apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: kube-prometheus
namespace: monitoring-system
spec:
releaseName: kube-prometheus-stack
chart:
spec:
chart: kube-prometheus-stack
sourceRef:
kind: HelmRepository
name: prometheus-community
namespace: monitoring-system
version: 56.13.1
interval: 60m
timeout: 10m
install:
remediation:
retries: 5
crds: CreateReplace
upgrade:
remediation:
retries: 5
crds: CreateReplace
valuesFrom:
- kind: ConfigMap
name: kube-prometheus-base-values
valuesKey: values.yaml
- kind: Secret
name: kube-prometheus-override-values
valuesKey: values-overrides.yaml
optional: true
postRenderers:
- kustomize:
patchesJson6902:
- target:
group: admissionregistration.k8s.io
version: v1
kind: ValidatingWebhookConfiguration
name: kube-prometheus-stack-admission
patch:
- op: add
path: /webhooks/0/namespaceSelector
value:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
- monitoring-system
- target:
group: admissionregistration.k8s.io
version: v1
kind: MutatingWebhookConfiguration
name: kube-prometheus-stack-admission
patch:
- op: add
path: /webhooks/0/namespaceSelector
value:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
- monitoring-system
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-prometheus-base-values
namespace: monitoring-system
data:
values.yaml: |
global:
rbac:
create: true
pspEnabled: false
createAggregateClusterRoles: true
alertmanager:
enabled: true
config:
global:
resolve_timeout: 5m
route:
group_by: ['job']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'null'
routes:
- match:
alertname: Watchdog
receiver: 'null'
receivers:
- name: 'null'
ingress:
enabled: false
service:
type: ClusterIP
## Settings affecting alertmanagerSpec
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
##
alertmanagerSpec:
replicas: 1
retention: 120h
storage:
volumeClaimTemplate:
spec:
storageClassName: longhorn
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
resources:
requests:
cpu: 20m
memory: 400Mi
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
grafana:
enabled: true
adminPassword: prom-operator
ingress:
enabled: false
sidecar:
dashboards:
enabled: true
# Explicitly unset value in order to discover everything
labelValue: null
searchNamespace: ALL
datasources:
enabled: true
defaultDatasourceEnabled: true
searchNamespace: ALL
kubeApiServer:
enabled: true
kubelet:
enabled: true
# Disabled kube-controller-manager because currently not exposed
kubeControllerManager:
enabled: false
coreDns:
enabled: true
# KubeDNS is not installed
kubeDns:
enabled: false
# Disabled kube-etcd because client certificate authentication is not function ATM
kubeEtcd:
enabled: false
serviceMonitor:
scheme: https
insecureSkipVerify: true
# Disabled kube-scheduler because currently not exposed
kubeScheduler:
enabled: false
# Disabled kube-scheduler because currently not exposed
kubeProxy:
enabled: false
kubeStateMetrics:
enabled: true
kube-state-metrics:
namespaceOverride: ""
rbac:
create: true
podSecurityPolicy:
enabled: false
nodeExporter:
enabled: true
prometheusOperator:
enabled: true
admissionWebhooks:
failurePolicy: Fail
enabled: true
patch:
enabled: true
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
priorityClassName: "system-cluster-critical"
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
certManager:
enabled: true
service:
type: ClusterIP
kubeletService:
enabled: false
namespace: kube-system
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
prometheus:
enabled: true
thanosService:
enabled: false
thanosServiceMonitor:
enabled: false
service:
type: ClusterIP
servicePerReplica:
enabled: false
podDisruptionBudget:
enabled: false
minAvailable: 1
maxUnavailable: ""
thanosIngress:
enabled: false
ingress:
enabled: false
ingressPerReplica:
enabled: false
podSecurityPolicy:
allowedCapabilities: []
allowedHostPaths: []
volumes: []
prometheusSpec:
ruleNamespaceSelector: {}
ruleSelectorNilUsesHelmValues: false
ruleSelector: {}
serviceMonitorSelectorNilUsesHelmValues: false
serviceMonitorSelector: {}
serviceMonitorNamespaceSelector: {}
podMonitorSelectorNilUsesHelmValues: false
podMonitorSelector: {}
podMonitorNamespaceSelector: {}
probeSelectorNilUsesHelmValues: false
probeSelector: {}
probeNamespaceSelector: {}
retention: 14d
retentionSize: 15GB
walCompression: false
paused: false
replicas: 1
resources:
requests:
cpu: 800m
memory: 2Gi
limits:
memory: 4Gi
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: longhorn
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 25Gi
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
priorityClassName: "system-cluster-critical"
thanos: {}