Kubernetes/k8s-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2306736a0103bc1b133955a2aea20fecdcc70f4c
k8s-configs/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/prometheus/values-override.yaml
Denis Patrakeev 2306736a01 [hotfix] change to ArgoCD Vault Plugin 4 (!99) 
Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech>
Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/99
2025-03-04 20:25:12 +03:00

258 lines
8.6 KiB
YAML
Raw Blame History

# yaml-language-server: $schema=values.schema.json
# Default values for prometheus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
rbac:
create: false
## Define serviceAccount names for components. Defaults to component's fully qualified name.
##
serviceAccounts:
server:
create: false
name: "vault"
## Opt out of automounting Kubernetes API credentials.
## It will be overriden by server.automountServiceAccountToken value, if set.
automountServiceAccountToken: true
## Monitors ConfigMap changes and POSTs to a URL
## Ref: https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader
##
configmapReload:
prometheus:
## If false, the configmap-reload container will not be deployed
##
enabled: false
server:
## Prometheus server container name
##
name: server
## Opt out of automounting Kubernetes API credentials.
## If set it will override serviceAccounts.server.automountServiceAccountToken value for ServiceAccount.
automountServiceAccountToken: true
## Prometheus server container image
##
image:
repository: harbor.avroid.tech/quay-proxy/prometheus/prometheus
## External URL which can access prometheus
## Maybe same with Ingress host name
baseURL: "cloud-k8s-prometheus.avroid.tech"
## Additional Prometheus server Secret mounts
# Defines additional mounts with secrets. Secrets must be manually created in the namespace.
extraSecretMounts:
- name: consul-secret
mountPath: /etc/secrets
subPath: "consul-secret"
secretName: prometheus-secret
readOnly: true
ingress:
## If true, Prometheus server Ingress will be created
##
enabled: true
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
ingressClassName: nginx
## Prometheus server Ingress annotations
##
annotations:
kubernetes.io/ingress.class: nginx
## Prometheus server Ingress hostnames with optional path (passed through tpl)
## Must be provided if Ingress is enabled
##
hosts:
- cloud-k8s-prometheus.avroid.tech
path: /
# pathType is only for k8s >= 1.18
pathType: Prefix
## Node labels for Prometheus server pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector:
node-role.kubernetes.io/worker: ""
persistentVolume:
## If true, Prometheus server will create/use a Persistent Volume Claim
## If false, use emptyDir
##
enabled: false
emptyDir:
## Prometheus server emptyDir volume size limit
##
sizeLimit: "1Gi"
## Annotations to be added to Prometheus server pods
##
podAnnotations:
vault.security.banzaicloud.io/vault-addr: "https://vault.avroid.tech"
vault.security.banzaicloud.io/vault-role: "cloud-prod"
vault.security.banzaicloud.io/vault-skip-verify: "false"
vault.security.banzaicloud.io/vault-path: "avroid-office"
vault.security.banzaicloud.io/run-as-non-root: "true"
vault.security.banzaicloud.io/run-as-user: "65534"
vault.security.banzaicloud.io/run-as-group: "65534"
## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
##
replicaCount: 1
## Annotations to be added to deployment
##
deploymentAnnotations:
vault.security.banzaicloud.io/vault-addr: "https://vault.avroid.tech"
vault.security.banzaicloud.io/vault-role: "cloud-prod"
vault.security.banzaicloud.io/vault-skip-verify: "false"
vault.security.banzaicloud.io/vault-path: "avroid-office"
vault.security.banzaicloud.io/run-as-non-root: "true"
vault.security.banzaicloud.io/run-as-user: "65534"
vault.security.banzaicloud.io/run-as-group: "65534"
## Prometheus server resource requests and limits
## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
cpu: 500m
memory: 512Mi
limits:
cpu: 750m
memory: 768Mi
## Prometheus' data retention size. Supported units: B, KB, MB, GB, TB, PB, EB.
##
retentionSize: "512MB"
## Prometheus server ConfigMap entries
##
serverFiles:
prometheus.yml:
rule_files:
- /etc/config/recording_rules.yml
- /etc/config/alerting_rules.yml
## Below two files are DEPRECATED will be removed from this default values file
- /etc/config/rules
- /etc/config/alerts
scrape_configs:
- job_name: prometheus
static_configs:
- targets:
- localhost:9090
- job_name: postgres_exporter
consul_sd_configs:
- server: consul.avroid.tech
scheme: https
datacenter: "avroid-office"
tags: [ k8s_postgres_exporter ]
services: [ monitoring_k8s_postgres_exporter ]
authorization:
credentials_file: /etc/secrets/consul-secret/consul_secret
relabel_configs:
- source_labels: [ __meta_consul_service_metadata_metrics_path ]
target_label: __metrics_path__
- source_labels: [ __meta_consul_service_metadata_job_name ]
target_label: job
- source_labels: [ __meta_consul_service_metadata_auth_module ]
target_label: __param_auth_module
- source_labels: [ __meta_consul_service_metadata_ssl_mode ]
target_label: __param_sslmode
- source_labels: [ __address__,__meta_consul_service_metadata_db_name ]
separator: "/"
target_label: __param_target
- source_labels: [ __meta_consul_node ]
target_label: instance
regex: "([^:]+).*"
replacement: '${1}'
- target_label: __address__
replacement: cloud-postgres-exporter-prometheus-postgres-exporter:9187
- job_name: redis_exporter
consul_sd_configs:
- server: consul.avroid.tech
scheme: https
datacenter: "avroid-office"
tags: [ k8s_redis_exporter ]
services: [ monitoring_k8s_redis_exporter ]
authorization:
credentials: /etc/secrets/consul-secret/consul_secret
relabel_configs:
- source_labels: [ __meta_consul_service_metadata_metrics_path ]
target_label: __metrics_path__
- source_labels: [ __meta_consul_service_metadata_job_name ]
target_label: job
- source_labels: [ __address__ ]
target_label: __param_target
- source_labels: [ __meta_consul_node ]
target_label: instance
regex: "([^:]+).*"
replacement: '${1}'
- target_label: __address__
replacement: cloud-redis-exporter-prometheus-redis-exporter:9121
- job_name: patroni_exporter
consul_sd_configs:
- server: consul.avroid.tech
scheme: https
datacenter: "avroid-office"
tags: [ k8s_patroni_exporter ]
services: [ monitoring_k8s_patroni_exporter ]
authorization:
credentials: /etc/secrets/consul-secret/consul_secret
relabel_configs:
- source_labels: [ __meta_consul_service_metadata_metrics_path ]
target_label: __metrics_path__
- source_labels: [ __meta_consul_service_metadata_job_name ]
target_label: job
- source_labels: [ __address__ ]
target_label: __param_target
- source_labels: [ __meta_consul_node ]
target_label: instance
regex: "([^:]+).*"
replacement: '${1}'
# Configuration of subcharts defined in Chart.yaml
## alertmanager sub-chart configurable values
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/alertmanager
##
alertmanager:
## If false, alertmanager will not be installed
##
enabled: false
## kube-state-metrics sub-chart configurable values
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics
##
kube-state-metrics:
## If false, kube-state-metrics sub-chart will not be installed
##
enabled: false
## prometheus-node-exporter sub-chart configurable values
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter
##
prometheus-node-exporter:
## If false, node-exporter will not be installed
##
enabled: false
## prometheus-pushgateway sub-chart configurable values
## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-pushgateway
##
prometheus-pushgateway:
## If false, pushgateway will not be installed
##
enabled: false
Reference in New Issue View Git Blame Copy Permalink