8 # - name: "image-pull-secret"
10 ## Define serviceAccount names for components. Defaults to component's fully qualified name.
31 ## If false, alertmanager will not be installed
35 ## alertmanager container name
39 ## alertmanager container image
42 repository: prom/alertmanager
44 pullPolicy: IfNotPresent
46 ## alertmanager priorityClassName
50 ## Additional alertmanager container arguments
54 ## Additional InitContainers to initialize the pod
56 extraInitContainers: []
58 ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
59 ## so that the various internal URLs are still able to access as they are in the default case.
63 ## External URL which can access alertmanager
64 baseURL: "http://localhost:9093"
66 ## Additional alertmanager container environment variable
67 ## For instance to add a http_proxy
71 ## Additional alertmanager Secret mounts
72 # Defines additional mounts with secrets. Secrets must be manually created in the namespace.
74 # - name: secret-files
75 # mountPath: /etc/secrets
77 # secretName: alertmanager-secret-files
80 ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}
81 ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml
82 ## to NOT generate a ConfigMap resource
84 configMapOverrideName: ""
86 ## The name of a secret in the same kubernetes namespace which contains the Alertmanager config
87 ## Defining configFromSecret will cause templates/alertmanager-configmap.yaml
88 ## to NOT generate a ConfigMap resource
92 ## The configuration file name to be loaded to alertmanager
93 ## Must match the key within configuration loaded from ConfigMap/Secret
95 configFileName: alertmanager.yml
98 ## If true, alertmanager Ingress will be created
102 ## alertmanager Ingress annotations
105 # kubernetes.io/ingress.class: nginx
106 # kubernetes.io/tls-acme: 'true'
108 ## alertmanager Ingress additional labels
112 ## alertmanager Ingress hostnames with optional path
113 ## Must be provided if Ingress is enabled
116 # - alertmanager.domain.com
117 # - domain.com/alertmanager
119 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
123 # serviceName: ssl-redirect
124 # servicePort: use-annotation
126 ## alertmanager Ingress TLS configuration
127 ## Secrets must be manually created in the namespace
130 # - secretName: prometheus-alerts-tls
132 # - alertmanager.domain.com
134 ## Alertmanager Deployment Strategy type
138 ## Node tolerations for alertmanager scheduling to nodes with taints
139 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
143 # operator: "Equal|Exists"
145 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
147 ## Node labels for alertmanager pod assignment
148 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
156 ## PodDisruptionBudget settings
157 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
163 ## Use an alternate scheduler, e.g. "stork".
164 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
169 ## If true, alertmanager will create/use a Persistent Volume Claim
170 ## If false, use emptyDir
174 ## alertmanager data Persistent Volume access modes
175 ## Must match those of existing PV or dynamic provisioner
176 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
181 ## alertmanager data Persistent Volume Claim annotations
185 ## alertmanager data Persistent Volume existing claim name
186 ## Requires alertmanager.persistentVolume.enabled: true
187 ## If defined, PVC must be created manually before volume will be bound
190 ## alertmanager data Persistent Volume mount root path
194 ## alertmanager data Persistent Volume size
198 ## alertmanager data Persistent Volume Storage Class
199 ## If defined, storageClassName: <storageClass>
200 ## If set to "-", storageClassName: "", which disables dynamic provisioning
201 ## If undefined (the default) or set to null, no storageClassName spec is
202 ## set, choosing the default provisioner. (gp2 on AWS, standard on
203 ## GKE, AWS & OpenStack)
207 ## alertmanager data Persistent Volume Binding Mode
208 ## If defined, volumeBindingMode: <volumeBindingMode>
209 ## If undefined (the default) or set to null, no volumeBindingMode spec is
210 ## set, choosing the default mode.
212 # volumeBindingMode: ""
214 ## Subdirectory of alertmanager data Persistent Volume to mount
215 ## Useful if the volume's root directory is not empty
219 ## Annotations to be added to alertmanager pods
222 ## Tell prometheus to use a specific set of alertmanager pods
223 ## instead of all alertmanager pods found in the same namespace
224 ## Useful if you deploy multiple releases within the same namespace
226 ## prometheus.io/probe: alertmanager-teamA
228 ## Labels to be added to Prometheus AlertManager pods
232 ## Specify if a Pod Security Policy for node-exporter must be created
233 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
237 ## Specify pod annotations
238 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
239 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
240 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
242 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
243 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
244 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
246 ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
251 ## If true, use a statefulset instead of a deployment for pod management.
252 ## This allows to scale replicas to more than 1 pod
256 podManagementPolicy: OrderedReady
258 ## Alertmanager headless service to use for the statefulset
264 ## Enabling peer mesh service end points for enabling the HA alert manager
265 ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
266 # enableMeshPeer : true
270 ## alertmanager resource requests and limits
271 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
281 ## Security context to be added to alertmanager pods
294 ## Enabling peer mesh service end points for enabling the HA alert manager
295 ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
296 # enableMeshPeer : true
298 ## List of IP addresses at which the alertmanager service is available
299 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
304 loadBalancerSourceRanges: []
307 sessionAffinity: None
310 ## Monitors ConfigMap changes and POSTs to a URL
311 ## Ref: https://github.com/jimmidyson/configmap-reload
315 ## If false, the configmap-reload container will not be deployed
319 ## configmap-reload container name
321 name: configmap-reload
323 ## configmap-reload container image
326 repository: jimmidyson/configmap-reload
328 pullPolicy: IfNotPresent
330 ## Additional configmap-reload container arguments
333 ## Additional configmap-reload volume directories
338 ## Additional configmap-reload mounts
340 extraConfigmapMounts: []
341 # - name: prometheus-alerts
342 # mountPath: /etc/alerts.d
344 # configMap: prometheus-alerts
348 ## configmap-reload resource requests and limits
349 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
353 ## If false, the configmap-reload container will not be deployed
357 ## configmap-reload container name
359 name: configmap-reload
361 ## configmap-reload container image
364 repository: jimmidyson/configmap-reload
366 pullPolicy: IfNotPresent
368 ## Additional configmap-reload container arguments
371 ## Additional configmap-reload volume directories
376 ## Additional configmap-reload mounts
378 extraConfigmapMounts: []
379 # - name: prometheus-alerts
380 # mountPath: /etc/alerts.d
382 # configMap: prometheus-alerts
386 ## configmap-reload resource requests and limits
387 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
392 ## If false, kube-state-metrics sub-chart will not be installed
396 ## kube-state-metrics sub-chart configurable values
397 ## Please see https://github.com/helm/charts/tree/master/stable/kube-state-metrics
399 # kube-state-metrics:
402 ## If false, node-exporter will not be installed
406 ## If true, node-exporter pods share the host network namespace
410 ## If true, node-exporter pods share the host PID namespace
414 ## node-exporter container name
418 ## node-exporter container image
421 repository: prom/node-exporter
423 pullPolicy: IfNotPresent
425 ## Specify if a Pod Security Policy for node-exporter must be created
426 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
430 ## Specify pod annotations
431 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
432 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
433 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
435 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
436 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
437 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
439 ## node-exporter priorityClassName
441 priorityClassName: ""
443 ## Custom Update Strategy
448 ## Additional node-exporter container arguments
452 ## Additional InitContainers to initialize the pod
454 extraInitContainers: []
456 ## Additional node-exporter hostPath mounts
458 extraHostPathMounts: []
459 # - name: textfile-dir
460 # mountPath: /srv/txt_collector
461 # hostPath: /var/lib/node-exporter
463 # mountPropagation: HostToContainer
465 extraConfigmapMounts: []
466 # - name: certs-configmap
467 # mountPath: /prometheus
468 # configMap: certs-configmap
471 ## Node tolerations for node-exporter scheduling to nodes with taints
472 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
476 # operator: "Equal|Exists"
478 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
480 ## Node labels for node-exporter pod assignment
481 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
485 ## Annotations to be added to node-exporter pods
489 ## Labels to be added to node-exporter pods
494 ## PodDisruptionBudget settings
495 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
501 ## node-exporter resource limits & requests
502 ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
512 ## Security context to be added to node-exporter pods
519 prometheus.io/scrape: "true"
522 # Exposed as a headless service:
523 # https://kubernetes.io/docs/concepts/services-networking/service/#headless-services
526 ## List of IP addresses at which the node-exporter service is available
527 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
533 loadBalancerSourceRanges: []
538 ## Prometheus server container name
544 ## Prometheus server container image
547 repository: prom/prometheus
549 pullPolicy: IfNotPresent
551 ## prometheus server priorityClassName
553 priorityClassName: ""
555 # EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links.
556 enableServiceLinks: true
558 ## The URL prefix at which the container can be accessed. Useful in the case the '-web.external-url' includes a slug
559 ## so that the various internal URLs are still able to access as they are in the default case.
563 ## External URL which can access alertmanager
564 ## Maybe same with Ingress host name
567 ## Additional server container environment variables
569 ## You specify this manually like you would a raw deployment manifest.
570 ## This means you can bind in environment variables from secrets.
572 ## e.g. static environment variable:
573 ## - name: DEMO_GREETING
574 ## value: "Hello from the environment"
576 ## e.g. secret environment variable:
585 - web.enable-lifecycle
586 ## web.enable-admin-api flag controls access to the administrative HTTP API which includes functionality such as
587 ## deleting time series. This is disabled by default.
588 # - web.enable-admin-api
590 ## storage.tsdb.no-lockfile flag controls BD locking
591 # - storage.tsdb.no-lockfile
593 ## storage.tsdb.wal-compression flag enables compression of the write-ahead log (WAL)
594 # - storage.tsdb.wal-compression
596 ## Path to a configuration file on prometheus server container FS
597 configPath: /etc/config/prometheus.yml
600 ## How frequently to scrape targets by default
603 ## How long until a scrape request times out
606 ## How frequently to evaluate rules
608 evaluation_interval: 1m
609 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
612 ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read
616 ## Additional Prometheus server container arguments
620 ## Additional InitContainers to initialize the pod
622 extraInitContainers: []
624 ## Additional Prometheus server Volume mounts
626 extraVolumeMounts: []
628 ## Additional Prometheus server Volumes
632 ## Additional Prometheus server hostPath mounts
634 extraHostPathMounts: []
636 # mountPath: /etc/kubernetes/certs
638 # hostPath: /etc/kubernetes/certs
641 extraConfigmapMounts: []
642 # - name: certs-configmap
643 # mountPath: /prometheus
645 # configMap: certs-configmap
648 ## Additional Prometheus server Secret mounts
649 # Defines additional mounts with secrets. Secrets must be manually created in the namespace.
650 extraSecretMounts: []
651 # - name: secret-files
652 # mountPath: /etc/secrets
654 # secretName: prom-secret-files
657 ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.server.configMapOverrideName}}
658 ## Defining configMapOverrideName will cause templates/server-configmap.yaml
659 ## to NOT generate a ConfigMap resource
661 configMapOverrideName: ""
664 ## If true, Prometheus server Ingress will be created
668 ## Prometheus server Ingress annotations
671 # kubernetes.io/ingress.class: nginx
672 # kubernetes.io/tls-acme: 'true'
674 ## Prometheus server Ingress additional labels
678 ## Prometheus server Ingress hostnames with optional path
679 ## Must be provided if Ingress is enabled
682 # - prometheus.domain.com
683 # - domain.com/prometheus
685 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
689 # serviceName: ssl-redirect
690 # servicePort: use-annotation
692 ## Prometheus server Ingress TLS configuration
693 ## Secrets must be manually created in the namespace
696 # - secretName: prometheus-server-tls
698 # - prometheus.domain.com
700 ## Server Deployment Strategy type
704 ## hostAliases allows adding entries to /etc/hosts inside the containers
710 ## Node tolerations for server scheduling to nodes with taints
711 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
715 # operator: "Equal|Exists"
717 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
719 ## Node labels for Prometheus server pod assignment
720 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
728 ## PodDisruptionBudget settings
729 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
735 ## Use an alternate scheduler, e.g. "stork".
736 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
741 ## If true, Prometheus server will create/use a Persistent Volume Claim
742 ## If false, use emptyDir
746 ## Prometheus server data Persistent Volume access modes
747 ## Must match those of existing PV or dynamic provisioner
748 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
753 ## Prometheus server data Persistent Volume annotations
757 ## Prometheus server data Persistent Volume existing claim name
758 ## Requires server.persistentVolume.enabled: true
759 ## If defined, PVC must be created manually before volume will be bound
762 ## Prometheus server data Persistent Volume mount root path
766 ## Prometheus server data Persistent Volume size
770 ## Prometheus server data Persistent Volume Storage Class
771 ## If defined, storageClassName: <storageClass>
772 ## If set to "-", storageClassName: "", which disables dynamic provisioning
773 ## If undefined (the default) or set to null, no storageClassName spec is
774 ## set, choosing the default provisioner. (gp2 on AWS, standard on
775 ## GKE, AWS & OpenStack)
779 ## Prometheus server data Persistent Volume Binding Mode
780 ## If defined, volumeBindingMode: <volumeBindingMode>
781 ## If undefined (the default) or set to null, no volumeBindingMode spec is
782 ## set, choosing the default mode.
784 # volumeBindingMode: ""
786 ## Subdirectory of Prometheus server data Persistent Volume to mount
787 ## Useful if the volume's root directory is not empty
794 ## Annotations to be added to Prometheus server pods
797 # iam.amazonaws.com/role: prometheus
799 ## Labels to be added to Prometheus server pods
803 ## Prometheus AlertManager configuration
807 ## Specify if a Pod Security Policy for node-exporter must be created
808 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
812 ## Specify pod annotations
813 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
814 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
815 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
817 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
818 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
819 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
821 ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
826 ## If true, use a statefulset instead of a deployment for pod management.
827 ## This allows to scale replicas to more than 1 pod
833 podManagementPolicy: OrderedReady
835 ## Alertmanager headless service to use for the statefulset
842 ## Prometheus server readiness and liveness probe initial delay and timeout
843 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
845 readinessProbeInitialDelay: 30
846 readinessProbeTimeout: 30
847 readinessProbeFailureThreshold: 3
848 readinessProbeSuccessThreshold: 1
849 livenessProbeInitialDelay: 30
850 livenessProbeTimeout: 30
851 livenessProbeFailureThreshold: 3
852 livenessProbeSuccessThreshold: 1
854 ## Prometheus server resource requests and limits
855 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
865 ## Vertical Pod Autoscaler config
866 ## Ref: https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
868 ## If true a VPA object will be created for the controller (either StatefulSet or Deployemnt, based on above configs)
872 # - containerName: 'prometheus-server'
874 ## Security context to be added to server pods
887 ## List of IP addresses at which the Prometheus server service is available
888 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
893 loadBalancerSourceRanges: []
895 sessionAffinity: None
898 ## Enable gRPC port on service to allow auto discovery with thanos-querier
904 ## If using a statefulSet (statefulSet.enabled=true), configure the
905 ## service to connect to a specific replica to have a consistent view
911 ## Prometheus server pod termination grace period
913 terminationGracePeriodSeconds: 300
915 ## Prometheus data retention period (default if not specified is 15 days)
920 ## If false, pushgateway will not be installed
924 ## Use an alternate scheduler, e.g. "stork".
925 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
929 ## pushgateway container name
933 ## pushgateway container image
936 repository: prom/pushgateway
938 pullPolicy: IfNotPresent
940 ## pushgateway priorityClassName
942 priorityClassName: ""
944 ## Additional pushgateway container arguments
946 ## for example: persistence.file: /data/pushgateway.data
949 ## Additional InitContainers to initialize the pod
951 extraInitContainers: []
954 ## If true, pushgateway Ingress will be created
958 ## pushgateway Ingress annotations
961 # kubernetes.io/ingress.class: nginx
962 # kubernetes.io/tls-acme: 'true'
964 ## pushgateway Ingress hostnames with optional path
965 ## Must be provided if Ingress is enabled
968 # - pushgateway.domain.com
969 # - domain.com/pushgateway
971 ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
975 # serviceName: ssl-redirect
976 # servicePort: use-annotation
978 ## pushgateway Ingress TLS configuration
979 ## Secrets must be manually created in the namespace
982 # - secretName: prometheus-alerts-tls
984 # - pushgateway.domain.com
986 ## Node tolerations for pushgateway scheduling to nodes with taints
987 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
991 # operator: "Equal|Exists"
993 # effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
995 ## Node labels for pushgateway pod assignment
996 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
1000 ## Annotations to be added to pushgateway pods
1004 ## Specify if a Pod Security Policy for node-exporter must be created
1005 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1009 ## Specify pod annotations
1010 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
1011 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
1012 ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
1014 # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
1015 # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
1016 # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
1020 ## PodDisruptionBudget settings
1021 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
1023 podDisruptionBudget:
1027 ## pushgateway resource requests and limits
1028 ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
1038 ## Security context to be added to push-gateway pods
1046 prometheus.io/probe: pushgateway
1050 ## List of IP addresses at which the pushgateway service is available
1051 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
1056 loadBalancerSourceRanges: []
1060 ## pushgateway Deployment Strategy type
1065 ## If true, pushgateway will create/use a Persistent Volume Claim
1066 ## If false, use emptyDir
1070 ## pushgateway data Persistent Volume access modes
1071 ## Must match those of existing PV or dynamic provisioner
1072 ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
1077 ## pushgateway data Persistent Volume Claim annotations
1081 ## pushgateway data Persistent Volume existing claim name
1082 ## Requires pushgateway.persistentVolume.enabled: true
1083 ## If defined, PVC must be created manually before volume will be bound
1086 ## pushgateway data Persistent Volume mount root path
1090 ## pushgateway data Persistent Volume size
1094 ## pushgateway data Persistent Volume Storage Class
1095 ## If defined, storageClassName: <storageClass>
1096 ## If set to "-", storageClassName: "", which disables dynamic provisioning
1097 ## If undefined (the default) or set to null, no storageClassName spec is
1098 ## set, choosing the default provisioner. (gp2 on AWS, standard on
1099 ## GKE, AWS & OpenStack)
1103 ## pushgateway data Persistent Volume Binding Mode
1104 ## If defined, volumeBindingMode: <volumeBindingMode>
1105 ## If undefined (the default) or set to null, no volumeBindingMode spec is
1106 ## set, choosing the default mode.
1108 # volumeBindingMode: ""
1110 ## Subdirectory of pushgateway data Persistent Volume to mount
1111 ## Useful if the volume's root directory is not empty
1116 ## alertmanager ConfigMap entries
1126 group_by: ['alertname', 'severity', 'instance', 'job']
1136 # - url: 'http://10.244.0.1:5001'
1139 - url: 'http://service-ricplt-vespamgr-http:9095/alerts'
1142 ## Prometheus server ConfigMap entries
1146 ## Alerts configuration
1147 ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
1148 alerting_rules.yml: {}
1152 # - alert: InstanceDown
1158 # description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.'
1159 # summary: 'Instance {{ $labels.instance }} down'
1160 ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use alerting_rules.yml
1163 ## Records configuration
1164 ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
1165 recording_rules.yml: {}
1166 ## DEPRECATED DEFAULT VALUE, unless explicitly naming your files, please use recording_rules.yml
1171 - /etc/config/recording_rules.yml
1172 - /etc/config/alerting_rules.yml
1173 ## Below two files are DEPRECATED will be removed from this default values file
1175 - /etc/config/alerts
1178 - job_name: prometheus
1183 # A scrape configuration for running Prometheus on a Kubernetes cluster.
1184 # This uses separate scrape configs for cluster components (i.e. API server, node)
1185 # and services to allow each to use different authentication configs.
1187 # Kubernetes labels will be added as Prometheus labels on metrics via the
1188 # `labelmap` relabeling action.
1190 # Scrape config for API servers.
1192 # Kubernetes exposes API servers as endpoints to the default/kubernetes
1193 # service so this uses `endpoints` role and uses relabelling to only keep
1194 # the endpoints associated with the default/kubernetes service using the
1195 # default named port `https`. This works for single API server deployments as
1196 # well as HA API server deployments.
1197 - job_name: 'kubernetes-apiservers'
1199 kubernetes_sd_configs:
1202 # Default to scraping over https. If required, just disable this or change to
1206 # This TLS & bearer token file config is used to connect to the actual scrape
1207 # endpoints for cluster components. This is separate to discovery auth
1208 # configuration because discovery & scraping are two separate concerns in
1209 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1210 # the cluster. Otherwise, more config options have to be provided within the
1211 # <kubernetes_sd_config>.
1213 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1214 # If your node certificates are self-signed or use a different CA to the
1215 # master CA, then disable certificate verification below. Note that
1216 # certificate verification is an integral part of a secure infrastructure
1217 # so this should only be disabled in a controlled environment. You can
1218 # disable certificate verification by uncommenting the line below.
1220 insecure_skip_verify: true
1221 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1223 # Keep only the default/kubernetes service endpoints for the https port. This
1224 # will add targets for each API server which Kubernetes adds an endpoint to
1225 # the default/kubernetes service.
1227 - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
1229 regex: default;kubernetes;https
1231 - job_name: 'kubernetes-nodes'
1233 # Default to scraping over https. If required, just disable this or change to
1237 # This TLS & bearer token file config is used to connect to the actual scrape
1238 # endpoints for cluster components. This is separate to discovery auth
1239 # configuration because discovery & scraping are two separate concerns in
1240 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1241 # the cluster. Otherwise, more config options have to be provided within the
1242 # <kubernetes_sd_config>.
1244 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1245 # If your node certificates are self-signed or use a different CA to the
1246 # master CA, then disable certificate verification below. Note that
1247 # certificate verification is an integral part of a secure infrastructure
1248 # so this should only be disabled in a controlled environment. You can
1249 # disable certificate verification by uncommenting the line below.
1251 insecure_skip_verify: true
1252 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1254 kubernetes_sd_configs:
1259 regex: __meta_kubernetes_node_label_(.+)
1260 - target_label: __address__
1261 replacement: kubernetes.default.svc:443
1262 - source_labels: [__meta_kubernetes_node_name]
1264 target_label: __metrics_path__
1265 replacement: /api/v1/nodes/$1/proxy/metrics
1268 - job_name: 'kubernetes-nodes-cadvisor'
1270 # Default to scraping over https. If required, just disable this or change to
1274 # This TLS & bearer token file config is used to connect to the actual scrape
1275 # endpoints for cluster components. This is separate to discovery auth
1276 # configuration because discovery & scraping are two separate concerns in
1277 # Prometheus. The discovery auth config is automatic if Prometheus runs inside
1278 # the cluster. Otherwise, more config options have to be provided within the
1279 # <kubernetes_sd_config>.
1281 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
1282 # If your node certificates are self-signed or use a different CA to the
1283 # master CA, then disable certificate verification below. Note that
1284 # certificate verification is an integral part of a secure infrastructure
1285 # so this should only be disabled in a controlled environment. You can
1286 # disable certificate verification by uncommenting the line below.
1288 insecure_skip_verify: true
1289 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1291 kubernetes_sd_configs:
1294 # This configuration will work only on kubelet 1.7.3+
1295 # As the scrape endpoints for cAdvisor have changed
1296 # if you are using older version you need to change the replacement to
1297 # replacement: /api/v1/nodes/$1:4194/proxy/metrics
1298 # more info here https://github.com/coreos/prometheus-operator/issues/633
1301 regex: __meta_kubernetes_node_label_(.+)
1302 - target_label: __address__
1303 replacement: kubernetes.default.svc:443
1304 - source_labels: [__meta_kubernetes_node_name]
1306 target_label: __metrics_path__
1307 replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
1309 # Scrape config for service endpoints.
1311 # The relabeling allows the actual service scrape endpoint to be configured
1312 # via the following annotations:
1314 # * `prometheus.io/scrape`: Only scrape services that have a value of `true`
1315 # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
1316 # to set this to `https` & most likely set the `tls_config` of the scrape config.
1317 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1318 # * `prometheus.io/port`: If the metrics are exposed on a different port to the
1319 # service then set this appropriately.
1320 - job_name: 'kubernetes-service-endpoints'
1322 kubernetes_sd_configs:
1326 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
1329 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
1331 target_label: __scheme__
1333 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
1335 target_label: __metrics_path__
1337 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
1339 target_label: __address__
1340 regex: ([^:]+)(?::\d+)?;(\d+)
1343 regex: __meta_kubernetes_service_label_(.+)
1344 - source_labels: [__meta_kubernetes_namespace]
1346 target_label: kubernetes_namespace
1347 - source_labels: [__meta_kubernetes_service_name]
1349 target_label: kubernetes_name
1350 - source_labels: [__meta_kubernetes_pod_node_name]
1352 target_label: kubernetes_node
1354 # Scrape config for slow service endpoints; same as above, but with a larger
1355 # timeout and a larger interval
1357 # The relabeling allows the actual service scrape endpoint to be configured
1358 # via the following annotations:
1360 # * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true`
1361 # * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
1362 # to set this to `https` & most likely set the `tls_config` of the scrape config.
1363 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1364 # * `prometheus.io/port`: If the metrics are exposed on a different port to the
1365 # service then set this appropriately.
1366 - job_name: 'kubernetes-service-endpoints-slow'
1371 kubernetes_sd_configs:
1375 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape_slow]
1378 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
1380 target_label: __scheme__
1382 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
1384 target_label: __metrics_path__
1386 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
1388 target_label: __address__
1389 regex: ([^:]+)(?::\d+)?;(\d+)
1392 regex: __meta_kubernetes_service_label_(.+)
1393 - source_labels: [__meta_kubernetes_namespace]
1395 target_label: kubernetes_namespace
1396 - source_labels: [__meta_kubernetes_service_name]
1398 target_label: kubernetes_name
1399 - source_labels: [__meta_kubernetes_pod_node_name]
1401 target_label: kubernetes_node
1403 - job_name: 'prometheus-pushgateway'
1406 kubernetes_sd_configs:
1410 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
1414 # Example scrape config for probing services via the Blackbox Exporter.
1416 # The relabeling allows the actual service scrape endpoint to be configured
1417 # via the following annotations:
1419 # * `prometheus.io/probe`: Only probe services that have a value of `true`
1420 - job_name: 'kubernetes-services'
1422 metrics_path: /probe
1426 kubernetes_sd_configs:
1430 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
1433 - source_labels: [__address__]
1434 target_label: __param_target
1435 - target_label: __address__
1436 replacement: blackbox
1437 - source_labels: [__param_target]
1438 target_label: instance
1440 regex: __meta_kubernetes_service_label_(.+)
1441 - source_labels: [__meta_kubernetes_namespace]
1442 target_label: kubernetes_namespace
1443 - source_labels: [__meta_kubernetes_service_name]
1444 target_label: kubernetes_name
1446 # Example scrape config for pods
1448 # The relabeling allows the actual pod scrape endpoint to be configured via the
1449 # following annotations:
1451 # * `prometheus.io/scrape`: Only scrape pods that have a value of `true`
1452 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1453 # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
1454 - job_name: 'kubernetes-pods'
1456 kubernetes_sd_configs:
1460 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
1463 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
1465 target_label: __metrics_path__
1467 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
1469 regex: ([^:]+)(?::\d+)?;(\d+)
1471 target_label: __address__
1473 regex: __meta_kubernetes_pod_label_(.+)
1474 - source_labels: [__meta_kubernetes_namespace]
1476 target_label: kubernetes_namespace
1477 - source_labels: [__meta_kubernetes_pod_name]
1479 target_label: kubernetes_pod_name
1481 # Example Scrape config for pods which should be scraped slower. An useful example
1482 # would be stackriver-exporter which querys an API on every scrape of the pod
1484 # The relabeling allows the actual pod scrape endpoint to be configured via the
1485 # following annotations:
1487 # * `prometheus.io/scrape-slow`: Only scrape pods that have a value of `true`
1488 # * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
1489 # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`.
1490 - job_name: 'kubernetes-pods-slow'
1495 kubernetes_sd_configs:
1499 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape_slow]
1502 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
1504 target_label: __metrics_path__
1506 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
1508 regex: ([^:]+)(?::\d+)?;(\d+)
1510 target_label: __address__
1512 regex: __meta_kubernetes_pod_label_(.+)
1513 - source_labels: [__meta_kubernetes_namespace]
1515 target_label: kubernetes_namespace
1516 - source_labels: [__meta_kubernetes_pod_name]
1518 target_label: kubernetes_pod_name
1520 # adds additional scrape configs to prometheus.yml
1521 # must be a string so you have to add a | after extraScrapeConfigs:
1522 # example adds prometheus-blackbox-exporter scrape config
1524 # - job_name: 'prometheus-blackbox-exporter'
1525 # metrics_path: /probe
1527 # module: [http_2xx]
1530 # - https://example.com
1532 # - source_labels: [__address__]
1533 # target_label: __param_target
1534 # - source_labels: [__param_target]
1535 # target_label: instance
1536 # - target_label: __address__
1537 # replacement: prometheus-blackbox-exporter:9115
1539 # Adds option to add alert_relabel_configs to avoid duplicate alerts in alertmanager
1540 # useful in H/A prometheus with different external labels but the same alerts
1541 alertRelabelConfigs:
1542 # alert_relabel_configs:
1543 # - source_labels: [dc]
1548 ## Enable creation of NetworkPolicy resources.
1552 # Force namespace of namespaced resources
1553 forceNamespace: null