Update prometheus chart to 15.10.1 (Prometheus 2.34.0) Required to run on Kubernetes 1.22+. Change-Id: I87f808c1b6b34c844fdc257fdbdf87813c543315
diff --git a/charts/prometheus/VERSION b/charts/prometheus/VERSION index 4044f90..08aeefc 100644 --- a/charts/prometheus/VERSION +++ b/charts/prometheus/VERSION
@@ -1 +1 @@ -12.0.0 +15.10.1
diff --git a/charts/prometheus/prometheus.yaml b/charts/prometheus/prometheus.yaml index e21af18..6c6d6e6 100644 --- a/charts/prometheus/prometheus.yaml +++ b/charts/prometheus/prometheus.yaml
@@ -50,12 +50,16 @@ ## image: repository: quay.io/prometheus/alertmanager - tag: v0.21.0 + tag: v0.23.0 pullPolicy: IfNotPresent ## alertmanager priorityClassName ## priorityClassName: "" + ## Custom HTTP headers for Readiness Probe + ## + ## Useful for providing HTTP Basic Auth to healthchecks + probeHeaders: [] ## Additional alertmanager container arguments ## @@ -87,6 +91,13 @@ # secretName: alertmanager-secret-files # readOnly: true + ## Additional alertmanager Configmap mounts + extraConfigmapMounts: [] + # - name: template-files + # mountPath: /etc/config/templates.d + # configMap: alertmanager-template-files + # readOnly: true + ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}} ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml ## to NOT generate a ConfigMap resource @@ -109,6 +120,10 @@ ## enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + ingressClassName: nginx + ## alertmanager Ingress annotations ## annotations: {} @@ -125,6 +140,10 @@ hosts: [] # - alertmanager.domain.com # - domain.com/alertmanager + path: / + + # pathType is only for k8s >= 1.18 + pathType: Prefix ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. extraPaths: [] @@ -226,6 +245,16 @@ ## subPath: "" + ## Persistent Volume Claim Selector + ## Useful if Persistent Volumes have been provisioned in advance + ## Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + ## + # selector: + # matchLabels: + # release: "stable" + # matchExpressions: + # - { key: environment, operator: In, values: [ dev ] } + emptyDir: ## alertmanager emptyDir volume size limit ## @@ -299,6 +328,18 @@ cpu: 10m memory: 32Mi + # Custom DNS configuration to be added to alertmanager pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + ## Security context to be added to alertmanager pods ## securityContext: @@ -307,6 +348,9 @@ runAsGroup: 65534 fsGroup: 65534 + ## Security context to be added to alertmanager container + containerSecurityContext: {} + service: annotations: {} labels: {} @@ -328,6 +372,10 @@ sessionAffinity: None type: ClusterIP + ## List of initial peers + ## Ref: https://github.com/prometheus/alertmanager/blob/main/README.md#high-availability + clusterPeers: [] + ## Monitors ConfigMap changes and POSTs to a URL ## Ref: https://github.com/jimmidyson/configmap-reload ## @@ -343,8 +391,11 @@ ## image: repository: jimmidyson/configmap-reload - tag: v0.4.0 + tag: v0.5.0 pullPolicy: IfNotPresent + + # containerPort: 9533 + ## Additional configmap-reload container arguments ## extraArgs: {} @@ -359,6 +410,10 @@ # subPath: "" # configMap: prometheus-alerts # readOnly: true + + ## Security context to be added to configmap-reload container + containerSecurityContext: {} + ## configmap-reload resource requests and limits ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @@ -374,8 +429,11 @@ ## image: repository: jimmidyson/configmap-reload - tag: v0.4.0 + tag: v0.5.0 pullPolicy: IfNotPresent + + # containerPort: 9533 + ## Additional configmap-reload container arguments ## extraArgs: {} @@ -390,6 +448,10 @@ # subPath: "" # configMap: prometheus-alerts # readOnly: true + + ## Security context to be added to configmap-reload container + containerSecurityContext: {} + ## configmap-reload resource requests and limits ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## @@ -401,7 +463,7 @@ enabled: false ## kube-state-metrics sub-chart configurable values -## Please see https://github.com/helm/charts/tree/master/stable/kube-state-metrics +## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics ## # kube-state-metrics: @@ -418,6 +480,10 @@ ## hostPID: true + ## If true, node-exporter pods mounts host / at /host/root + ## + hostRootfs: true + ## node-exporter container name ## name: node-exporter @@ -426,7 +492,7 @@ ## image: repository: quay.io/prometheus/node-exporter - tag: v1.0.1 + tag: v1.3.0 pullPolicy: IfNotPresent ## Specify if a Pod Security Policy for node-exporter must be created @@ -516,10 +582,28 @@ # cpu: 100m # memory: 30Mi + container: + securityContext: + allowPrivilegeEscalation: false + # Custom DNS configuration to be added to node-exporter pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + ## Security context to be added to node-exporter pods ## - securityContext: {} - # runAsUser: 0 + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 service: annotations: @@ -528,7 +612,7 @@ # Exposed as a headless service: # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services - clusterIP: None + clusterIP: "" ## List of IP addresses at which the node-exporter service is available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips @@ -560,6 +644,13 @@ # - yournamespace name: server + + # sidecarContainers - add more containers to prometheus server + # Key/Value where Key is the sidecar `- name: <Key>` + # Example: + # sidecarContainers: + # webserver: + # image: nginx sidecarContainers: #@ for instance in data.values.gerritServers.other: #@ if instance.healthcheck: @@ -581,11 +672,23 @@ #@ end #@ end + # sidecarTemplateValues - context to be used in template for sidecarContainers + # Example: + # sidecarTemplateValues: *your-custom-globals + # sidecarContainers: + # webserver: |- + # {{ include "webserver-container-template" . }} + # Template for `webserver-container-template` might looks like this: + # image: "{{ .Values.server.sidecarTemplateValues.repository }}:{{ .Values.server.sidecarTemplateValues.tag }}" + # ... + # + sidecarTemplateValues: {} + ## Prometheus server container image ## image: repository: quay.io/prometheus/prometheus - tag: v2.22.1 + tag: v2.34.0 pullPolicy: IfNotPresent ## prometheus server priorityClassName @@ -624,6 +727,11 @@ ## key: username env: [] + # List of flags to override default parameters, e.g: + # - --enable-feature=agent + # - --storage.agent.retention.max-time=30m + defaultFlagsOverride: [] + extraFlags: - web.enable-lifecycle ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as @@ -639,6 +747,10 @@ ## Path to a configuration file on prometheus server container FS configPath: /etc/config/prometheus.yml + ### The data directory used by prometheus to set --storage.tsdb.path + ### When empty server.persistentVolume.mountPath is used instead + storagePath: "" + global: ## How frequently to scrape targets by default ## @@ -656,6 +768,11 @@ ## remoteRead: [] + ## Custom HTTP headers for Liveness/Readiness/Startup Probe + ## + ## Useful for providing HTTP Basic Auth to healthchecks + probeHeaders: [] + ## Additional Prometheus server container arguments ## extraArgs: {} @@ -707,10 +824,13 @@ ## enabled: #@ not data.values.istio.enabled + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + ingressClassName: nginx + ## Prometheus server Ingress annotations ## annotations: - kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/auth-type: basic nginx.ingress.kubernetes.io/auth-secret: prometheus-basic-auth nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required' @@ -728,6 +848,11 @@ # - prometheus.domain.com # - domain.com/prometheus + path: / + + # pathType is only for k8s >= 1.18 + pathType: Prefix + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. extraPaths: [] # - path: /* @@ -834,6 +959,16 @@ ## subPath: "" + ## Persistent Volume Claim Selector + ## Useful if Persistent Volumes have been provisioned in advance + ## Ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + ## + # selector: + # matchLabels: + # release: "stable" + # matchExpressions: + # - { key: environment, operator: In, values: [ dev ] } + emptyDir: ## Prometheus server emptyDir volume size limit ## @@ -900,16 +1035,23 @@ ## Prometheus server readiness and liveness probe initial delay and timeout ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ ## + tcpSocketProbeEnabled: false + probeScheme: HTTP readinessProbeInitialDelay: 30 readinessProbePeriodSeconds: 5 - readinessProbeTimeout: 30 + readinessProbeTimeout: 4 readinessProbeFailureThreshold: 3 readinessProbeSuccessThreshold: 1 livenessProbeInitialDelay: 30 livenessProbePeriodSeconds: 15 - livenessProbeTimeout: 30 + livenessProbeTimeout: 10 livenessProbeFailureThreshold: 3 livenessProbeSuccessThreshold: 1 + startupProbe: + enabled: false + periodSeconds: 5 + failureThreshold: 30 + timeoutSeconds: 10 ## Prometheus server resource requests and limits ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ @@ -922,6 +1064,17 @@ cpu: 500m memory: 512Mi + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false + + # When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet + dnsPolicy: ClusterFirst + + # Use hostPort + # hostPort: 9090 + ## Vertical Pod Autoscaler config ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler verticalAutoscaler: @@ -931,6 +1084,17 @@ # containerPolicies: # - containerName: 'prometheus-server' + # Custom DNS configuration to be added to prometheus server pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 ## Security context to be added to server pods ## securityContext: @@ -939,7 +1103,14 @@ runAsGroup: 65534 fsGroup: 65534 + ## Security context to be added to server container + containerSecurityContext: {} + service: + ## If false, no Service will be created for the Prometheus server + ## + enabled: true + annotations: {} labels: {} clusterIP: "" @@ -975,6 +1146,25 @@ ## retention: "15d" + ## Array of extra Kubernetes manifests, in form of YAML object, + ## if you want to deploy + extraObjects: [] + # - apiVersion: v1 + # kind: ConfigMap + # metadata: + # name: '{{ template "prometheus.name" . }}-extra-config' + + ## Array of extra Kubernetes manifest, in form of template string, + ## if you want to deploy + extraTemplates: [] + # - | + # apiVersion: v1 + # kind: ConfigMap + # metadata: + # name: extra-config + # labels: + # {{- include "prometheus.server.labels" . | nindent 4 }} + pushgateway: ## If false, pushgateway will not be installed ## @@ -993,7 +1183,7 @@ ## image: repository: prom/pushgateway - tag: v1.3.0 + tag: v1.4.2 pullPolicy: IfNotPresent ## pushgateway priorityClassName @@ -1014,6 +1204,10 @@ ## enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + ingressClassName: nginx + ## pushgateway Ingress annotations ## annotations: {} @@ -1027,6 +1221,11 @@ # - pushgateway.domain.com # - domain.com/pushgateway + path: / + + # pathType is only for k8s >= 1.18 + pathType: Prefix + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. extraPaths: [] # - path: /* @@ -1101,12 +1300,36 @@ # cpu: 10m # memory: 32Mi + ## Vertical Pod Autoscaler config + ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler + verticalAutoscaler: + ## If true a VPA object will be created for the controller + enabled: false + # updateMode: "Auto" + # containerPolicies: + # - containerName: 'prometheus-pushgateway' + + # Custom DNS configuration to be added to push-gateway pods + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + ## Security context to be added to push-gateway pods ## securityContext: runAsUser: 65534 runAsNonRoot: true + ## Security context to be added to push-gateway container + containerSecurityContext: {} + service: annotations: prometheus.io/probe: pushgateway @@ -1199,6 +1422,9 @@ receiver: gerrit-admin repeat_interval: 3h +## Prometheus server ConfigMap entries for rule files (allow prometheus labels interpolation) +ruleFiles: {} + ## Prometheus server ConfigMap entries ## serverFiles: