Last active
September 4, 2024 09:47
-
-
Save pentago/777503aef4454125536bff90751ddfb9 to your computer and use it in GitHub Desktop.
thanos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Components - https://thanos.io/tip/thanos/quick-tutorial.md/#components | |
| # Using remote write method - https://youtu.be/feHSU0BMcco?t=1882 | |
| # PRometheus remote write - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write | |
| # https://thanos.io/tip/components/rule.md/#stateless-ruler-via-remote-write | |
| # Copyright Broadcom, Inc. All Rights Reserved. | |
| # SPDX-License-Identifier: APACHE-2.0 | |
| ## @section Global parameters | |
| ## Global Docker image parameters | |
| ## Please, note that this will override the image parameters, including dependencies, configured to use the global value | |
| ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass | |
| ## @param global.imageRegistry Global Docker image registry | |
| ## @param global.imagePullSecrets Global Docker registry secret names as an array | |
| ## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) | |
| ## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead | |
| ## | |
| global: | |
| imageRegistry: "" | |
| ## e.g: | |
| ## imagePullSecrets: | |
| ## - myRegistryKeySecretName | |
| ## | |
| imagePullSecrets: [] | |
| defaultStorageClass: "" | |
| storageClass: "" | |
| ## Compatibility adaptations for Kubernetes platforms | |
| ## | |
| compatibility: | |
| ## Compatibility adaptations for Openshift | |
| ## | |
| openshift: | |
| ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | |
| ## | |
| adaptSecurityContext: auto | |
| ## @section Common parameters | |
| ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) | |
| ## | |
| kubeVersion: "" | |
| ## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) | |
| ## | |
| nameOverride: "" | |
| ## @param fullnameOverride String to fully override common.names.fullname template | |
| ## | |
| fullnameOverride: "" | |
| ## @param commonLabels Add labels to all the deployed resources | |
| ## | |
| commonLabels: {} | |
| ## @param commonAnnotations Add annotations to all the deployed resources | |
| ## | |
| commonAnnotations: {} | |
| ## @param clusterDomain Kubernetes Cluster Domain | |
| ## | |
| clusterDomain: cluster.local | |
| ## @param extraDeploy Array of extra objects to deploy with the release | |
| ## | |
| extraDeploy: [] | |
| ## @section Thanos common parameters | |
| ## Bitnami Thanos image | |
| ## ref: https://hub.docker.com/r/bitnami/thanos/tags/ | |
| ## @param image.registry [default: REGISTRY_NAME] Thanos image registry | |
| ## @param image.repository [default: REPOSITORY_NAME/thanos] Thanos image repository | |
| ## @skip image.tag Thanos image tag (immutable tags are recommended) | |
| ## @param image.digest Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | |
| ## @param image.pullPolicy Thanos image pull policy | |
| ## @param image.pullSecrets Specify docker-registry secret names as an array | |
| ## | |
| image: | |
| registry: docker.io | |
| repository: bitnami/thanos | |
| tag: 0.36.1-debian-12-r1 | |
| digest: "" | |
| ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' | |
| ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images | |
| ## | |
| pullPolicy: IfNotPresent | |
| ## Optionally specify an array of imagePullSecrets. | |
| ## Secrets must be manually created in the namespace. | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | |
| ## e.g: | |
| ## pullSecrets: | |
| ## - myRegistryKeySecretName | |
| ## | |
| pullSecrets: [] | |
| ## @param objstoreConfig The [objstore configuration](https://thanos.io/tip/thanos/storage.md/) | |
| ## Specify content for objstore.yml | |
| ## | |
| objstoreConfig: "" | |
| ## @param indexCacheConfig The [index cache configuration](https://thanos.io/tip/components/store.md/) | |
| ## Specify content for index-cache.yml | |
| ## | |
| indexCacheConfig: "" | |
| ## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/tip/components/store.md/) | |
| ## Specify content for bucket-cache.yml | |
| ## | |
| bucketCacheConfig: "" | |
| ## @param existingObjstoreSecret Secret with Objstore Configuration | |
| ## Note: This will override objstoreConfig | |
| ## | |
| existingObjstoreSecret: "thanos-object-storage" # mounts in storageGateway component | |
| ## @param existingObjstoreSecretItems Optional item list for specifying a custom Secret key. If so, path should be objstore.yml | |
| ## | |
| existingObjstoreSecretItems: [] | |
| ## @param httpConfig The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/) | |
| ## If provided, overrides settings under https.* and auth.* | |
| httpConfig: "" | |
| ## @param existingHttpConfigSecret Secret containing the HTTPS and Basic auth configuration | |
| ## | |
| existingHttpConfigSecret: "" | |
| ## HTTPS configuration (Experimental) | |
| ## Ref: https://thanos.io/tip/operating/https.md/ | |
| ## | |
| https: | |
| ## @param https.enabled Set to true to enable HTTPS. Requires a secret containing the certificate and key. | |
| ## | |
| enabled: false | |
| ## @param https.autoGenerated Create self-signed TLS certificates. | |
| ## | |
| autoGenerated: false | |
| ## @param https.existingSecret Existing secret containing your own server key and certificate | |
| ## | |
| existingSecret: "" | |
| ## @param https.certFilename | |
| ## | |
| certFilename: "tls.crt" | |
| ## @param https.keyFilename | |
| ## | |
| keyFilename: "tls.key" | |
| ## @param https.caFilename | |
| ## | |
| caFilename: "ca.crt" | |
| ## @param https.key TLS Key for Thanos HTTPS - ignored if existingSecret is provided | |
| ## @param https.cert TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided | |
| ## @param https.ca (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided | |
| ## | |
| key: "" | |
| cert: "" | |
| ca: "" | |
| ## @param https.clientAuthType Server policy for client authentication using certificates. Maps to ClientAuth Policies. | |
| ## For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType | |
| clientAuthType: "" | |
| ## @param https.extraTlsServerConfig Extra tls_server_config options | |
| ## For more detail on possible options: https://thanos.io/tip/operating/https.md | |
| extraTlsServerConfig: {} | |
| ## Thanos Basic authentication (Experimental) | |
| ## | |
| auth: | |
| ## @param auth.basicAuthUsers Object containing <user>:<passwords> key-value pairs for each user that will have access via basic authentication | |
| ## Note: Passwords will be later encrypted using bcrypt | |
| basicAuthUsers: {} | |
| ## @section Thanos Query parameters | |
| query: | |
| ## @param query.enabled Set to true to enable Thanos Query component | |
| ## | |
| enabled: true | |
| ## @param query.logLevel Thanos Query log level | |
| ## | |
| logLevel: info | |
| ## @param query.logFormat Thanos Query log format | |
| ## | |
| logFormat: logfmt | |
| ## @param query.replicaLabel Replica indicator(s) along which data is de-duplicated | |
| ## | |
| replicaLabel: [replica] | |
| ## Dynamically configure store APIs using DNS discovery | |
| ## @param query.dnsDiscovery.enabled Enable store APIs discovery via DNS | |
| ## @param query.dnsDiscovery.sidecarsService Sidecars service name to discover them using DNS discovery | |
| ## @param query.dnsDiscovery.sidecarsNamespace Sidecars namespace to discover them using DNS discovery | |
| ## | |
| dnsDiscovery: | |
| enabled: true | |
| sidecarsService: "" | |
| sidecarsNamespace: "" | |
| ## @param query.stores Statically configure store APIs to connect with Thanos Query | |
| ## | |
| stores: [] # local services or external sidecars | |
| # - "dnssrv+_grpc._tcp.monitoring-stack-kube-prom-thanos-discovery.monitoring.svc.cluster.local" # Probably need removal after we start using remote write approach | |
| # - "10.146.4.178:10901" # thanos.kerfisveita-production.neu.azure.origo.dev | |
| # - "10.147.4.136:10901" # thanos.kerfisveita-staging.neu.azure.origo.dev | |
| # - "10.149.12.22:10901" | |
| # - "10.142.5.61:10901" | |
| # - "thanos.vissa-staging.neu.azure.origo.dev" | |
| # - "thanos-staging.ccq.origo.dev" | |
| # - "thanos.production.ccq.project.origo.dev" | |
| # - "thanos.metoffice-production.neu.azure.origo.dev" | |
| ## @param query.sdConfig Query Service Discovery Configuration | |
| ## Specify content for servicediscovery.yml | |
| ## | |
| sdConfig: "" | |
| ## @param query.existingSDConfigmap Name of existing ConfigMap with Ruler configuration | |
| ## NOTE: This will override query.sdConfig | |
| ## | |
| existingSDConfigmap: "" | |
| ## @param query.extraEnvVars Extra environment variables for Thanos Query container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param query.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param query.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param query.extraFlags Extra Flags to passed to Thanos Query | |
| ## | |
| extraFlags: [] | |
| ## @param query.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param query.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param query.replicaCount Number of Thanos Query replicas to deploy | |
| ## | |
| replicaCount: 1 | |
| ## @param query.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## @param query.updateStrategy.type Update strategy type for Thanos Query replicas | |
| ## | |
| updateStrategy: | |
| type: RollingUpdate | |
| ## @param query.containerPorts.http HTTP container port | |
| ## @param query.containerPorts.grpc HTTP container port | |
| ## | |
| containerPorts: | |
| http: 10902 | |
| grpc: 10901 | |
| ## K8s Pod Security Context for Thanos Query pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pods | |
| ## @param query.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param query.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param query.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param query.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Query containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param query.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param query.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param query.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param query.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param query.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param query.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param query.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param query.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param query.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param query.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Query containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param query.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if query.resources is set (query.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "small" | |
| ## @param query.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Query containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param query.livenessProbe.enabled Enable livenessProbe on Thanos Query containers | |
| ## @param query.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param query.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param query.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param query.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param query.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param query.readinessProbe.enabled Enable readinessProbe on Thanos Query containers | |
| ## @param query.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param query.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param query.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param query.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param query.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param query.startupProbe.enabled Enable startupProbe on Thanos Query containers | |
| ## @param query.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param query.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param query.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param query.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param query.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param query.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param query.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param query.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param query.initContainers Add additional init containers to the Thanos Query pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param query.sidecars Extra containers running as sidecars to Thanos Query pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param query.extraVolumes Extra volumes to add to Thanos Query | |
| ## | |
| extraVolumes: [] | |
| ## @param query.extraVolumeMounts Extra volume mounts to add to the query container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param query.podAffinityPreset Thanos Query pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAffinityPreset: "" | |
| ## @param query.podAntiAffinityPreset Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## @param query.podAntiAffinityPresetTopologyKey Thanos Query pod anti-affinity topologyKey. Ignored if `query.affinity` is set. | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPresetTopologyKey: "" | |
| ## Thanos Query node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param query.nodeAffinityPreset.type Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param query.nodeAffinityPreset.key Thanos Query node label key to match Ignored if `query.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param query.nodeAffinityPreset.values Thanos Query node label values to match. Ignored if `query.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param query.affinity Thanos Query affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param query.nodeSelector Thanos Query node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param query.tolerations Thanos Query tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param query.podLabels Thanos Query pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param query.podAnnotations Annotations for Thanos Query pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param query.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param query.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param query.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param query.lifecycleHooks for the Thanos Query container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param query.priorityClassName Thanos Query priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param query.schedulerName Name of the k8s scheduler (other than default) for Thanos Query pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## @param query.topologySpreadConstraints Topology Spread Constraints for Thanos Query pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## Thanos Query GRPC parameters | |
| ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags | |
| ## | |
| grpc: | |
| ## GRPC server side | |
| ## | |
| server: | |
| ## TLS configuration | |
| ## @param query.grpc.server.tls.enabled Enable TLS encryption in the GRPC server | |
| ## @param query.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates | |
| ## @param query.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided | |
| ## @param query.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided | |
| ## @param query.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided | |
| ## @param query.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA | |
| ## @param query.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates | |
| ## e.g: | |
| ## existingSecret: | |
| ## name: foo | |
| ## keyMapping: | |
| ## ca-cert: ca.pem | |
| ## tls-cert: cert.pem | |
| ## tls-key: key.pem | |
| ## | |
| tls: | |
| enabled: false | |
| autoGenerated: false | |
| cert: "" | |
| key: "" | |
| ca: "" | |
| clientAuthEnabled: true | |
| existingSecret: {} | |
| ## GRPC client side | |
| ## | |
| client: | |
| ## @param query.grpc.client.serverName Server name to verify the hostname on the returned GRPC certificates | |
| ## | |
| serverName: "" | |
| ## TLS configuration | |
| ## @param query.grpc.client.tls.enabled Enable TLS encryption in the GRPC server | |
| ## @param query.grpc.client.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates | |
| ## @param query.grpc.client.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided | |
| ## @param query.grpc.client.tls.key TLS Key for GRPC server - ignored if existingSecret is provided | |
| ## @param query.grpc.client.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided | |
| ## @param query.grpc.client.tls.existingSecret Existing secret containing your own TLS certificates | |
| ## e.g: | |
| ## existingSecret: | |
| ## name: foo | |
| ## keyMapping: | |
| ## ca-cert: ca.pem | |
| ## tls-cert: cert.pem | |
| ## tls-key: key.pem | |
| ## | |
| tls: | |
| enabled: false | |
| autoGenerated: false | |
| cert: "" | |
| key: "" | |
| ca: "" | |
| existingSecret: {} | |
| ## Network Policies | |
| ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | |
| ## | |
| networkPolicy: | |
| ## @param query.networkPolicy.enabled Specifies whether a NetworkPolicy should be created | |
| ## | |
| enabled: false | |
| ## @param query.networkPolicy.allowExternal Don't require client label for connections | |
| ## The Policy model to apply. When set to false, only pods with the correct | |
| ## client label will have network access to the ports the application is listening | |
| ## on. When true, the app will accept connections from any source | |
| ## (with the correct destination port). | |
| ## | |
| allowExternal: true | |
| ## @param query.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. | |
| ## | |
| allowExternalEgress: true | |
| ## @param query.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraIngress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## from: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| extraIngress: [] | |
| ## @param query.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraEgress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## to: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| ## | |
| extraEgress: [] | |
| ## @param query.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces | |
| ## @param query.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces | |
| ## | |
| ingressNSMatchLabels: {} | |
| ingressNSPodMatchLabels: {} | |
| ## Service parameters | |
| ## | |
| service: | |
| ## @param query.service.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param query.service.ports.http Thanos Query service HTTP port | |
| ## | |
| ports: | |
| http: 9090 | |
| ## @param query.service.nodePorts.http Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| http: "" | |
| ## @param query.service.clusterIP Thanos Query service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param query.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## Set the LoadBalancer service type to internal only | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param query.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## e.g: | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param query.service.externalTrafficPolicy Thanos Query service externalTrafficPolicy | |
| ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param query.service.labels Labels for Thanos Query service | |
| ## | |
| labels: {} | |
| ## @param query.service.annotations Annotations for Thanos Query service | |
| ## | |
| annotations: {} | |
| ## @param query.service.extraPorts Extra ports to expose in the Thanos Query service | |
| ## | |
| extraPorts: [] | |
| ## @param query.service.labelSelectorsOverride Selector for Thanos Query service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param query.service.additionalHeadless Additional Headless service | |
| ## | |
| additionalHeadless: false | |
| ## Headless service properties | |
| ## | |
| headless: | |
| ## @param query.service.headless.annotations Annotations for the headless service. | |
| ## | |
| annotations: {} | |
| ## Service GRPC parameters | |
| ## | |
| serviceGrpc: | |
| ## @param query.serviceGrpc.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param query.serviceGrpc.ports.grpc Thanos Query service GRPC port | |
| ## | |
| ports: | |
| grpc: 10901 | |
| ## @param query.serviceGrpc.nodePorts.grpc Specify the Thanos Query GRPC nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| grpc: "" | |
| ## @param query.serviceGrpc.clusterIP Thanos Query service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param query.serviceGrpc.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## Set the LoadBalancer service type to internal only | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param query.serviceGrpc.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## e.g: | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param query.serviceGrpc.externalTrafficPolicy Thanos Query service externalTrafficPolicy | |
| ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param query.serviceGrpc.labels Labels for Thanos Query service GRPC | |
| ## | |
| labels: {} | |
| ## @param query.serviceGrpc.annotations Annotations for Thanos Query service | |
| ## | |
| annotations: {} | |
| ## @param query.serviceGrpc.extraPorts Extra ports to expose in the Thanos Query service | |
| ## | |
| extraPorts: [] | |
| ## @param query.serviceGrpc.labelSelectorsOverride Selector for Thanos Query service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param query.serviceGrpc.additionalHeadless Additional Headless service | |
| ## | |
| additionalHeadless: false | |
| ## Headless service properties | |
| ## | |
| headless: | |
| ## @param query.serviceGrpc.headless.annotations Annotations for the headless service. | |
| ## | |
| annotations: {} | |
| ## Autoscaling parameters | |
| ## @param query.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param query.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param query.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account | |
| ## @param query.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## RBAC configuration | |
| ## | |
| rbac: | |
| ## @param query.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Service Account | |
| ## | |
| create: false | |
| ## @param query.rbac.rules Custom RBAC rules to set | |
| ## e.g: | |
| ## rules: | |
| ## - apiGroups: | |
| ## - "" | |
| ## resources: | |
| ## - pods | |
| ## verbs: | |
| ## - get | |
| ## - list | |
| ## | |
| rules: [] | |
| ## @param query.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query | |
| ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | |
| ## | |
| pspEnabled: false | |
| ## Thanos Query Autoscaling configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | |
| ## @param query.autoscaling.enabled Enable autoscaling for Thanos Query | |
| ## @param query.autoscaling.minReplicas Minimum number of Thanos Query replicas | |
| ## @param query.autoscaling.maxReplicas Maximum number of Thanos Query replicas | |
| ## @param query.autoscaling.targetCPU Target CPU utilization percentage | |
| ## @param query.autoscaling.targetMemory Target Memory utilization percentage | |
| ## | |
| autoscaling: | |
| enabled: false | |
| minReplicas: "" | |
| maxReplicas: "" | |
| targetCPU: "" | |
| targetMemory: "" | |
| ## Thanos Query Pod Disruption Budget configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb | |
| ## @param query.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query | |
| ## @param query.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled | |
| ## @param query.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable | |
| ## | |
| pdb: | |
| create: true | |
| minAvailable: "" | |
| maxUnavailable: "" | |
| ## Configure the ingress resource that allows you to access Thanos Query | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| ## | |
| ingress: | |
| ## @param query.ingress.enabled Enable ingress controller resource | |
| ## | |
| enabled: false | |
| ## @param query.ingress.hostname Default host for the ingress resource | |
| ## | |
| hostname: thanos.local | |
| ## @param query.ingress.secretName Custom secretName for the ingress resource | |
| ## If query.ingress.secretName is not set, the secret will be named as follows: query.ingress.hostname-tls | |
| secretName: "" | |
| ## @param query.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param query.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## e.g: | |
| ## annotations: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param query.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos.local | |
| ## path: / | |
| ## pathType: ImplementationSpecific | |
| ## | |
| extraHosts: [] | |
| ## @param query.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos.local | |
| ## secretName: thanos.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param query.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param query.ingress.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param query.ingress.tls Enable TLS configuration for the hostname defined at `query.ingress.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.hostname }}` | |
| ## You can: | |
| ## - Use the `query.ingress.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `query.ingress.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param query.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param query.ingress.apiVersion Force Ingress API version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param query.ingress.path Ingress path | |
| ## | |
| path: / | |
| ## @param query.ingress.pathType Ingress path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## Create an ingress object for the GRPC service. This requires an HTTP/2 | |
| ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations | |
| ## - ingress.kubernetes.io/protocol: h2c | |
| ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb | |
| ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp | |
| ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ | |
| ## and also the documentation for your ingress controller. | |
| ## | |
| ## The options that are accepted are identical to the HTTP one listed above | |
| ## | |
| grpc: | |
| ## @param query.ingress.grpc.enabled Enable ingress controller resource (GRPC) | |
| ## | |
| enabled: false | |
| ## @param query.ingress.grpc.hostname Default host for the ingress resource (GRPC) | |
| ## | |
| hostname: thanos-grpc.local | |
| ## @param query.ingress.grpc.secretName Custom secretName for the ingress resource (GRPC) | |
| ## If query.ingress.grpc.secretName is not set, the secret will be named as follows: query.ingress.grpc.hostname-tls | |
| secretName: "" | |
| ## @param query.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param query.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## Examples: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param query.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos-grpc.local | |
| ## path: / | |
| ## | |
| extraHosts: [] | |
| ## @param query.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos-grpc.local | |
| ## secretName: thanos-grpc.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param query.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos-grpc.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param query.ingress.grpc.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param query.ingress.grpc.tls Enable TLS configuration for the hostname defined at `query.ingress.grpc.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.grpc.hostname }}` | |
| ## You can: | |
| ## - Use the `query.ingress.grpc.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `query.ingress.grpc.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param query.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param query.ingress.grpc.apiVersion Override API Version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param query.ingress.grpc.path Ingress Path | |
| ## | |
| path: / | |
| ## @param query.ingress.grpc.pathType Ingress Path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## @section Thanos Query Frontend parameters | |
| queryFrontend: | |
| ## @param queryFrontend.enabled Enable/disable Thanos Query Frontend component | |
| ## | |
| enabled: true | |
| ## @param queryFrontend.logLevel Thanos Query Frontend log level | |
| ## | |
| logLevel: info | |
| ## @param queryFrontend.logFormat Thanos Query Frontend log format | |
| ## | |
| logFormat: logfmt | |
| ## @param queryFrontend.config Thanos Query Frontend configuration | |
| ## Specify content for config.yml | |
| ## | |
| config: "" | |
| ## @param queryFrontend.existingConfigmap Name of existing ConfigMap with Thanos Query Frontend configuration | |
| ## NOTE: This will override queryFrontend.config | |
| ## | |
| existingConfigmap: "" | |
| ## @param queryFrontend.extraEnvVars Extra environment variables for Thanos Query Frontend container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query Frontend nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query Frontend nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param queryFrontend.extraFlags Extra Flags to passed to Thanos Query Frontend | |
| ## | |
| extraFlags: [] | |
| ## @param queryFrontend.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param queryFrontend.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param queryFrontend.replicaCount Number of Thanos Query Frontend replicas to deploy | |
| ## | |
| replicaCount: 1 | |
| ## @param queryFrontend.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## @param queryFrontend.updateStrategy.type Update strategy type for Thanos Query Frontend replicas | |
| ## | |
| updateStrategy: | |
| type: RollingUpdate | |
| ## @param queryFrontend.containerPorts.http HTTP container port | |
| ## | |
| containerPorts: | |
| http: 9090 | |
| ## K8s Pod Security Context for Thanos Query Frontend pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Query Frontend pods | |
| ## @param queryFrontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param queryFrontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param queryFrontend.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param queryFrontend.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query Frontend pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Query Frontend containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param queryFrontend.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param queryFrontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param queryFrontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param queryFrontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param queryFrontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param queryFrontend.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param queryFrontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param queryFrontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Query Frontend containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param queryFrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "small" | |
| ## @param queryFrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Query Frontend containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on Thanos Query Frontend containers | |
| ## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on Thanos Query Frontend containers | |
| ## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param queryFrontend.startupProbe.enabled Enable startupProbe on Thanos Query Frontend containers | |
| ## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param queryFrontend.initContainers Add additional init containers to the Thanos Query Frontend pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param queryFrontend.sidecars Extra containers running as sidecars to Thanos Query Frontend pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param queryFrontend.extraVolumes Extra volumes to add to Thanos Query Frontend | |
| ## | |
| extraVolumes: [] | |
| ## @param queryFrontend.extraVolumeMounts Extra volume mounts to add to the query-frontend container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param queryFrontend.podAffinityPreset Thanos Query Frontend pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAffinityPreset: "" | |
| ## @param queryFrontend.podAntiAffinityPreset Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## Thanos Query Frontend node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param queryFrontend.nodeAffinityPreset.type Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param queryFrontend.nodeAffinityPreset.key Thanos Query Frontend node label key to match. Ignored if `queryFrontend.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param queryFrontend.nodeAffinityPreset.values Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param queryFrontend.affinity Thanos Query Frontend affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param queryFrontend.nodeSelector Thanos Query Frontend node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param queryFrontend.tolerations Thanos Query Frontend tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param queryFrontend.podLabels Thanos Query Frontend pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param queryFrontend.podAnnotations Annotations for Thanos Query Frontend pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param queryFrontend.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param queryFrontend.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param queryFrontend.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param queryFrontend.lifecycleHooks for the Thanos Query Frontend container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param queryFrontend.priorityClassName Thanos Query Frontend priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param queryFrontend.schedulerName Name of the k8s scheduler (other than default) for Thanos Query Frontend pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## Network Policies | |
| ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | |
| ## | |
| networkPolicy: | |
| ## @param queryFrontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created | |
| ## | |
| enabled: false | |
| ## @param queryFrontend.networkPolicy.allowExternal Don't require client label for connections | |
| ## The Policy model to apply. When set to false, only pods with the correct | |
| ## client label will have network access to the ports the application is listening | |
| ## on. When true, the app will accept connections from any source | |
| ## (with the correct destination port). | |
| ## | |
| allowExternal: true | |
| ## @param queryFrontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. | |
| ## | |
| allowExternalEgress: true | |
| ## @param queryFrontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraIngress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## from: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| extraIngress: [] | |
| ## @param queryFrontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraEgress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## to: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| ## | |
| extraEgress: [] | |
| ## @param queryFrontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces | |
| ## @param queryFrontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces | |
| ## | |
| ingressNSMatchLabels: {} | |
| ingressNSPodMatchLabels: {} | |
| ## Service parameters | |
| ## | |
| service: | |
| ## @param queryFrontend.service.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param queryFrontend.service.ports.http Thanos Query Frontend service HTTP port | |
| ## | |
| ports: | |
| http: 9090 | |
| ## @param queryFrontend.service.nodePorts.http Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| http: "" | |
| ## @param queryFrontend.service.clusterIP Thanos Query Frontend service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param queryFrontend.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## Set the LoadBalancer service type to internal only | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param queryFrontend.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## e.g: | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param queryFrontend.service.externalTrafficPolicy Thanos Query Frontend service externalTrafficPolicy | |
| ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param queryFrontend.service.annotations Annotations for Thanos Query Frontend service | |
| ## | |
| annotations: {} | |
| ## @param queryFrontend.service.labels Labels for Thanos Query Frontend service | |
| ## | |
| labels: {} | |
| ## @param queryFrontend.service.extraPorts Extra ports to expose in the Thanos Query Frontend service | |
| ## | |
| extraPorts: [] | |
| ## @param queryFrontend.service.labelSelectorsOverride Selector for Thanos Query service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param queryFrontend.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param queryFrontend.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param queryFrontend.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account | |
| ## @param queryFrontend.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## RBAC configuration | |
| ## | |
| rbac: | |
| ## @param queryFrontend.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Frontend Service Account | |
| ## | |
| create: false | |
| ## @param queryFrontend.rbac.rules Custom RBAC rules to set | |
| ## e.g: | |
| ## rules: | |
| ## - apiGroups: | |
| ## - "" | |
| ## resources: | |
| ## - pods | |
| ## verbs: | |
| ## - get | |
| ## - list | |
| ## | |
| rules: [] | |
| ## @param queryFrontend.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query Frontend | |
| ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | |
| ## | |
| pspEnabled: false | |
| ## Thanos Query Frontend Autoscaling configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | |
| ## @param queryFrontend.autoscaling.enabled Enable autoscaling for Thanos Query Frontend | |
| ## @param queryFrontend.autoscaling.minReplicas Minimum number of Thanos Query Frontend replicas | |
| ## @param queryFrontend.autoscaling.maxReplicas Maximum number of Thanos Query Frontend replicas | |
| ## @param queryFrontend.autoscaling.targetCPU Target CPU utilization percentage | |
| ## @param queryFrontend.autoscaling.targetMemory Target Memory utilization percentage | |
| ## | |
| autoscaling: | |
| enabled: false | |
| minReplicas: "" | |
| maxReplicas: "" | |
| targetCPU: "" | |
| targetMemory: "" | |
| ## Thanos Query Frontend Pod Disruption Budget configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb | |
| ## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query Frontend | |
| ## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled | |
| ## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable | |
| ## | |
| pdb: | |
| create: true | |
| minAvailable: "" | |
| maxUnavailable: "" | |
| ## Configure the ingress resource that allows you to access Thanos Query Frontend | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| ## | |
| ingress: | |
| ## @param queryFrontend.ingress.enabled Enable ingress controller resource | |
| ## | |
| enabled: false | |
| ## @param queryFrontend.ingress.hostname Default host for the ingress resource | |
| ## | |
| hostname: thanos.local | |
| ## @param queryFrontend.ingress.overrideAlertQueryURL Automatically use query-frontend's ingress hostname as --alert.queryURL for both Query and Ruler. | |
| ## This is used in order for the expression url on alerts/rules to be correctly rendered on UI as Frontend's hostname, instead of http://localhost:10902 | |
| ## | |
| overrideAlertQueryURL: true | |
| ## @param queryFrontend.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param queryFrontend.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## e.g: | |
| ## annotations: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param queryFrontend.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos.local | |
| ## path: / | |
| ## pathType: ImplementationSpecific | |
| ## | |
| extraHosts: [] | |
| ## @param queryFrontend.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos.local | |
| ## secretName: thanos.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param queryFrontend.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param queryFrontend.ingress.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param queryFrontend.ingress.tls Enable TLS configuration for the hostname defined at `queryFrontend.ingress.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.queryFrontend.ingress.hostname }}` | |
| ## You can: | |
| ## - Use the `queryFrontend.ingress.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `queryFrontend.ingress.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param queryFrontend.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param queryFrontend.ingress.apiVersion Force Ingress API version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param queryFrontend.ingress.path Ingress path | |
| ## | |
| path: / | |
| ## @param queryFrontend.ingress.pathType Ingress path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## @section Thanos Bucket Web parameters | |
| bucketweb: | |
| ## @param bucketweb.enabled Enable/disable Thanos Bucket Web component | |
| ## | |
| enabled: false | |
| ## @param bucketweb.logLevel Thanos Bucket Web log level | |
| ## | |
| logLevel: info | |
| ## @param bucketweb.logFormat Thanos Bucket Web log format | |
| ## | |
| logFormat: logfmt | |
| ## @param bucketweb.refresh Refresh interval to download metadata from remote storage | |
| ## | |
| refresh: 30m | |
| ## @param bucketweb.timeout Timeout to download metadata from remote storage | |
| ## | |
| timeout: 5m | |
| ## @param bucketweb.extraEnvVars Extra environment variables for Thanos Bucket Web container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param bucketweb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Bucket Web nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param bucketweb.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Bucket Web nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param bucketweb.extraFlags Extra Flags to passed to Thanos Bucket Web | |
| ## | |
| extraFlags: [] | |
| ## @param bucketweb.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param bucketweb.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param bucketweb.replicaCount Number of Thanos Bucket Web replicas to deploy | |
| ## | |
| replicaCount: 1 | |
| ## @param bucketweb.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## @param bucketweb.updateStrategy.type Update strategy type for Thanos Bucket Web replicas | |
| ## | |
| updateStrategy: | |
| type: RollingUpdate | |
| ## @param bucketweb.containerPorts.http HTTP container port | |
| ## | |
| containerPorts: | |
| http: 8080 | |
| ## K8s Pod Security Context for Thanos Bucket Web pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucket Web pods | |
| ## @param bucketweb.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param bucketweb.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param bucketweb.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param bucketweb.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Bucket Web pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Bucket Web containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param bucketweb.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param bucketweb.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param bucketweb.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param bucketweb.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param bucketweb.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param bucketweb.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param bucketweb.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param bucketweb.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Bucket Web containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param bucketweb.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if bucketweb.resources is set (bucketweb.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "small" | |
| ## @param bucketweb.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Bucket Web containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param bucketweb.livenessProbe.enabled Enable livenessProbe on Thanos Bucket Web containers | |
| ## @param bucketweb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param bucketweb.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param bucketweb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param bucketweb.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param bucketweb.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param bucketweb.readinessProbe.enabled Enable readinessProbe on Thanos Bucket Web containers | |
| ## @param bucketweb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param bucketweb.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param bucketweb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param bucketweb.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param bucketweb.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param bucketweb.startupProbe.enabled Enable startupProbe on Thanos Bucket Web containers | |
| ## @param bucketweb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param bucketweb.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param bucketweb.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param bucketweb.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param bucketweb.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param bucketweb.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param bucketweb.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param bucketweb.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param bucketweb.initContainers Add additional init containers to the Thanos Bucket Web pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param bucketweb.sidecars Extra containers running as sidecars to Thanos Bucket Web pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param bucketweb.extraVolumes Extra volumes to add to Bucket Web | |
| ## | |
| extraVolumes: [] | |
| ## @param bucketweb.extraVolumeMounts Extra volume mounts to add to the bucketweb container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param bucketweb.podAffinityPreset Thanos Bucket Web pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAffinityPreset: "" | |
| ## @param bucketweb.podAntiAffinityPreset Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## Thanos Bucket Web node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param bucketweb.nodeAffinityPreset.type Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param bucketweb.nodeAffinityPreset.key Thanos Bucket Web node label key to match. Ignored if `bucketweb.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param bucketweb.nodeAffinityPreset.values Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param bucketweb.affinity Thanos Bucket Web affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param bucketweb.nodeSelector Thanos Bucket Web node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param bucketweb.tolerations Thanos Bucket Web tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param bucketweb.podLabels Thanos Bucket Web pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param bucketweb.podAnnotations Annotations for Thanos Bucket Web pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param bucketweb.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param bucketweb.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param bucketweb.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param bucketweb.lifecycleHooks for the Thanos Bucket Web container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param bucketweb.priorityClassName Thanos Bucket Web priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param bucketweb.schedulerName Name of the k8s scheduler (other than default) for Thanos Bucket Web pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## @param bucketweb.topologySpreadConstraints Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## Network Policies | |
| ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | |
| ## | |
| networkPolicy: | |
| ## @param bucketweb.networkPolicy.enabled Specifies whether a NetworkPolicy should be created | |
| ## | |
| enabled: false | |
| ## @param bucketweb.networkPolicy.allowExternal Don't require client label for connections | |
| ## The Policy model to apply. When set to false, only pods with the correct | |
| ## client label will have network access to the ports the application is listening | |
| ## on. When true, the app will accept connections from any source | |
| ## (with the correct destination port). | |
| ## | |
| allowExternal: true | |
| ## @param bucketweb.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. | |
| ## | |
| allowExternalEgress: true | |
| ## @param bucketweb.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraIngress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## from: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| extraIngress: [] | |
| ## @param bucketweb.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraEgress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## to: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| ## | |
| extraEgress: [] | |
| ## @param bucketweb.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces | |
| ## @param bucketweb.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces | |
| ## | |
| ingressNSMatchLabels: {} | |
| ingressNSPodMatchLabels: {} | |
| ## Service parameters | |
| ## | |
| service: | |
| ## @param bucketweb.service.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param bucketweb.service.ports.http Thanos Bucket Web service HTTP port | |
| ## | |
| ports: | |
| http: 8080 | |
| ## @param bucketweb.service.nodePorts.http Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| http: "" | |
| ## @param bucketweb.service.clusterIP Thanos Bucket Web service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param bucketweb.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param bucketweb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param bucketweb.service.externalTrafficPolicy Thanos Bucket Web service externalTrafficPolicy | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param bucketweb.service.labels Extra labels for Thanos Bucket Web service | |
| ## | |
| labels: {} | |
| ## @param bucketweb.service.annotations Annotations for Thanos Bucket Web service | |
| ## | |
| annotations: {} | |
| ## @param bucketweb.service.extraPorts Extra ports to expose in the Thanos Bucket Web service | |
| ## | |
| extraPorts: [] | |
| ## @param bucketweb.service.labelSelectorsOverride Selector for Thanos Query service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param bucketweb.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param bucketweb.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param bucketweb.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account | |
| ## @param bucketweb.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## Thanos Bucket Web Autoscaling configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | |
| ## @param bucketweb.autoscaling.enabled Enable autoscaling for Thanos Bucket Web | |
| ## @param bucketweb.autoscaling.minReplicas Minimum number of Thanos Bucket Web replicas | |
| ## @param bucketweb.autoscaling.maxReplicas Maximum number of Thanos Bucket Web replicas | |
| ## @param bucketweb.autoscaling.targetCPU Target CPU utilization percentage | |
| ## @param bucketweb.autoscaling.targetMemory Target Memory utilization percentage | |
| ## | |
| autoscaling: | |
| enabled: false | |
| minReplicas: "" | |
| maxReplicas: "" | |
| targetCPU: "" | |
| targetMemory: "" | |
| ## Thanos Bucket Web Pod Disruption Budget configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb | |
| ## @param bucketweb.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Bucket Web | |
| ## @param bucketweb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled | |
| ## @param bucketweb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable | |
| ## | |
| pdb: | |
| create: true | |
| minAvailable: "" | |
| maxUnavailable: "" | |
| ## Configure the ingress resource that allows you to access Thanos Bucketweb | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| ## | |
| ingress: | |
| ## @param bucketweb.ingress.enabled Enable ingress controller resource | |
| ## | |
| enabled: false | |
| ## @param bucketweb.ingress.hostname Default host for the ingress resource | |
| ## | |
| hostname: thanos-bucketweb.local | |
| ## @param bucketweb.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param bucketweb.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## e.g: | |
| ## annotations: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param bucketweb.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos-bucketweb.local | |
| ## path: / | |
| ## pathType: ImplementationSpecific | |
| ## | |
| extraHosts: [] | |
| ## @param bucketweb.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos-bucketweb.local | |
| ## secretName: thanos-bucketweb.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param bucketweb.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos-bucketweb.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param bucketweb.ingress.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param bucketweb.ingress.tls Enable TLS configuration for the hostname defined at `bucketweb.ingress.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.bucketweb.ingress.hostname }}` | |
| ## You can: | |
| ## - Use the `bucketweb.ingress.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `bucketweb.ingress.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param bucketweb.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param bucketweb.ingress.apiVersion Force Ingress API version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param bucketweb.ingress.path Ingress path | |
| ## | |
| path: / | |
| ## @param bucketweb.ingress.pathType Ingress path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## @section Thanos Compactor parameters | |
| compactor: | |
| ## @param compactor.enabled Enable/disable Thanos Compactor component | |
| ## | |
| enabled: true | |
| ## @param compactor.logLevel Thanos Compactor log level | |
| ## | |
| logLevel: info | |
| ## @param compactor.logFormat Thanos Compactor log format | |
| ## | |
| logFormat: logfmt | |
| ## Resolution and Retention flags | |
| ## @param compactor.retentionResolutionRaw Resolution and Retention flag | |
| ## @param compactor.retentionResolution5m Resolution and Retention flag | |
| ## @param compactor.retentionResolution1h Resolution and Retention flag | |
| ## | |
| retentionResolutionRaw: 30d | |
| retentionResolution5m: 60d | |
| retentionResolution1h: 1y | |
| ## @param compactor.consistencyDelay Minimum age of fresh (non-compacted) blocks before they are being processed | |
| ## | |
| consistencyDelay: 30m | |
| ## @param compactor.extraEnvVars Extra environment variables for Thanos Compactor container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Compactor nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Compactor nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param compactor.extraFlags Extra Flags to passed to Thanos Compactor | |
| ## | |
| extraFlags: [] | |
| ## @param compactor.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param compactor.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param compactor.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## K8s CronJob configuration | |
| ## ref: https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/ | |
| ## @param compactor.cronJob.enabled Run compactor as a CronJob rather than a Deployment | |
| ## @param compactor.cronJob.schedule The schedule in Cron format, see <https://en.wikipedia.org/wiki/Cron> | |
| ## @param compactor.cronJob.timeZone The time zone name for the given schedule, see <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones> | |
| ## @param compactor.cronJob.concurrencyPolicy Specifies how to treat concurrent executions of a Job | |
| ## @param compactor.cronJob.startingDeadlineSeconds Optional deadline in seconds for starting the job if it misses scheduled time for any reason | |
| ## @param compactor.cronJob.suspend This flag tells the controller to suspend subsequent executions | |
| ## @param compactor.cronJob.successfulJobsHistoryLimit The number of successful finished jobs to retain | |
| ## @param compactor.cronJob.failedJobsHistoryLimit The number of failed finished jobs to retain | |
| ## @param compactor.cronJob.backoffLimit The number of retries before marking this job failed | |
| ## @param compactor.cronJob.ttlSecondsAfterFinished The maximum retention before removing the job | |
| ## | |
| cronJob: | |
| enabled: false | |
| schedule: "0 */6 * * *" | |
| timeZone: "" | |
| startingDeadlineSeconds: "" | |
| concurrencyPolicy: Forbid | |
| suspend: "" | |
| successfulJobsHistoryLimit: "" | |
| failedJobsHistoryLimit: "" | |
| backoffLimit: "" | |
| ttlSecondsAfterFinished: "" | |
| ## @param compactor.restartPolicy Compactor container restart policy. | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy | |
| ## | |
| restartPolicy: "" | |
| ## @param compactor.updateStrategy.type Update strategy type for Thanos Compactor replicas | |
| ## | |
| updateStrategy: | |
| type: Recreate | |
| ## @param compactor.containerPorts.http HTTP container port | |
| ## | |
| containerPorts: | |
| http: 10902 | |
| ## K8s Pod Security Context for Thanos Compactor pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pods | |
| ## @param compactor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param compactor.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param compactor.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param compactor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Compactor pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Compactor containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param compactor.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param compactor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param compactor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param compactor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param compactor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param compactor.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param compactor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param compactor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param compactor.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param compactor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Compactor containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param compactor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "small" | |
| ## @param compactor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Compactor containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param compactor.livenessProbe.enabled Enable livenessProbe on Thanos Compactor containers | |
| ## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param compactor.readinessProbe.enabled Enable readinessProbe on Thanos Compactor containers | |
| ## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param compactor.startupProbe.enabled Enable startupProbe on Thanos Compactor containers | |
| ## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param compactor.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param compactor.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param compactor.initContainers Add additional init containers to the Thanos Compactor pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param compactor.sidecars Extra containers running as sidecars to Thanos Compactor pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param compactor.extraVolumes Extra volumes to add to Thanos Compactor | |
| ## | |
| extraVolumes: [] | |
| ## @param compactor.extraVolumeMounts Extra volume mounts to add to the compactor container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param compactor.podAffinityPreset Thanos Compactor pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAffinityPreset: "" | |
| ## @param compactor.podAntiAffinityPreset Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## Thanos Compactor node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param compactor.nodeAffinityPreset.type Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param compactor.nodeAffinityPreset.key Thanos Compactor node label key to match. Ignored if `compactor.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param compactor.nodeAffinityPreset.values Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param compactor.affinity Thanos Compactor affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param compactor.nodeSelector Thanos Compactor node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param compactor.tolerations Thanos Compactor tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param compactor.podLabels Thanos Compactor pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param compactor.podAnnotations Annotations for Thanos Compactor pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param compactor.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param compactor.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param compactor.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param compactor.lifecycleHooks for the Thanos Compactor container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param compactor.priorityClassName Thanos Compactor priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param compactor.schedulerName Name of the k8s scheduler (other than default) for Thanos Compactor pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## @param compactor.topologySpreadConstraints Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## Network Policies | |
| ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | |
| ## | |
| networkPolicy: | |
| ## @param compactor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created | |
| ## | |
| enabled: false | |
| ## @param compactor.networkPolicy.allowExternal Don't require client label for connections | |
| ## The Policy model to apply. When set to false, only pods with the correct | |
| ## client label will have network access to the ports the application is listening | |
| ## on. When true, the app will accept connections from any source | |
| ## (with the correct destination port). | |
| ## | |
| allowExternal: true | |
| ## @param compactor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. | |
| ## | |
| allowExternalEgress: true | |
| ## @param compactor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraIngress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## from: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| extraIngress: [] | |
| ## @param compactor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraEgress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## to: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| ## | |
| extraEgress: [] | |
| ## @param compactor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces | |
| ## @param compactor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces | |
| ## | |
| ingressNSMatchLabels: {} | |
| ingressNSPodMatchLabels: {} | |
| ## Service parameters | |
| ## | |
| service: | |
| ## @param compactor.service.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param compactor.service.ports.http Thanos Compactor service HTTP port | |
| ## | |
| ports: | |
| http: 9090 | |
| ## @param compactor.service.nodePorts.http Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| http: "" | |
| ## @param compactor.service.clusterIP Thanos Compactor service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param compactor.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## Set the LoadBalancer service type to internal only | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param compactor.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## e.g: | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param compactor.service.externalTrafficPolicy Thanos Compactor service externalTrafficPolicy | |
| ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param compactor.service.labels Labels for Thanos Compactor service | |
| ## | |
| labels: {} | |
| ## @param compactor.service.annotations Annotations for Thanos Compactor service | |
| ## | |
| annotations: {} | |
| ## @param compactor.service.extraPorts Extra ports to expose in the Thanos Compactor service | |
| ## | |
| extraPorts: [] | |
| ## @param compactor.service.labelSelectorsOverride Selector for Thanos Query service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param compactor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param compactor.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param compactor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account | |
| ## @param compactor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## Configure the ingress resource that allows you to access Thanos Query Frontend | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| ## | |
| ingress: | |
| ## @param compactor.ingress.enabled Enable ingress controller resource | |
| ## | |
| enabled: false | |
| ## @param compactor.ingress.hostname Default host for the ingress resource | |
| ## | |
| hostname: thanos-compactor.local | |
| ## @param compactor.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param compactor.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## e.g: | |
| ## annotations: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param compactor.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos.local | |
| ## path: / | |
| ## pathType: ImplementationSpecific | |
| ## | |
| extraHosts: [] | |
| ## @param compactor.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos.local | |
| ## secretName: thanos.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param compactor.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param compactor.ingress.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param compactor.ingress.tls Enable TLS configuration for the hostname defined at `compactor.ingress.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.compactor.ingress.hostname }}` | |
| ## You can: | |
| ## - Use the `compactor.ingress.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `compactor.ingress.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param compactor.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param compactor.ingress.apiVersion Force Ingress API version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param compactor.ingress.path Ingress path | |
| ## | |
| path: / | |
| ## @param compactor.ingress.pathType Ingress path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## Persistence parameters | |
| ## | |
| persistence: | |
| ## @param compactor.persistence.enabled Enable data persistence using PVC(s) on Thanos Compactor pods | |
| ## | |
| enabled: false | |
| ## @param compactor.persistence.ephemeral Use ephemeral volume for data persistence using PVC(s) on Thanos Compactor pods | |
| ## | |
| ephemeral: false | |
| ## @param compactor.persistence.defaultEmptyDir Defaults to emptyDir if persistence is disabled. | |
| ## | |
| defaultEmptyDir: true | |
| ## @param compactor.persistence.storageClass Specify the `storageClass` used to provision the volume | |
| ## If defined, storageClassName: <storageClass> | |
| ## If set to "-", storageClassName: "", which disables dynamic provisioning | |
| ## If undefined (the default) or set to null, no storageClassName spec is | |
| ## set, choosing the default provisioner. | |
| ## | |
| storageClass: "" | |
| ## @param compactor.persistence.accessModes PVC Access Modes for data volume | |
| ## | |
| accessModes: | |
| - ReadWriteOnce | |
| ## @param compactor.persistence.size PVC Storage Request for data volume | |
| ## | |
| # Likely would need to increase to accomodate blob storage data size. | |
| # If it becomes a hassle to maintain, perhaps we turn Compactor component off and just pay for Azure storage raw data we use. | |
| # We might need to decide on a retention policy for the metrics data - Elfar mentioned keeping it for a year. | |
| size: 50Gi | |
| ## @param compactor.persistence.labels Labels for the PVC | |
| ## | |
| labels: {} | |
| ## @param compactor.persistence.annotations Annotations for the PVC | |
| ## | |
| annotations: {} | |
| ## @param compactor.persistence.existingClaim Name of an existing PVC to use | |
| ## If defined, PVC must be created manually before volume will be bound | |
| ## | |
| existingClaim: "" | |
| ## @section Thanos Store Gateway parameters | |
| storegateway: | |
| ## @param storegateway.enabled Enable/disable Thanos Store Gateway component | |
| ## | |
| enabled: true | |
| ## @param storegateway.logLevel Thanos Store Gateway log level | |
| ## | |
| logLevel: info | |
| ## @param storegateway.logFormat Thanos Store Gateway log format | |
| ## | |
| logFormat: logfmt | |
| ## @param storegateway.useEndpointGroup Specify whether to use `endpoint-group` when querying the Store API of HA Store Gateway replicas | |
| ## NOTE: This will take effect in the querier configuration | |
| ## | |
| useEndpointGroup: false | |
| ## @param storegateway.config Thanos Store Gateway configuration | |
| ## Specify content for config.yml | |
| ## | |
| config: "" | |
| ## @param storegateway.existingConfigmap Name of existing ConfigMap with Thanos Store Gateway configuration | |
| ## NOTE: This will override storegateway.config | |
| ## | |
| existingConfigmap: "" | |
| ## Thanos Store Gateway GRPC parameters | |
| ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/store.md#flags | |
| ## | |
| grpc: | |
| ## GRPC server side | |
| ## | |
| server: | |
| ## TLS configuration | |
| ## @param storegateway.grpc.server.tls.enabled Enable TLS encryption in the GRPC server | |
| ## @param storegateway.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates | |
| ## @param storegateway.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided | |
| ## @param storegateway.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided | |
| ## @param storegateway.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided | |
| ## @param storegateway.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA | |
| ## @param storegateway.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates | |
| ## e.g: | |
| ## existingSecret: | |
| ## name: foo | |
| ## keyMapping: | |
| ## ca-cert: ca.pem | |
| ## tls-cert: cert.pem | |
| ## tls-key: key.pem | |
| ## | |
| tls: | |
| enabled: false | |
| autoGenerated: false | |
| cert: "" | |
| key: "" | |
| ca: "" | |
| clientAuthEnabled: true | |
| existingSecret: {} | |
| ## @param storegateway.extraEnvVars Extra environment variables for Thanos Store Gateway container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param storegateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Store Gateway nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param storegateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Store Gateway nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param storegateway.extraFlags Extra Flags to passed to Thanos Store Gateway | |
| ## | |
| extraFlags: [] | |
| ## @param storegateway.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param storegateway.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param storegateway.replicaCount Number of Thanos Store Gateway replicas to deploy | |
| ## | |
| replicaCount: 1 | |
| ## @param storegateway.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## @param storegateway.updateStrategy.type Update strategy type for Thanos Store Gateway replicas | |
| ## | |
| updateStrategy: | |
| type: RollingUpdate | |
| ## @param storegateway.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies | |
| ## | |
| podManagementPolicy: OrderedReady | |
| ## @param storegateway.containerPorts.http HTTP container port | |
| ## @param storegateway.containerPorts.grpc GRPC container port | |
| ## | |
| containerPorts: | |
| http: 10902 | |
| grpc: 10901 | |
| ## K8s Pod Security Context for Thanos Store Gateway pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Store Gateway pods | |
| ## @param storegateway.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param storegateway.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param storegateway.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param storegateway.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Store Gateway pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Store Gateway containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param storegateway.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param storegateway.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param storegateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param storegateway.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param storegateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param storegateway.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param storegateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param storegateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param storegateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Store Gateway containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param storegateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if storegateway.resources is set (storegateway.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "small" | |
| ## @param storegateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Store Gateway containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param storegateway.livenessProbe.enabled Enable livenessProbe on Thanos Store Gateway containers | |
| ## @param storegateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param storegateway.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param storegateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param storegateway.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param storegateway.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param storegateway.readinessProbe.enabled Enable readinessProbe on Thanos Store Gateway containers | |
| ## @param storegateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param storegateway.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param storegateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param storegateway.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param storegateway.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param storegateway.startupProbe.enabled Enable startupProbe on Thanos Store Gateway containers | |
| ## @param storegateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param storegateway.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param storegateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param storegateway.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param storegateway.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param storegateway.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param storegateway.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param storegateway.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param storegateway.initContainers Add additional init containers to the Thanos Store Gateway pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param storegateway.sidecars Extra containers running as sidecars to Thanos Store Gateway pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param storegateway.extraVolumes Extra volumes to add to Thanos Store Gateway | |
| ## | |
| extraVolumes: [] | |
| ## @param storegateway.extraVolumeMounts Extra volume mounts to add to the storegateway container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param storegateway.podAffinityPreset Thanos Store Gateway pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAffinityPreset: "" | |
| ## @param storegateway.podAntiAffinityPreset Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## Thanos Store Gateway node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param storegateway.nodeAffinityPreset.type Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param storegateway.nodeAffinityPreset.key Thanos Store Gateway node label key to match. Ignored if `storegateway.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param storegateway.nodeAffinityPreset.values Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param storegateway.affinity Thanos Store Gateway affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param storegateway.nodeSelector Thanos Store Gateway node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param storegateway.tolerations Thanos Store Gateway tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param storegateway.podLabels Thanos Store Gateway pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param storegateway.podAnnotations Annotations for Thanos Store Gateway pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param storegateway.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param storegateway.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param storegateway.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param storegateway.lifecycleHooks for the Thanos Store Gateway container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param storegateway.priorityClassName Thanos Store Gateway priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param storegateway.topologySpreadConstraints Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## @param storegateway.schedulerName Name of the k8s scheduler (other than default) for Thanos Store Gateway pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## Network Policies | |
| ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | |
| ## | |
| networkPolicy: | |
| ## @param storegateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created | |
| ## | |
| enabled: false | |
| ## @param storegateway.networkPolicy.allowExternal Don't require client label for connections | |
| ## The Policy model to apply. When set to false, only pods with the correct | |
| ## client label will have network access to the ports the application is listening | |
| ## on. When true, the app will accept connections from any source | |
| ## (with the correct destination port). | |
| ## | |
| allowExternal: true | |
| ## @param storegateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. | |
| ## | |
| allowExternalEgress: true | |
| ## @param storegateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraIngress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## from: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| extraIngress: [] | |
| ## @param storegateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraEgress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## to: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| ## | |
| extraEgress: [] | |
| ## @param storegateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces | |
| ## @param storegateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces | |
| ## | |
| ingressNSMatchLabels: {} | |
| ingressNSPodMatchLabels: {} | |
| ## Service parameters | |
| ## | |
| service: | |
| ## @param storegateway.service.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param storegateway.service.ports.http Thanos Store Gateway service HTTP port | |
| ## @param storegateway.service.ports.grpc Thanos Store Gateway service GRPC port | |
| ## | |
| ports: | |
| http: 9090 | |
| grpc: 10901 | |
| ## @param storegateway.service.nodePorts.http Specify the Thanos Store Gateway HTTP nodePort value for the LoadBalancer and NodePort service types | |
| ## @param storegateway.service.nodePorts.grpc Specify the Thanos Store Gateway GRPC nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| http: "" | |
| grpc: "" | |
| ## @param storegateway.service.clusterIP Thanos Store Gateway service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param storegateway.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## Set the LoadBalancer service type to internal only | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param storegateway.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## e.g: | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param storegateway.service.externalTrafficPolicy Thanos Store Gateway service externalTrafficPolicy | |
| ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param storegateway.service.labels Extra labels for Thanos Store Gateway service | |
| ## | |
| labels: {} | |
| ## @param storegateway.service.annotations Annotations for Thanos Store Gateway service | |
| ## | |
| annotations: {} | |
| ## @param storegateway.service.extraPorts Extra ports to expose in the Thanos Store Gateway service | |
| ## | |
| extraPorts: [] | |
| ## @param storegateway.service.labelSelectorsOverride Selector for Thanos Query service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param storegateway.service.additionalHeadless Additional Headless service | |
| ## | |
| additionalHeadless: false | |
| ## Headless service properties | |
| ## | |
| headless: | |
| ## @param storegateway.service.headless.annotations Annotations for the headless service. | |
| ## | |
| annotations: {} | |
| ## Persistence parameters | |
| ## | |
| persistence: | |
| ## @param storegateway.persistence.enabled Enable data persistence using PVC(s) on Thanos Store Gateway pods | |
| ## | |
| enabled: false | |
| ## @param storegateway.persistence.storageClass Specify the `storageClass` used to provision the volume | |
| ## If defined, storageClassName: <storageClass> | |
| ## If set to "-", storageClassName: "", which disables dynamic provisioning | |
| ## If undefined (the default) or set to null, no storageClassName spec is | |
| ## set, choosing the default provisioner. | |
| ## | |
| storageClass: "" | |
| ## @param storegateway.persistence.accessModes PVC Access Modes for data volume | |
| ## | |
| accessModes: | |
| - ReadWriteOnce | |
| ## @param storegateway.persistence.size PVC Storage Request for data volume | |
| ## | |
| size: 8Gi | |
| ## @param storegateway.persistence.labels Labels for the PVC | |
| ## | |
| labels: {} | |
| ## @param storegateway.persistence.annotations Annotations for the PVC | |
| ## | |
| annotations: {} | |
| ## @param storegateway.persistence.existingClaim Name of an existing PVC to use | |
| ## If defined, PVC must be created manually before volume will be bound | |
| ## | |
| existingClaim: "" | |
| ## Persistent Volume Claim Retention Policy | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention | |
| ## | |
| persistentVolumeClaimRetentionPolicy: | |
| ## @param storegateway.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Store Gateway Statefulset | |
| ## | |
| enabled: false | |
| ## @param storegateway.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced | |
| ## | |
| whenScaled: Retain | |
| ## @param storegateway.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted | |
| ## | |
| whenDeleted: Retain | |
| ## @param storegateway.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param storegateway.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param storegateway.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account | |
| ## @param storegateway.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## Thanos Store Gateway Autoscaling configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | |
| ## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway | |
| ## @param storegateway.autoscaling.minReplicas Minimum number of Thanos Store Gateway replicas | |
| ## @param storegateway.autoscaling.maxReplicas Maximum number of Thanos Store Gateway replicas | |
| ## @param storegateway.autoscaling.targetCPU Target CPU utilization percentage | |
| ## @param storegateway.autoscaling.targetMemory Target Memory utilization percentage | |
| ## | |
| autoscaling: | |
| enabled: false | |
| minReplicas: "" | |
| maxReplicas: "" | |
| targetCPU: "" | |
| targetMemory: "" | |
| ## Thanos Store Gateway Pod Disruption Budget configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb | |
| ## @param storegateway.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Store Gateway | |
| ## @param storegateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled | |
| ## @param storegateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable | |
| ## | |
| pdb: | |
| create: true | |
| minAvailable: "" | |
| maxUnavailable: "" | |
| ## Configure the ingress resource that allows you to access Thanos Query Frontend | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| ## | |
| ingress: | |
| ## @param storegateway.ingress.enabled Enable ingress controller resource | |
| ## | |
| enabled: false | |
| ## @param storegateway.ingress.hostname Default host for the ingress resource | |
| ## | |
| hostname: thanos-storegateway.local | |
| ## @param storegateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param storegateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## e.g: | |
| ## annotations: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param storegateway.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos.local | |
| ## path: / | |
| ## pathType: ImplementationSpecific | |
| ## | |
| extraHosts: [] | |
| ## @param storegateway.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos.local | |
| ## secretName: thanos.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param storegateway.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param storegateway.ingress.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param storegateway.ingress.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.hostname }}` | |
| ## You can: | |
| ## - Use the `storegateway.ingress.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param storegateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param storegateway.ingress.apiVersion Force Ingress API version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param storegateway.ingress.path Ingress path | |
| ## | |
| path: / | |
| ## @param storegateway.ingress.pathType Ingress path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## Create an ingress object for the GRPC service. This requires an HTTP/2 | |
| ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations | |
| ## - ingress.kubernetes.io/protocol: h2c | |
| ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb | |
| ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp | |
| ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ | |
| ## and also the documentation for your ingress controller. | |
| ## | |
| ## The options that are accepted are identical to the HTTP one listed above | |
| ## | |
| grpc: | |
| ## @param storegateway.ingress.grpc.enabled Enable ingress controller resource (GRPC) | |
| ## | |
| enabled: false | |
| ## @param storegateway.ingress.grpc.hostname Default host for the ingress resource (GRPC) | |
| ## | |
| hostname: thanos-grpc.local | |
| ## @param storegateway.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param storegateway.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## Examples: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param storegateway.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos-grpc.local | |
| ## path: / | |
| ## | |
| extraHosts: [] | |
| ## @param storegateway.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos-grpc.local | |
| ## secretName: thanos-grpc.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param storegateway.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos-grpc.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param storegateway.ingress.grpc.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param storegateway.ingress.grpc.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.grpc.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.grpc.hostname }}` | |
| ## You can: | |
| ## - Use the `storegateway.ingress.grpc.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.grpc.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param storegateway.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param storegateway.ingress.grpc.apiVersion Override API Version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param storegateway.ingress.grpc.path Ingress Path | |
| ## | |
| path: / | |
| ## @param storegateway.ingress.grpc.pathType Ingress Path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## Sharded parameters | |
| ## @param storegateway.sharded.enabled Enable sharding for Thanos Store Gateway | |
| ## @param storegateway.sharded.hashPartitioning.shards Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks | |
| ## @param storegateway.sharded.hashPartitioning.extraRelabelingConfigs Setting extra relabel config | |
| ## e,g: | |
| ## extraRelabelingConfigs: | |
| ## - action: keep | |
| ## source_labels: ["region"] | |
| ## regex: cn-zhangjiakou | |
| ## @param storegateway.sharded.timePartitioning [array] Setting time timePartitioning will create multiple store deployments based on the number of partitions | |
| ## @param storegateway.sharded.service.clusterIPs Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards | |
| ## e.g: | |
| ## clusterIPs: | |
| ## - X.X.X.X | |
| ## - Y.Y.Y.Y | |
| ## @param storegateway.sharded.service.loadBalancerIPs Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards | |
| ## e.g: | |
| ## loadBalancerIPs: | |
| ## - X.X.X.X | |
| ## - Y.Y.Y.Y | |
| ## @param storegateway.sharded.service.http.nodePorts Array of http node ports used for Store Gateway service. Length must be the same as the number of shards | |
| ## e.g: | |
| ## nodePorts: | |
| ## - 30001 | |
| ## - 30002 | |
| ## @param storegateway.sharded.service.grpc.nodePorts Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards | |
| ## e.g: | |
| ## nodePorts: | |
| ## - 30011 | |
| ## - 30012 | |
| ## | |
| sharded: | |
| enabled: false | |
| hashPartitioning: | |
| shards: "" | |
| extraRelabelingConfigs: [] | |
| timePartitioning: | |
| - min: "" | |
| max: "" | |
| service: | |
| clusterIPs: [] | |
| loadBalancerIPs: [] | |
| http: | |
| nodePorts: [] | |
| grpc: | |
| nodePorts: [] | |
| ## @section Thanos Ruler parameters | |
| ruler: | |
| ## @param ruler.enabled Enable/disable Thanos Ruler component | |
| ## | |
| enabled: true | |
| ## @param ruler.logLevel Thanos Ruler log level | |
| ## | |
| logLevel: info | |
| ## @param ruler.logFormat Thanos Ruler log format | |
| ## | |
| logFormat: logfmt | |
| ## @param ruler.replicaLabel Label to treat as a replica indicator along which data is de-duplicated | |
| ## | |
| replicaLabel: replica | |
| ## @param ruler.dnsDiscovery.enabled Dynamically configure Query APIs using DNS discovery | |
| ## | |
| dnsDiscovery: | |
| enabled: true | |
| ## @param ruler.queryURL Thanos query/query-frontend URL to link in Ruler UI. | |
| ## | |
| queryURL: "" | |
| ## @param ruler.alertmanagers Alert managers URLs array | |
| ## NOTE: This is only used when ruler.alertmanagersConfig is not set | |
| ## | |
| alertmanagers: | |
| - http://monitoring-stack-kube-prom-alertmanager.monitoring.svc.cluster.local:9093 | |
| ## @param ruler.alertmanagersConfig Alert managers configuration | |
| ## NOTE: This is only used when ruler.alertmanagers is not set | |
| ## ref: https://thanos.io/tip/components/rule.md/#alertmanager | |
| ## e.g: | |
| ## alertmanagersConfig: | |
| ## alertmanagers: | |
| ## - http_config: | |
| ## basic_auth: | |
| ## username: some_user | |
| ## password: some_pass | |
| ## static_configs: | |
| ## - alertmanager.thanos.io | |
| ## scheme: http | |
| ## timeout: 10s | |
| ## api_version: v2 | |
| ## | |
| alertmanagersConfig: "" | |
| ## @param ruler.evalInterval The default evaluation interval to use | |
| ## | |
| evalInterval: 1m | |
| ## @param ruler.clusterName Used to set the 'ruler_cluster' label | |
| ## | |
| clusterName: "" | |
| ## @param ruler.config Ruler configuration | |
| ## Specify content for ruler.yml | |
| ## | |
| config: |- | |
| groups: | |
| - name: "metamonitoring" | |
| rules: | |
| - alert: "PrometheusDown" | |
| expr: absent(up{prometheus="monitoring/monitoring-stack-kube-prom-prometheus"}) | |
| ## @param ruler.dataPath Path to the data directory | |
| ## | |
| ## e.g. /data | |
| dataPath: "" | |
| ## @param ruler.existingConfigmap Name of existing ConfigMap with Ruler configuration | |
| ## NOTE: This will override ruler.config | |
| ## | |
| existingConfigmap: "" | |
| ## @param ruler.extraEnvVars Extra environment variables for Thanos Ruler container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Ruler nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Ruler nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param ruler.extraFlags Extra Flags to passed to Thanos Ruler | |
| ## | |
| extraFlags: [] | |
| ## @param ruler.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param ruler.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param ruler.replicaCount Number of Thanos Ruler replicas to deploy | |
| ## | |
| replicaCount: 1 | |
| ## @param ruler.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## @param ruler.updateStrategy.type Update strategy type for Thanos Ruler replicas | |
| ## | |
| updateStrategy: | |
| type: RollingUpdate | |
| ## @param ruler.podManagementPolicy Statefulset Pod Management Policy Type | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies | |
| ## | |
| podManagementPolicy: OrderedReady | |
| ## @param ruler.containerPorts.http HTTP container port | |
| ## @param ruler.containerPorts.grpc GRPC container port | |
| ## | |
| containerPorts: | |
| http: 10902 | |
| grpc: 10901 | |
| ## K8s Pod Security Context for Thanos Ruler pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pods | |
| ## @param ruler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param ruler.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param ruler.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param ruler.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Ruler pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Ruler containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param ruler.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param ruler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param ruler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param ruler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param ruler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param ruler.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param ruler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param ruler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param ruler.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param ruler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Ruler containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param ruler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "small" | |
| ## @param ruler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Ruler containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param ruler.livenessProbe.enabled Enable livenessProbe on Thanos Ruler containers | |
| ## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param ruler.readinessProbe.enabled Enable readinessProbe on Thanos Ruler containers | |
| ## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param ruler.startupProbe.enabled Enable startupProbe on Thanos Ruler containers | |
| ## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param ruler.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param ruler.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param ruler.initContainers Add additional init containers to the Thanos Ruler pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param ruler.sidecars Extra containers running as sidecars to Thanos Ruler pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param ruler.extraVolumes Extra volumes to add to Thanos Ruler | |
| ## | |
| extraVolumes: [] | |
| ## @param ruler.extraVolumeMounts Extra volume mounts to add to the ruler container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param ruler.podAffinityPreset Thanos Ruler pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAffinityPreset: "" | |
| ## @param ruler.podAntiAffinityPreset Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## Thanos Ruler node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param ruler.nodeAffinityPreset.type Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param ruler.nodeAffinityPreset.key Thanos Ruler node label key to match. Ignored if `ruler.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param ruler.nodeAffinityPreset.values Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param ruler.affinity Thanos Ruler affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param ruler.nodeSelector Thanos Ruler node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param ruler.tolerations Thanos Ruler tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param ruler.podLabels Thanos Ruler pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param ruler.podAnnotations Annotations for Thanos Ruler pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param ruler.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param ruler.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param ruler.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param ruler.lifecycleHooks for the Thanos Ruler container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param ruler.priorityClassName Thanos Ruler priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param ruler.schedulerName Name of the k8s scheduler (other than default) for Thanos Ruler pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## @param ruler.topologySpreadConstraints Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## Network Policies | |
| ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | |
| ## | |
| networkPolicy: | |
| ## @param ruler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created | |
| ## | |
| enabled: false | |
| ## @param ruler.networkPolicy.allowExternal Don't require client label for connections | |
| ## The Policy model to apply. When set to false, only pods with the correct | |
| ## client label will have network access to the ports the application is listening | |
| ## on. When true, the app will accept connections from any source | |
| ## (with the correct destination port). | |
| ## | |
| allowExternal: true | |
| ## @param ruler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. | |
| ## | |
| allowExternalEgress: true | |
| ## @param ruler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraIngress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## from: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| extraIngress: [] | |
| ## @param ruler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraEgress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## to: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| ## | |
| extraEgress: [] | |
| ## @param ruler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces | |
| ## @param ruler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces | |
| ## | |
| ingressNSMatchLabels: {} | |
| ingressNSPodMatchLabels: {} | |
| ## Service parameters | |
| ## | |
| service: | |
| ## @param ruler.service.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param ruler.service.ports.http Thanos Ruler service HTTP port | |
| ## @param ruler.service.ports.grpc Thanos Ruler service GRPC port | |
| ## | |
| ports: | |
| http: 9090 | |
| grpc: 10901 | |
| ## @param ruler.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types | |
| ## @param ruler.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| http: "" | |
| grpc: "" | |
| ## @param ruler.service.clusterIP Thanos Ruler service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param ruler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## Set the LoadBalancer service type to internal only | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param ruler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## e.g: | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param ruler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy | |
| ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param ruler.service.labels Extra labels for Thanos Ruler service | |
| ## | |
| labels: {} | |
| ## @param ruler.service.annotations Annotations for Thanos Ruler service | |
| ## | |
| annotations: {} | |
| ## @param ruler.service.extraPorts Extra ports to expose in the Thanos Ruler service | |
| ## | |
| extraPorts: [] | |
| ## @param ruler.service.labelSelectorsOverride Selector for Thanos Query service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param ruler.service.additionalHeadless Additional Headless service | |
| ## | |
| additionalHeadless: false | |
| ## Headless service properties | |
| ## | |
| headless: | |
| ## @param ruler.service.headless.annotations Annotations for the headless service. | |
| ## | |
| annotations: {} | |
| ## Persistence parameters | |
| ## | |
| persistence: | |
| ## @param ruler.persistence.enabled Enable data persistence using PVC(s) on Thanos Ruler pods | |
| ## | |
| enabled: false | |
| ## @param ruler.persistence.storageClass Specify the `storageClass` used to provision the volume | |
| ## If defined, storageClassName: <storageClass> | |
| ## If set to "-", storageClassName: "", which disables dynamic provisioning | |
| ## If undefined (the default) or set to null, no storageClassName spec is | |
| ## set, choosing the default provisioner. | |
| ## | |
| storageClass: "" | |
| ## @param ruler.persistence.accessModes PVC Access Modes for data volume | |
| ## | |
| accessModes: | |
| - ReadWriteOnce | |
| ## @param ruler.persistence.size PVC Storage Request for data volume | |
| ## | |
| size: 8Gi | |
| ## @param ruler.persistence.annotations Annotations for the PVC | |
| ## | |
| annotations: {} | |
| ## @param ruler.persistence.existingClaim Name of an existing PVC to use | |
| ## If defined, PVC must be created manually before volume will be bound | |
| ## | |
| existingClaim: "" | |
| ## Persistent Volume Claim Retention Policy | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention | |
| ## | |
| persistentVolumeClaimRetentionPolicy: | |
| ## @param ruler.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Ruler Statefulset | |
| ## | |
| enabled: false | |
| ## @param ruler.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced | |
| ## | |
| whenScaled: Retain | |
| ## @param ruler.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted | |
| ## | |
| whenDeleted: Retain | |
| ## @param ruler.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param ruler.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param ruler.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account | |
| ## @param ruler.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## Thanos Ruler Autoscaling configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | |
| ## @param ruler.autoscaling.enabled Enable autoscaling for Thanos Ruler | |
| ## @param ruler.autoscaling.minReplicas Minimum number of Thanos Ruler replicas | |
| ## @param ruler.autoscaling.maxReplicas Maximum number of Thanos Ruler replicas | |
| ## @param ruler.autoscaling.targetCPU Target CPU utilization percentage | |
| ## @param ruler.autoscaling.targetMemory Target Memory utilization percentage | |
| ## | |
| autoscaling: | |
| enabled: false | |
| minReplicas: "" | |
| maxReplicas: "" | |
| targetCPU: "" | |
| targetMemory: "" | |
| ## Thanos Ruler Pod Disruption Budget configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb | |
| ## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Ruler | |
| ## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled | |
| ## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable | |
| ## | |
| pdb: | |
| create: true | |
| minAvailable: "" | |
| maxUnavailable: "" | |
| ## Configure the ingress resource that allows you to access Thanos Ruler | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| ## | |
| ingress: | |
| ## @param ruler.ingress.enabled Enable ingress controller resource | |
| ## | |
| enabled: false | |
| ## @param ruler.ingress.hostname Default host for the ingress resource | |
| ## | |
| hostname: thanos-ruler.local | |
| ## @param ruler.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param ruler.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## e.g: | |
| ## annotations: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param ruler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos.local | |
| ## path: / | |
| ## pathType: ImplementationSpecific | |
| ## | |
| extraHosts: [] | |
| ## @param ruler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos.local | |
| ## secretName: thanos.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param ruler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param ruler.ingress.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param ruler.ingress.apiVersion Force Ingress API version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param ruler.ingress.path Ingress path | |
| ## | |
| path: / | |
| ## @param ruler.ingress.pathType Ingress path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## @section Thanos Receive parameters | |
| receive: | |
| ## @param receive.enabled Enable/disable Thanos Receive component | |
| ## | |
| enabled: true | |
| ## @param receive.mode Mode to run receiver in. Valid options are "standalone" or "dual-mode" | |
| ## ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md | |
| ## Enables running the Thanos Receiver in dual mode. Setting this to "dual-mode" will create a deployment for | |
| ## the stateless thanos distributor. | |
| mode: standalone | |
| ## @param receive.logLevel Thanos Receive log level | |
| ## | |
| logLevel: info | |
| ## @param receive.logFormat Thanos Receive log format | |
| ## | |
| logFormat: logfmt | |
| ## @param receive.tsdbRetention Thanos Receive TSDB retention period | |
| ## | |
| tsdbRetention: 30d | |
| ## @param receive.replicationFactor Thanos Receive replication-factor | |
| ## | |
| replicationFactor: 1 | |
| ## @param receive.config Receive Hashring configuration | |
| ## Note: json formatted string and yaml allowed. | |
| ## e.g: | |
| ## config: | |
| ## - endpoints: | |
| ## - "127.0.0.1:10901" | |
| ## | |
| config: [] | |
| ## @param receive.tsdbPath Thanos Receive path to the time series database | |
| ## | |
| ## e.g.: /var/thanos/receive | |
| tsdbPath: "" | |
| ## @param receive.existingConfigmap Name of existing ConfigMap with Thanos Receive Hashring configuration | |
| ## NOTE: This will override receive.config | |
| ## | |
| existingConfigmap: "" | |
| ## @param receive.replicaLabel Label to treat as a replica indicator along which data is de-duplicated | |
| ## | |
| replicaLabel: replica | |
| ## Thanos Receive parameters | |
| ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags | |
| ## | |
| grpc: | |
| ## GRPC server side | |
| ## | |
| server: | |
| ## TLS configuration | |
| ## @param receive.grpc.server.tls.enabled Enable TLS encryption in the GRPC server | |
| ## @param receive.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates | |
| ## @param receive.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided | |
| ## @param receive.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided | |
| ## @param receive.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided | |
| ## @param receive.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA | |
| ## @param receive.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates | |
| ## e.g: | |
| ## existingSecret: | |
| ## name: foo | |
| ## keyMapping: | |
| ## ca-cert: ca.pem | |
| ## tls-cert: cert.pem | |
| ## tls-key: key.pem | |
| ## | |
| tls: | |
| enabled: false | |
| autoGenerated: false | |
| cert: "" | |
| key: "" | |
| ca: "" | |
| clientAuthEnabled: true | |
| existingSecret: {} | |
| ## @param receive.extraEnvVars Extra environment variables for Thanos Receive container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param receive.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param receive.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param receive.extraFlags Extra Flags to passed to Thanos Receive | |
| ## | |
| extraFlags: [] | |
| ## @param receive.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param receive.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param receive.replicaCount Number of Thanos Receive replicas to deploy | |
| ## | |
| replicaCount: 1 | |
| ## @param receive.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## @param receive.updateStrategy.type Update strategy type for Thanos Receive replicas | |
| ## | |
| updateStrategy: | |
| type: RollingUpdate | |
| ## @param receive.podManagementPolicy | |
| ## @param receive.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies | |
| ## | |
| podManagementPolicy: OrderedReady | |
| ## @param receive.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update | |
| ## | |
| minReadySeconds: 0 | |
| ## @param receive.containerPorts.http HTTP container port | |
| ## @param receive.containerPorts.grpc GRPC container port | |
| ## @param receive.containerPorts.remote remote-write container port | |
| ## | |
| containerPorts: | |
| http: 10902 | |
| grpc: 10901 | |
| remote: 19291 | |
| ## K8s Pod Security Context for Thanos Receive pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pods | |
| ## @param receive.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param receive.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param receive.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param receive.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Receive containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param receive.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param receive.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param receive.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param receive.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param receive.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param receive.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param receive.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param receive.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param receive.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param receive.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Receive containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param receive.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receive.resources is set (receive.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "large" | |
| ## @param receive.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Receive containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param receive.livenessProbe.enabled Enable livenessProbe on Thanos Receive containers | |
| ## @param receive.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param receive.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param receive.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param receive.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param receive.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param receive.readinessProbe.enabled Enable readinessProbe on Thanos Receive containers | |
| ## @param receive.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param receive.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param receive.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param receive.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param receive.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param receive.startupProbe.enabled Enable startupProbe on Thanos Receive containers | |
| ## @param receive.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param receive.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param receive.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param receive.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param receive.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param receive.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param receive.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param receive.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param receive.initContainers Add additional init containers to the Thanos Receive pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param receive.sidecars Extra containers running as sidecars to Thanos Receive pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param receive.extraVolumes Extra volumes to add to Thanos Receive | |
| ## | |
| extraVolumes: [] | |
| ## @param receive.extraVolumeMounts Extra volume mounts to add to the receive container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param receive.podAffinityPreset Thanos Receive pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## Allowed values: soft, hard | |
| ## | |
| podAffinityPreset: "" | |
| ## @param receive.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## Thanos Receive node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param receive.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receive.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param receive.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receive.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param receive.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receive.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param receive.affinity Thanos Receive affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param receive.nodeSelector Thanos Receive node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param receive.tolerations Thanos Receive tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param receive.statefulsetLabels Thanos Receive statefulset labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| statefulsetLabels: {} | |
| ## @param receive.podLabels Thanos Receive pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param receive.podAnnotations Annotations for Thanos Receive pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param receive.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param receive.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param receive.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param receive.terminationGracePeriodSeconds for the Thanos Receive containers(s) to extend the grace period | |
| ## | |
| terminationGracePeriodSeconds: "" | |
| ## @param receive.lifecycleHooks for the Thanos Receive container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param receive.priorityClassName Thanos Receive priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param receive.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## @param receive.topologySpreadConstraints Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## Network Policies | |
| ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | |
| ## | |
| networkPolicy: | |
| ## @param receive.networkPolicy.enabled Specifies whether a NetworkPolicy should be created | |
| ## | |
| enabled: false | |
| ## @param receive.networkPolicy.allowExternal Don't require client label for connections | |
| ## The Policy model to apply. When set to false, only pods with the correct | |
| ## client label will have network access to the ports the application is listening | |
| ## on. When true, the app will accept connections from any source | |
| ## (with the correct destination port). | |
| ## | |
| allowExternal: true | |
| ## @param receive.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. | |
| ## | |
| allowExternalEgress: true | |
| ## @param receive.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraIngress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## from: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| extraIngress: [] | |
| ## @param receive.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy | |
| ## e.g: | |
| ## extraEgress: | |
| ## - ports: | |
| ## - port: 1234 | |
| ## to: | |
| ## - podSelector: | |
| ## - matchLabels: | |
| ## - role: frontend | |
| ## - podSelector: | |
| ## - matchExpressions: | |
| ## - key: role | |
| ## operator: In | |
| ## values: | |
| ## - frontend | |
| ## | |
| extraEgress: [] | |
| ## @param receive.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces | |
| ## @param receive.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces | |
| ## | |
| ingressNSMatchLabels: {} | |
| ingressNSPodMatchLabels: {} | |
| ## Service parameters | |
| ## | |
| service: | |
| ## @param receive.service.type Kubernetes service type | |
| ## | |
| type: ClusterIP | |
| ## @param receive.service.ports.http Thanos Ruler service HTTP port | |
| ## @param receive.service.ports.grpc Thanos Ruler service GRPC port | |
| ## @param receive.service.ports.remote Thanos Ruler service remote port | |
| ## | |
| ports: | |
| http: 10902 | |
| grpc: 10901 | |
| remote: 19291 | |
| ## @param receive.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types | |
| ## @param receive.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types | |
| ## @param receive.service.nodePorts.remote Specify the Thanos Ruler remote nodePort value for the LoadBalancer and NodePort service types | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport | |
| ## | |
| nodePorts: | |
| http: "" | |
| grpc: "" | |
| remote: "" | |
| ## @param receive.service.clusterIP Thanos Ruler service clusterIP IP | |
| ## e.g: | |
| ## clusterIP: None | |
| ## | |
| clusterIP: "" | |
| ## @param receive.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | |
| ## | |
| loadBalancerIP: "" | |
| ## @param receive.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer | |
| ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service | |
| ## e.g: | |
| ## loadBalancerSourceRanges: | |
| ## - 10.10.10.0/24 | |
| ## | |
| loadBalancerSourceRanges: [] | |
| ## @param receive.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy | |
| ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | |
| ## | |
| externalTrafficPolicy: Cluster | |
| ## @param receive.service.labels Extra labels for Thanos Receive service | |
| ## | |
| labels: {} | |
| ## @param receive.service.annotations Annotations for Thanos Receive service | |
| ## | |
| annotations: {} | |
| ## @param receive.service.extraPorts Extra ports to expose in the Thanos Receive service | |
| ## | |
| extraPorts: [] | |
| ## @param receive.service.labelSelectorsOverride Selector for Thanos receive service | |
| ## | |
| labelSelectorsOverride: {} | |
| ## @param receive.service.additionalHeadless Additional Headless service | |
| ## | |
| additionalHeadless: false | |
| ## Headless service properties | |
| ## | |
| headless: | |
| ## @param receive.service.headless.annotations Annotations for the headless service. | |
| ## | |
| annotations: {} | |
| ## @param receive.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param receive.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param receive.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account | |
| ## @param receive.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## Thanos Receive Autoscaling configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | |
| ## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive | |
| ## @param receive.autoscaling.minReplicas Minimum number of Thanos Receive replicas | |
| ## @param receive.autoscaling.maxReplicas Maximum number of Thanos Receive replicas | |
| ## @param receive.autoscaling.targetCPU Target CPU utilization percentage | |
| ## @param receive.autoscaling.targetMemory Target Memory utilization percentage | |
| ## | |
| autoscaling: | |
| enabled: false | |
| minReplicas: "1" | |
| maxReplicas: "3" | |
| targetCPU: "75" | |
| targetMemory: "75" | |
| ## Thanos Receive Pod Disruption Budget configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb | |
| ## @param receive.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive | |
| ## @param receive.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled | |
| ## @param receive.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable | |
| ## | |
| pdb: | |
| create: true | |
| minAvailable: "" | |
| maxUnavailable: "" | |
| ## Persistence parameters | |
| ## | |
| persistence: | |
| ## @param receive.persistence.enabled Enable data persistence using PVC(s) on Thanos Receive pods | |
| ## | |
| enabled: true | |
| ## @param receive.persistence.storageClass Specify the `storageClass` used to provision the volume | |
| ## If defined, storageClassName: <storageClass> | |
| ## If set to "-", storageClassName: "", which disables dynamic provisioning | |
| ## If undefined (the default) or set to null, no storageClassName spec is | |
| ## set, choosing the default provisioner. | |
| ## | |
| storageClass: "" | |
| ## @param receive.persistence.accessModes PVC Access Modes for data volume | |
| ## | |
| accessModes: | |
| - ReadWriteOnce | |
| ## @param receive.persistence.size PVC Storage Request for data volume | |
| ## | |
| size: 10Gi | |
| ## @param receive.persistence.labels Labels for the PVC | |
| ## | |
| labels: {} | |
| ## @param receive.persistence.annotations Annotations for the PVC | |
| ## | |
| annotations: {} | |
| ## @param receive.persistence.existingClaim Name of an existing PVC to use | |
| ## If defined, PVC must be created manually before volume will be bound | |
| ## | |
| existingClaim: "" | |
| ## Persistent Volume Claim Retention Policy | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention | |
| ## | |
| persistentVolumeClaimRetentionPolicy: | |
| ## @param receive.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Receive Statefulset | |
| ## | |
| enabled: false | |
| ## @param receive.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced | |
| ## | |
| whenScaled: Retain | |
| ## @param receive.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted | |
| ## | |
| whenDeleted: Retain | |
| ## Configure the ingress resource that allows you to access Thanos Receive | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ | |
| ## | |
| ingress: | |
| ## @param receive.ingress.enabled Set to true to enable ingress record generation | |
| ## | |
| enabled: false | |
| ## @param receive.ingress.hostname When the ingress is enabled, a host pointing to this will be created | |
| ## | |
| hostname: thanos-receive.local | |
| ## @param receive.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | |
| ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . | |
| ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ | |
| ## | |
| ingressClassName: "" | |
| ## @param receive.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | |
| ## For a full list of possible ingress annotations, please see | |
| ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md | |
| ## Use this parameter to set the required annotations for cert-manager, see | |
| ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations | |
| ## | |
| ## e.g: | |
| ## annotations: | |
| ## kubernetes.io/ingress.class: nginx | |
| ## cert-manager.io/cluster-issuer: cluster-issuer-name | |
| ## | |
| annotations: {} | |
| ## @param receive.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. | |
| ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array | |
| ## extraHosts: | |
| ## - name: thanos.local | |
| ## path: / | |
| ## pathType: ImplementationSpecific | |
| ## portName: "http" # or "remote" | |
| ## | |
| extraHosts: [] | |
| ## @param receive.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. | |
| ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls | |
| ## extraTls: | |
| ## - hosts: | |
| ## - thanos.local | |
| ## secretName: thanos.local-tls | |
| ## | |
| extraTls: [] | |
| ## @param receive.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets | |
| ## key and certificate should start with -----BEGIN CERTIFICATE----- or | |
| ## -----BEGIN RSA PRIVATE KEY----- | |
| ## | |
| ## name should line up with a tlsSecret set further up | |
| ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set | |
| ## | |
| ## It is also possible to create and manage the certificates outside of this helm chart | |
| ## Please see README.md for more information | |
| ## e.g: | |
| ## - name: thanos.local-tls | |
| ## key: | |
| ## certificate: | |
| ## | |
| secrets: [] | |
| ## @param receive.ingress.extraRules Additional rules to be covered with this ingress record | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules | |
| ## e.g: | |
| ## extraRules: | |
| ## - host: example.local | |
| ## http: | |
| ## path: / | |
| ## backend: | |
| ## service: | |
| ## name: example-svc | |
| ## port: | |
| ## name: http | |
| ## | |
| extraRules: [] | |
| ## @param receive.ingress.tls Enable TLS configuration for the hostname defined at `receive.ingress.hostname` parameter | |
| ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.receive.ingress.hostname }}` | |
| ## You can: | |
| ## - Use the `receive.ingress.secrets` parameter to create this TLS secret | |
| ## - Rely on cert-manager to create it by setting the corresponding annotations | |
| ## - Rely on Helm to create self-signed certificates by setting `receive.ingress.selfSigned=true` | |
| ## | |
| tls: false | |
| ## @param receive.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm | |
| ## | |
| selfSigned: false | |
| ## @param receive.ingress.apiVersion Override API Version (automatically detected if not set) | |
| ## | |
| apiVersion: "" | |
| ## @param receive.ingress.path Ingress Path | |
| ## | |
| path: / | |
| ## @param receive.ingress.pathType Ingress Path type | |
| ## | |
| pathType: ImplementationSpecific | |
| ## @section Thanos Receive Distributor parameters | |
| receiveDistributor: | |
| ## @param receiveDistributor.enabled Enable/disable Thanos Receive Distributor component | |
| ## | |
| enabled: false | |
| ## @param receiveDistributor.logLevel Thanos Receive Distributor log level | |
| ## | |
| logLevel: info | |
| ## @param receiveDistributor.logFormat Thanos Receive Distributor log format | |
| ## | |
| logFormat: logfmt | |
| ## @param receiveDistributor.replicaLabel Label to treat as a replica indicator along which data is de-duplicated | |
| ## | |
| replicaLabel: replica | |
| ## @param receiveDistributor.replicationFactor Thanos Receive Distributor replication-factor | |
| ## | |
| replicationFactor: 1 | |
| ## @param receiveDistributor.extraEnvVars Extra environment variables for Thanos Receive Distributor container | |
| ## e.g: | |
| ## extraEnvVars: | |
| ## - name: FOO | |
| ## value: "bar" | |
| ## | |
| extraEnvVars: [] | |
| ## @param receiveDistributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes | |
| ## | |
| extraEnvVarsCM: "" | |
| ## @param receiveDistributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes | |
| ## | |
| extraEnvVarsSecret: "" | |
| ## @param receiveDistributor.extraFlags Extra Flags to passed to Thanos Receive Distributor | |
| ## | |
| extraFlags: [] | |
| ## @param receiveDistributor.command Override default container command (useful when using custom images) | |
| ## | |
| command: [] | |
| ## @param receiveDistributor.args Override default container args (useful when using custom images) | |
| ## | |
| args: [] | |
| ## @param receiveDistributor.replicaCount Number of Thanos Receive Distributor replicas to deploy | |
| ## | |
| replicaCount: 1 | |
| ## @param receiveDistributor.revisionHistoryLimit The number of old history to retain to allow rollback | |
| ## | |
| revisionHistoryLimit: 10 | |
| ## @param receiveDistributor.updateStrategy.type Update strategy type for Thanos Receive Distributor replicas | |
| ## | |
| updateStrategy: | |
| type: RollingUpdate | |
| ## K8s Pod Security Context for Thanos Receive Distributor pods | |
| ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | |
| ## @param receiveDistributor.podSecurityContext.enabled Enable security context for the Thanos Receive Distributor pods | |
| ## @param receiveDistributor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy | |
| ## @param receiveDistributor.podSecurityContext.sysctls Set kernel settings using the sysctl interface | |
| ## @param receiveDistributor.podSecurityContext.supplementalGroups Set filesystem extra groups | |
| ## @param receiveDistributor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive Distributor pods | |
| ## | |
| podSecurityContext: | |
| enabled: true | |
| fsGroupChangePolicy: Always | |
| sysctls: [] | |
| supplementalGroups: [] | |
| fsGroup: 1001 | |
| ## K8s containers' Security Context for Thanos Receive Distributor containers | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | |
| ## @param receiveDistributor.containerSecurityContext.enabled Enabled containers' Security Context | |
| ## @param receiveDistributor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container | |
| ## @param receiveDistributor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser | |
| ## @param receiveDistributor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup | |
| ## @param receiveDistributor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot | |
| ## @param receiveDistributor.containerSecurityContext.privileged Set container's Security Context privileged | |
| ## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem | |
| ## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation | |
| ## @param receiveDistributor.containerSecurityContext.capabilities.drop List of capabilities to be dropped | |
| ## @param receiveDistributor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile | |
| ## | |
| containerSecurityContext: | |
| enabled: true | |
| seLinuxOptions: {} | |
| runAsUser: 1001 | |
| runAsGroup: 1001 | |
| runAsNonRoot: true | |
| privileged: false | |
| readOnlyRootFilesystem: true | |
| allowPrivilegeEscalation: false | |
| capabilities: | |
| drop: ["ALL"] | |
| seccompProfile: | |
| type: "RuntimeDefault" | |
| ## Thanos Receive Distributor containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## @param receiveDistributor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receiveDistributor.resources is set (receiveDistributor.resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "small" | |
| ## @param receiveDistributor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} | |
| ## Configure extra options for Thanos Receive Distributor containers' liveness and readiness probes | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes | |
| ## @param receiveDistributor.livenessProbe.enabled Enable livenessProbe on Thanos Receive Distributor containers | |
| ## @param receiveDistributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe | |
| ## @param receiveDistributor.livenessProbe.periodSeconds Period seconds for livenessProbe | |
| ## @param receiveDistributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe | |
| ## @param receiveDistributor.livenessProbe.failureThreshold Failure threshold for livenessProbe | |
| ## @param receiveDistributor.livenessProbe.successThreshold Success threshold for livenessProbe | |
| ## | |
| livenessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param receiveDistributor.readinessProbe.enabled Enable readinessProbe on Thanos Receive Distributor containers | |
| ## @param receiveDistributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe | |
| ## @param receiveDistributor.readinessProbe.periodSeconds Period seconds for readinessProbe | |
| ## @param receiveDistributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe | |
| ## @param receiveDistributor.readinessProbe.failureThreshold Failure threshold for readinessProbe | |
| ## @param receiveDistributor.readinessProbe.successThreshold Success threshold for readinessProbe | |
| ## | |
| readinessProbe: | |
| enabled: true | |
| initialDelaySeconds: 30 | |
| timeoutSeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| failureThreshold: 6 | |
| ## @param receiveDistributor.startupProbe.enabled Enable startupProbe on Thanos Receive Distributor containers | |
| ## @param receiveDistributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe | |
| ## @param receiveDistributor.startupProbe.periodSeconds Period seconds for startupProbe | |
| ## @param receiveDistributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe | |
| ## @param receiveDistributor.startupProbe.failureThreshold Failure threshold for startupProbe | |
| ## @param receiveDistributor.startupProbe.successThreshold Success threshold for startupProbe | |
| ## | |
| startupProbe: | |
| enabled: false | |
| initialDelaySeconds: 5 | |
| periodSeconds: 5 | |
| timeoutSeconds: 1 | |
| failureThreshold: 15 | |
| successThreshold: 1 | |
| ## @param receiveDistributor.customLivenessProbe Custom livenessProbe that overrides the default one | |
| ## | |
| customLivenessProbe: {} | |
| ## @param receiveDistributor.customReadinessProbe Custom readinessProbe that overrides the default one | |
| ## | |
| customReadinessProbe: {} | |
| ## @param receiveDistributor.customStartupProbe Custom startupProbe that overrides the default one | |
| ## | |
| customStartupProbe: {} | |
| ## @param receiveDistributor.terminationGracePeriodSeconds for the Thanos Receive containers(s) to extend the grace period | |
| ## | |
| terminationGracePeriodSeconds: "" | |
| ## @param receiveDistributor.initContainers Add additional init containers to the Thanos Receive Distributor pods | |
| ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ | |
| ## e.g: | |
| ## initContainers: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## command: ['sh', '-c', 'echo "hello world"'] | |
| ## | |
| initContainers: [] | |
| ## @param receiveDistributor.sidecars Extra containers running as sidecars to Thanos Receive Distributor pods | |
| ## e.g: | |
| ## sidecars: | |
| ## - name: your-image-name | |
| ## image: your-image | |
| ## imagePullPolicy: Always | |
| ## ports: | |
| ## - name: portname | |
| ## containerPort: 1234 | |
| ## | |
| sidecars: [] | |
| ## @param receiveDistributor.extraVolumes Extra volumes to add to Thanos Receive Distributor | |
| ## | |
| extraVolumes: [] | |
| ## @param receiveDistributor.extraVolumeMounts Extra volume mounts to add to the receive distributor container | |
| ## | |
| extraVolumeMounts: [] | |
| ## @param receiveDistributor.podAffinityPreset Thanos Receive pod affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## Allowed values: soft, hard | |
| ## | |
| podAffinityPreset: "" | |
| ## @param receiveDistributor.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity | |
| ## | |
| podAntiAffinityPreset: soft | |
| ## Thanos Receive node affinity preset | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity | |
| ## | |
| nodeAffinityPreset: | |
| ## @param receiveDistributor.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | |
| ## | |
| type: "" | |
| ## @param receiveDistributor.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set. | |
| ## e.g: | |
| ## key: "kubernetes.io/e2e-az-name" | |
| ## | |
| key: "" | |
| ## @param receiveDistributor.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set. | |
| ## e.g: | |
| ## values: | |
| ## - e2e-az1 | |
| ## - e2e-az2 | |
| ## | |
| values: [] | |
| ## @param receiveDistributor.affinity Thanos Receive Distributor affinity for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
| ## Note: receiveDistributor.podAffinityPreset, receiveDistributor.podAntiAffinityPreset, and receiveDistributor.nodeAffinityPreset will be ignored when it's set | |
| ## | |
| affinity: {} | |
| ## @param receiveDistributor.nodeSelector Thanos Receive Distributor node labels for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ | |
| ## | |
| nodeSelector: {} | |
| ## @param receiveDistributor.tolerations Thanos Receive Distributor tolerations for pod assignment | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
| ## | |
| tolerations: [] | |
| ## @param receiveDistributor.podLabels Thanos Receive Distributor pod labels | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | |
| ## | |
| podLabels: {} | |
| ## @param receiveDistributor.podAnnotations Annotations for Thanos Receive Distributor pods | |
| ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | |
| ## | |
| podAnnotations: {} | |
| ## @param receiveDistributor.dnsConfig Deployment pod DNS config | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsConfig: | |
| ## options: | |
| ## - name: ndots | |
| ## value: "4" | |
| ## - name: single-request-reopen | |
| ## | |
| dnsConfig: {} | |
| ## @param receiveDistributor.dnsPolicy Deployment pod DNS policy | |
| ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ | |
| ## E.g. | |
| ## dnsPolicy: ClusterFirstWithHostNet | |
| ## | |
| dnsPolicy: "" | |
| ## @param receiveDistributor.hostAliases Deployment pod host aliases | |
| ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | |
| ## | |
| hostAliases: [] | |
| ## @param receiveDistributor.lifecycleHooks for the Thanos Receive Distributor container(s) to automate configuration before or after startup | |
| ## | |
| lifecycleHooks: {} | |
| ## @param receiveDistributor.priorityClassName Thanos Receive Distributor priorityClassName | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ | |
| ## | |
| priorityClassName: "" | |
| ## @param receiveDistributor.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods | |
| ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
| ## | |
| schedulerName: "" | |
| ## @param receiveDistributor.topologySpreadConstraints Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains | |
| ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods | |
| ## | |
| topologySpreadConstraints: [] | |
| ## @param receiveDistributor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment | |
| ## | |
| automountServiceAccountToken: true | |
| ## ServiceAccount configuration | |
| ## @param receiveDistributor.serviceAccount.create Specifies whether a ServiceAccount should be created | |
| ## @param receiveDistributor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | |
| ## @param receiveDistributor.serviceAccount.annotations Annotations for Thanos Receive Distributor Service Account | |
| ## @param receiveDistributor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token | |
| ## | |
| serviceAccount: | |
| create: true | |
| name: "" | |
| annotations: {} | |
| automountServiceAccountToken: false | |
| ## Thanos Receive Distributor Autoscaling configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | |
| ## @param receiveDistributor.autoscaling.enabled Enable autoscaling for Thanos Receive Distributor | |
| ## @param receiveDistributor.autoscaling.minReplicas Minimum number of Thanos Receive Distributor replicas | |
| ## @param receiveDistributor.autoscaling.maxReplicas Maximum number of Thanos Receive Distributor replicas | |
| ## @param receiveDistributor.autoscaling.targetCPU Target CPU utilization percentage | |
| ## @param receiveDistributor.autoscaling.targetMemory Target Memory utilization percentage | |
| ## | |
| autoscaling: | |
| enabled: false | |
| minReplicas: "" | |
| maxReplicas: "" | |
| targetCPU: "" | |
| targetMemory: "" | |
| ## Thanos Receive Distributor Pod Disruption Budget configuration | |
| ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb | |
| ## @param receiveDistributor.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor | |
| ## @param receiveDistributor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled | |
| ## @param receiveDistributor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable | |
| ## | |
| pdb: | |
| create: true | |
| minAvailable: "" | |
| maxUnavailable: "" | |
| ## @section Metrics parameters | |
| ## Prometheus metrics | |
| ## | |
| metrics: | |
| ## @param metrics.enabled Enable the export of Prometheus metrics | |
| ## | |
| enabled: false | |
| ## Prometheus Operator ServiceMonitor configuration | |
| ## | |
| serviceMonitor: | |
| ## @param metrics.serviceMonitor.enabled Specify if a ServiceMonitor will be deployed for Prometheus Operator | |
| ## | |
| enabled: false | |
| ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running | |
| ## | |
| namespace: "" | |
| ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor | |
| ## | |
| labels: {} | |
| ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus | |
| ## | |
| jobLabel: "" | |
| ## @param metrics.serviceMonitor.interval How frequently to scrape metrics | |
| ## e.g: | |
| ## interval: 10s | |
| ## | |
| interval: "" | |
| ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended | |
| ## e.g: | |
| ## scrapeTimeout: 10s | |
| ## | |
| scrapeTimeout: "" | |
| ## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics | |
| ## | |
| metricRelabelings: [] | |
| ## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling | |
| ## | |
| relabelings: [] | |
| ## @param metrics.serviceMonitor.selector Prometheus instance selector labels | |
| ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration | |
| ## | |
| selector: {} | |
| ## @param metrics.serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor | |
| ## (e.g. tlsConfig for further customization of the HTTPS behavior) | |
| ## Note that the 'scheme' is automatically set to 'https' when the 'https.enabled' flag is used in this chart. | |
| ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint | |
| ## | |
| extraParameters: {} | |
| ## PrometheusRule CRD configuration | |
| ## | |
| prometheusRule: | |
| ## @param metrics.prometheusRule.enabled If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`) | |
| ## | |
| enabled: false | |
| ## Configure prometheus rules | |
| ## | |
| default: | |
| ## @extra metrics.prometheusRule.default.absent_rules Enable absent_rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @extra metrics.prometheusRule.default.compaction Enable compaction rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @extra metrics.prometheusRule.default.query Enable query when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @extra metrics.prometheusRule.default.receive Enable receive rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @extra metrics.prometheusRule.default.replicate Enable replicate rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @extra metrics.prometheusRule.default.ruler Enable ruler rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @extra metrics.prometheusRule.default.sidecar Enable sidecar rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @param metrics.prometheusRule.default.sidecarJobRegex Allows the customization of the thanos-sidecar job name to use in the sidecar prometheus alerts | |
| sidecarJobRegex: ".*thanos-sidecar.*" | |
| ## @extra metrics.prometheusRule.default.store_gateway Enable store_gateway rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | |
| ## @param metrics.prometheusRule.default.create would create all default prometheus alerts | |
| ## | |
| create: false | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosCompactIsDown Disable ThanosCompactIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryIsDown Disable ThanosQueryIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveIsDown Disable ThanosReceiveIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleIsDown Disable ThanosRuleIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarIsDown Disable ThanosSidecarIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosStoreIsDown Disable ThanosStoreIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHalted Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh Disable ThanosQueryHttpRequestQueryErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh Disable ThanosQueryHttpRequestQueryRangeErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate Disable ThanosQueryGrpcServerErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate Disable ThanosQueryGrpcClientErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures Disable ThanosQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh Disable ThanosQueryInstantLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh Disable ThanosQueryRangeLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosQueryOverload Disable ThanosQueryOverload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh Disable ThanosReceiveHttpRequestErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh Disable ThanosReceiveHttpRequestLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures Disable ThanosReceiveHighReplicationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures Disable ThanosReceiveHighForwardRequestFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures Disable ThanosReceiveHighHashringFileRefreshFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure Disable ThanosReceiveConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload Disable ThanosReceiveNoUpload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold Disable ThanosReceiveTrafficBelowThreshold rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate Disable ThanosBucketReplicateErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency Disable ThanosBucketReplicateRunLatency rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts Disable ThanosRuleQueueIsDroppingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts Disable ThanosRuleSenderIsFailingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures Disable ThanosRuleHighRuleEvaluationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings Disable ThanosRuleHighRuleEvaluationWarnings rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh Disable ThanosRuleRuleEvaluationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate Disable ThanosRuleGrpcErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure Disable ThanosRuleConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures Disable ThanosRuleQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures Disable ThanosRuleAlertmanagerHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals Disable ThanosRuleNoEvaluationFor10Intervals rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations Disable ThanosNoRuleEvaluations rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed Disable ThanosSidecarBucketOperationsFailed rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh Disable ThanosStoreSeriesGateLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures Disable ThanosStoreBucketHighOperationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | |
| ## @extra metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh Disable ThanosStoreObjstoreOperationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | |
| ## @param metrics.prometheusRule.default.disabled disable one specific prometheus alert rule | |
| ## | |
| disabled: {} | |
| ## @param metrics.prometheusRule.runbookUrl Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules | |
| ## | |
| runbookUrl: "https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-" | |
| ## @param metrics.prometheusRule.namespace Namespace in which the PrometheusRule CRD is created | |
| ## | |
| namespace: "" | |
| ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule | |
| ## | |
| additionalLabels: {} | |
| ## @param metrics.prometheusRule.groups Prometheus Rule Groups for Thanos components | |
| ## These are just examples rules, please adapt them to your needs. | |
| ## groups: | |
| ## - name: Compactor | |
| ## rules: | |
| ## - alert: ThanosCompactMultipleRunning | |
| ## annotations: | |
| ## description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}}$value{{`}}`}} instances running. | |
| ## runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompactmultiplerunning | |
| ## summary: Thanos Compact has multiple instances running. | |
| ## expr: sum by (job) (up{job=~"{{ template "common.names.fullname" . }}-compact.*"}) > 1 | |
| ## for: 5m | |
| ## labels: | |
| ## severity: warning | |
| groups: [] | |
| ## @section Volume Permissions parameters | |
| ## 'volumePermissions' init container parameters | |
| ## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values | |
| ## based on the *podSecurityContext/*containerSecurityContext parameters | |
| ## | |
| volumePermissions: | |
| ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | |
| ## | |
| enabled: false | |
| ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry | |
| ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository | |
| ## @skip volumePermissions.image.tag Init container volume-permissions image tag | |
| ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | |
| ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy | |
| ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array | |
| ## | |
| image: | |
| registry: docker.io | |
| repository: bitnami/os-shell | |
| tag: 12-debian-12-r28 | |
| digest: "" | |
| ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' | |
| ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images | |
| ## | |
| pullPolicy: IfNotPresent | |
| ## Optionally specify an array of imagePullSecrets. | |
| ## Secrets must be manually created in the namespace. | |
| ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | |
| ## e.g: | |
| ## pullSecrets: | |
| ## - myRegistryKeySecretName | |
| ## | |
| pullSecrets: [] | |
| ## @section MinIO® chart parameters | |
| ## @extra minio For full list of MinIO® values configurations please refere [here](https://github.com/bitnami/charts/tree/main/bitnami/minio) | |
| minio: | |
| ## @param minio.enabled Enable/disable MinIO® chart installation | |
| ## to be used as an objstore for Thanos | |
| ## | |
| enabled: false | |
| ## MinIO® authentication parameters | |
| ## | |
| auth: | |
| ## @param minio.auth.rootUser MinIO® root username | |
| ## | |
| rootUser: admin | |
| ## @param minio.auth.rootPassword Password for MinIO® root user | |
| ## | |
| rootPassword: "" | |
| ## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create | |
| ## | |
| defaultBuckets: "thanos" | |
| ## MinIO® containers' resource requests and limits | |
| ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ | |
| ## We usually recommend not to specify default resources and to leave this as a conscious | |
| ## choice for the user. This also increases chances charts run on environments with little | |
| ## resources, such as Minikube. If you do want to specify resources, uncomment the following | |
| ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. | |
| ## @param minio.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | |
| ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 | |
| ## | |
| resourcesPreset: "micro" | |
| ## @param minio.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) | |
| ## Example: | |
| ## resources: | |
| ## requests: | |
| ## cpu: 2 | |
| ## memory: 512Mi | |
| ## limits: | |
| ## cpu: 3 | |
| ## memory: 1024Mi | |
| ## | |
| resources: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment