ type: string
+ default: "/opt/bitnami/grafana/conf/ldap.toml"
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ group: "General Settings"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service"
+ description: "The Primary service on which the healthcheck runs, often the webUI"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service Port Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ default: 10038
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ group: Networking and Services
+ label: Host-Networking (Complicated)
+ schema:
+ type: boolean
+ default: false
+ - variable: externalInterfaces
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ show_subquestions_if: static
+ subquestions:
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: HTTP
+ description: HTTP
+ - value: HTTPS
+ description: HTTPS
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistence
+ label: Integrated Persistent Storage
+ description: Integrated Persistent Storage
+ group: Storage and Persistence
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: config
+ label: "App Config Storage"
+ description: "Stores the Application Configuration."
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissions
+ label: Automatic Permissions
+ description: Automatically set permissions on install
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissions
+ label: Automatic Permissions
+ description: Automatically set permissions on install
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: Select TrueNAS SCALE Certificate
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: Select TrueNAS SCALE Certificate
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: security
+ label: Container Security Settings
+ group: Security and Permissions
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: editsecurity
+ label: Change PUID / UMASK values
+ description: By enabling this you override default set values.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "002"
+ - variable: advancedSecurity
+ label: Show Advanced Security Settings
+ group: Security and Permissions
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: securityContext
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: false
+ - variable: allowPrivilegeEscalation
+ label: "Allow Privilege Escalation"
+ schema:
+ type: boolean
+ default: false
+ - variable: runAsNonRoot
+ label: "runAsNonRoot"
+ schema:
+ type: boolean
+ default: true
+ - variable: podSecurityContext
+ group: Security and Permissions
+ label: Pod Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: runAsUser
+ label: "runAsUser"
+ description: "The UserID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: "runAsGroup"
+ description: "The groupID this App of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: fsGroup
+ label: "fsGroup"
+ description: "The group that should own ALL storage."
+ schema:
+ type: int
+ default: 568
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: hostPath
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ # Specify GPU configuration
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: metrics
+ group: Metrics
+ label: Prometheus Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: serviceMonitor
+ label: Service Monitor Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: interval
+ label: Scrape Interval
+ description: Scrape interval time
+ schema:
+ type: string
+ default: 1m
+ required: true
+ - variable: scrapeTimeout
+ label: Scrape Timeout
+ description: Scrape timeout Time
+ schema:
+ type: string
+ default: 30s
+ required: true
+ - variable: prometheusRule
+ label: PrometheusRule
+ description: Enable and configure Prometheus Rules for the App.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ # TODO: Rule List section
+ - variable: horizontalPodAutoscaler
+ group: Advanced
+ label: (Advanced) Horizontal Pod Autoscaler
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hpaEntry
+ label: HPA Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: target
+ label: Target
+ description: Deployment name, Defaults to Main Deployment
+ schema:
+ type: string
+ default: ""
+ - variable: minReplicas
+ label: Minimum Replicas
+ schema:
+ type: int
+ default: 1
+ - variable: maxReplicas
+ label: Maximum Replicas
+ schema:
+ type: int
+ default: 5
+ - variable: targetCPUUtilizationPercentage
+ label: Target CPU Utilization Percentage
+ schema:
+ type: int
+ default: 80
+ - variable: targetMemoryUtilizationPercentage
+ label: Target Memory Utilization Percentage
+ schema:
+ type: int
+ default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: git
+ label: Git Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: deployKey
+ description: Raw SSH Private Key
+ label: Deploy Key
+ schema:
+ type: string
+ - variable: deployKeyBase64
+ description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence
+ label: Deploy Key Base64
+ schema:
+ type: string
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: nodePort
+ description: Leave Empty to Disable
+ label: nodePort DEPRECATED
+ schema:
+ type: int
+ default: 36107
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: openvpn
+ description: OpenVPN
+ - value: wireguard
+ description: Wireguard
+ - value: tailscale
+ description: Tailscale
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: dict
+ show_if: [["type", "!=", "disabled"]]
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: hostPath
+ hidden: true
+ - variable: hostPathType
+ label: hostPathType
+ schema:
+ type: string
+ default: File
+ hidden: true
+ - variable: noMount
+ label: noMount
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: hostPath
+ label: Full Path to File
+ description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn"
+ schema:
+ type: string
+ default: ""
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/enterprise/grafana/6.0.23/templates/common.yaml b/enterprise/grafana/6.0.23/templates/common.yaml
new file mode 100644
index 0000000000..c1a366e1cf
--- /dev/null
+++ b/enterprise/grafana/6.0.23/templates/common.yaml
@@ -0,0 +1 @@
+{{ include "tc.common.loader.all" . }}
diff --git a/enterprise/grafana/6.0.23/templates/prometheusrules.yaml b/enterprise/grafana/6.0.23/templates/prometheusrules.yaml
new file mode 100644
index 0000000000..35b77edf0f
--- /dev/null
+++ b/enterprise/grafana/6.0.23/templates/prometheusrules.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ include "tc.common.names.fullname" . }}
+ labels:
+ {{- include "tc.common.labels" . | nindent 4 }}
+ {{- with .Values.metrics.prometheusRule.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ groups:
+ - name: {{ include "tc.common.names.fullname" . }}
+ rules:
+ {{- with .Values.metrics.prometheusRule.rules }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/grafana/6.0.23/templates/servicemonitor.yaml b/enterprise/grafana/6.0.23/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..cec4d36809
--- /dev/null
+++ b/enterprise/grafana/6.0.23/templates/servicemonitor.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "tc.common.names.fullname" . }}
+ labels:
+ {{- include "tc.common.labels" . | nindent 4 }}
+ {{- with .Values.metrics.serviceMonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "tc.common.labels.selectorLabels" . | nindent 6 }}
+ endpoints:
+ - port: main
+ {{- with .Values.metrics.serviceMonitor.interval }}
+ interval: {{ . }}
+ {{- end }}
+ {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
+ {{- end }}
+ path: /metrics
+{{- end }}
diff --git a/enterprise/grafana/6.0.23/values.yaml b/enterprise/grafana/6.0.23/values.yaml
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/grafana/item.yaml b/enterprise/grafana/item.yaml
new file mode 100644
index 0000000000..f801010d9f
--- /dev/null
+++ b/enterprise/grafana/item.yaml
@@ -0,0 +1,4 @@
+icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png
+categories:
+- metrics
+
diff --git a/enterprise/prometheus/7.0.42/CHANGELOG.md b/enterprise/prometheus/7.0.42/CHANGELOG.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/prometheus/7.0.42/Chart.yaml b/enterprise/prometheus/7.0.42/Chart.yaml
new file mode 100644
index 0000000000..7d9e730180
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/Chart.yaml
@@ -0,0 +1,37 @@
+apiVersion: v2
+appVersion: "2.41.0"
+dependencies:
+ - name: common
+ repository: https://library-charts.truecharts.org
+ version: 11.1.2
+ - condition: exporters.enabled,exporters.node-exporter.enabled
+ name: node-exporter
+ repository: https://charts.bitnami.com/bitnami
+ version: 3.2.6
+ - condition: exporters.enabled,exporters.kube-state-metrics.enabled
+ name: kube-state-metrics
+ repository: https://charts.bitnami.com/bitnami
+ version: 3.2.7
+deprecated: false
+description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
+home: https://truecharts.org/charts/stable/prometheus
+keywords:
+ - metrics
+kubeVersion: ">=1.16.0-0"
+maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: prometheus
+sources:
+ - https://github.com/truecharts/charts/tree/master/charts/stable/prometheus
+ - https://github.com/prometheus-community/helm-charts
+ - https://github.com/prometheus-operator/kube-prometheus
+type: application
+version: 7.0.42
+annotations:
+ truecharts.org/catagories: |
+ - metrics
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/grade: U
diff --git a/enterprise/prometheus/7.0.42/README.md b/enterprise/prometheus/7.0.42/README.md
new file mode 100644
index 0000000000..701942c352
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/enterprise/prometheus/7.0.42/app-changelog.md b/enterprise/prometheus/7.0.42/app-changelog.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/prometheus/7.0.42/app-readme.md b/enterprise/prometheus/7.0.42/app-readme.md
new file mode 100644
index 0000000000..76da35b355
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/app-readme.md
@@ -0,0 +1,8 @@
+kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/prometheus](https://truecharts.org/charts/enterprise/prometheus)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can!
diff --git a/enterprise/prometheus/7.0.42/charts/common-11.1.2.tgz b/enterprise/prometheus/7.0.42/charts/common-11.1.2.tgz
new file mode 100644
index 0000000000..da62080e8a
Binary files /dev/null and b/enterprise/prometheus/7.0.42/charts/common-11.1.2.tgz differ
diff --git a/enterprise/prometheus/7.0.42/charts/kube-state-metrics-3.2.7.tgz b/enterprise/prometheus/7.0.42/charts/kube-state-metrics-3.2.7.tgz
new file mode 100644
index 0000000000..2de30485be
Binary files /dev/null and b/enterprise/prometheus/7.0.42/charts/kube-state-metrics-3.2.7.tgz differ
diff --git a/enterprise/prometheus/7.0.42/charts/node-exporter-3.2.6.tgz b/enterprise/prometheus/7.0.42/charts/node-exporter-3.2.6.tgz
new file mode 100644
index 0000000000..453a0c519f
Binary files /dev/null and b/enterprise/prometheus/7.0.42/charts/node-exporter-3.2.6.tgz differ
diff --git a/enterprise/prometheus/7.0.42/ix_values.yaml b/enterprise/prometheus/7.0.42/ix_values.yaml
new file mode 100644
index 0000000000..a34b7d2429
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/ix_values.yaml
@@ -0,0 +1,1364 @@
+image:
+ repository: tccr.io/truecharts/prometheus
+ tag: 2.41.0@sha256:948cd5bf9472e3ad2f66cc3a5dcb51662b714d1aabff8f1789a9cd34c8e2f525
+
+thanosImage:
+ repository: tccr.io/truecharts/thanos
+ tag: 0.30.1@sha256:4d8f9be91494f5106462389dc70332c9a371ba871ea0d9cbddebebed62961cfa
+
+alertmanagerImage:
+ repository: tccr.io/truecharts/alertmanager
+ tag: 0.25.0@sha256:90fe7bfecee646e4feff31a6cd0f5212854cecfb525b47e4fd18c2d2b12d9735
+
+global:
+ labels: {}
+
+controller:
+ enabled: false
+
+service:
+ main:
+ selector:
+ app.kubernetes.io/name: prometheus
+ prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}'
+ ports:
+ main:
+ port: 10086
+ targetPort: 9090
+ protocol: HTTP
+ alertmanager:
+ enabled: true
+ selector:
+ app.kubernetes.io/name: alertmanager
+ alertmanager: '{{ template "kube-prometheus.alertmanager.fullname" . }}'
+ ports:
+ alertmanager:
+ enabled: true
+ port: 10087
+ targetPort: 9093
+ protocol: HTTP
+ thanos:
+ enabled: true
+ selector:
+ app.kubernetes.io/name: prometheus
+ prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}'
+ ports:
+ thanos:
+ enabled: true
+ port: 10901
+ targetPort: 10901
+ protocol: HTTP
+
+ingress:
+ main:
+ enabled: false
+ alertmanager:
+ enabled: false
+ thanos:
+ enabled: false
+
+####
+## Operator Config
+####
+
+env:
+ PROMETHEUS_CONFIG_RELOADER:
+ configMapKeyRef:
+ name: prometheus-operator-config
+ key: prometheus-config-reloader
+
+# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+rbac:
+ main:
+ enabled: true
+ rules:
+ - apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - create
+ - apiGroups:
+ - apiextensions.k8s.io
+ resourceNames:
+ - alertmanagers.monitoring.coreos.com
+ - podmonitors.monitoring.coreos.com
+ - prometheuses.monitoring.coreos.com
+ - prometheusrules.monitoring.coreos.com
+ - servicemonitors.monitoring.coreos.com
+ - thanosrulers.monitoring.coreos.com
+ - probes.monitoring.coreos.com
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - alertmanagers
+ - alertmanagers/finalizers
+ - alertmanagerconfigs
+ - prometheuses
+ - prometheuses/finalizers
+ - thanosrulers
+ - thanosrulers/finalizers
+ - servicemonitors
+ - podmonitors
+ - probes
+ - prometheusrules
+ verbs:
+ - "*"
+ - apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ verbs:
+ - "*"
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - secrets
+ verbs:
+ - "*"
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - list
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ - services/finalizers
+ - endpoints
+ verbs:
+ - get
+ - create
+ - update
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+
+# -- The service account the pods will use to interact with the Kubernetes API
+serviceAccount:
+ main:
+ enabled: true
+
+securityContext:
+ readOnlyRootFilesystem: false
+
+probes:
+ # -- Liveness probe configuration
+ # @default -- See below
+ liveness:
+ custom: true
+ spec:
+ httpGet:
+ path: "/metrics"
+ port: promop
+ scheme: HTTP
+
+ # -- Redainess probe configuration
+ # @default -- See below
+ readiness:
+ custom: true
+ spec:
+ httpGet:
+ path: "/metrics"
+ port: promop
+ scheme: HTTP
+
+ # -- Startup probe configuration
+ # @default -- See below
+ startup:
+ custom: true
+ spec:
+ httpGet:
+ path: "/metrics"
+ port: promop
+ scheme: HTTP
+
+operator:
+ ## Create a servicemonitor for the operator
+ ##
+ serviceMonitor:
+ ## @param operator.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus Operator
+ ##
+ enabled: false
+ ## @param operator.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ interval: ""
+ ## @param operator.serviceMonitor.metricRelabelings Metric relabeling
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ metricRelabelings: []
+ ## @param operator.serviceMonitor.relabelings Relabel configs
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ relabelings: []
+
+ ## Prometheus Configmap-reload image to use for reloading configmaps
+ ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/)
+ ##
+ prometheusConfigReloader:
+ containerSecurityContext:
+ enabled: true
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+
+####
+## Prometheus Config (Spawned by Operator)
+####
+
+## Deploy a Prometheus instance
+##
+prometheus:
+ ## @param prometheus.enabled Deploy Prometheus to the cluster
+ ##
+ enabled: true
+ ## Bitnami Prometheus image version
+ ## ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus/tags/
+ ## @param prometheus.image.registry Prometheus image registry
+ ## @param prometheus.image.repository Prometheus image repository
+ ## @param prometheus.image.tag Prometheus Image tag (immutable tags are recommended)
+ ## @param prometheus.image.pullSecrets Specify docker-registry secret names as an array
+ ##
+ ## Service account for Prometheus to use.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ ##
+ serviceAccount:
+ ## @param prometheus.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus
+ ##
+ create: true
+ ## @param prometheus.serviceAccount.name The name of the ServiceAccount to create
+ ## If not set and create is true, a name is generated using the kube-prometheus.prometheus.fullname template
+ name: ""
+ ## @param prometheus.serviceAccount.annotations Additional annotations for created Prometheus ServiceAccount
+ ## annotations:
+ ## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/prometheus
+ ##
+ annotations: {}
+ ## Prometheus pods' Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param prometheus.podSecurityContext.enabled Enable security context
+ ## @param prometheus.podSecurityContext.runAsUser User ID for the container
+ ## @param prometheus.podSecurityContext.fsGroup Group ID for the container filesystem
+ ##
+ podSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ fsGroup: 1001
+ ## Prometheus containers' Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param prometheus.containerSecurityContext.enabled Enable container security context
+ ## @param prometheus.containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem
+ ## @param prometheus.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off
+ ## @param prometheus.containerSecurityContext.runAsNonRoot Force the container to run as a non root user
+ ## @param prometheus.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped
+ ##
+ containerSecurityContext:
+ enabled: true
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+
+ serviceMonitor:
+ ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself
+ ##
+ enabled: true
+ ## @param prometheus.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ interval: ""
+ ## @param prometheus.serviceMonitor.metricRelabelings Metric relabeling
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ metricRelabelings: []
+ ## @param prometheus.serviceMonitor.relabelings Relabel configs
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ relabelings: []
+ ## @param prometheus.externalUrl External URL used to access Prometheus
+ ## If not creating an ingress but still exposing the service some other way (like a proxy)
+ ## let Prometheus know what its external URL is so that it can properly create links
+ ## externalUrl: https://prometheus.example.com
+ ##
+ externalUrl: ""
+ ## @param prometheus.resources CPU/Memory resource requests/limits for node
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ ## @param prometheus.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param prometheus.podAntiAffinityPreset Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param prometheus.nodeAffinityPreset.type Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param prometheus.nodeAffinityPreset.key Prometheus Node label key to match Ignored if `affinity` is set.
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## @param prometheus.nodeAffinityPreset.values Prometheus Node label values to match. Ignored if `affinity` is set.
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param prometheus.affinity Prometheus Affinity for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## Note: prometheus.podAffinityPreset, prometheus.podAntiAffinityPreset, and prometheus.nodeAffinityPreset will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param prometheus.nodeSelector Prometheus Node labels for pod assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param prometheus.tolerations Prometheus Tolerations for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param prometheus.scrapeInterval Interval between consecutive scrapes
+ ##
+ scrapeInterval: "15s"
+ ## @param prometheus.evaluationInterval Interval between consecutive evaluations
+ ##
+ evaluationInterval: "30s"
+ ## @param prometheus.listenLocal ListenLocal makes the Prometheus server listen on loopback
+ ##
+ listenLocal: false
+ ## Configure extra options for liveness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param prometheus.livenessProbe.enabled Turn on and off liveness probe
+ ## @param prometheus.livenessProbe.path Path of the HTTP service for checking the healthy state
+ ## @param prometheus.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
+ ## @param prometheus.livenessProbe.periodSeconds How often to perform the probe
+ ## @param prometheus.livenessProbe.timeoutSeconds When the probe times out
+ ## @param prometheus.livenessProbe.failureThreshold Minimum consecutive failures for the probe
+ ## @param prometheus.livenessProbe.successThreshold Minimum consecutive successes for the probe
+ ##
+ livenessProbe:
+ enabled: true
+ path: /-/healthy
+ initialDelaySeconds: 0
+ failureThreshold: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 3
+ ## Configure extra options for readiness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param prometheus.readinessProbe.enabled Turn on and off readiness probe
+ ## @param prometheus.readinessProbe.path Path of the HTTP service for checking the ready state
+ ## @param prometheus.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
+ ## @param prometheus.readinessProbe.periodSeconds How often to perform the probe
+ ## @param prometheus.readinessProbe.timeoutSeconds When the probe times out
+ ## @param prometheus.readinessProbe.failureThreshold Minimum consecutive failures for the probe
+ ## @param prometheus.readinessProbe.successThreshold Minimum consecutive successes for the probe
+ ##
+ readinessProbe:
+ enabled: true
+ path: /-/ready
+ initialDelaySeconds: 0
+ failureThreshold: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 3
+ ## @param prometheus.enableAdminAPI Enable Prometheus adminitrative API
+ ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
+ ##
+ enableAdminAPI: false
+ ## @param prometheus.enableFeatures Enable access to Prometheus disabled features.
+ ## ref: https://prometheus.io/docs/prometheus/latest/disabled_features/
+ ##
+ enableFeatures: []
+ ## @param prometheus.alertingEndpoints Alertmanagers to which alerts will be sent
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints
+ ##
+ alertingEndpoints: []
+ ## @param prometheus.externalLabels External labels to add to any time series or alerts when communicating with external systems
+ ##
+ externalLabels: {}
+ ## @param prometheus.replicaExternalLabelName Name of the external label used to denote replica name
+ ##
+ replicaExternalLabelName: ""
+ ## @param prometheus.replicaExternalLabelNameClear Clear external label used to denote replica name
+ ##
+ replicaExternalLabelNameClear: false
+ ## @param prometheus.routePrefix Prefix used to register routes, overriding externalUrl route
+ ## Useful for proxies that rewrite URLs.
+ ##
+ routePrefix: /
+ ## @param prometheus.prometheusExternalLabelName Name of the external label used to denote Prometheus instance name
+ ##
+ prometheusExternalLabelName: ""
+ ## @param prometheus.prometheusExternalLabelNameClear Clear external label used to denote Prometheus instance name
+ ##
+ prometheusExternalLabelNameClear: false
+ ## @param prometheus.secrets Secrets that should be mounted into the Prometheus Pods
+ ##
+ secrets: []
+ ## @param prometheus.configMaps ConfigMaps that should be mounted into the Prometheus Pods
+ ##
+ configMaps: []
+ ## @param prometheus.querySpec The query command line flags when starting Prometheus
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec
+ ##
+ querySpec: {}
+ ## @param prometheus.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
+ ##
+ ruleNamespaceSelector: {}
+ ## @param prometheus.ruleSelector PrometheusRules to be selected for target discovery
+ ## If {}, select all ServiceMonitors
+ ##
+ ruleSelector: {}
+ ## @param prometheus.serviceMonitorSelector ServiceMonitors to be selected for target discovery
+ ## If {}, select all ServiceMonitors
+ ##
+ serviceMonitorSelector: {}
+ ## @param prometheus.matchLabels Matchlabels
+ ##
+ matchLabels: {}
+ ## @param prometheus.serviceMonitorNamespaceSelector Namespaces to be selected for ServiceMonitor discovery
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
+ ##
+ serviceMonitorNamespaceSelector: {}
+ ## @param prometheus.podMonitorSelector PodMonitors to be selected for target discovery.
+ ## If {}, select all PodMonitors
+ ##
+ podMonitorSelector: {}
+ ## @param prometheus.podMonitorNamespaceSelector Namespaces to be selected for PodMonitor discovery
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
+ ##
+ podMonitorNamespaceSelector: {}
+ ## @param prometheus.probeSelector Probes to be selected for target discovery.
+ ## If {}, select all Probes
+ ##
+ probeSelector: {}
+ ## @param prometheus.probeNamespaceSelector Namespaces to be selected for Probe discovery
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
+ ##
+ probeNamespaceSelector: {}
+ ## @param prometheus.retention Metrics retention days
+ ##
+ retention: 31d
+ ## @param prometheus.retentionSize Maximum size of metrics
+ ##
+ retentionSize: ""
+ ## @param prometheus.disableCompaction Disable the compaction of the Prometheus TSDB
+ ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+ ## ref: https://prometheus.io/docs/prometheus/latest/storage/#compaction
+ ##
+ disableCompaction: false
+ ## @param prometheus.walCompression Enable compression of the write-ahead log using Snappy
+ ##
+ walCompression: false
+ ## @param prometheus.paused If true, the Operator won't process any Prometheus configuration changes
+ ##
+ paused: false
+ ## @param prometheus.replicaCount Number of Prometheus replicas desired
+ ##
+ replicaCount: 1
+ ## @param prometheus.logLevel Log level for Prometheus
+ ##
+ logLevel: info
+ ## @param prometheus.logFormat Log format for Prometheus
+ ##
+ logFormat: logfmt
+ ## @param prometheus.podMetadata [object] Standard object's metadata
+ ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+ ##
+ podMetadata:
+ ## labels:
+ ## app: prometheus
+ ## k8s-app: prometheus
+ ##
+ labels: {}
+ annotations: {}
+ ## @param prometheus.remoteRead The remote_read spec configuration for Prometheus
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
+ ## remoteRead:
+ ## - url: http://remote1/read
+ ##
+ remoteRead: []
+ ## @param prometheus.remoteWrite The remote_write spec configuration for Prometheus
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
+ ## remoteWrite:
+ ## - url: http://remote1/push
+ ##
+ remoteWrite: []
+ ## @param prometheus.storageSpec Prometheus StorageSpec for persistent data
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
+ ##
+ storageSpec: {}
+ ## Prometheus persistence parameters
+ ##
+ persistence:
+ ## @param prometheus.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect.
+ ##
+ enabled: true
+ ## @param prometheus.persistence.storageClass Persistent Volume Storage Class
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner.
+ ##
+ storageClass: ""
+ ## @param prometheus.persistence.accessModes Persistent Volume Access Modes
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## @param prometheus.persistence.size Persistent Volume Size
+ ##
+ size: 999Gi
+ ## @param prometheus.priorityClassName Priority class assigned to the Pods
+ ##
+ priorityClassName: ""
+ ## @param prometheus.containers Containers allows injecting additional containers
+ ##
+ containers: []
+ ## @param prometheus.volumes Volumes allows configuration of additional volumes
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+ ##
+ volumes: []
+ ## @param prometheus.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+ ##
+ volumeMounts: []
+ ## @param prometheus.additionalPrometheusRules PrometheusRule defines recording and alerting rules for a Prometheus instance.
+ additionalPrometheusRules: []
+ ## - name: custom-recording-rules
+ ## groups:
+ ## - name: sum_node_by_job
+ ## rules:
+ ## - record: job:kube_node_labels:sum
+ ## expr: sum(kube_node_labels) by (job)
+ ## - name: sum_prometheus_config_reload_by_pod
+ ## rules:
+ ## - record: job:prometheus_config_last_reload_successful:sum
+ ## expr: sum(prometheus_config_last_reload_successful) by (pod)
+ ## - name: custom-alerting-rules
+ ## groups:
+ ## - name: prometheus-config
+ ## rules:
+ ## - alert: PrometheusConfigurationReload
+ ## expr: prometheus_config_last_reload_successful > 0
+ ## for: 1m
+ ## labels:
+ ## severity: error
+ ## annotations:
+ ## summary: "Prometheus configuration reload (instance {{ $labels.instance }})"
+ ## description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
+ ## - name: custom-node-exporter-alerting-rules
+ ## rules:
+ ## - alert: PhysicalComponentTooHot
+ ## expr: node_hwmon_temp_celsius > 75
+ ## for: 5m
+ ## labels:
+ ## severity: warning
+ ## annotations:
+ ## summary: "Physical component too hot (instance {{ $labels.instance }})"
+ ## description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
+ ## - alert: NodeOvertemperatureAlarm
+ ## expr: node_hwmon_temp_alarm == 1
+ ## for: 5m
+ ## labels:
+ ## severity: critical
+ ## annotations:
+ ## summary: "Node overtemperature alarm (instance {{ $labels.instance }})"
+ ## description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}"
+ ##
+ ## Note that the prometheus will fail to provision if the correct secret does not exist.
+ ## @param prometheus.additionalScrapeConfigs.enabled Enable additional scrape configs
+ ## @param prometheus.additionalScrapeConfigs.type Indicates if the cart should use external additional scrape configs or internal configs
+ ## @param prometheus.additionalScrapeConfigs.external.name Name of the secret that Prometheus should use for the additional external scrape configuration
+ ## @param prometheus.additionalScrapeConfigs.external.key Name of the key inside the secret to be used for the additional external scrape configuration
+ ## @param prometheus.additionalScrapeConfigs.internal.jobList A list of Prometheus scrape jobs
+ ##
+ additionalScrapeConfigs:
+ enabled: false
+ type: external
+ external:
+ ## Name of the secret that Prometheus should use for the additional scrape configuration
+ ##
+ name: ""
+ ## Name of the key inside the secret to be used for the additional scrape configuration.
+ ##
+ key: ""
+ internal:
+ jobList: []
+ ## @param prometheus.additionalScrapeConfigsExternal.enabled Deprecated: Enable additional scrape configs that are managed externally to this chart
+ ## @param prometheus.additionalScrapeConfigsExternal.name Deprecated: Name of the secret that Prometheus should use for the additional scrape configuration
+ ## @param prometheus.additionalScrapeConfigsExternal.key Deprecated: Name of the key inside the secret to be used for the additional scrape configuration
+ ##
+ additionalScrapeConfigsExternal:
+ enabled: false
+ name: ""
+ key: ""
+ ## Enable additional Prometheus alert relabel configs that are managed externally to this chart
+ ## Note that the prometheus will fail to provision if the correct secret does not exist.
+ ## @param prometheus.additionalAlertRelabelConfigsExternal.enabled Enable additional Prometheus alert relabel configs that are managed externally to this chart
+ ## @param prometheus.additionalAlertRelabelConfigsExternal.name Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration
+ ## @param prometheus.additionalAlertRelabelConfigsExternal.key Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration
+ ##
+ additionalAlertRelabelConfigsExternal:
+ enabled: false
+ name: ""
+ key: ""
+ ## Thanos sidecar container configuration
+ ##
+ thanos:
+ ## @param prometheus.thanos.create Create a Thanos sidecar container
+ ##
+ create: false
+ ## Bitnami Thanos image
+ ## ref: https://hub.docker.com/r/tccr.io/truecharts/thanos/tags/
+ ## @param prometheus.thanos.image.registry Thanos image registry
+ ## @param prometheus.thanos.image.repository Thanos image name
+ ## @param prometheus.thanos.image.tag Thanos image tag
+ ## @param prometheus.thanos.image.pullPolicy Thanos image pull policy
+ ## @param prometheus.thanos.image.pullSecrets Specify docker-registry secret names as an array
+ ##
+ ## Thanos Sidecar container's securityContext
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param prometheus.thanos.containerSecurityContext.enabled Enable container security context
+ ## @param prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem
+ ## @param prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off
+ ## @param prometheus.thanos.containerSecurityContext.runAsNonRoot Force the container to run as a non root user
+ ## @param prometheus.thanos.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped
+ ##
+ containerSecurityContext:
+ enabled: true
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ ## @param prometheus.thanos.prometheusUrl Override default prometheus url "http://localhost:9090"
+ ##
+ prometheusUrl: ""
+ ## @param prometheus.thanos.extraArgs Additional arguments passed to the thanos sidecar container
+ ## extraArgs:
+ ## - --log.level=debug
+ ## - --tsdb.path=/data/
+ ##
+ extraArgs: []
+ ## @param prometheus.thanos.objectStorageConfig Support mounting a Secret for the objectStorageConfig of the sideCar container.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/thanos.md
+ ## objectStorageConfig:
+ ## secretName: thanos-objstore-config
+ ## secretKey: thanos.yaml
+ ##
+ objectStorageConfig: {}
+ ## ref: https://github.com/thanos-io/thanos/blob/main/docs/components/sidecar.md
+ ## @param prometheus.thanos.extraVolumeMounts Additional volumeMounts from `prometheus.volumes` for thanos sidecar container
+ ## extraVolumeMounts:
+ ## - name: my-secret-volume
+ ## mountPath: /etc/thanos/secrets/my-secret
+ ##
+ extraVolumeMounts: []
+ ## Thanos sidecar container resource requests and limits.
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ## @param prometheus.thanos.resources.limits The resources limits for the Thanos sidecar container
+ ## @param prometheus.thanos.resources.requests The resources requests for the Thanos sidecar container
+ ##
+ resources:
+ ## Example:
+ ## limits:
+ ## cpu: 100m
+ ## memory: 128Mi
+ limits: {}
+ ## Examples:
+ ## requests:
+ ## cpu: 100m
+ ## memory: 128Mi
+ requests: {}
+ ## Configure extra options for liveness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param prometheus.thanos.livenessProbe.enabled Turn on and off liveness probe
+ ## @param prometheus.thanos.livenessProbe.path Path of the HTTP service for checking the healthy state
+ ## @param prometheus.thanos.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
+ ## @param prometheus.thanos.livenessProbe.periodSeconds How often to perform the probe
+ ## @param prometheus.thanos.livenessProbe.timeoutSeconds When the probe times out
+ ## @param prometheus.thanos.livenessProbe.failureThreshold Minimum consecutive failures for the probe
+ ## @param prometheus.thanos.livenessProbe.successThreshold Minimum consecutive successes for the probe
+ ##
+ livenessProbe:
+ enabled: true
+ path: /-/healthy
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ timeoutSeconds: 3
+ failureThreshold: 120
+ successThreshold: 1
+ ## Configure extra options for readiness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param prometheus.thanos.readinessProbe.enabled Turn on and off readiness probe
+ ## @param prometheus.thanos.readinessProbe.path Path of the HTTP service for checking the ready state
+ ## @param prometheus.thanos.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
+ ## @param prometheus.thanos.readinessProbe.periodSeconds How often to perform the probe
+ ## @param prometheus.thanos.readinessProbe.timeoutSeconds When the probe times out
+ ## @param prometheus.thanos.readinessProbe.failureThreshold Minimum consecutive failures for the probe
+ ## @param prometheus.thanos.readinessProbe.successThreshold Minimum consecutive successes for the probe
+ ##
+ readinessProbe:
+ enabled: true
+ path: /-/ready
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ timeoutSeconds: 3
+ failureThreshold: 120
+ successThreshold: 1
+ ## Thanos Sidecar Service
+ ##
+ service:
+ ## @param prometheus.thanos.service.type Kubernetes service type
+ ##
+ type: ClusterIP
+ ## @param prometheus.thanos.service.port Thanos service port
+ ##
+ port: 10901
+ ## @param prometheus.thanos.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default.
+ ## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests.
+ ##
+ clusterIP: None
+ ## @param prometheus.thanos.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ## e.g:
+ ## nodePort: 30901
+ ##
+ nodePort: ""
+ ## @param prometheus.thanos.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer`
+ ## Set the LoadBalancer service type to internal only
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ loadBalancerIP: ""
+ ## @param prometheus.thanos.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer`
+ ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param prometheus.thanos.service.annotations Additional annotations for Prometheus service
+ ##
+ annotations: {}
+ ## @param prometheus.thanos.service.extraPorts Additional ports to expose from the Thanos sidecar container
+ ## extraPorts:
+ ## - name: http
+ ## port: 10902
+ ## targetPort: http
+ ## protocol: TCP
+ ##
+ extraPorts: []
+ ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web
+ ##
+ portName: main
+
+####
+## Alert Manager Config
+####
+
+## @section Alertmanager Parameters
+
+## Configuration for alertmanager
+## ref: https://prometheus.io/docs/alerting/alertmanager/
+##
+alertmanager:
+ ## @param alertmanager.enabled Deploy Alertmanager to the cluster
+ ##
+ enabled: true
+ ## Service account for Alertmanager to use.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ ##
+ serviceAccount:
+ ## @param alertmanager.serviceAccount.create Specify whether to create a ServiceAccount for Alertmanager
+ ##
+ create: true
+ ## @param alertmanager.serviceAccount.name The name of the ServiceAccount to create
+ ## If not set and create is true, a name is generated using the kube-prometheus.alertmanager.fullname template
+ name: ""
+ ## Prometheus Alertmanager pods' Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param alertmanager.podSecurityContext.enabled Enable security context
+ ## @param alertmanager.podSecurityContext.runAsUser User ID for the container
+ ## @param alertmanager.podSecurityContext.fsGroup Group ID for the container filesystem
+ ##
+ podSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ fsGroup: 1001
+ ## Prometheus Alertmanager container's securityContext
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param alertmanager.containerSecurityContext.enabled Enable container security context
+ ## @param alertmanager.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem
+ ## @param alertmanager.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off
+ ## @param alertmanager.containerSecurityContext.runAsNonRoot Force the container to run as a non root user
+ ## @param alertmanager.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped
+ ##
+ containerSecurityContext:
+ enabled: true
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - ALL
+ ## Configure pod disruption budgets for Alertmanager
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+ ## @param alertmanager.podDisruptionBudget.enabled Create a pod disruption budget for Alertmanager
+ ## @param alertmanager.podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled
+ ## @param alertmanager.podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable
+ ##
+ podDisruptionBudget:
+ enabled: false
+ minAvailable: 1
+ maxUnavailable: ""
+ ## If true, create a serviceMonitor for alertmanager
+ ##
+ serviceMonitor:
+ ## @param alertmanager.serviceMonitor.enabled Creates a ServiceMonitor to monitor Alertmanager
+ ##
+ enabled: true
+ ## @param alertmanager.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ interval: ""
+ ## @param alertmanager.serviceMonitor.metricRelabelings Metric relabeling
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ metricRelabelings: []
+ ## @param alertmanager.serviceMonitor.relabelings Relabel configs
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ relabelings: []
+ ## @param alertmanager.externalUrl External URL used to access Alertmanager
+ ## e.g:
+ ## externalUrl: https://alertmanager.example.com
+ ##
+ externalUrl: ""
+ ## @param alertmanager.resources CPU/Memory resource requests/limits for node
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources: {}
+ ## @param alertmanager.podAffinityPreset Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param alertmanager.podAntiAffinityPreset Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param alertmanager.nodeAffinityPreset.type Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param alertmanager.nodeAffinityPreset.key Alertmanager Node label key to match Ignored if `affinity` is set.
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## @param alertmanager.nodeAffinityPreset.values Alertmanager Node label values to match. Ignored if `affinity` is set.
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param alertmanager.affinity Alertmanager Affinity for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## Note: alertmanager.podAffinityPreset, alertmanager.podAntiAffinityPreset, and alertmanager.nodeAffinityPreset will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param alertmanager.nodeSelector Alertmanager Node labels for pod assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param alertmanager.tolerations Alertmanager Tolerations for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## Alertmanager configuration
+ ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
+ ## @param alertmanager.config [object] Alertmanager configuration directive
+ ## @skip alertmanager.config.route.group_by
+ ## @skip alertmanager.config.route.routes
+ ## @skip alertmanager.config.receivers
+ ##
+ config:
+ global:
+ resolve_timeout: 5m
+ route:
+ group_by: ["job"]
+ group_wait: 30s
+ group_interval: 5m
+ repeat_interval: 12h
+ receiver: "null"
+ routes:
+ - match:
+ alertname: Watchdog
+ receiver: "null"
+ receivers:
+ - name: "null"
+ ## @param alertmanager.externalConfig Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created.
+ ## Alertmanager requires a secret named `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}`
+ ## It must contain:
+ ## alertmanager.yaml:
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md#alerting
+ ##
+ externalConfig: false
+ ## @param alertmanager.replicaCount Number of Alertmanager replicas desired
+ ##
+ replicaCount: 1
+ ## Configure extra options for liveness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param alertmanager.livenessProbe.enabled Turn on and off liveness probe
+ ## @param alertmanager.livenessProbe.path Path of the HTTP service for checking the healthy state
+ ## @param alertmanager.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated
+ ## @param alertmanager.livenessProbe.periodSeconds How often to perform the probe
+ ## @param alertmanager.livenessProbe.timeoutSeconds When the probe times out
+ ## @param alertmanager.livenessProbe.failureThreshold Minimum consecutive failures for the probe
+ ## @param alertmanager.livenessProbe.successThreshold Minimum consecutive successes for the probe
+ ##
+ livenessProbe:
+ enabled: true
+ path: /-/healthy
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ timeoutSeconds: 3
+ failureThreshold: 120
+ successThreshold: 1
+ ## Configure extra options for readiness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param alertmanager.readinessProbe.enabled Turn on and off readiness probe
+ ## @param alertmanager.readinessProbe.path Path of the HTTP service for checking the ready state
+ ## @param alertmanager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated
+ ## @param alertmanager.readinessProbe.periodSeconds How often to perform the probe
+ ## @param alertmanager.readinessProbe.timeoutSeconds When the probe times out
+ ## @param alertmanager.readinessProbe.failureThreshold Minimum consecutive failures for the probe
+ ## @param alertmanager.readinessProbe.successThreshold Minimum consecutive successes for the probe
+ ##
+ readinessProbe:
+ enabled: true
+ path: /-/ready
+ initialDelaySeconds: 0
+ periodSeconds: 5
+ timeoutSeconds: 3
+ failureThreshold: 120
+ successThreshold: 1
+ ## @param alertmanager.logLevel Log level for Alertmanager
+ ##
+ logLevel: info
+ ## @param alertmanager.logFormat Log format for Alertmanager
+ ##
+ logFormat: logfmt
+ ## @param alertmanager.podMetadata [object] Standard object's metadata.
+ ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
+ ##
+ podMetadata:
+ labels: {}
+ annotations: {}
+ ## @param alertmanager.secrets Secrets that should be mounted into the Alertmanager Pods
+ ##
+ secrets: []
+ ## @param alertmanager.configMaps ConfigMaps that should be mounted into the Alertmanager Pods
+ ##
+ configMaps: []
+ ## @param alertmanager.retention Metrics retention days
+ ##
+ retention: 240h
+ ## @param alertmanager.storageSpec Alertmanager StorageSpec for persistent data
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
+ ##
+ storageSpec: {}
+ ## Alertmanager persistence parameters
+ ##
+ persistence:
+ ## @param alertmanager.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect.
+ ## If you want to use this configuration make sure the storageSpec is not provided.
+ ##
+ enabled: true
+ ## @param alertmanager.persistence.storageClass Persistent Volume Storage Class
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner.
+ ##
+ storageClass: ""
+ ## @param alertmanager.persistence.accessModes Persistent Volume Access Modes
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## @param alertmanager.persistence.size Persistent Volume Size
+ ##
+ size: 999Gi
+ ## @param alertmanager.paused If true, the Operator won't process any Alertmanager configuration changes
+ ##
+ paused: false
+ ## @param alertmanager.listenLocal ListenLocal makes the Alertmanager server listen on loopback
+ ##
+ listenLocal: false
+ ## @param alertmanager.containers Containers allows injecting additional containers
+ ##
+ containers: []
+ ## @param alertmanager.volumes Volumes allows configuration of additional volumes. Evaluated as a template
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
+ ##
+ volumes: []
+ ## @param alertmanager.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/pi.md#alertmanagerspec
+ ##
+ volumeMounts: []
+ ## @param alertmanager.priorityClassName Priority class assigned to the Pods
+ ##
+ priorityClassName: ""
+ ## @param alertmanager.additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster
+ ##
+ additionalPeers: []
+ ## @param alertmanager.routePrefix Prefix used to register routes, overriding externalUrl route
+ ## Useful for proxies that rewrite URLs.
+ ##
+ routePrefix: /
+ ## @param alertmanager.portName Port name used for the pods and governing service. This defaults to web
+ ##
+ portName: alertmanager
+ ## @param alertmanager.configNamespaceSelector AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {}
+ ##
+ configNamespaceSelector: {}
+ ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {}
+ ##
+ configSelector: {}
+
+####
+## Exporters
+####
+
+## @section Exporters
+
+## Exporters
+##
+exporters:
+ node-exporter:
+ ## @param exporters.node-exporter.enabled Enable node-exporter
+ ##
+ enabled: true
+ kube-state-metrics:
+ ## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics
+ ##
+ enabled: true
+## @param node-exporter [object] Node Exporter deployment configuration
+##
+node-exporter:
+ service:
+ port: 9910
+ targetPort: 9910
+ labels:
+ jobLabel: node-exporter
+ serviceMonitor:
+ enabled: true
+ jobLabel: jobLabel
+ extraArgs:
+ collector.filesystem.ignored-mount-points: "^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+|var/db/system/.+|mnt/[a-zA-Z0-9-_\\.]+/ix-applications/.+)($|/)"
+ collector.filesystem.ignored-fs-types: "^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$"
+ collector.netdev.device-exclude: "^veth.*$"
+ collector.netclass.ignored-devices: "^veth.*$"
+ path.rootfs: /host
+ extraVolumes:
+ - name: host
+ hostPath:
+ path: /
+ extraVolumeMounts:
+ - name: host
+ mountPath: /host
+ readOnly: true
+## @param kube-state-metrics [object] Node Exporter deployment configuration
+##
+kube-state-metrics:
+ serviceMonitor:
+ enabled: true
+ honorLabels: true
+## Component scraping for kubelet and kubelet hosted cAdvisor
+##
+kubelet:
+ ## @param kubelet.enabled Create a ServiceMonitor to scrape kubelet service
+ ##
+ enabled: true
+ ## @param kubelet.namespace Namespace where kubelet service is deployed. Related configuration `operator.kubeletService.namespace`
+ ##
+ namespace: kube-system
+ serviceMonitor:
+ ## @param kubelet.serviceMonitor.https Enable scraping of the kubelet over HTTPS
+ ##
+ https: true
+ ## @param kubelet.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ interval: ""
+ ## @param kubelet.serviceMonitor.metricRelabelings Metric relabeling
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ metricRelabelings: []
+ ## @param kubelet.serviceMonitor.relabelings Relabel configs
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ relabelings: []
+ ## @param kubelet.serviceMonitor.cAdvisorMetricRelabelings Metric relabeling for scraping cAdvisor
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ cAdvisorMetricRelabelings: []
+ ## @param kubelet.serviceMonitor.cAdvisorRelabelings Relabel configs for scraping cAdvisor
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ cAdvisorRelabelings: []
+## Component scraping the kube-apiserver
+##
+kubeApiServer:
+ ## @param kubeApiServer.enabled Create a ServiceMonitor to scrape kube-apiserver service
+ ##
+ enabled: true
+ serviceMonitor:
+ ## @param kubeApiServer.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ interval: ""
+ ## @param kubeApiServer.serviceMonitor.metricRelabelings Metric relabeling
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ metricRelabelings: []
+ ## @param kubeApiServer.serviceMonitor.relabelings Relabel configs
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ relabelings: []
+## Component scraping the kube-controller-manager
+##
+kubeControllerManager:
+ ## @param kubeControllerManager.enabled Create a ServiceMonitor to scrape kube-controller-manager service
+ ##
+ enabled: false
+ ## @param kubeControllerManager.endpoints If your kube controller manager is not deployed as a pod, specify IPs it can be found on
+ ## endpoints:
+ ## - 10.141.4.22
+ ## - 10.141.4.23
+ ## - 10.141.4.24
+ ##
+ endpoints: []
+ ## @param kubeControllerManager.namespace Namespace where kube-controller-manager service is deployed.
+ ##
+ namespace: kube-system
+ ## Service ports and selector information
+ ## @param kubeControllerManager.service.enabled Whether or not to create a Service object for kube-controller-manager
+ ## @param kubeControllerManager.service.port Listening port of the kube-controller-manager Service object
+ ## @param kubeControllerManager.service.targetPort Port to target on the kube-controller-manager Pods. This should be the port that kube-controller-manager is exposing metrics on
+ ## @param kubeControllerManager.service.selector Optional PODs Label selector for the service
+ ##
+ service:
+ enabled: true
+ port: 10252
+ targetPort: 10252
+ ## selector:
+ ## component: kube-controller-manager
+ ##
+ selector: {}
+ serviceMonitor:
+ ## @param kubeControllerManager.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ interval: ""
+ ## @param kubeControllerManager.serviceMonitor.https Enable scraping kube-controller-manager over https
+ ## Requires proper certs (not self-signed) and delegated authentication/authorization checks
+ ##
+ https: false
+ ## @param kubeControllerManager.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping
+ ##
+ insecureSkipVerify: ""
+ ## @param kubeControllerManager.serviceMonitor.serverName Name of the server to use when validating TLS certificate
+ serverName: ""
+ ## @param kubeControllerManager.serviceMonitor.metricRelabelings Metric relabeling
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs
+ ##
+ metricRelabelings: []
+ ## @param kubeControllerManager.serviceMonitor.relabelings Relabel configs
+ ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ ##
+ relabelings: []
+## Component scraping kube scheduler
+##
+kubeScheduler:
+ ## @param kubeScheduler.enabled Create a ServiceMonitor to scrape kube-scheduler service
+ ##
+ enabled: false
+ ## @param kubeScheduler.endpoints If your kube scheduler is not deployed as a pod, specify IPs it can be found on
+ ## endpoints:
+ ## - 10.141.4.22
+ ## - 10.141.4.23
+ ## - 10.141.4.24
+ ##
+ endpoints: []
+ ## @param kubeScheduler.namespace Namespace where kube-scheduler service is deployed.
+ ##
+ namespace: kube-system
+ ## If using kubeScheduler.endpoints only the port and targetPort are used
+ ## @param kubeScheduler.service.enabled Whether or not to create a Service object for kube-scheduler
+ ## @param kubeScheduler.service.port Listening port of the kube scheduler Service object
+ ## @param kubeScheduler.service.targetPort Port to target on the kube scheduler Pods. This should be the port that kube scheduler is exposing metrics on
+ ## @param kubeScheduler.service.selector Optional PODs Label selector for the service
+ ##
+ service:
+ enabled: true
+ port: 10251
+ targetPort: 10251
+ ## selector:
+ ## component: kube-scheduler
+ ##
+ selector: {}
+ serviceMonitor:
+ ## @param kubeScheduler.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default)
+ ##
+ interval: ""
+ ## @param kubeScheduler.serviceMonitor.https Enable scraping kube-scheduler over https
+ ## Requires proper certs (not self-signed) and delegated authentication/authorization checks
+ ##
+ https: false
+ ## @param kubeScheduler.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping
+ ##
+ insecureSkipVerify: ""
+ ## @param kubeScheduler.serviceMonitor.serverName Name of the server to use when validating TLS certificate
+ ##
+ serverName: ""
+ ## @param kubeScheduler.serviceMonitor.metricRelabelings Metric relabeling
+ ## metricRelabelings:
+ ## - action: keep
+ ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ ## sourceLabels: [__name__]
+ ##
+ metricRelabelings: []
+ ## @param kubeScheduler.serviceMonitor.relabelings Relabel configs
+ ## relabelings:
+ ## - sourceLabels: [__meta_kubernetes_pod_node_name]
+ ## separator: ;
+ ## regex: ^(.*)$
+ ## targetLabel: nodename
+ ## replacement: $1
+ ## action: replace
+ ##
+ relabelings: []
+## Component scraping coreDns
+##
+coreDns:
+ ## @param coreDns.enabled Create a ServiceMonitor to scrape coredns service
+ ##
+ enabled: true
+ ## @param coreDns.namespace Namespace where core dns service is deployed.
+ ##
+ namespace: kube-system
+ ## Create a ServiceMonitor to scrape coredns service
+ ## @param coreDns.service.enabled Whether or not to create a Service object for coredns
+ ## @param coreDns.service.port Listening port of the coredns Service object
+ ## @param coreDns.service.targetPort Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on
+ ## @param coreDns.service.selector Optional PODs Label selector for the service
+ ##
+ service:
+ enabled: true
+ port: 9153
+ targetPort: 9153
+ ## selector:
+ ## component: kube-dns
+ ##
+ selector: {}
+ serviceMonitor:
+ ## @param coreDns.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used.
+ ##
+ interval: ""
+ ## @param coreDns.serviceMonitor.metricRelabelings Metric relabel configs to apply to samples before ingestion.
+ ## metricRelabelings:
+ ## - action: keep
+ ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ ## sourceLabels: [__name__]
+ ##
+ metricRelabelings: []
+ ## @param coreDns.serviceMonitor.relabelings Relabel configs to apply to samples before ingestion.
+ ## relabelings:
+ ## - sourceLabels: [__meta_kubernetes_pod_node_name]
+ ## separator: ;
+ ## regex: ^(.*)$
+ ## targetLabel: nodename
+ ## replacement: $1
+ ## action: replace
+ ##
+ relabelings: []
+## Component scraping the kube-proxy
+##
+kubeProxy:
+ ## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service
+ ##
+ enabled: false
+
+portal:
+ enabled: true
diff --git a/enterprise/prometheus/7.0.42/questions.yaml b/enterprise/prometheus/7.0.42/questions.yaml
new file mode 100644
index 0000000000..99e4563264
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/questions.yaml
@@ -0,0 +1,1247 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: VPN
+ description: VPN
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_portal_protocol"
+ host:
+ - "$kubernetes-resource_configmap_portal_host"
+ ports:
+ - "$kubernetes-resource_configmap_portal_port"
+questions:
+ - variable: operator
+ group: "App Configuration"
+ label: "Operator Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: logLevel
+ label: "Log Level"
+ description: "Log level for Operator"
+ schema:
+ type: string
+ default: "info"
+ - variable: prometheus
+ group: "App Configuration"
+ label: "Prometheus Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: logLevel
+ label: "Log Level"
+ description: "Log level for Prometheus"
+ schema:
+ type: string
+ default: "info"
+ - variable: retention
+ label: "Retention"
+ description: "Metrics retention days"
+ schema:
+ type: string
+ default: "31d"
+ - variable: retentionSize
+ label: "Max Retention Size"
+ description: "Maximum size of metrics"
+ schema:
+ type: string
+ default: ""
+ - variable: scrapeInterval
+ label: "Scrape interval"
+ description: "Interval between consecutive scrapes"
+ schema:
+ type: string
+ default: "15s"
+ - variable: evaluationInterval
+ label: "Evaluation interval"
+ description: "Interval between consecutive evaluations"
+ schema:
+ type: string
+ default: "30s"
+ - variable: disableCompaction
+ label: "Disable Compaction"
+ description: "Disable the compaction of the Prometheus TSDB"
+ schema:
+ type: boolean
+ default: false
+ - variable: walCompression
+ label: "WAL Compression"
+ description: "Enable compression of the write-ahead log using Snappy"
+ schema:
+ type: boolean
+ default: false
+ - variable: alertmanager
+ group: "App Configuration"
+ label: "Alertmanager Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: logLevel
+ label: "Log Level"
+ description: "Log level for Alertmanager"
+ schema:
+ type: string
+ default: "info"
+ - variable: retention
+ label: "Retention"
+ description: "Metrics retention days"
+ schema:
+ type: string
+ default: "240h"
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service"
+ description: "The serving the Prometheus WebUI"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service Port Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ default: 10086
+ required: true
+ - variable: alertmanager
+ label: "alertmanager Service"
+ description: "alertmanager service "
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: alertmanager
+ label: "alertmanager Service Port Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ default: 10087
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ group: Networking and Services
+ label: Host-Networking (Complicated)
+ schema:
+ type: boolean
+ default: false
+ - variable: externalInterfaces
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ show_subquestions_if: static
+ subquestions:
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: HTTP
+ description: HTTP
+ - value: HTTPS
+ description: HTTPS
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: setPermissions
+ label: Automatic Permissions
+ description: Automatically set permissions on install
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: Select TrueNAS SCALE Certificate
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: Select TrueNAS SCALE Certificate
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: horizontalPodAutoscaler
+ group: Advanced
+ label: (Advanced) Horizontal Pod Autoscaler
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hpaEntry
+ label: HPA Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: target
+ label: Target
+ description: Deployment name, Defaults to Main Deployment
+ schema:
+ type: string
+ default: ""
+ - variable: minReplicas
+ label: Minimum Replicas
+ schema:
+ type: int
+ default: 1
+ - variable: maxReplicas
+ label: Maximum Replicas
+ schema:
+ type: int
+ default: 5
+ - variable: targetCPUUtilizationPercentage
+ label: Target CPU Utilization Percentage
+ schema:
+ type: int
+ default: 80
+ - variable: targetMemoryUtilizationPercentage
+ label: Target Memory Utilization Percentage
+ schema:
+ type: int
+ default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
diff --git a/enterprise/prometheus/7.0.42/templates/_helpers.tpl b/enterprise/prometheus/7.0.42/templates/_helpers.tpl
new file mode 100644
index 0000000000..6ac4ea6367
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/_helpers.tpl
@@ -0,0 +1,198 @@
+{{/* Name suffixed with operator */}}
+{{- define "kube-prometheus.fullname" -}}
+{{- printf "%s" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Name suffixed with operator */}}
+{{- define "kube-prometheus.name" -}}
+{{- printf "%s" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Name suffixed with operator */}}
+{{- define "kube-prometheus.operator.name" -}}
+{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Name suffixed with prometheus */}}
+{{- define "kube-prometheus.prometheus.name" -}}
+{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Name suffixed with alertmanager */}}
+{{- define "kube-prometheus.alertmanager.name" -}}
+{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Name suffixed with thanos */}}
+{{- define "kube-prometheus.thanos.name" -}}
+{{- printf "%s-thanos" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Fullname suffixed with operator */}}
+{{- define "kube-prometheus.operator.fullname" -}}
+{{- printf "%s-operator" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Fullname suffixed with prometheus */}}
+{{- define "kube-prometheus.prometheus.fullname" -}}
+{{- printf "%s-prometheus" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Fullname suffixed with alertmanager */}}
+{{- define "kube-prometheus.alertmanager.fullname" -}}
+{{- printf "%s-alertmanager" (include "tc.common.names.fullname" . ) -}}
+{{- end }}
+
+{{/* Fullname suffixed with thanos */}}
+{{- define "kube-prometheus.thanos.fullname" -}}
+{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}}
+{{- end }}
+
+{{- define "kube-prometheus.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common Labels
+*/}}
+{{- define "kube-prometheus.labels" -}}
+{{ include "tc.common.labels" . }}
+{{- if .Values.global.labels }}
+{{ toYaml .Values.global.labels }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Labels for operator
+*/}}
+{{- define "kube-prometheus.operator.labels" -}}
+{{ include "tc.common.labels" . }}
+app.kubernetes.io/component: operator
+{{- end -}}
+
+{{/*
+Labels for prometheus
+*/}}
+{{- define "kube-prometheus.prometheus.labels" -}}
+{{ include "tc.common.labels" . }}
+app.kubernetes.io/component: prometheus
+{{- end -}}
+
+{{/*
+Labels for alertmanager
+*/}}
+{{- define "kube-prometheus.alertmanager.labels" -}}
+{{ include "tc.common.labels" . }}
+app.kubernetes.io/component: alertmanager
+{{- end -}}
+
+{{/*
+matchLabels for operator
+*/}}
+{{- define "kube-prometheus.operator.matchLabels" -}}
+{{ include "tc.common.labels.selectorLabels" . }}
+app.kubernetes.io/component: operator
+{{- end -}}
+
+{{/*
+matchLabels for prometheus
+*/}}
+{{- define "kube-prometheus.prometheus.matchLabels" -}}
+{{ include "tc.common.labels.selectorLabels" . }}
+app.kubernetes.io/component: prometheus
+{{- end -}}
+
+{{/*
+matchLabels for alertmanager
+*/}}
+{{- define "kube-prometheus.alertmanager.matchLabels" -}}
+{{ include "tc.common.labels.selectorLabels" . }}
+app.kubernetes.io/component: alertmanager
+{{- end -}}
+
+{{/*
+Return the proper Prometheus Operator image name
+*/}}
+{{- define "kube-prometheus.image" -}}
+{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }}
+{{- end -}}
+
+{{/*
+Return the proper Prometheus Operator Reloader image name
+*/}}
+{{- define "kube-prometheus.prometheusConfigReloader.image" -}}
+{{- include "kube-prometheus.image" . -}}
+{{- end -}}
+
+{{/*
+Return the proper Prometheus Image name
+*/}}
+{{- define "kube-prometheus.prometheus.image" -}}
+{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }}
+{{- end -}}
+
+{{/*
+Return the proper Thanos Image name
+*/}}
+{{- define "kube-prometheus.prometheus.thanosImage" -}}
+{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }}
+{{- end -}}
+
+{{/*
+Return the proper Alertmanager Image name
+*/}}
+{{- define "kube-prometheus.alertmanager.image" -}}
+{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "kube-prometheus.imagePullSecrets" -}}
+{{- end -}}
+
+{{/*
+Create the name of the operator service account to use
+*/}}
+{{- define "kube-prometheus.operator.serviceAccountName" -}}
+{{- if .Values.operator.serviceAccount.create -}}
+ {{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.operator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the prometheus service account to use
+*/}}
+{{- define "kube-prometheus.prometheus.serviceAccountName" -}}
+{{- if .Values.prometheus.serviceAccount.create -}}
+ {{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.prometheus.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the alertmanager service account to use
+*/}}
+{{- define "kube-prometheus.alertmanager.serviceAccountName" -}}
+{{- if .Values.alertmanager.serviceAccount.create -}}
+ {{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.alertmanager.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "kube-prometheus.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/_alertmanager.tpl b/enterprise/prometheus/7.0.42/templates/alertmanager/_alertmanager.tpl
new file mode 100644
index 0000000000..d85a8f0ad8
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/alertmanager/_alertmanager.tpl
@@ -0,0 +1,183 @@
+{{- define "prometheus.alertmanager.alertmanager" -}}
+{{- if .Values.alertmanager.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: Alertmanager
+metadata:
+ name: {{ template "kube-prometheus.alertmanager.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.alertmanager.replicaCount }}
+ serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
+ {{- if .Values.alertmanager.image }}
+ image: {{ template "kube-prometheus.alertmanager.image" . }}
+ {{- end }}
+ listenLocal: {{ .Values.alertmanager.listenLocal }}
+ {{- if index .Values.alertmanager "externalUrl" }}
+ externalUrl: "{{ .Values.alertmanager.externalUrl }}"
+ {{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }}
+ externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }}
+ {{- else }}
+ externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }}
+ {{- end }}
+ portName: "{{ .Values.alertmanager.portName }}"
+ paused: {{ .Values.alertmanager.paused }}
+ logFormat: {{ .Values.alertmanager.logFormat }}
+ logLevel: {{ .Values.alertmanager.logLevel }}
+ retention: {{ .Values.alertmanager.retention }}
+ {{- if .Values.alertmanager.secrets }}
+ secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.alertmanager.configMaps }}
+ configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }}
+ {{- end }}
+ resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }}
+ routePrefix: "{{ .Values.alertmanager.routePrefix }}"
+ {{- if .Values.alertmanager.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if .Values.alertmanager.storageSpec }}
+ storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }}
+ {{- else }}
+ {{- if .Values.alertmanager.persistence.enabled }}
+ storage:
+ volumeClaimTemplate:
+ spec:
+ accessModes:
+ {{- range .Values.alertmanager.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.alertmanager.persistence.size | quote }}
+ {{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.alertmanager.persistence "global" $ ) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
+ podMetadata:
+ labels:
+ {{- if .Values.alertmanager.podMetadata.labels }}
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }}
+ {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
+ {{- end }}
+ {{- if .Values.alertmanager.podMetadata.annotations }}
+ annotations:
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.alertmanager.affinity }}
+ affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }}
+ {{- else }}
+ affinity:
+ {{- if not (empty .Values.alertmanager.podAffinityPreset) }}
+ podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if not (empty .Values.alertmanager.podAntiAffinityPreset) }}
+ podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.alertmanager.podAntiAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if not (empty .Values.alertmanager.nodeAffinityPreset.values) }}
+ nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.alertmanager.nodeAffinityPreset.type "key" .Values.alertmanager.nodeAffinityPreset.key "values" .Values.alertmanager.nodeAffinityPreset.values) | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.alertmanager.nodeSelector }}
+ nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.alertmanager.tolerations }}
+ tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.alertmanager.volumes }}
+ volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.alertmanager.volumeMounts }}
+ volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }}
+ {{- end }}
+{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
+ {{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
+ containers:
+ {{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }}
+ ## This monkey patching is needed until the securityContexts are
+ ## directly patchable via the CRD.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
+ ## currently implemented with strategic merge
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
+ - name: alertmanager
+ {{- if .Values.alertmanager.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.alertmanager.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.alertmanager.livenessProbe.path }}
+ port: alertmanager
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.alertmanager.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.alertmanager.readinessProbe.path }}
+ port: alertmanager
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
+ ## This monkey patching is needed until the securityContexts are
+ ## directly patchable via the CRD.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
+ ## currently implemented with strategic merge
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
+ - name: config-reloader
+ {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: reloader-web
+ initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
+ readinessProbe:
+ tcpSocket:
+ port: reloader-web
+ initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.alertmanager.containers }}
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.alertmanager.priorityClassName }}
+ priorityClassName: {{ .Values.alertmanager.priorityClassName }}
+ {{- end }}
+ {{- if .Values.alertmanager.additionalPeers }}
+ additionalPeers: {{ .Values.alertmanager.additionalPeers }}
+ {{- end }}
+ {{- if .Values.alertmanager.configNamespaceSelector }}
+ alertmanagerConfigNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.alertmanager.configSelector }}
+ alertmanagerConfigSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/secrets.yaml b/enterprise/prometheus/7.0.42/templates/alertmanager/secrets.yaml
new file mode 100644
index 0000000000..9a6f518f35
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/alertmanager/secrets.yaml
@@ -0,0 +1,13 @@
+{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
+data:
+ alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
+{{- range $key, $val := .Values.alertmanager.templateFiles }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/serviceaccount.yaml b/enterprise/prometheus/7.0.42/templates/alertmanager/serviceaccount.yaml
new file mode 100644
index 0000000000..0086398a45
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/alertmanager/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
+ {{- if index .Values.alertmanager.serviceAccount "annotations" }}
+ annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }}
+ {{- end }}
+{{- include "kube-prometheus.imagePullSecrets" . }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/alertmanager/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/alertmanager/servicemonitor.yaml
new file mode 100644
index 0000000000..56071b8e18
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/alertmanager/servicemonitor.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus.alertmanager.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ endpoints:
+ - port: http
+ {{- if .Values.alertmanager.serviceMonitor.interval }}
+ interval: {{ .Values.alertmanager.serviceMonitor.interval }}
+ {{- end }}
+ path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics
+ {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.alertmanager.serviceMonitor.relabelings }}
+ relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/common.yaml b/enterprise/prometheus/7.0.42/templates/common.yaml
new file mode 100644
index 0000000000..f3da376e1f
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/common.yaml
@@ -0,0 +1,13 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.common.loader.init" . }}
+
+{{- include "prometheus.prometheus.prometheus" . }}
+{{- include "prometheus.prometheus.additionalprometheusrules" . }}
+{{- include "prometheus.prometheus.additionalscrapejobs" . }}
+{{- include "prometheus.prometheus.servicemonitor" . }}
+
+{{- include "prometheus.alertmanager.alertmanager" . }}
+
+
+{{/* Render the templates */}}
+{{ include "tc.common.loader.apply" . }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/core-dns/service.yaml b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/service.yaml
new file mode 100644
index 0000000000..359c945de4
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/service.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-coredns
+ namespace: {{ .Values.coreDns.namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: {{ .Values.coreDns.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.coreDns.service.targetPort }}
+ selector:
+ {{- if .Values.coreDns.service.selector }}
+{{ toYaml .Values.coreDns.service.selector | indent 4 }}
+ {{- else}}
+ k8s-app: kube-dns
+ {{- end}}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/core-dns/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/servicemonitor.yaml
new file mode 100644
index 0000000000..1c8a6d34a9
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/core-dns/servicemonitor.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.coreDns.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-coredns
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
+spec:
+ jobLabel: k8s-app
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns
+ namespaceSelector:
+ matchNames:
+ - {{ .Values.coreDns.namespace }}
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.coreDns.serviceMonitor.interval}}
+ interval: {{ .Values.coreDns.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.coreDns.serviceMonitor.relabelings }}
+ relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-apiserver/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-apiserver/servicemonitor.yaml
new file mode 100644
index 0000000000..5ce8694e41
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-apiserver/servicemonitor.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.kubeApiServer.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-apiserver
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: apiserver
+spec:
+ jobLabel: component
+ selector:
+ matchLabels:
+ component: apiserver
+ provider: kubernetes
+ namespaceSelector:
+ matchNames:
+ - default
+ endpoints:
+ - port: https
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ serverName: kubernetes
+ insecureSkipVerify: true
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeApiServer.serviceMonitor.interval }}
+ interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
+ relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/endpoints.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/endpoints.yaml
new file mode 100644
index 0000000000..13aa60ebf6
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/endpoints.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
+ namespace: {{ .Values.kubeControllerManager.namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: kube-controller-manager
+subsets:
+ - addresses:
+ {{- range .Values.kubeControllerManager.endpoints }}
+ - ip: {{ . }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeControllerManager.service.port }}
+ protocol: TCP
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/service.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/service.yaml
new file mode 100644
index 0000000000..6a45535983
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/service.yaml
@@ -0,0 +1,25 @@
+{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
+ namespace: {{ .Values.kubeControllerManager.namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeControllerManager.service.port }}
+ protocol: TCP
+ targetPort: {{ .Values.kubeControllerManager.service.targetPort }}
+{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
+ selector:
+ {{- if .Values.kubeControllerManager.service.selector }}
+{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
+ {{- else}}
+ component: kube-controller-manager
+ {{- end}}
+{{- end }}
+ type: ClusterIP
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/servicemonitor.yaml
new file mode 100644
index 0000000000..5557af6395
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-controller-manager/servicemonitor.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.kubeControllerManager.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
+spec:
+ jobLabel: component
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager
+ namespaceSelector:
+ matchNames:
+ - {{ .Values.kubeControllerManager.namespace }}
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.kubeControllerManager.serviceMonitor.interval }}
+ interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeControllerManager.serviceMonitor.https }}
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
+ insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
+ {{- end }}
+ {{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
+ serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
+ relabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/endpoints.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/endpoints.yaml
new file mode 100644
index 0000000000..dde3d8b911
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/endpoints.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
+apiVersion: v1
+kind: Endpoints
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
+ namespace: {{ .Values.kubeScheduler.namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: kube-scheduler
+subsets:
+ - addresses:
+ {{- range .Values.kubeScheduler.endpoints }}
+ - ip: {{ . }}
+ {{- end }}
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeScheduler.service.port }}
+ protocol: TCP
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/service.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/service.yaml
new file mode 100644
index 0000000000..aad5969f5f
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/service.yaml
@@ -0,0 +1,25 @@
+{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
+ namespace: {{ .Values.kubeScheduler.namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
+spec:
+ clusterIP: None
+ ports:
+ - name: http-metrics
+ port: {{ .Values.kubeScheduler.service.port}}
+ protocol: TCP
+ targetPort: {{ .Values.kubeScheduler.service.targetPort}}
+{{- if .Values.kubeScheduler.endpoints }}{{- else }}
+ selector:
+ {{- if .Values.kubeScheduler.service.selector }}
+{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
+ {{- else}}
+ component: kube-scheduler
+ {{- end}}
+{{- end }}
+ type: ClusterIP
+{{- end -}}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/servicemonitor.yaml
new file mode 100644
index 0000000000..757ce98b7c
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kube-scheduler/servicemonitor.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.kubeScheduler.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
+spec:
+ jobLabel: component
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler
+ namespaceSelector:
+ matchNames:
+ - {{ .Values.kubeScheduler.namespace }}
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.kubeScheduler.serviceMonitor.interval }}
+ interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
+ {{- end }}
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ {{- if .Values.kubeScheduler.serviceMonitor.https }}
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
+ insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
+ {{- end}}
+ {{- if .Values.kubeScheduler.serviceMonitor.serverName }}
+ serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
+ {{- end}}
+ {{- end}}
+ {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/exporters/kubelet/servicemonitor.yaml b/enterprise/prometheus/7.0.42/templates/exporters/kubelet/servicemonitor.yaml
new file mode 100644
index 0000000000..30668f3048
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/exporters/kubelet/servicemonitor.yaml
@@ -0,0 +1,85 @@
+{{- if .Values.kubelet.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus.fullname" . }}-kubelet
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.labels" . | nindent 4 }}
+ app.kubernetes.io/component: kubelet
+spec:
+ jobLabel: k8s-app
+ selector:
+ matchLabels:
+ k8s-app: kubelet
+ namespaceSelector:
+ matchNames:
+ - {{ .Values.kubelet.namespace }}
+ endpoints:
+ {{- if .Values.kubelet.serviceMonitor.https }}
+ - port: https-metrics
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ serverName: kubernetes
+ insecureSkipVerify: true
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ honorLabels: true
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.relabelings }}
+ relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+ - port: https-metrics
+ path: /metrics/cadvisor
+ scheme: https
+ tlsConfig:
+ caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ serverName: kubernetes
+ insecureSkipVerify: true
+ bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ honorLabels: true
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
+ relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
+ {{- end }}
+ {{- else }}
+ - port: http-metrics
+ scheme: http
+ tlsConfig:
+ insecureSkipVerify: false
+ honorLabels: true
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.relabelings }}
+ relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+ - port: http-metrics
+ path: /metrics/cadvisor
+ scheme: http
+ tlsConfig:
+ insecureSkipVerify: false
+ honorLabels: true
+ {{- if .Values.kubelet.serviceMonitor.interval }}
+ interval: {{ .Values.kubelet.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
+ relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_additionalPrometheusRules.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalPrometheusRules.tpl
new file mode 100644
index 0000000000..121048d87c
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalPrometheusRules.tpl
@@ -0,0 +1,15 @@
+{{- define "prometheus.prometheus.additionalprometheusrules" -}}
+{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}}
+ {{- range .Values.prometheus.additionalPrometheusRules }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ template "kube-prometheus.name" $ }}-{{ .name }}
+ namespace: {{ $.Release.Namespace }}
+ labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }}
+spec:
+ groups: {{- toYaml .groups | nindent 4 }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_additionalScrapeJobs.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalScrapeJobs.tpl
new file mode 100644
index 0000000000..0a85943034
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/prometheus/_additionalScrapeJobs.tpl
@@ -0,0 +1,13 @@
+{{- define "prometheus.prometheus.additionalscrapejobs" -}}
+{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
+data:
+ scrape-jobs.yaml: {{ include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }}
+{{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_prometheus.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_prometheus.tpl
new file mode 100644
index 0000000000..828c9a53c2
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/prometheus/_prometheus.tpl
@@ -0,0 +1,361 @@
+{{- define "prometheus.prometheus.prometheus" -}}
+{{- if .Values.prometheus.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+ name: {{ template "kube-prometheus.prometheus.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.prometheus.replicaCount }}
+ serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
+ {{- if .Values.prometheus.serviceMonitorSelector }}
+ serviceMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }}
+ {{- else }}
+ serviceMonitorSelector: {}
+ {{- end }}
+ {{- if .Values.prometheus.podMonitorSelector }}
+ podMonitorSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }}
+ {{- else }}
+ podMonitorSelector: {}
+ {{- end }}
+ {{- if .Values.prometheus.probeSelector }}
+ probeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }}
+ {{- else }}
+ probeSelector: {}
+ {{- end }}
+ alerting:
+ alertmanagers:
+ {{- if .Values.prometheus.alertingEndpoints }}
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }}
+ {{- else if .Values.alertmanager.enabled }}
+ - namespace: {{ .Release.Namespace }}
+ name: {{ template "kube-prometheus.alertmanager.fullname" . }}
+ port: http
+ pathPrefix: "{{ .Values.alertmanager.routePrefix }}"
+ {{- else }}
+ []
+ {{- end }}
+ {{- if .Values.prometheus.image }}
+ image: {{ template "kube-prometheus.prometheus.image" . }}
+ {{- end }}
+ {{- if .Values.prometheus.externalLabels }}
+ externalLabels: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.prometheusExternalLabelNameClear }}
+ prometheusExternalLabelName: ""
+ {{- else if .Values.prometheus.prometheusExternalLabelName }}
+ prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}"
+ {{- end }}
+ {{- if .Values.prometheus.replicaExternalLabelNameClear }}
+ replicaExternalLabelName: ""
+ {{- else if .Values.prometheus.replicaExternalLabelName }}
+ replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}"
+ {{- end }}
+ {{- if index .Values.prometheus "externalUrl" }}
+ externalUrl: "{{ .Values.prometheus.externalUrl }}"
+ {{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }}
+ externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }}
+ {{- else }}
+ externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }}
+ {{- end }}
+ paused: {{ .Values.prometheus.paused }}
+ logLevel: {{ .Values.prometheus.logLevel }}
+ logFormat: {{ .Values.prometheus.logFormat }}
+ listenLocal: {{ .Values.prometheus.listenLocal }}
+ enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }}
+ {{- if .Values.prometheus.enableFeatures }}
+ enableFeatures:
+ {{- range .Values.prometheus.enableFeatures }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.prometheus.scrapeInterval }}
+ scrapeInterval: {{ .Values.prometheus.scrapeInterval }}
+ {{- end }}
+ {{- if .Values.prometheus.evaluationInterval }}
+ evaluationInterval: {{ .Values.prometheus.evaluationInterval }}
+ {{- end }}
+ {{- if .Values.prometheus.resources }}
+ resources: {{- toYaml .Values.prometheus.resources | nindent 4 }}
+ {{- end }}
+ retention: {{ .Values.prometheus.retention }}
+ {{- if .Values.prometheus.retentionSize }}
+ retentionSize: {{ .Values.prometheus.retentionSize }}
+ {{- end }}
+ {{- if .Values.prometheus.disableCompaction }}
+ disableCompaction: {{ .Values.prometheus.disableCompaction }}
+ {{- end }}
+ {{- if .Values.prometheus.walCompression }}
+ walCompression: {{ .Values.prometheus.walCompression }}
+ {{- end }}
+ portName: "{{ .Values.prometheus.portName }}"
+ routePrefix: "{{ .Values.prometheus.routePrefix }}"
+ {{- if .Values.prometheus.secrets }}
+ secrets: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.configMaps }}
+ configMaps: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.serviceMonitorNamespaceSelector }}
+ serviceMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }}
+ {{- else }}
+ serviceMonitorNamespaceSelector: {}
+ {{- end }}
+ {{- if .Values.prometheus.podMonitorNamespaceSelector }}
+ podMonitorNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }}
+ {{- else }}
+ podMonitorNamespaceSelector: {}
+ {{- end }}
+ {{- if .Values.prometheus.probeNamespaceSelector }}
+ probeNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }}
+ {{- else }}
+ probeNamespaceSelector: {}
+ {{- end }}
+ {{- if .Values.prometheus.remoteRead }}
+ remoteRead: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.remoteWrite }}
+ remoteWrite: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.ruleNamespaceSelector }}
+ ruleNamespaceSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }}
+ {{- else }}
+ ruleNamespaceSelector: {}
+ {{- end }}
+ {{- if .Values.prometheus.ruleSelector }}
+ ruleSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }}
+ {{- else }}
+ ruleSelector: {}
+ {{- end }}
+ {{- if .Values.prometheus.storageSpec }}
+ storage: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }}
+ {{- else if .Values.prometheus.persistence.enabled }}
+ storage:
+ volumeClaimTemplate:
+ spec:
+ accessModes:
+ {{- range .Values.prometheus.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.prometheus.persistence.size | quote }}
+ {{- include "tc.common.storage.storageClassName" (dict "persistence" .Values.prometheus.persistence "global" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
+ podMetadata:
+ labels:
+ {{- if .Values.prometheus.podMetadata.labels }}
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }}
+ {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
+ {{- end }}
+ {{- if .Values.prometheus.podMetadata.annotations }}
+ annotations:
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.prometheus.querySpec }}
+ query: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.affinity }}
+ affinity: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }}
+ {{- else }}
+ affinity:
+ {{- if not (empty .Values.prometheus.podAffinityPreset) }}
+ podAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if not (empty .Values.prometheus.podAntiAffinityPreset) }}
+ podAntiAffinity: {{- include "tc.common.affinities.pods" (dict "type" .Values.prometheus.podAntiAffinityPreset "component" "prometheus" "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if not (empty .Values.prometheus.nodeAffinityPreset.values) }}
+ nodeAffinity: {{- include "tc.common.affinities.nodes" (dict "type" .Values.prometheus.nodeAffinityPreset.type "key" .Values.prometheus.nodeAffinityPreset.key "values" .Values.prometheus.nodeAffinityPreset.values) | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.prometheus.nodeSelector }}
+ nodeSelector: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.tolerations }}
+ tolerations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.volumes }}
+ volumes: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.prometheus.volumeMounts }}
+ volumeMounts: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
+ additionalScrapeConfigs:
+ {{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }}
+ name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }}
+ key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }}
+ {{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }}
+ name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }}
+ key: scrape-jobs.yaml
+ {{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }}
+ name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }}
+ key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }}
+ additionalAlertRelabelConfigs:
+ name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }}
+ key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }}
+ {{- end }}
+{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }}
+ {{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
+ containers:
+ {{- if .Values.prometheus.thanos.create }}
+ - name: thanos-sidecar
+ image: {{ template "kube-prometheus.prometheus.thanosImage" . }}
+ imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }}
+ args:
+ - sidecar
+ - --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }}
+ - --grpc-address=0.0.0.0:10901
+ - --http-address=0.0.0.0:10902
+ - --tsdb.path=/prometheus/
+ {{- if .Values.prometheus.thanos.objectStorageConfig }}
+ - --objstore.config=$(OBJSTORE_CONFIG)
+ {{- end }}
+ {{- if .Values.prometheus.thanos.extraArgs }}
+ {{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }}
+ {{- end }}
+ {{- if .Values.prometheus.thanos.objectStorageConfig }}
+ env:
+ - name: OBJSTORE_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }}
+ key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }}
+ {{- end }}
+ {{- if .Values.prometheus.thanos.resources }}
+ resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }}
+ {{- end }}
+ ports:
+ - name: thanos
+ containerPort: 10901
+ protocol: TCP
+ - name: http
+ containerPort: 10902
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /prometheus
+ name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db
+ {{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }}
+ subPath: prometheus-db
+ {{- end }}
+ {{- if .Values.prometheus.thanos.extraVolumeMounts }}
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheus.thanos.containerSecurityContext.enabled }}
+ # yamllint disable rule:indentation
+ securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }}
+ # yamllint enable rule:indentation
+ {{- end }}
+ {{- if .Values.prometheus.thanos.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.prometheus.thanos.livenessProbe.path }}
+ port: http
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.prometheus.thanos.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.prometheus.thanos.readinessProbe.path }}
+ port: http
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }}
+ ## This monkey patching is needed until the securityContexts are
+ ## directly patchable via the CRD.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
+ ## currently implemented with strategic merge
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
+ - name: prometheus
+ {{- if .Values.prometheus.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheus.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.prometheus.livenessProbe.path }}
+ port: main
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.prometheus.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.prometheus.readinessProbe.path }}
+ port: main
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
+ ## This monkey patching is needed until the securityContexts are
+ ## directly patchable via the CRD.
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947
+ ## currently implemented with strategic merge
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md
+ - name: config-reloader
+ {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: reloader-web
+ initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }}
+ readinessProbe:
+ tcpSocket:
+ port: reloader-web
+ initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.prometheus.containers }}
+ {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.prometheus.priorityClassName }}
+ priorityClassName: {{ .Values.prometheus.priorityClassName }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/_servicemonitor.tpl b/enterprise/prometheus/7.0.42/templates/prometheus/_servicemonitor.tpl
new file mode 100644
index 0000000000..d9a5702353
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/prometheus/_servicemonitor.tpl
@@ -0,0 +1,29 @@
+{{- define "prometheus.prometheus.servicemonitor" -}}
+{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kube-prometheus.prometheus.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ endpoints:
+ - port: http
+ {{- if .Values.prometheus.serviceMonitor.interval }}
+ interval: {{ .Values.prometheus.serviceMonitor.interval }}
+ {{- end }}
+ path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics
+ {{- if .Values.prometheus.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "tc.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.prometheus.serviceMonitor.relabelings }}
+ relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/clusterrole.yaml b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrole.yaml
new file mode 100644
index 0000000000..ae96e2d45f
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrole.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.prometheus.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "kube-prometheus.prometheus.fullname" . }}
+ labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes/metrics
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - nodes/proxy
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - "get"
+ - "list"
+ - "watch"
+ - apiGroups:
+ - extensions
+ - "networking.k8s.io"
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - nonResourceURLs:
+ - "/metrics"
+ verbs:
+ - "get"
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/clusterrolebinding.yaml b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrolebinding.yaml
new file mode 100644
index 0000000000..7ca10743f4
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/prometheus/clusterrolebinding.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "kube-prometheus.prometheus.fullname" . }}
+ labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "kube-prometheus.prometheus.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/templates/prometheus/serviceaccount.yaml b/enterprise/prometheus/7.0.42/templates/prometheus/serviceaccount.yaml
new file mode 100644
index 0000000000..02b175f2b4
--- /dev/null
+++ b/enterprise/prometheus/7.0.42/templates/prometheus/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }}
+ {{- if index .Values.prometheus.serviceAccount "annotations" }}
+ annotations: {{- include "tc.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }}
+ {{- end }}
+{{- include "kube-prometheus.imagePullSecrets" . }}
+{{- end }}
diff --git a/enterprise/prometheus/7.0.42/values.yaml b/enterprise/prometheus/7.0.42/values.yaml
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/prometheus/item.yaml b/enterprise/prometheus/item.yaml
new file mode 100644
index 0000000000..4d843e0cab
--- /dev/null
+++ b/enterprise/prometheus/item.yaml
@@ -0,0 +1,4 @@
+icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
+categories:
+- metrics
+
diff --git a/enterprise/traefik/16.0.11/CHANGELOG.md b/enterprise/traefik/16.0.11/CHANGELOG.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/traefik/16.0.11/Chart.yaml b/enterprise/traefik/16.0.11/Chart.yaml
new file mode 100644
index 0000000000..a086379b3d
--- /dev/null
+++ b/enterprise/traefik/16.0.11/Chart.yaml
@@ -0,0 +1,31 @@
+apiVersion: v2
+appVersion: "2.9.6"
+dependencies:
+ - name: common
+ repository: https://library-charts.truecharts.org
+ version: 11.1.2
+deprecated: false
+description: Traefik is a flexible reverse proxy and Ingress Provider.
+home: https://truecharts.org/charts/stable/traefik
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
+keywords:
+ - traefik
+ - ingress
+kubeVersion: ">=1.16.0-0"
+maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: traefik
+sources:
+ - https://github.com/truecharts/charts/tree/master/charts/stable/traefik
+ - https://github.com/traefik/traefik
+ - https://github.com/traefik/traefik-helm-chart
+ - https://traefik.io/
+type: application
+version: 16.0.11
+annotations:
+ truecharts.org/catagories: |
+ - network
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/grade: U
diff --git a/enterprise/traefik/16.0.11/README.md b/enterprise/traefik/16.0.11/README.md
new file mode 100644
index 0000000000..701942c352
--- /dev/null
+++ b/enterprise/traefik/16.0.11/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/enterprise/traefik/16.0.11/app-changelog.md b/enterprise/traefik/16.0.11/app-changelog.md
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/traefik/16.0.11/app-readme.md b/enterprise/traefik/16.0.11/app-readme.md
new file mode 100644
index 0000000000..fe2ab2ae52
--- /dev/null
+++ b/enterprise/traefik/16.0.11/app-readme.md
@@ -0,0 +1,8 @@
+Traefik is a flexible reverse proxy and Ingress Provider.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/about/sponsor) or contributing back to the project any way you can!
diff --git a/enterprise/traefik/16.0.11/charts/common-11.1.2.tgz b/enterprise/traefik/16.0.11/charts/common-11.1.2.tgz
new file mode 100644
index 0000000000..da62080e8a
Binary files /dev/null and b/enterprise/traefik/16.0.11/charts/common-11.1.2.tgz differ
diff --git a/enterprise/traefik/16.0.11/ix_values.yaml b/enterprise/traefik/16.0.11/ix_values.yaml
new file mode 100644
index 0000000000..bd211b479b
--- /dev/null
+++ b/enterprise/traefik/16.0.11/ix_values.yaml
@@ -0,0 +1,406 @@
+image:
+ repository: tccr.io/truecharts/traefik
+ # defaults to appVersion
+ tag: 2.9.6@sha256:a4f065a7a34902e7d8179680b8c344e70cf90ed80c7a396b5f42ecabfa3c0321
+ pullPolicy: IfNotPresent
+
+# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
+ingressClass:
+ # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
+ enabled: false
+ isDefaultClass: false
+ # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
+ fallbackApiVersion: ""
+
+# -- Create an IngressRoute for the dashboard
+ingressRoute:
+ dashboard:
+ enabled: true
+ # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+ annotations: {}
+ # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+ labels: {}
+
+podAnnotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/path: "/metrics"
+ prometheus.io/port: "9180"
+
+#
+# -- Configure providers
+providers:
+ kubernetesCRD:
+ enabled: true
+ namespaces:
+ []
+ # - "default"
+ kubernetesIngress:
+ enabled: true
+ # labelSelector: environment=production,method=traefik
+ namespaces:
+ []
+ # - "default"
+ # IP used for Kubernetes Ingress endpoints
+ publishedService:
+ enabled: true
+ # Published Kubernetes Service to copy status from. Format: namespace/servicename
+ # By default this Traefik service
+ # pathOverride: ""
+
+# -- Logs
+# https://docs.traefik.io/observability/logs/
+logs:
+ # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
+ general:
+ # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+ level: ERROR
+ # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
+ format: common
+ access:
+ # To enable access logs
+ enabled: false
+ # To write the logs in an asynchronous fashion, specify a bufferingSize option.
+ # This option represents the number of log lines Traefik will keep in memory before writing
+ # them to the selected output. In some cases, this option can greatly help performances.
+ # bufferingSize: 100
+ # Filtering https://docs.traefik.io/observability/access-logs/#filtering
+ filters:
+ {}
+ # statuscodes: "200,300-302"
+ # retryattempts: true
+ # minduration: 10ms
+ # Fields
+ # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
+ fields:
+ general:
+ defaultmode: keep
+ names:
+ {}
+ # Examples:
+ # ClientUsername: drop
+ headers:
+ defaultmode: drop
+ names:
+ {}
+ # Examples:
+ # User-Agent: redact
+ # Authorization: drop
+ # Content-Type: keep
+ # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
+ format: common
+
+metrics:
+ # datadog:
+ # address: 127.0.0.1:8125
+ # influxdb:
+ # address: localhost:8089
+ # protocol: udp
+ prometheus:
+ entryPoint: metrics
+ # statsd:
+ # address: localhost:8125
+
+globalArguments:
+ - "--global.checknewversion"
+
+##
+# -- Additional arguments to be passed at Traefik's binary
+# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+additionalArguments:
+ - "--metrics.prometheus"
+ - "--ping"
+ - "--serverstransport.insecureskipverify=true"
+ - "--providers.kubernetesingress.allowexternalnameservices=true"
+
+# -- TLS Options to be created as TLSOption CRDs
+# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
+# Example:
+tlsOptions:
+ default:
+ sniStrict: false
+ minVersion: VersionTLS12
+ curvePreferences:
+ - CurveP521
+ - CurveP384
+ cipherSuites:
+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+
+# -- Options for the main traefik service, where the entrypoints traffic comes from
+# from.
+service:
+ main:
+ type: LoadBalancer
+ ports:
+ main:
+ port: 9000
+ targetPort: 9000
+ protocol: HTTP
+ # -- Forwarded Headers should never be enabled on Main entrypoint
+ forwardedHeaders:
+ enabled: false
+ # -- Proxy Protocol should never be enabled on Main entrypoint
+ proxyProtocol:
+ enabled: false
+ tcp:
+ enabled: true
+ type: LoadBalancer
+ ports:
+ web:
+ enabled: true
+ port: 9080
+ protocol: HTTP
+ redirectTo: websecure
+ # Options: Empty, 0 (ingore), or positive int
+ # redirectPort:
+ # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
+ forwardedHeaders:
+ enabled: false
+ # -- List of trusted IP and CIDR references
+ trustedIPs: []
+ # -- Trust all forwarded headers
+ insecureMode: false
+ # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
+ proxyProtocol:
+ enabled: false
+ # -- Only IPs in trustedIPs will lead to remote client address replacement
+ trustedIPs: []
+ # -- Trust every incoming connection
+ insecureMode: false
+ websecure:
+ enabled: true
+ port: 9443
+ protocol: HTTPS
+ # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
+ forwardedHeaders:
+ enabled: false
+ # -- List of trusted IP and CIDR references
+ trustedIPs: []
+ # -- Trust all forwarded headers
+ insecureMode: false
+ # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
+ proxyProtocol:
+ enabled: false
+ # -- Only IPs in trustedIPs will lead to remote client address replacement
+ trustedIPs: []
+ # -- Trust every incoming connection
+ insecureMode: false
+ # tcpexample:
+ # enabled: true
+ # targetPort: 9443
+ # protocol: TCP
+ # tls:
+ # enabled: false
+ # # this is the name of a TLSOption definition
+ # options: ""
+ # certResolver: ""
+ # domains: []
+ # # - main: example.com
+ # # sans:
+ # # - foo.example.com
+ # # - bar.example.com
+ metrics:
+ enabled: true
+ type: ClusterIP
+ ports:
+ metrics:
+ enabled: true
+ port: 9180
+ targetPort: 9180
+ protocol: HTTP
+ # -- Forwarded Headers should never be enabled on Metrics entrypoint
+ forwardedHeaders:
+ enabled: false
+ # -- Proxy Protocol should never be enabled on Metrics entrypoint
+ proxyProtocol:
+ enabled: false
+ udp:
+ enabled: false
+
+# probes:
+# # -- Liveness probe configuration
+# # @default -- See below
+# liveness:
+# # -- sets the probe type when not using a custom probe
+# # @default -- "TCP"
+# type: HTTP
+# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+# # @default -- "/"
+# path: "/ping"
+
+# # -- Redainess probe configuration
+# # @default -- See below
+# readiness:
+# # -- sets the probe type when not using a custom probe
+# # @default -- "TCP"
+# type: HTTP
+# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+# # @default -- "/"
+# path: "/ping"
+
+# # -- Startup probe configuration
+# # @default -- See below
+# startup:
+# # -- sets the probe type when not using a custom probe
+# # @default -- "TCP"
+# type: HTTP
+# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+# # @default -- "/"
+# path: "/ping"
+
+# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+rbac:
+ main:
+ enabled: true
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ - endpoints
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ - networking.k8s.io
+ resources:
+ - ingresses
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+ - apiGroups:
+ - traefik.containo.us
+ resources:
+ - ingressroutes
+ - ingressroutetcps
+ - ingressrouteudps
+ - middlewares
+ - middlewaretcps
+ - tlsoptions
+ - tlsstores
+ - traefikservices
+ - serverstransports
+ verbs:
+ - get
+ - list
+ - watch
+
+# -- The service account the pods will use to interact with the Kubernetes API
+serviceAccount:
+ main:
+ enabled: true
+
+# -- SCALE Middleware Handlers
+middlewares:
+ basicAuth: []
+ # - name: basicauthexample
+ # users:
+ # - username: testuser
+ # password: testpassword
+ forwardAuth: []
+ # - name: forwardAuthexample
+ # address: https://auth.example.com/
+ # authResponseHeaders:
+ # - X-Secret
+ # - X-Auth-User
+ # authRequestHeaders:
+ # - "Accept"
+ # - "X-CustomHeader"
+ # authResponseHeadersRegex: "^X-"
+ # trustForwardHeader: true
+ chain: []
+ # - name: chainname
+ # middlewares:
+ # - name: compress
+ redirectScheme: []
+ # - name: redirectSchemeName
+ # scheme: https
+ # permanent: true
+ rateLimit: []
+ # - name: rateLimitName
+ # average: 300
+ # burst: 200
+ redirectRegex: []
+ # - name: redirectRegexName
+ # regex: putregexhere
+ # replacement: replacementurlhere
+ # permanent: false
+ stripPrefixRegex: []
+ # - name: stripPrefixRegexName
+ # regex: []
+ ipWhiteList: []
+ # - name: ipWhiteListName
+ # sourceRange: []
+ # ipStrategy:
+ # depth: 2
+ # excludedIPs: []
+ themeParkVersion: v1.3.0
+ themePark: []
+ # - name: themeParkName
+ # -- Supported apps, lower case name
+ # -- https://docs.theme-park.dev/themes
+ # app: appnamehere
+ # -- Supported themes, lower case name
+ # -- https://docs.theme-park.dev/themes/APPNAMEHERE
+ # -- https://docs.theme-park.dev/community-themes
+ # theme: themenamehere
+ # -- https://theme-park.dev or a self hosted url
+ # baseUrl: https://theme-park.dev
+ realIPVersion: v1.0.3
+ # Sets X-Real-Ip with an IP from the X-Forwarded-For or
+ # Cf-Connecting-Ip (If from Cloudflare)
+ # Evaluation of those headers will go from last to first
+ realIP: []
+ # - name: realIPName
+ # -- The real IP will be the first one that is
+ # -- not included in any of the CIDRs passed here
+ # excludedNetworks:
+ # - 1.1.1.1/24
+ addPrefix: []
+ # - name: addPrefixName
+ # prefix: "/foo"
+ geoBlockVersion: v0.2.3
+ geoBlock: []
+ # -- https://github.com/PascalMinder/geoblock
+ # - name: geoBlockName
+ # allowLocalRequests: true
+ # logLocalRequests: false
+ # logAllowedRequests: false
+ # logApiRequests: false
+ # api: https://get.geojs.io/v1/ip/country/{ip}
+ # apiTimeoutMs: 500
+ # cacheSize: 25
+ # forceMonthlyUpdate: true
+ # allowUnknownCountries: false
+ # unknownCountryApiResponse: nil
+ # countries:
+ # - RU
+
+portalhook:
+ enabled: true
+
+persistence:
+ plugins:
+ enabled: true
+ mountPath: "/plugins-storage"
+ type: emptyDir
+
+portal:
+ enabled: true
diff --git a/enterprise/traefik/16.0.11/questions.yaml b/enterprise/traefik/16.0.11/questions.yaml
new file mode 100644
index 0000000000..bc64ab449d
--- /dev/null
+++ b/enterprise/traefik/16.0.11/questions.yaml
@@ -0,0 +1,2487 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: VPN
+ description: VPN
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "http"
+ host:
+ - "$kubernetes-resource_configmap_portal_host"
+ ports:
+ - "$kubernetes-resource_configmap_portal_port"
+ path: "/dashboard/"
+questions:
+ - variable: global
+ label: Global Settings
+ group: "General Settings"
+ schema:
+ type: dict
+ hidden: true
+ attrs:
+ - variable: isSCALE
+ label: Flag this is SCALE
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: controller
+ group: "General Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: replicas
+ description: Number of desired pod replicas
+ label: Desired Replicas
+ schema:
+ type: int
+ required: true
+ default: 1
+ - variable: customextraargs
+ group: "General Settings"
+ label: "Extra Args"
+ description: "Do not click this unless you know what you are doing"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ group: "General Settings"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: ingressClass
+ label: "ingressClass"
+ group: "App Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ description: "When enabled, ingressClass will match the entered name of this app"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: isDefaultClass
+ label: "isDefaultClass"
+ schema:
+ type: boolean
+ default: false
+ - variable: logs
+ label: "Logs"
+ group: "App Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: general
+ label: "General Logs"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: level
+ label: "Log Level"
+ schema:
+ type: string
+ default: "ERROR"
+ enum:
+ - value: "INFO"
+ description: "Info"
+ - value: "WARN"
+ description: "Warnings"
+ - value: "ERROR"
+ description: "Errors"
+ - value: "FATAL"
+ description: "Fatal Errors"
+ - value: "PANIC"
+ description: "Panics"
+ - value: "DEBUG"
+ description: "Debug"
+ - variable: format
+ label: "General Log format"
+ schema:
+ type: string
+ default: "common"
+ enum:
+ - value: "common"
+ description: "Common Log Format"
+ - value: "json"
+ description: "JSON"
+ - variable: access
+ label: "Access Logs"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: enabledFilters
+ label: "Enable Filters"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: filters
+ label: "Filters"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: statuscodes
+ label: "Status codes"
+ schema:
+ type: string
+ default: "200,300-302"
+ - variable: retryattempts
+ label: "retryattempts"
+ schema:
+ type: boolean
+ default: true
+ - variable: minduration
+ label: "minduration"
+ schema:
+ type: string
+ default: "10ms"
+ - variable: fields
+ label: "Fields"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: general
+ label: "General"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: defaultmode
+ label: "Default Mode"
+ schema:
+ type: string
+ default: "keep"
+ enum:
+ - value: "keep"
+ description: "Keep"
+ - value: "drop"
+ description: "Drop"
+ - variable: headers
+ label: "Headers"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: defaultmode
+ label: "Default Mode"
+ schema:
+ type: string
+ default: "drop"
+ enum:
+ - value: "keep"
+ description: "Keep"
+ - value: "drop"
+ description: "Drop"
+ - variable: format
+ label: "Access Log format"
+ schema:
+ type: string
+ default: "common"
+ enum:
+ - value: "common"
+ description: "Common Log Format"
+ - value: "json"
+ description: "JSON"
+ - variable: middlewares
+ label: ""
+ group: "Middlewares"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: basicAuth
+ label: basicAuth
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: basicAuthEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: users
+ label: Users
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: usersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: username
+ label: Username
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: password
+ label: Password
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: forwardAuth
+ label: forwardAuth
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: basicAuthEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: address
+ label: Address
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: trustForwardHeader
+ label: trustForwardHeader
+ schema:
+ type: boolean
+ default: false
+ - variable: tls
+ label: TLS
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: insecureSkipVerify
+ label: insecureSkipVerify (expert)
+ description: >-
+ This disables all TLS certificate validation on communications with the authentication endpoint.
+ This could be a security risk and should only be used if you know what you are doing.
+ schema:
+ type: boolean
+ default: false
+ - variable: authResponseHeadersRegex
+ label: authResponseHeadersRegex
+ schema:
+ type: string
+ default: ""
+ - variable: authResponseHeaders
+ label: authResponseHeaders
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: authResponseHeadersEntry
+ label: ""
+ schema:
+ type: string
+ default: ""
+ - variable: authRequestHeaders
+ label: authRequestHeaders
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: authRequestHeadersEntry
+ label: ""
+ schema:
+ type: string
+ default: ""
+ - variable: chain
+ label: Chain
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: chainEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: middlewares
+ label: Middlewares to Chain
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: redirectScheme
+ label: redirectScheme
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: redirectSchemeEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: scheme
+ label: Scheme
+ schema:
+ type: string
+ required: true
+ default: https
+ enum:
+ - value: https
+ description: https
+ - value: http
+ description: http
+ - variable: permanent
+ label: Permanent
+ schema:
+ type: boolean
+ default: false
+ - variable: rateLimit
+ label: rateLimit
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: rateLimitEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: average
+ label: Average
+ schema:
+ type: int
+ required: true
+ default: 300
+ - variable: burst
+ label: Burst
+ schema:
+ type: int
+ required: true
+ default: 200
+ - variable: redirectRegex
+ label: redirectRegex
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: redirectRegexEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: regex
+ label: Regex
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: replacement
+ label: Replacement
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: permanent
+ label: Permanent
+ schema:
+ type: boolean
+ default: false
+ - variable: stripPrefixRegex
+ label: stripPrefixRegex
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: stripPrefixRegexEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: regex
+ label: Regex
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: regexEntry
+ label: Regex
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: ipWhiteList
+ label: ipWhiteList
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipWhiteListEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: sourceRange
+ label: Source Range
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: sourceRangeEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: ipStrategy
+ label: IP Strategy
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: depth
+ label: Depth
+ schema:
+ type: int
+ required: true
+ - variable: excludedIPs
+ label: Excluded IPs
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: excludedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: themePark
+ label: theme.park
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: themeParkEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: This is a 3rd party plugin and not maintained by TrueCharts,
+ for more information go to traefik-themepark
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: appName
+ label: App Name
+ description: Lower case, name of the app to be themed.
+
Go to https://docs.theme-park.dev/themes/ to see supported apps.
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: themeName
+ label: Theme Name
+ description: Lower case, name of the theme to be applied.
+
Go to https://docs.theme-park.dev/theme-options/ to see supported themes.
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: baseUrl
+ label: Base URL
+ description: Replace `https://theme-park.dev` URL for self-hosting reference.
+ schema:
+ type: string
+ required: true
+ default: https://theme-park.dev
+ - variable: addons
+ label: Addons
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: addonEntry
+ label: Addon
+ description: Currently only supports 'darker' and '4k-logo' for *arr apps.
+
Go to https://docs.theme-park.dev/themes/addons/ for Addon information.
+
Go to https://github.com/packruler/traefik-themepark for more context on plugin
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: realIP
+ label: Real IP
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: realIPEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: excludedNetworks
+ label: Excluded Networks
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: excludedNetEntry
+ label: Excluded Network Entry
+ description: Network to exclude setting it to X-Real-Ip
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: geoBlock
+ label: GeoBlock
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: geoBlockEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: This is a 3rd party plugin and not maintained by TrueCharts,
+ for more information go to geoblock
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: allowLocalRequests
+ label: Allow Local Requests
+ description: If set to true, will not block request from Private IP Ranges
+ schema:
+ type: boolean
+ default: true
+ - variable: logLocalRequests
+ label: Log Local Requests
+ description: If set to true, will log every connection from any IP in the private IP range
+ schema:
+ type: boolean
+ default: false
+ - variable: logAllowedRequests
+ label: Log Allowed Requests
+ description: If set to true, will show a log message with the IP and the country of origin if a request is allowed.
+ schema:
+ type: boolean
+ default: false
+ - variable: logApiRequests
+ label: Log API Requests
+ description: If set to true, will show a log message for every API hit.
+ schema:
+ type: boolean
+ default: false
+ - variable: api
+ label: API
+ description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL.
+ schema:
+ type: string
+ required: true
+ default: https://get.geojs.io/v1/ip/country/{ip}
+ - variable: apiTimeoutMs
+ label: API Timeout in ms
+ description: Timeout for the call to the api uri.
+ schema:
+ type: int
+ required: true
+ default: 500
+ - variable: cacheSize
+ label: Cache Size
+ description: Defines the max size of the LRU (least recently used) cache.
+ schema:
+ type: int
+ required: true
+ default: 25
+ - variable: forceMonthlyUpdate
+ label: Force Monthly Update
+ description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month.
+ schema:
+ type: boolean
+ default: true
+ - variable: allowUnknownCountries
+ label: Allow Unknown Countries
+ description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed.
+ schema:
+ type: boolean
+ default: false
+ - variable: unknownCountryApiResponse
+ label: Unknown Countries API Response
+ description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested.
+ schema:
+ type: string
+ required: true
+ default: nil
+ - variable: countries
+ label: Blocked Countries
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: blockedCountryEntry
+ label: Blocked Country
+ description: Country codes (2 characters) from which connections to the service should be allowed.
+ schema:
+ type: string
+ required: true
+ # Allow only 2 Characters
+ valid_chars: '^[a-zA-Z]{2}$'
+ default: ""
+ - variable: addPrefix
+ label: Add Prefix
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: addPrefixEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: prefix
+ label: Prefix
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: service
+ group: "Networking and Services"
+ label: "Configure Service Entrypoint"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service"
+ description: "The Primary service on which the healthcheck runs, often the webUI"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Entrypoint Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Entrypoints Port"
+ schema:
+ type: int
+ default: 9000
+ required: true
+ - variable: tcp
+ label: "TCP Service"
+ description: "The tcp Entrypoint service"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: web
+ label: "web Entrypoint Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Entrypoints Port"
+ schema:
+ type: int
+ default: 9080
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: redirectPort
+ label: "Redirect to Port"
+ schema:
+ type: int
+ - variable: redirectTo
+ label: "Redirect to Entrypoint"
+ schema:
+ type: string
+ default: "websecure"
+ - variable: forwardedHeaders
+ label: Accept Forwarded Headers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Trust Forwarded Headers from specific IPs.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Always Trust Forwarded Headers
+ schema:
+ type: boolean
+ default: false
+ - variable: proxyProtocol
+ label: Accept Proxy Protocol connections
+ description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Only IPs in trustedIPs will lead to remote client address replacement
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Trust every incoming connection
+ schema:
+ type: boolean
+ default: false
+ - variable: websecure
+ label: "websecure Entrypoints Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Entrypoints Port"
+ schema:
+ type: int
+ default: 9443
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: redirectPort
+ label: "Redirect to Port"
+ schema:
+ type: int
+ - variable: redirectTo
+ label: "Redirect to Entrypoint"
+ schema:
+ type: string
+ - variable: forwardedHeaders
+ label: Accept Forwarded Headers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Trust Forwarded Headers from specific IPs.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Always Trust Forwarded Headers
+ schema:
+ type: boolean
+ default: false
+ - variable: proxyProtocol
+ label: Accept Proxy Protocol connections
+ description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Only IPs in trustedIPs will lead to remote client address replacement
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Trust every incoming connection
+ schema:
+ type: boolean
+ default: false
+ - variable: tls
+ label: "websecure Entrypoints Configuration"
+ schema:
+ type: dict
+ hidden: true
+ attrs:
+ - variable: enabled
+ label: "Enabled"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: portsList
+ label: "Additional TCP Entrypoints"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: "Custom Entrypoints"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the port"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: "Entrypoints Name"
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: "Entrypoints Type"
+ schema:
+ type: string
+ default: "TCP"
+ enum:
+ - value: HTTP
+ description: "HTTP"
+ - value: "HTTPS"
+ description: "HTTPS"
+ - value: TCP
+ description: "TCP"
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ required: true
+ - variable: tls
+ label: "websecure Entrypoints Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enabled"
+ schema:
+ type: boolean
+ default: true
+ - variable: redirectPort
+ label: "Redirect to Port"
+ schema:
+ type: int
+ - variable: redirectTo
+ label: "Redirect to Entrypoint"
+ schema:
+ type: string
+ - variable: forwardedHeaders
+ label: Accept Forwarded Headers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Trust Forwarded Headers from specific IPs.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Always Trust Forwarded Headers
+ schema:
+ type: boolean
+ default: false
+ - variable: proxyProtocol
+ label: Accept Proxy Protocol connections
+ description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Only IPs in trustedIPs will lead to remote client address replacement
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Trust every incoming connection
+ schema:
+ type: boolean
+ default: false
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: Select TrueNAS SCALE Certificate
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: scaleCert
+ label: Select TrueNAS SCALE Certificate
+ schema:
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: security
+ label: Container Security Settings
+ group: Security and Permissions
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: editsecurity
+ label: Change PUID / UMASK values
+ description: By enabling this you override default set values.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "002"
+ - variable: advancedSecurity
+ label: Show Advanced Security Settings
+ group: Security and Permissions
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: securityContext
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: allowPrivilegeEscalation
+ label: "Allow Privilege Escalation"
+ schema:
+ type: boolean
+ default: false
+ - variable: runAsNonRoot
+ label: "runAsNonRoot"
+ schema:
+ type: boolean
+ default: true
+ - variable: podSecurityContext
+ group: Security and Permissions
+ label: Pod Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: runAsUser
+ label: "runAsUser"
+ description: "The UserID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: "runAsGroup"
+ description: "The groupID this App of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: fsGroup
+ label: "fsGroup"
+ description: "The group that should own ALL storage."
+ schema:
+ type: int
+ default: 568
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: hostPath
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ # Specify GPU configuration
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: horizontalPodAutoscaler
+ group: Advanced
+ label: (Advanced) Horizontal Pod Autoscaler
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hpaEntry
+ label: HPA Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: target
+ label: Target
+ description: Deployment name, Defaults to Main Deployment
+ schema:
+ type: string
+ default: ""
+ - variable: minReplicas
+ label: Minimum Replicas
+ schema:
+ type: int
+ default: 1
+ - variable: maxReplicas
+ label: Maximum Replicas
+ schema:
+ type: int
+ default: 5
+ - variable: targetCPUUtilizationPercentage
+ label: Target CPU Utilization Percentage
+ schema:
+ type: int
+ default: 80
+ - variable: targetMemoryUtilizationPercentage
+ label: Target Memory Utilization Percentage
+ schema:
+ type: int
+ default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: git
+ label: Git Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: deployKey
+ description: Raw SSH Private Key
+ label: Deploy Key
+ schema:
+ type: string
+ - variable: deployKeyBase64
+ description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence
+ label: Deploy Key Base64
+ schema:
+ type: string
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: nodePort
+ description: Leave Empty to Disable
+ label: nodePort DEPRECATED
+ schema:
+ type: int
+ default: 36107
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: openvpn
+ description: OpenVPN
+ - value: wireguard
+ description: Wireguard
+ - value: tailscale
+ description: Tailscale
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: dict
+ show_if: [["type", "!=", "disabled"]]
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: hostPath
+ hidden: true
+ - variable: hostPathType
+ label: hostPathType
+ schema:
+ type: string
+ default: File
+ hidden: true
+ - variable: noMount
+ label: noMount
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: hostPath
+ label: Full Path to File
+ description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn"
+ schema:
+ type: string
+ default: ""
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/enterprise/traefik/16.0.11/templates/_args.tpl b/enterprise/traefik/16.0.11/templates/_args.tpl
new file mode 100644
index 0000000000..98cc63897b
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/_args.tpl
@@ -0,0 +1,178 @@
+{{/* Define the args */}}
+{{- define "traefik.args" -}}
+args:
+ {{/* merge all ports */}}
+ {{- $ports := dict }}
+ {{- range $.Values.service }}
+ {{- range $name, $value := .ports }}
+ {{- $_ := set $ports $name $value }}
+ {{- end }}
+ {{- end }}
+ {{/* start of actual arguments */}}
+ {{- with .Values.globalArguments }}
+ {{- range . }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end }}
+ {{- range $name, $config := $ports }}
+ {{- if $config }}
+ {{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
+ {{- $_ := set $config "protocol" "TCP" }}
+ {{- end }}
+ - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
+ {{- end }}
+ {{- end }}
+ - "--api.dashboard=true"
+ - "--ping=true"
+ {{- if .Values.metrics }}
+ {{- if .Values.metrics.datadog }}
+ - "--metrics.datadog=true"
+ - "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
+ {{- end }}
+ {{- if .Values.metrics.influxdb }}
+ - "--metrics.influxdb=true"
+ - "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
+ - "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
+ {{- end }}
+ {{- if .Values.metrics.prometheus }}
+ - "--metrics.prometheus=true"
+ - "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
+ {{- end }}
+ {{- if .Values.metrics.statsd }}
+ - "--metrics.statsd=true"
+ - "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
+ {{- end }}
+ {{- end }}
+ {{- if .Values.providers.kubernetesCRD.enabled }}
+ - "--providers.kubernetescrd"
+ {{- end }}
+ {{- if .Values.providers.kubernetesIngress.enabled }}
+ - "--providers.kubernetesingress"
+ {{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
+ - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
+ {{- end }}
+ {{- if .Values.providers.kubernetesIngress.labelSelector }}
+ - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
+ {{- end }}
+ {{- end }}
+ {{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
+ {{- if .Values.providers.kubernetesCRD.enabled }}
+ - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
+ {{- end }}
+ {{- if .Values.providers.kubernetesIngress.enabled }}
+ - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
+ {{- end }}
+ {{- end }}
+ {{- if .Values.ingressClass.enabled }}
+ - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
+ {{- end }}
+ {{- range $entrypoint, $config := $ports }}
+ {{/* add args for proxyProtocol support */}}
+ {{- if $config.proxyProtocol }}
+ {{- if $config.proxyProtocol.enabled }}
+ {{- if $config.proxyProtocol.insecureMode }}
+ - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
+ {{- end }}
+ {{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
+ - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{/* add args for forwardedHeaders support */}}
+ {{- if $config.forwardedHeaders.enabled }}
+ {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
+ - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
+ {{- end }}
+ {{- if $config.forwardedHeaders.insecureMode }}
+ - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
+ {{- end }}
+ {{- end }}
+ {{/* end forwardedHeaders configuration */}}
+ {{- if $config.redirectTo }}
+ {{- $toPort := index $ports $config.redirectTo }}
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
+ {{- else if $config.redirectPort }}
+ {{ if gt $config.redirectPort 0.0 }}
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
+ {{- end }}
+ {{- end }}
+ {{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
+ {{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls=true"
+ {{- if $config.tls.options }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
+ {{- end }}
+ {{- if $config.tls.certResolver }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
+ {{- end }}
+ {{- if $config.tls.domains }}
+ {{- range $index, $domain := $config.tls.domains }}
+ {{- if $domain.main }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
+ {{- end }}
+ {{- if $domain.sans }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.logs }}
+ - "--log.format={{ .general.format }}"
+ {{- if ne .general.level "ERROR" }}
+ - "--log.level={{ .general.level | upper }}"
+ {{- end }}
+ {{- if .access.enabled }}
+ - "--accesslog=true"
+ - "--accesslog.format={{ .access.format }}"
+ {{- if .access.bufferingsize }}
+ - "--accesslog.bufferingsize={{ .access.bufferingsize }}"
+ {{- end }}
+ {{- if .access.filters }}
+ {{- if .access.filters.statuscodes }}
+ - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
+ {{- end }}
+ {{- if .access.filters.retryattempts }}
+ - "--accesslog.filters.retryattempts"
+ {{- end }}
+ {{- if .access.filters.minduration }}
+ - "--accesslog.filters.minduration={{ .access.filters.minduration }}"
+ {{- end }}
+ {{- end }}
+ - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
+ {{- range $fieldname, $fieldaction := .access.fields.general.names }}
+ - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
+ {{- end }}
+ - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
+ {{- range $fieldname, $fieldaction := .access.fields.headers.names }}
+ - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{/* theme.park */}}
+ {{- if .Values.middlewares.themePark }}
+ - "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
+ - "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}"
+ {{- end }}
+ {{/* End of theme.park */}}
+ {{/* GeoBlock */}}
+ {{- if .Values.middlewares.geoBlock }}
+ - "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock"
+ - "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}"
+ {{- end }}
+ {{/* End of GeoBlock */}}
+ {{/* RealIP */}}
+ {{- if .Values.middlewares.realIP }}
+ - "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip"
+ - "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}"
+ {{- end }}
+ {{/* End of RealIP */}}
+ {{- with .Values.additionalArguments }}
+ {{- range . }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/16.0.11/templates/_helpers.tpl b/enterprise/traefik/16.0.11/templates/_helpers.tpl
new file mode 100644
index 0000000000..ab55e4e7ec
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{/*
+Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
+By convention this will simply use the / to match the name of the
+service generated.
+Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
+*/}}
+{{- define "providers.kubernetesIngress.publishedServicePath" -}}
+{{- $fullName := include "tc.common.names.fullname" . -}}
+{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
+{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct a comma-separated list of whitelisted namespaces
+*/}}
+{{- define "providers.kubernetesIngress.namespaces" -}}
+{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
+{{- end -}}
+{{- define "providers.kubernetesCRD.namespaces" -}}
+{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
+{{- end -}}
diff --git a/enterprise/traefik/16.0.11/templates/_ingressclass.tpl b/enterprise/traefik/16.0.11/templates/_ingressclass.tpl
new file mode 100644
index 0000000000..909e249d6a
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/_ingressclass.tpl
@@ -0,0 +1,24 @@
+{{/* Define the ingressClass */}}
+{{- define "traefik.ingressClass" -}}
+---
+{{ if .Values.ingressClass.enabled }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
+apiVersion: networking.k8s.io/v1
+ {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
+apiVersion: networking.k8s.io/v1beta1
+ {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
+apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
+ {{- else }}
+ {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
+ {{- end }}
+kind: IngressClass
+metadata:
+ annotations:
+ ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
+ labels:
+ {{- include "tc.common.labels" . | nindent 4 }}
+ name: {{ .Release.Name }}
+spec:
+ controller: traefik.io/ingress-controller
+{{- end }}
+{{- end }}
diff --git a/enterprise/traefik/16.0.11/templates/_ingressroute.tpl b/enterprise/traefik/16.0.11/templates/_ingressroute.tpl
new file mode 100644
index 0000000000..7f012c9235
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/_ingressroute.tpl
@@ -0,0 +1,25 @@
+{{/* Define the ingressRoute */}}
+{{- define "traefik.ingressRoute" -}}
+{{ if .Values.ingressRoute.dashboard.enabled }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: {{ include "tc.common.names.fullname" . }}-dashboard
+ annotations:
+ {{- with .Values.ingressRoute.dashboard.annotations }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ {{- include "tc.common.labels" . | nindent 4 }}
+spec:
+ entryPoints:
+ - main
+ routes:
+ - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
+ kind: Rule
+ services:
+ - name: api@internal
+ kind: TraefikService
+{{ end }}
+{{- end -}}
diff --git a/enterprise/traefik/16.0.11/templates/_portalhook.tpl b/enterprise/traefik/16.0.11/templates/_portalhook.tpl
new file mode 100644
index 0000000000..e3586c5d4e
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/_portalhook.tpl
@@ -0,0 +1,26 @@
+{{/* Define the portalHook */}}
+{{- define "traefik.portalhook" -}}
+{{- if .Values.portalhook.enabled }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: portalhook
+ namespace: {{ $namespace }}
+data:
+ {{- $ports := dict }}
+ {{- range $.Values.service }}
+ {{- range $name, $value := .ports }}
+ {{- $_ := set $ports $name $value }}
+ {{- end }}
+ {{- end }}
+ {{- range $name, $value := $ports }}
+ {{ $name }}: {{ $value.port | quote }}
+ {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/16.0.11/templates/_tlsoptions.tpl b/enterprise/traefik/16.0.11/templates/_tlsoptions.tpl
new file mode 100644
index 0000000000..3e5aad3bee
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/_tlsoptions.tpl
@@ -0,0 +1,12 @@
+{{/* Define the tlsOptions */}}
+{{- define "traefik.tlsOptions" -}}
+{{- range $name, $config := .Values.tlsOptions }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+ name: {{ $name }}
+spec:
+ {{- toYaml $config | nindent 2 }}
+{{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/16.0.11/templates/common.yaml b/enterprise/traefik/16.0.11/templates/common.yaml
new file mode 100644
index 0000000000..c933a3d08e
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/common.yaml
@@ -0,0 +1,24 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.common.loader.init" . }}
+
+{{- if .Values.metrics }}
+{{- if .Values.metrics.prometheus }}
+{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
+{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
+{{- $_ := set .Values.podAnnotations "prometheus.io/port" "9180" -}}
+{{- end }}
+{{- end }}
+
+{{- $newArgs := (include "traefik.args" . | fromYaml) }}
+{{- $_ := set .Values "newArgs" $newArgs -}}
+{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
+{{- $_ := set .Values "args" $mergedargs -}}
+
+{{- include "traefik.portalhook" . }}
+{{- include "traefik.tlsOptions" . }}
+{{- include "traefik.ingressRoute" . }}
+{{- include "traefik.ingressClass" . }}
+
+
+{{/* Render the templates */}}
+{{ include "tc.common.loader.apply" . }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/addPrefix.yaml b/enterprise/traefik/16.0.11/templates/middlewares/addPrefix.yaml
new file mode 100644
index 0000000000..233b23834c
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/addPrefix.yaml
@@ -0,0 +1,17 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ addPrefix:
+ prefix: {{ $middlewareData.prefix }}
+{{- end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/basic-middleware.yaml b/enterprise/traefik/16.0.11/templates/middlewares/basic-middleware.yaml
new file mode 100644
index 0000000000..9ba8e5c5d9
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/basic-middleware.yaml
@@ -0,0 +1,62 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: compress
+ namespace: {{ $namespace }}
+spec:
+ compress: {}
+---
+# Here, an average of 300 requests per second is allowed.
+# In addition, a burst of 200 requests is allowed.
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: basic-ratelimit
+ namespace: {{ $namespace }}
+spec:
+ rateLimit:
+ average: 600
+ burst: 400
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: basic-secure-headers
+ namespace: {{ $namespace }}
+spec:
+ headers:
+ accessControlAllowMethods:
+ - GET
+ - OPTIONS
+ - HEAD
+ - PUT
+ accessControlMaxAge: 100
+ stsSeconds: 63072000
+ # stsIncludeSubdomains: false
+ # stsPreload: false
+ forceSTSHeader: true
+ contentTypeNosniff: true
+ browserXssFilter: true
+ referrerPolicy: same-origin
+ customRequestHeaders:
+ X-Forwarded-Proto: "https"
+ customResponseHeaders:
+ server: ''
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: chain-basic
+ namespace: {{ $namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: basic-ratelimit
+ - name: basic-secure-headers
+ - name: compress
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/basicauth.yaml b/enterprise/traefik/16.0.11/templates/middlewares/basicauth.yaml
new file mode 100644
index 0000000000..ccb541742f
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/basicauth.yaml
@@ -0,0 +1,34 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
+---
+{{- $users := list }}
+{{ range $index, $userdata := $middlewareData.users }}
+ {{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }}
+{{ end }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{printf "%v-%v" $middlewareData.name "secret" }}
+ namespace: {{ $namespace }}
+type: Opaque
+stringData:
+ users: |
+ {{- range $index, $user := $users }}
+ {{ printf "%s" $user }}
+ {{- end }}
+---
+# Declaring the user list
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ basicAuth:
+ secret: {{printf "%v-%v" $middlewareData.name "secret" }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/chain.yaml b/enterprise/traefik/16.0.11/templates/middlewares/chain.yaml
new file mode 100644
index 0000000000..f87994f795
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/chain.yaml
@@ -0,0 +1,21 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.chain }}
+
+---
+# Declaring the user list
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ chain:
+ middlewares:
+ {{ range $index, $middleware := .middlewares }}
+ - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
+ {{ end }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/forwardauth.yaml b/enterprise/traefik/16.0.11/templates/middlewares/forwardauth.yaml
new file mode 100644
index 0000000000..4bdefbd5c0
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/forwardauth.yaml
@@ -0,0 +1,34 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ forwardAuth:
+ address: {{ $middlewareData.address }}
+ {{- with $middlewareData.authResponseHeaders }}
+ authResponseHeaders:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with $middlewareData.authRequestHeaders }}
+ authRequestHeaders:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- if $middlewareData.authResponseHeadersRegex }}
+ authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
+ {{- end }}
+ {{- if $middlewareData.trustForwardHeader }}
+ trustForwardHeader: true
+ {{- end }}
+ {{- with $middlewareData.tls }}
+ tls:
+ insecureSkipVerify: {{ .insecureSkipVerify | default false }}
+ {{- end }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/geoblock.yaml b/enterprise/traefik/16.0.11/templates/middlewares/geoblock.yaml
new file mode 100644
index 0000000000..1f0fb75276
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/geoblock.yaml
@@ -0,0 +1,34 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{- range $index, $middlewareData := .Values.middlewares.geoBlock }}
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ plugin:
+ GeoBlock:
+ allowLocalRequests: {{ $middlewareData.allowLocalRequests }}
+ logLocalRequests: {{ $middlewareData.logLocalRequests }}
+ logAllowedRequests: {{ $middlewareData.logAllowedRequests }}
+ logApiRequests: {{ $middlewareData.logApiRequests }}
+ api: {{ $middlewareData.api }}
+ apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }}
+ cacheSize: {{ $middlewareData.cacheSize }}
+ forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }}
+ allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }}
+ unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }}
+ {{- if not $middlewareData.countries }}
+ {{- fail "You have to define at least one country..." }}
+ {{- end }}
+ countries:
+ {{- range $middlewareData.countries }}
+ - {{ . }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/ipwhitelist.yaml b/enterprise/traefik/16.0.11/templates/middlewares/ipwhitelist.yaml
new file mode 100644
index 0000000000..1179245017
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/ipwhitelist.yaml
@@ -0,0 +1,33 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
+
+---
+# Declaring the user list
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ ipWhiteList:
+ sourceRange:
+ {{- range $middlewareData.sourceRange }}
+ - {{ . }}
+ {{- end }}
+ {{- if $middlewareData.ipStrategy }}
+ ipStrategy:
+ {{- if $middlewareData.ipStrategy.depth }}
+ depth: {{ $middlewareData.ipStrategy.depth }}
+ {{- end }}
+ {{- if $middlewareData.ipStrategy.excludedIPs }}
+ excludedIPs:
+ {{- range $middlewareData.ipStrategy.excludedIPs }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/ratelimit.yaml b/enterprise/traefik/16.0.11/templates/middlewares/ratelimit.yaml
new file mode 100644
index 0000000000..144b9d8bf3
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/ratelimit.yaml
@@ -0,0 +1,19 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
+
+---
+# Declaring the user list
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ rateLimit:
+ average: {{ $middlewareData.average }}
+ burst: {{ $middlewareData.burst }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/real-ip.yaml b/enterprise/traefik/16.0.11/templates/middlewares/real-ip.yaml
new file mode 100644
index 0000000000..2dd1ae030a
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/real-ip.yaml
@@ -0,0 +1,21 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{- range $index, $middlewareData := .Values.middlewares.realIP }}
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ plugin:
+ traefik-real-ip:
+ excludednets:
+ {{- range $middlewareData.excludedNetworks }}
+ - {{ . | quote }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/redirectScheme.yaml b/enterprise/traefik/16.0.11/templates/middlewares/redirectScheme.yaml
new file mode 100644
index 0000000000..f2413f84e1
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/redirectScheme.yaml
@@ -0,0 +1,19 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
+
+---
+# Declaring the user list
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ redirectScheme:
+ scheme: {{ $middlewareData.scheme }}
+ permanent: {{ $middlewareData.permanent }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/redirectregex.yaml b/enterprise/traefik/16.0.11/templates/middlewares/redirectregex.yaml
new file mode 100644
index 0000000000..46e3e724dd
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/redirectregex.yaml
@@ -0,0 +1,20 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
+
+---
+# Declaring the user list
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ redirectRegex:
+ regex: {{ $middlewareData.regex | quote }}
+ replacement: {{ $middlewareData.replacement | quote }}
+ permanent: {{ $middlewareData.permanent }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/stripPrefixRegex.yaml b/enterprise/traefik/16.0.11/templates/middlewares/stripPrefixRegex.yaml
new file mode 100644
index 0000000000..007c166ff3
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/stripPrefixRegex.yaml
@@ -0,0 +1,20 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+
+{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ stripPrefixRegex:
+ regex:
+ {{- range $middlewareData.regex }}
+ - {{ . | quote }}
+ {{- end }}
+{{ end }}
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/tc-chains.yaml b/enterprise/traefik/16.0.11/templates/middlewares/tc-chains.yaml
new file mode 100644
index 0000000000..409766daa8
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/tc-chains.yaml
@@ -0,0 +1,29 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: tc-opencors-chain
+ namespace: {{ $namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: basic-ratelimit
+ - name: tc-opencors-headers
+ - name: compress
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: tc-closedcors-chain
+ namespace: {{ $namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: basic-ratelimit
+ - name: tc-closedcors-headers
+ - name: compress
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/tc-headers.yaml b/enterprise/traefik/16.0.11/templates/middlewares/tc-headers.yaml
new file mode 100644
index 0000000000..a0462f1fd7
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/tc-headers.yaml
@@ -0,0 +1,62 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: tc-opencors-headers
+ namespace: {{ $namespace }}
+spec:
+ headers:
+ accessControlAllowHeaders:
+ - '*'
+ accessControlAllowMethods:
+ - GET
+ - OPTIONS
+ - HEAD
+ - PUT
+ - POST
+ accessControlAllowOriginList:
+ - '*'
+ accessControlMaxAge: 100
+ browserXssFilter: true
+ contentTypeNosniff: true
+ customRequestHeaders:
+ X-Forwarded-Proto: https
+ customResponseHeaders:
+ server: ""
+ forceSTSHeader: true
+ referrerPolicy: same-origin
+ sslForceHost: true
+ sslRedirect: true
+ stsSeconds: 63072000
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: tc-closedcors-headers
+ namespace: {{ $namespace }}
+spec:
+ headers:
+ accessControlAllowMethods:
+ - GET
+ - OPTIONS
+ - HEAD
+ - PUT
+ accessControlMaxAge: 100
+ sslRedirect: true
+ stsSeconds: 63072000
+ # stsIncludeSubdomains: false
+ # stsPreload: false
+ forceSTSHeader: true
+ contentTypeNosniff: true
+ browserXssFilter: true
+ sslForceHost: true
+ referrerPolicy: same-origin
+ customRequestHeaders:
+ X-Forwarded-Proto: "https"
+ customResponseHeaders:
+ server: ''
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/tc-nextcloud.yaml b/enterprise/traefik/16.0.11/templates/middlewares/tc-nextcloud.yaml
new file mode 100644
index 0000000000..6a3019d56c
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/tc-nextcloud.yaml
@@ -0,0 +1,25 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: tc-nextcloud-redirectregex-dav
+ namespace: {{ $namespace }}
+spec:
+ redirectRegex:
+ regex: "https://(.*)/.well-known/(card|cal)dav"
+ replacement: "https://${1}/remote.php/dav/"
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: tc-nextcloud-chain
+ namespace: {{ $namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: tc-nextcloud-redirectregex-dav
diff --git a/enterprise/traefik/16.0.11/templates/middlewares/theme-park.yaml b/enterprise/traefik/16.0.11/templates/middlewares/theme-park.yaml
new file mode 100644
index 0000000000..92a4257e27
--- /dev/null
+++ b/enterprise/traefik/16.0.11/templates/middlewares/theme-park.yaml
@@ -0,0 +1,26 @@
+{{- $values := .Values }}
+{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
+{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
+{{- $namespace = "default" }}
+{{- end }}
+{{- range $index, $middlewareData := .Values.middlewares.themePark }}
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ $middlewareData.name }}
+ namespace: {{ $namespace }}
+spec:
+ plugin:
+ traefik-themepark:
+ app: {{ $middlewareData.appName }}
+ theme: {{ $middlewareData.themeName }}
+ baseUrl: {{ $middlewareData.baseUrl }}
+ {{- if $middlewareData.addons }}
+ addons:
+ {{- range $middlewareData.addons }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/enterprise/traefik/16.0.11/values.yaml b/enterprise/traefik/16.0.11/values.yaml
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/enterprise/traefik/item.yaml b/enterprise/traefik/item.yaml
new file mode 100644
index 0000000000..73af68c031
--- /dev/null
+++ b/enterprise/traefik/item.yaml
@@ -0,0 +1,4 @@
+icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
+categories:
+- network
+