diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 676e999409..0c9578fa49 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -92,7 +92,7 @@ dependencies: repository: https://cdfoundation.github.io/tekton-helm-chart/ - name: tempo-distributed alias: tempo - version: 1.18.5 + version: 1.39.4 repository: https://grafana.github.io/helm-charts - name: thanos version: 15.7.25 diff --git a/charts/tempo/Chart.lock b/charts/tempo/Chart.lock index eedf785c9e..b88fad1568 100644 --- a/charts/tempo/Chart.lock +++ b/charts/tempo/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.0.12 - name: grafana-agent-operator repository: https://grafana.github.io/helm-charts - version: 0.4.0 + version: 0.5.0 - name: rollout-operator repository: https://grafana.github.io/helm-charts - version: 0.16.0 -digest: sha256:504a9bfa69a6d4130c496ed3382add7679b8aed30c1320a418831bdbea4e0ace -generated: "2024-07-02T12:00:59.197303-04:00" + version: 0.24.0 +digest: sha256:b4f72d6e483f14887b4b18d7905e56d9bc604422b56bcdb07f9060d0a4799fe2 +generated: "2025-02-21T13:03:51.346767+02:00" diff --git a/charts/tempo/Chart.yaml b/charts/tempo/Chart.yaml index 8a8c0bd78d..a51d39a248 100644 --- a/charts/tempo/Chart.yaml +++ b/charts/tempo/Chart.yaml @@ -1,24 +1,39 @@ apiVersion: v2 -name: tempo-distributed +appVersion: 2.7.2 +dependencies: +- alias: minio + condition: minio.enabled + name: minio + repository: https://charts.min.io/ + version: 4.0.12 +- alias: grafana-agent-operator + condition: metaMonitoring.grafanaAgent.installOperator + name: grafana-agent-operator + repository: https://grafana.github.io/helm-charts + version: 0.5.0 +- alias: rollout_operator + condition: rollout_operator.enabled + name: rollout-operator + repository: https://grafana.github.io/helm-charts + version: 0.24.0 description: Grafana Tempo in MicroService mode -type: application -version: 1.18.5 -appVersion: 2.6.0 -engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png -sources: - - https://github.com/grafana/tempo maintainers: - - name: joe-elliott - email: number101010@gmail.com - - name: swartz-k - email: 9215868@gmail.com - - name: annanay25 - - name: mdisibio - - name: mapno - - name: BitProcessor - - name: faustodavid - - name: zalegrala - - name: Sheikh-Abubaker - email: sheikhabubaker761@gmail.com +- email: number101010@gmail.com + name: joe-elliott +- email: 9215868@gmail.com + name: swartz-k +- name: annanay25 +- name: mdisibio +- name: mapno +- name: BitProcessor +- name: faustodavid +- name: zalegrala +- email: sheikhabubaker761@gmail.com + name: Sheikh-Abubaker +name: tempo-distributed +sources: +- https://github.com/grafana/tempo +type: application +version: 1.39.4 diff --git a/charts/tempo/README.md b/charts/tempo/README.md old mode 100755 new mode 100644 index d2d50d0374..bc6f19e1d2 --- a/charts/tempo/README.md +++ b/charts/tempo/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.18.5](https://img.shields.io/badge/Version-1.18.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.6.0](https://img.shields.io/badge/AppVersion-2.6.0-informational?style=flat-square) +![Version: 1.39.4](https://img.shields.io/badge/Version-1.39.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.7.2](https://img.shields.io/badge/AppVersion-2.7.2-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -13,8 +13,8 @@ Grafana Tempo in MicroService mode | Repository | Name | Version | |------------|------|---------| | https://charts.min.io/ | minio(minio) | 4.0.12 | -| https://grafana.github.io/helm-charts | grafana-agent-operator(grafana-agent-operator) | 0.4.0 | -| https://grafana.github.io/helm-charts | rollout_operator(rollout-operator) | 0.16.0 | +| https://grafana.github.io/helm-charts | grafana-agent-operator(grafana-agent-operator) | 0.5.0 | +| https://grafana.github.io/helm-charts | rollout_operator(rollout-operator) | 0.24.0 | ## Chart Repo @@ -32,6 +32,8 @@ To install the chart with the release name `my-release`: helm install my-release grafana/tempo-distributed ``` +Refer to the [Get started with Grafana Tempo using the Helm chart](https://grafana.com/docs/helm-charts/tempo-distributed/next/get-started-helm-charts/) documentation for more details. + ## Uninstalling the Chart To uninstall/delete the my-release deployment: @@ -46,6 +48,34 @@ The command removes all the Kubernetes components associated with the chart and A major chart version change indicates that there is an incompatible breaking change needing manual actions. +### From Chart versions < 1.33.0 +* Breaking Change * +In order to reduce confusion, the overrides configurations have been renamed as below. + +`global_overrides` => `overrides` (this is where the defaults for every tenant is set) +`overrides` => `per_tenant_overrides` (this is where configurations for specific tenants can be set) + +### From Chart versions < 1.31.0 + +Tempo serverless was deprecated in [tempo 2.7 release](https://github.com/grafana/tempo/releases/tag/v2.7.0), +Config options related to serverless are being removed from helm chart, and this might be a breaking change if you were using tempo serverless. + +These config optioons are removed in [tempo#4599](https://github.com/grafana/tempo/pull/4599) and will not work from next release of tempo. + +### From Chart versions < 1.28.2 + +Please be aware that we've updated the Tempo version to 2.7, which includes some breaking changes +We recommend reviewing the [release notes](https://grafana.com/docs/tempo/latest/release-notes/v2-7/) before upgrading. + +### From Chart versions < 1.23.0 + +A default affinity has been defined in this version for the compactor following the standard used in other components. + +### From Chart versions < 1.21.0 + +Upgrading to chart 1.21.0 will set the memberlist cluster_label config option. During rollout your cluster will temporarilly be split into two memberlist clusters until all components are rolled out. +This will interrupt reads and writes. This config option is set to prevent cross talk between Tempo and other memberlist clusters. + ### From Chart versions < 1.18.0 Please be aware that we've updated the minor version to Tempo 2.6, which includes breaking changes. @@ -258,7 +288,7 @@ The memcached default args are removed and should be provided manually. The sett | adminApi.strategy.type | string | `"RollingUpdate"` | | | adminApi.terminationGracePeriodSeconds | int | `60` | | | adminApi.tolerations | list | `[]` | | -| adminApi.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for admin-api pods. Passed through `tpl` and, thus, to be configured as string | +| adminApi.topologySpreadConstraints | string | Defaults to allow skew no more than 1 node per AZ | topologySpread for admin-api pods. Passed through `tpl` and, thus, to be configured as string | | cache.caches[0].memcached.consistent_hash | bool | `true` | | | cache.caches[0].memcached.host | string | `"{{ include \"tempo.fullname\" . }}-memcached"` | | | cache.caches[0].memcached.service | string | `"memcached-client"` | | @@ -266,6 +296,7 @@ The memcached default args are removed and should be provided manually. The sett | cache.caches[0].roles[0] | string | `"parquet-footer"` | | | cache.caches[0].roles[1] | string | `"bloom"` | | | cache.caches[0].roles[2] | string | `"frontend-search"` | | +| compactor.affinity | string | Hard node and soft zone anti-affinity | Affinity for compactor pods. Passed through `tpl` and, thus, to be configured as string | | compactor.autoscaling | object | `{"enabled":false,"hpa":{"behavior":{},"enabled":false,"targetCPUUtilizationPercentage":100,"targetMemoryUtilizationPercentage":null},"keda":{"enabled":false,"triggers":[]},"maxReplicas":3,"minReplicas":1}` | Autoscaling configurations | | compactor.autoscaling.enabled | bool | `false` | Enable autoscaling for the compactor | | compactor.autoscaling.hpa | object | `{"behavior":{},"enabled":false,"targetCPUUtilizationPercentage":100,"targetMemoryUtilizationPercentage":null}` | Autoscaling via HPA object | @@ -291,6 +322,7 @@ The memcached default args are removed and should be provided manually. The sett | compactor.dnsConfigOverides.dnsConfig.options[0].value | string | `"3"` | | | compactor.dnsConfigOverides.enabled | bool | `false` | | | compactor.extraArgs | list | `[]` | Additional CLI args for the compactor | +| compactor.extraContainers | list | `[]` | Containers to add to the compactor pod | | compactor.extraEnv | list | `[]` | Environment variables to add to the compactor pods | | compactor.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the compactor pods | | compactor.extraVolumeMounts | list | `[]` | Extra volumes for compactor pods | @@ -300,7 +332,9 @@ The memcached default args are removed and should be provided manually. The sett | compactor.image.registry | string | `nil` | The Docker registry for the compactor image. Overrides `tempo.image.registry` | | compactor.image.repository | string | `nil` | Docker image repository for the compactor image. Overrides `tempo.image.repository` | | compactor.image.tag | string | `nil` | Docker image tag for the compactor image. Overrides `tempo.image.tag` | +| compactor.initContainers | list | `[]` | Init containers to add to the compactor pod | | compactor.maxUnavailable | int | `1` | Pod Disruption Budget maxUnavailable | +| compactor.minReadySeconds | int | `10` | Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating | | compactor.nodeSelector | object | `{}` | Node selector for compactor pods | | compactor.podAnnotations | object | `{}` | Annotations for compactor pods | | compactor.podLabels | object | `{}` | Labels for compactor pods | @@ -322,19 +356,25 @@ The memcached default args are removed and should be provided manually. The sett | distributor.autoscaling.targetCPUUtilizationPercentage | int | `60` | Target CPU utilisation percentage for the distributor | | distributor.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target memory utilisation percentage for the distributor | | distributor.config.extend_writes | string | `nil` | Disables write extension with inactive ingesters | +| distributor.config.log_discarded_spans.enabled | bool | `false` | | +| distributor.config.log_discarded_spans.filter_by_status_error | bool | `false` | | +| distributor.config.log_discarded_spans.include_all_attributes | bool | `false` | | | distributor.config.log_received_spans | object | `{"enabled":false,"filter_by_status_error":false,"include_all_attributes":false}` | Enable to log every received span to help debug ingestion or calculate span error distributions using the logs | | distributor.config.log_received_traces | string | `nil` | WARNING: Deprecated. Use log_received_spans instead. | | distributor.extraArgs | list | `[]` | Additional CLI args for the distributor | +| distributor.extraContainers | list | `[]` | Containers to add to the distributor pod | | distributor.extraEnv | list | `[]` | Environment variables to add to the distributor pods | | distributor.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to the distributor pods | | distributor.extraVolumeMounts | list | `[]` | Extra volumes for distributor pods | | distributor.extraVolumes | list | `[]` | Extra volumes for distributor deployment | | distributor.hostAliases | list | `[]` | hostAliases to add | | distributor.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | -| distributor.image.registry | string | `nil` | The Docker registry for the ingester image. Overrides `tempo.image.registry` | -| distributor.image.repository | string | `nil` | Docker image repository for the ingester image. Overrides `tempo.image.repository` | -| distributor.image.tag | string | `nil` | Docker image tag for the ingester image. Overrides `tempo.image.tag` | +| distributor.image.registry | string | `nil` | The Docker registry for the distributor image. Overrides `tempo.image.registry` | +| distributor.image.repository | string | `nil` | Docker image repository for the distributor image. Overrides `tempo.image.repository` | +| distributor.image.tag | string | `nil` | Docker image tag for the distributor image. Overrides `tempo.image.tag` | +| distributor.initContainers | list | `[]` | Init containers to add to the distributor pods | | distributor.maxUnavailable | int | `1` | Pod Disruption Budget maxUnavailable | +| distributor.minReadySeconds | int | `10` | Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating | | distributor.nodeSelector | object | `{}` | Node selector for distributor pods | | distributor.podAnnotations | object | `{}` | Annotations for distributor pods | | distributor.podLabels | object | `{}` | Labels for distributor pods | @@ -343,18 +383,21 @@ The memcached default args are removed and should be provided manually. The sett | distributor.resources | object | `{}` | Resource requests and limits for the distributor | | distributor.service.annotations | object | `{}` | Annotations for distributor service | | distributor.service.externalTrafficPolicy | string | `nil` | If type is LoadBalancer you can set it to 'Local' [preserve the client source IP](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) | +| distributor.service.internalTrafficPolicy | string | `"Cluster"` | https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ | | distributor.service.labels | object | `{}` | Labels for distributor service | | distributor.service.loadBalancerIP | string | `""` | If type is LoadBalancer you can assign the IP to the LoadBalancer | | distributor.service.loadBalancerSourceRanges | list | `[]` | If type is LoadBalancer limit incoming traffic from IPs. | | distributor.service.type | string | `"ClusterIP"` | Type of service for the distributor | | distributor.serviceDiscovery.annotations | object | `{}` | Annotations for distributorDiscovery service | | distributor.serviceDiscovery.labels | object | `{}` | Labels for distributorDiscovery service | +| distributor.strategy.rollingUpdate.maxSurge | int | `0` | | +| distributor.strategy.rollingUpdate.maxUnavailable | int | `1` | | | distributor.terminationGracePeriodSeconds | int | `30` | Grace period to allow the distributor to shutdown before it is killed | | distributor.tolerations | list | `[]` | Tolerations for distributor pods | | distributor.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for distributor pods. Passed through `tpl` and, thus, to be configured as string | | enterprise.enabled | bool | `false` | | -| enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' | -| enterprise.image.tag | string | `"v2.4.0"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | +| enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Traces container image repository. Note: for Grafana Tempo use the value 'image.repository' | +| enterprise.image.tag | string | `"v2.6.1"` | Grafana Enterprise Traces container image tag. Note: for Grafana Tempo use the value 'image.tag' | | enterpriseFederationFrontend.affinity | string | Hard node and soft zone anti-affinity | Affinity for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseFederationFrontend.autoscaling.enabled | bool | `false` | Enable autoscaling for the federation-frontend | | enterpriseFederationFrontend.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the federation-frontend | @@ -390,7 +433,7 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseFederationFrontend.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseGateway.affinity | string | Soft node and soft zone anti-affinity | Affinity for enterprise-gateway pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseGateway.annotations | object | `{}` | | -| enterpriseGateway.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | The SecurityContext for gateway containers | +| enterpriseGateway.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | The SecurityContext for enterprise-gateway containers | | enterpriseGateway.env | list | `[]` | | | enterpriseGateway.extraArgs | object | `{}` | | | enterpriseGateway.extraContainers | list | `[]` | | @@ -402,10 +445,10 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.image.registry | string | `nil` | The Docker registry for the enterpriseGateway image. Overrides `tempo.image.registry` | | enterpriseGateway.image.repository | string | `nil` | Docker image repository for the enterpriseGateway image. Overrides `tempo.image.repository` | | enterpriseGateway.image.tag | string | `nil` | Docker image tag for the enterpriseGateway image. Overrides `tempo.image.tag` | -| enterpriseGateway.ingress.annotations | object | `{}` | Annotations for the gateway ingress | -| enterpriseGateway.ingress.enabled | bool | `false` | Specifies whether an ingress for the gateway should be created | -| enterpriseGateway.ingress.hosts | list | `[{"host":"gateway.gem.example.com","paths":[{"path":"/"}]}]` | Hosts configuration for the gateway ingress | -| enterpriseGateway.ingress.tls | list | `[{"hosts":["gateway.gem.example.com"],"secretName":"gem-gateway-tls"}]` | TLS configuration for the gateway ingress | +| enterpriseGateway.ingress.annotations | object | `{}` | Annotations for the enterprise-gateway ingress | +| enterpriseGateway.ingress.enabled | bool | `false` | Specifies whether an ingress for the enterprise-gateway should be created | +| enterpriseGateway.ingress.hosts | list | `[{"host":"gateway.gem.example.com","paths":[{"path":"/"}]}]` | Hosts configuration for the enterprise-gateway ingress | +| enterpriseGateway.ingress.tls | list | `[{"hosts":["gateway.gem.example.com"],"secretName":"gem-gateway-tls"}]` | TLS configuration for the enterprise-gateway ingress | | enterpriseGateway.initContainers | list | `[]` | | | enterpriseGateway.nodeSelector | object | `{}` | | | enterpriseGateway.persistence.subPath | string | `nil` | | @@ -423,7 +466,7 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.service.annotations | object | `{}` | Annotations for the enterprise gateway service | | enterpriseGateway.service.clusterIP | string | `nil` | ClusterIP of the enterprise gateway service | | enterpriseGateway.service.labels | object | `{}` | Labels for enterprise gateway service | -| enterpriseGateway.service.loadBalancerIP | string | `nil` | Load balancer IPO address if service type is LoadBalancer for enterprise gateway service | +| enterpriseGateway.service.loadBalancerIP | string | `nil` | Load balancer IP address if service type is LoadBalancer for enterprise gateway service | | enterpriseGateway.service.port | string | `nil` | Port of the enterprise gateway service; if left undefined, the service will listen on the same port as the pod | | enterpriseGateway.service.type | string | `"ClusterIP"` | Type of the enterprise gateway service | | enterpriseGateway.strategy.rollingUpdate.maxSurge | int | `0` | | @@ -431,7 +474,7 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.strategy.type | string | `"RollingUpdate"` | | | enterpriseGateway.terminationGracePeriodSeconds | int | `60` | | | enterpriseGateway.tolerations | list | `[]` | | -| enterpriseGateway.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for enterprise-gateway pods. Passed through `tpl` and, thus, to be configured as string | +| enterpriseGateway.topologySpreadConstraints | string | Defaults to allow skew no more than 1 node per AZ | topologySpread for enterprise-gateway pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseGateway.useDefaultProxyURLs | bool | `true` | If you want to use your own proxy URLs, set this to false. | | externalConfigSecretName | string | `"{{ include \"tempo.resourceName\" (dict \"ctx\" . \"component\" \"config\") }}"` | Name of the Secret or ConfigMap that contains the configuration (used for naming even if config is internal). | | externalConfigVersion | string | `"0"` | When 'useExternalConfig' is true, then changing 'externalConfigVersion' triggers restart of services - otherwise changes to the configuration cause a restart. | @@ -439,6 +482,7 @@ The memcached default args are removed and should be provided manually. The sett | extraObjects | list | `[]` | Create extra manifests via values. | | fullnameOverride | string | `""` | | | gateway.affinity | string | Hard node and soft zone anti-affinity | Affinity for gateway pods. Passed through `tpl` and, thus, to be configured as string | +| gateway.annotations | object | `{}` | Annotations for gateway deployment | | gateway.autoscaling.behavior | object | `{}` | Autoscaling behavior configuration for the gateway | | gateway.autoscaling.enabled | bool | `false` | Enable autoscaling for the gateway | | gateway.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the gateway | @@ -468,6 +512,7 @@ The memcached default args are removed and should be provided manually. The sett | gateway.ingress.labels | object | `{}` | Labels for the gateway ingress | | gateway.ingress.tls | list | `[{"hosts":["gateway.tempo.example.com"],"secretName":"tempo-gateway-tls"}]` | TLS configuration for the gateway ingress | | gateway.maxUnavailable | int | `1` | Pod Disruption Budget maxUnavailable | +| gateway.minReadySeconds | int | `10` | Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating | | gateway.nginxConfig.file | string | See values.yaml | Config file contents for Nginx. Passed through the `tpl` function to allow templating | | gateway.nginxConfig.httpSnippet | string | `""` | Allows appending custom configuration to the http block | | gateway.nginxConfig.logFormat | string | `"main '$remote_addr - $remote_user [$time_local] $status '\n '\"$request\" $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';"` | NGINX log format | @@ -483,17 +528,17 @@ The memcached default args are removed and should be provided manually. The sett | gateway.readinessProbe.timeoutSeconds | int | `1` | | | gateway.replicas | int | `1` | Number of replicas for the gateway | | gateway.resources | object | `{}` | Resource requests and limits for the gateway | -| gateway.service.additionalPorts | list | `[]` | Additional ports to be opneed on gateway service (e.g. for RPC connections) | +| gateway.service.additionalPorts | list | `[]` | Additional ports to be opened on gateway service (e.g. for RPC connections) | | gateway.service.annotations | object | `{}` | Annotations for the gateway service | | gateway.service.clusterIP | string | `nil` | ClusterIP of the gateway service | | gateway.service.labels | object | `{}` | Labels for gateway service | -| gateway.service.loadBalancerIP | string | `nil` | Load balancer IPO address if service type is LoadBalancer | +| gateway.service.loadBalancerIP | string | `nil` | Load balancer IP address if service type is LoadBalancer | | gateway.service.nodePort | string | `nil` | Node port if service type is NodePort | | gateway.service.port | int | `80` | Port of the gateway service | | gateway.service.type | string | `"ClusterIP"` | Type of the gateway service | | gateway.terminationGracePeriodSeconds | int | `30` | Grace period to allow the gateway to shutdown before it is killed | | gateway.tolerations | list | `[]` | Tolerations for gateway pods | -| gateway.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for gateway pods. Passed through `tpl` and, thus, to be configured as string | +| gateway.topologySpreadConstraints | string | Defaults to allow skew no more than 1 node per AZ | topologySpread for gateway pods. Passed through `tpl` and, thus, to be configured as string | | gateway.verboseLogging | bool | `true` | Enable logging of 2xx and 3xx HTTP requests | | global.clusterDomain | string | `"cluster.local"` | configures cluster domain ("cluster.local" by default) | | global.dnsNamespace | string | `"kube-system"` | configures DNS service namespace | @@ -502,7 +547,7 @@ The memcached default args are removed and should be provided manually. The sett | global.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets for all images, excluding enterprise. Names of existing secrets with private container registry credentials. Ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod Example: pullSecrets: [ my-dockerconfigjson-secret ] | | global.image.registry | string | `"docker.io"` | Overrides the Docker registry globally for all images, excluding enterprise. | | global.priorityClassName | string | `nil` | Overrides the priorityClassName for all pods | -| global_overrides.per_tenant_override_config | string | `"/runtime-config/overrides.yaml"` | | +| global.storageClass | string | `nil` | Global storage class to be used for persisted components | | ingester.affinity | string | Soft node and soft zone anti-affinity | Affinity for ingester pods. Passed through `tpl` and, thus, to be configured as string | | ingester.annotations | object | `{}` | Annotations for the ingester StatefulSet | | ingester.appProtocol | object | `{"grpc":null}` | Adds the appProtocol field to the ingester service. This allows ingester to work with istio protocol selection. | @@ -532,17 +577,25 @@ The memcached default args are removed and should be provided manually. The sett | ingester.image.tag | string | `nil` | Docker image tag for the ingester image. Overrides `tempo.image.tag` | | ingester.initContainers | list | `[]` | | | ingester.nodeSelector | object | `{}` | Node selector for ingester pods | +| ingester.persistence | object | `{"annotations":{},"enabled":false,"inMemory":false,"labels":{},"size":"10Gi","storageClass":null}` | Persistence configuration for ingester | | ingester.persistence.annotations | object | `{}` | Annotations for ingester's persist volume claim | | ingester.persistence.enabled | bool | `false` | Enable creating PVCs which is required when using boltdb-shipper | | ingester.persistence.inMemory | bool | `false` | use emptyDir with ramdisk instead of PVC. **Please note that all data in ingester will be lost on pod restart** | +| ingester.persistence.labels | object | `{}` | Labels for ingester's persist volume claim | | ingester.persistence.size | string | `"10Gi"` | Size of persistent or memory disk | | ingester.persistence.storageClass | string | `nil` | Storage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). | +| ingester.persistentVolumeClaimRetentionPolicy.enabled | bool | `false` | Enable Persistent volume retention policy for StatefulSet | +| ingester.persistentVolumeClaimRetentionPolicy.whenDeleted | string | `"Retain"` | Volume retention behavior that applies when the StatefulSet is deleted | +| ingester.persistentVolumeClaimRetentionPolicy.whenScaled | string | `"Retain"` | Volume retention behavior when the replica count of the StatefulSet is reduced | | ingester.podAnnotations | object | `{}` | Annotations for ingester pods | | ingester.podLabels | object | `{}` | Labels for ingester pods | | ingester.priorityClassName | string | `nil` | The name of the PriorityClass for ingester pods | | ingester.replicas | int | `3` | Number of replicas for the ingester | | ingester.resources | object | `{}` | Resource requests and limits for the ingester | | ingester.service.annotations | object | `{}` | Annotations for ingester service | +| ingester.service.internalTrafficPolicy | string | `"Cluster"` | https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ | +| ingester.service.type | string | `"ClusterIP"` | Type of the service: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | +| ingester.statefulStrategy | object | `{"rollingUpdate":{"partition":0}}` | updateStrategy of the ingester statefulset. This is ignored when ingester.zoneAwareReplication.enabled=true. | | ingester.terminationGracePeriodSeconds | int | `300` | Grace period to allow the ingester to shutdown before it is killed. Especially for the ingestor, this must be increased. It must be long enough so ingesters can be gracefully shutdown flushing/transferring all data and to successfully leave the member ring on shutdown. | | ingester.tolerations | list | `[]` | Tolerations for ingester pods | | ingester.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for ingester pods. Passed through `tpl` and, thus, to be configured as string | @@ -563,29 +616,37 @@ The memcached default args are removed and should be provided manually. The sett | ingester.zoneAwareReplication.zones[2].extraAffinity | object | `{}` | extraAffinity adds user defined custom affinity rules (merged with generated rules) | | ingester.zoneAwareReplication.zones[2].nodeSelector | string | `nil` | nodeselector to restrict where pods of this zone can be placed. E.g.: nodeSelector: topology.kubernetes.io/zone: zone-c | | ingester.zoneAwareReplication.zones[2].storageClass | string | `nil` | Ingester data Persistent Volume Storage Class If defined, storageClassName: If set to "-", then use `storageClassName: ""`, which disables dynamic provisioning If undefined or set to null (the default), then fall back to the value of `ingester.persistentVolume.storageClass`. | +| kubectlImage.pullPolicy | string | `"IfNotPresent"` | | +| kubectlImage.repository | string | `"bitnami/kubectl"` | | +| kubectlImage.tag | string | `"latest"` | | | license.contents | string | `"NOTAVALIDLICENSE"` | | | license.external | bool | `false` | | | license.secretName | string | `"{{ include \"tempo.resourceName\" (dict \"ctx\" . \"component\" \"license\") }}"` | | -| memberlist | object | `{"abort_if_cluster_join_fails":false,"bind_addr":[],"bind_port":7946,"gossip_interval":"1s","gossip_nodes":2,"gossip_to_dead_nodes_time":"30s","leave_timeout":"5s","left_ingesters_timeout":"5m","max_join_backoff":"1m","max_join_retries":10,"min_join_backoff":"1s","node_name":"","packet_dial_timeout":"5s","packet_write_timeout":"5s","pull_push_interval":"30s","randomize_node_name":true,"rejoin_interval":"0s","retransmit_factor":2,"stream_timeout":"10s"}` | Memberlist configuration. Please refer to https://grafana.com/docs/tempo/latest/configuration/#memberlist | +| memberlist | object | `{"abort_if_cluster_join_fails":false,"bind_addr":[],"bind_port":7946,"cluster_label":"{{ .Release.Name }}.{{ .Release.Namespace }}","gossip_interval":"1s","gossip_nodes":2,"gossip_to_dead_nodes_time":"30s","leave_timeout":"5s","left_ingesters_timeout":"5m","max_join_backoff":"1m","max_join_retries":10,"min_join_backoff":"1s","node_name":"","packet_dial_timeout":"5s","packet_write_timeout":"5s","pull_push_interval":"30s","randomize_node_name":true,"rejoin_interval":"0s","retransmit_factor":2,"stream_timeout":"10s"}` | Memberlist configuration. Please refer to https://grafana.com/docs/tempo/latest/configuration/#memberlist | | memcached.affinity | string | Hard node and soft zone anti-affinity | Affinity for memcached pods. Passed through `tpl` and, thus, to be configured as string | | memcached.enabled | bool | `true` | Specified whether the memcached cachce should be enabled | | memcached.extraArgs | list | `[]` | Additional CLI args for memcached | | memcached.extraEnv | list | `[]` | Environment variables to add to memcached pods | | memcached.extraEnvFrom | list | `[]` | Environment variables from secrets or configmaps to add to memcached pods | +| memcached.extraVolumeMounts | list | `[]` | Extra volumes for memcached pods | +| memcached.extraVolumes | list | `[]` | Extra volumes for memcached statefulSet | | memcached.host | string | `"memcached"` | | | memcached.image.pullPolicy | string | `"IfNotPresent"` | Memcached Docker image pull policy | | memcached.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `global.image.pullSecrets` | | memcached.image.registry | string | `nil` | The Docker registry for the Memcached image. Overrides `global.image.registry` | | memcached.image.repository | string | `"memcached"` | Memcached Docker image repository | -| memcached.image.tag | string | `"1.6.29-alpine"` | Memcached Docker image tag | +| memcached.image.tag | string | `"1.6.33-alpine"` | Memcached Docker image tag | +| memcached.initContainers | list | `[]` | Init containers for the memcached pod | | memcached.maxUnavailable | int | `1` | Pod Disruption Budget maxUnavailable | | memcached.podAnnotations | object | `{}` | Annotations for memcached pods | | memcached.podLabels | object | `{}` | Labels for memcached pods | | memcached.replicas | int | `1` | | | memcached.resources | object | `{}` | Resource requests and limits for memcached | | memcached.service.annotations | object | `{}` | Annotations for memcached service | -| memcached.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for memcached pods. Passed through `tpl` and, thus, to be configured as string | +| memcached.tolerations | list | `[]` | Toleration for memcached pods | +| memcached.topologySpreadConstraints | string | Defaults to allow skew no more than 1 node per AZ | topologySpread for memcached pods. Passed through `tpl` and, thus, to be configured as string | | memcachedExporter.enabled | bool | `false` | Specifies whether the Memcached Exporter should be enabled | +| memcachedExporter.extraArgs | list | `[]` | Additional CLI args for the memcached exporter | | memcachedExporter.hostAliases | list | `[]` | hostAliases to add | | memcachedExporter.image.pullPolicy | string | `"IfNotPresent"` | Memcached Exporter Docker image pull policy | | memcachedExporter.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `global.image.pullSecrets` | @@ -630,9 +691,9 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.appProtocol | object | `{"grpc":null}` | Adds the appProtocol field to the metricsGenerator service. This allows metricsGenerator to work with istio protocol selection. | | metricsGenerator.appProtocol.grpc | string | `nil` | Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" | | metricsGenerator.config | object | `{"metrics_ingestion_time_range_slack":"30s","processor":{"service_graphs":{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10},"span_metrics":{"dimensions":[],"histogram_buckets":[0.002,0.004,0.008,0.016,0.032,0.064,0.128,0.256,0.512,1.02,2.05,4.1]}},"registry":{"collection_interval":"15s","external_labels":{},"stale_duration":"15m"},"storage":{"path":"/var/tempo/wal","remote_write":[],"remote_write_add_org_id_header":true,"remote_write_flush_deadline":"1m","wal":null},"traces_storage":{"path":"/var/tempo/traces"}}` | More information on configuration: https://grafana.com/docs/tempo/latest/configuration/#metrics-generator | -| metricsGenerator.config.processor.service_graphs | object | `{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10}` | For processors to be enabled and generate metrics, pass the names of the processors to overrides.metrics_generator_processors value like [service-graphs, span-metrics] | -| metricsGenerator.config.processor.service_graphs.dimensions | list | `[]` | resource and span attributes and are added to the metrics if present. | -| metricsGenerator.config.processor.span_metrics.dimensions | list | `[]` | Dimensions are searched for in the resource and span attributes and are added to the metrics if present. | +| metricsGenerator.config.processor.service_graphs | object | `{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10}` | For processors to be enabled and generate metrics, pass the names of the processors to `overrides.defaults.metrics_generator.processors` value like `[service-graphs, span-metrics]`. | +| metricsGenerator.config.processor.service_graphs.dimensions | list | `[]` | The resource and span attributes to be added to the service graph metrics, if present. | +| metricsGenerator.config.processor.span_metrics.dimensions | list | `[]` | The resource and span attributes to be added to the span metrics, if present. | | metricsGenerator.config.storage.remote_write | list | `[]` | https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write | | metricsGenerator.config.traces_storage | object | `{"path":"/var/tempo/traces"}` | Used by the local blocks processor to store a wal for traces. | | metricsGenerator.enabled | bool | `false` | Specifies whether a metrics-generator should be deployed | @@ -646,14 +707,19 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.image.registry | string | `nil` | The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` | | metricsGenerator.image.repository | string | `nil` | Docker image repository for the metrics-generator image. Overrides `tempo.image.repository` | | metricsGenerator.image.tag | string | `nil` | Docker image tag for the metrics-generator image. Overrides `tempo.image.tag` | -| metricsGenerator.initContainers | list | `[]` | | +| metricsGenerator.initContainers | list | `[]` | Init containers for the metrics generator pod | | metricsGenerator.kind | string | `"Deployment"` | Kind of deployment [StatefulSet/Deployment] | | metricsGenerator.maxUnavailable | int | `1` | Pod Disruption Budget maxUnavailable | +| metricsGenerator.minReadySeconds | int | `10` | Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating | | metricsGenerator.nodeSelector | object | `{}` | Node selector for metrics-generator pods | -| metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | +| metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"labels":{},"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | | metricsGenerator.persistence.annotations | object | `{}` | Annotations for metrics generator PVCs | | metricsGenerator.persistence.enabled | bool | `false` | Enable creating PVCs if you have kind set to StatefulSet. This disables using local disk or memory configured in walEmptyDir | +| metricsGenerator.persistence.labels | object | `{}` | Labels for metrics generator PVCs | | metricsGenerator.persistence.storageClass | string | `nil` | Storage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). | +| metricsGenerator.persistentVolumeClaimRetentionPolicy.enabled | bool | `false` | Enable Persistent volume retention policy for StatefulSet | +| metricsGenerator.persistentVolumeClaimRetentionPolicy.whenDeleted | string | `"Retain"` | Volume retention behavior that applies when the StatefulSet is deleted | +| metricsGenerator.persistentVolumeClaimRetentionPolicy.whenScaled | string | `"Retain"` | Volume retention behavior when the replica count of the StatefulSet is reduced | | metricsGenerator.podAnnotations | object | `{}` | Annotations for metrics-generator pods | | metricsGenerator.podLabels | object | `{}` | Labels for metrics-generator pods | | metricsGenerator.ports | list | `[{"name":"grpc","port":9095,"service":true},{"name":"http-memberlist","port":7946,"service":false},{"name":"http-metrics","port":3100,"service":true}]` | Default ports | @@ -683,12 +749,37 @@ The memcached default args are removed and should be provided manually. The sett | minio.rootPassword | string | `"supersecret"` | | | minio.rootUser | string | `"grafana-tempo"` | | | multitenancyEnabled | bool | `false` | | -| overrides | object | `{}` | | +| overrides | object | `{"defaults":{},"per_tenant_override_config":"/runtime-config/overrides.yaml"}` | The standard overrides configuration section. This can include a `defaults` object for applying to all tenants (not to be confused with the `global` property of the same name, which overrides `max_byte_per_trace` for all tenants). For an example on how to enable the metrics generator using the `overrides` object, see the 'Activate metrics generator' section below. Refer to [Standard overrides](https://grafana.com/docs/tempo/latest/configuration/#standard-overrides) for more details. | +| overrides.defaults | object | `{}` | default config values for all tenants, can be overridden by per-tenant overrides. If a tenant's specific overrides are not found in the `per_tenant_overrides` block, the values in this `default` block will be used. Configs inside this block should follow the new overrides indentation format | +| overrides.per_tenant_override_config | string | `"/runtime-config/overrides.yaml"` | Path to the per tenant override config file. The values of the `per_tenant_overrides` config below will be written to the default path which is `/runtime-config/overrides.yaml`. Users can set tenant-specific overrides settings in a separate file and point per_tenant_override_config to it if not using the per_tenant_overrides block below. | +| per_tenant_overrides | string | `nil` | The `per tenant` runtime overrides in place of the `per_tenant_override_config` file for Tempo (see `overrides` and the `per_tenant_override_config` property). This allows overriding the configs like `ingestion` and `global` values on a per-tenant basis. Note that *all* values must be given for each per-tenant configuration block. Refer to [Runtime overrides](https://grafana.com/docs/tempo/latest/configuration/#runtime-overrides) documentation for more details. | | prometheusRule.annotations | object | `{}` | PrometheusRule annotations | | prometheusRule.enabled | bool | `false` | If enabled, a PrometheusRule resource for Prometheus Operator is created | | prometheusRule.groups | list | `[]` | Contents of Prometheus rules file | | prometheusRule.labels | object | `{}` | Additional PrometheusRule labels | | prometheusRule.namespace | string | `nil` | Alternative namespace for the PrometheusRule resource | +| provisioner.additionalTenants | list | `[]` | Additional tenants to be created. Each tenant will get a read and write policy and associated token. Tenant must have a name and a namespace for the secret containting the token to be created in. For example additionalTenants: - name: tempo secretNamespace: grafana | +| provisioner.affinity | object | `{}` | Affinity for tokengen Pods | +| provisioner.annotations | object | `{}` | Additional annotations for the `provisioner` Job | +| provisioner.apiUrl | string | `""` | URL for the admin API service. Must be set to a valid URL. Example: "http://tempo-admin-api.namespace.svc:3100" | +| provisioner.enabled | bool | `false` | Whether the job should be part of the deployment | +| provisioner.env | list | `[]` | Additional Kubernetes environment | +| provisioner.extraArgs | object | `{}` | Additional arguments for the provisioner command | +| provisioner.extraVolumeMounts | list | `[]` | Volume mounts to add to the provisioner pods | +| provisioner.extraVolumes | list | `[]` | Volumes to add to the provisioner pods | +| provisioner.hookType | string | `"post-install"` | Hook type(s) to customize when the job runs. defaults to post-install | +| provisioner.image | object | `{"digest":null,"pullPolicy":"IfNotPresent","registry":"us-docker.pkg.dev","repository":"grafanalabs-global/docker-enterprise-provisioner-prod/enterprise-provisioner","tag":null}` | Provisioner image to Utilize | +| provisioner.image.digest | string | `nil` | Overrides the image tag with an image digest | +| provisioner.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| provisioner.image.registry | string | `"us-docker.pkg.dev"` | The Docker registry | +| provisioner.image.repository | string | `"grafanalabs-global/docker-enterprise-provisioner-prod/enterprise-provisioner"` | Docker image repository | +| provisioner.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | +| provisioner.labels | object | `{}` | Additional labels for the `provisioner` Job | +| provisioner.nodeSelector | object | `{}` | Node selector for tokengen Pods | +| provisioner.priorityClassName | string | `nil` | The name of the PriorityClass for provisioner Job | +| provisioner.provisionedSecretPrefix | string | `nil` | Name of the secret to store provisioned tokens in | +| provisioner.securityContext | object | `{"runAsGroup":10001,"runAsNonRoot":true,"runAsUser":10001}` | Run containers as nonroot user (uid=10001)` | +| provisioner.tolerations | list | `[]` | Tolerations for tokengen Pods | | querier.affinity | string | Hard node and soft zone anti-affinity | Affinity for querier pods. Passed through `tpl` and, thus, to be configured as string | | querier.appProtocol | object | `{"grpc":null}` | Adds the appProtocol field to the querier service. This allows querier to work with istio protocol selection. | | querier.appProtocol.grpc | string | `nil` | Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" | @@ -700,12 +791,6 @@ The memcached default args are removed and should be provided manually. The sett | querier.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target memory utilisation percentage for the querier | | querier.config.frontend_worker.grpc_client_config | object | `{}` | grpc client configuration | | querier.config.max_concurrent_queries | int | `20` | This value controls the overall number of simultaneous subqueries that the querier will service at once. It does not distinguish between the types of queries. | -| querier.config.search.external_backend | string | `""` | credentials when querying the external backend. | -| querier.config.search.external_endpoints | list | `[]` | A list of external endpoints that the querier will use to offload backend search requests | -| querier.config.search.external_hedge_requests_at | string | `"8s"` | If set to a non-zero value a second request will be issued at the provided duration. Recommended to be set to p99 of external search requests to reduce long tail latency. | -| querier.config.search.external_hedge_requests_up_to | int | `2` | The maximum number of requests to execute when hedging. Requires hedge_requests_at to be set. | -| querier.config.search.google_cloud_run | object | `{}` | external_backend is "google_cloud_run". | -| querier.config.search.prefer_self | int | `10` | If search_external_endpoints is set then the querier will primarily act as a proxy for whatever serverless backend you have configured. This setting allows the operator to have the querier prefer itself for a configurable number of subqueries. | | querier.config.search.query_timeout | string | `"30s"` | Timeout for search requests | | querier.config.trace_by_id.query_timeout | string | `"10s"` | Timeout for trace lookup requests | | querier.extraArgs | list | `[]` | Additional CLI args for the querier | @@ -718,6 +803,8 @@ The memcached default args are removed and should be provided manually. The sett | querier.image.registry | string | `nil` | The Docker registry for the querier image. Overrides `tempo.image.registry` | | querier.image.repository | string | `nil` | Docker image repository for the querier image. Overrides `tempo.image.repository` | | querier.image.tag | string | `nil` | Docker image tag for the querier image. Overrides `tempo.image.tag` | +| querier.initContainers | list | `[]` | Init containers for the querier pod | +| querier.maxSurge | int | `0` | Max Surge for querier pods | | querier.maxUnavailable | int | `1` | Pod Disruption Budget maxUnavailable | | querier.nodeSelector | object | `{}` | Node selector for querier pods | | querier.podAnnotations | object | `{}` | Annotations for querier pods | @@ -725,6 +812,7 @@ The memcached default args are removed and should be provided manually. The sett | querier.priorityClassName | string | `nil` | The name of the PriorityClass for querier pods | | querier.replicas | int | `1` | Number of replicas for the querier | | querier.resources | object | `{}` | Resource requests and limits for the querier | +| querier.rollingUpdate.maxUnavailable | int | `1` | Maximum number of Pods that can be unavailable during the update process | | querier.service.annotations | object | `{}` | Annotations for querier service | | querier.terminationGracePeriodSeconds | int | `30` | Grace period to allow the querier to shutdown before it is killed | | querier.tolerations | list | `[]` | Tolerations for querier pods | @@ -740,7 +828,15 @@ The memcached default args are removed and should be provided manually. The sett | queryFrontend.autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target memory utilisation percentage for the query-frontend | | queryFrontend.config.max_outstanding_per_tenant | int | `2000` | Maximum number of outstanding requests per tenant per frontend; requests beyond this error with HTTP 429. | | queryFrontend.config.max_retries | int | `2` | Number of times to retry a request sent to a querier | +| queryFrontend.config.metrics.concurrent_jobs | int | `1000` | The number of concurrent jobs to execute when querying the backend. | +| queryFrontend.config.metrics.duration_slo | string | `"0s"` | If set to a non-zero value, it's value will be used to decide if query is within SLO or not. Query is within SLO if it returned 200 within duration_slo seconds OR processed throughput_slo bytes/s data. NOTE: `duration_slo` and `throughput_bytes_slo` both must be configured for it to work | +| queryFrontend.config.metrics.interval | string | `"5m"` | The target length of time for each job to handle when querying the backend. | +| queryFrontend.config.metrics.max_duration | string | `"3h"` | The maximum allowed time range for a metrics query. 0 disables this limit. | +| queryFrontend.config.metrics.query_backend_after | string | `"30m"` | query_backend_after controls where the query-frontend searches for traces. Time ranges older than query_backend_after will be searched in the backend/object storage only. Time ranges between query_backend_after and now will be queried from the metrics-generators. | +| queryFrontend.config.metrics.target_bytes_per_job | int | `104857600` | The target number of bytes for each job to handle when querying the backend. | +| queryFrontend.config.metrics.throughput_bytes_slo | int | `0` | If set to a non-zero value, it's value will be used to decide if query is within SLO or not. Query is within SLO if it returned 200 within duration_slo seconds OR processed throughput_slo bytes/s data. | | queryFrontend.config.search.concurrent_jobs | int | `1000` | The number of concurrent jobs to execute when searching the backend | +| queryFrontend.config.search.max_spans_per_span_set | int | `100` | The maximum allowed value of spans per span set. 0 disables this limit. | | queryFrontend.config.search.target_bytes_per_job | int | `104857600` | The target number of bytes for each job to handle when performing a backend search | | queryFrontend.config.trace_by_id | object | `{"query_shards":50}` | Trace by ID lookup configuration | | queryFrontend.config.trace_by_id.query_shards | int | `50` | The number of shards to split a trace by id query into. | @@ -758,7 +854,9 @@ The memcached default args are removed and should be provided manually. The sett | queryFrontend.ingress.enabled | bool | `false` | Specifies whether an ingress for the Jaeger should be created | | queryFrontend.ingress.hosts | list | `[{"host":"query.tempo.example.com","paths":[{"path":"/"}]}]` | Hosts configuration for the Jaeger ingress | | queryFrontend.ingress.tls | list | `[{"hosts":["query.tempo.example.com"],"secretName":"tempo-query-tls"}]` | TLS configuration for the Jaeger ingress | +| queryFrontend.initContainers | list | `[]` | Init containers for the query-frontend pod | | queryFrontend.maxUnavailable | int | `1` | Pod Disruption Budget maxUnavailable | +| queryFrontend.minReadySeconds | int | `10` | Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating | | queryFrontend.nodeSelector | object | `{}` | Node selector for query-frontend pods | | queryFrontend.podAnnotations | object | `{}` | Annotations for query-frontend pods | | queryFrontend.podLabels | object | `{}` | Labels for queryFrontend pods | @@ -771,9 +869,9 @@ The memcached default args are removed and should be provided manually. The sett | queryFrontend.query.extraVolumeMounts | list | `[]` | Extra volumes for tempo-query pods | | queryFrontend.query.extraVolumes | list | `[]` | Extra volumes for tempo-query deployment | | queryFrontend.query.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | -| queryFrontend.query.image.registry | string | `nil` | The Docker registry for the query-frontend image. Overrides `tempo.image.registry` | -| queryFrontend.query.image.repository | string | `"grafana/tempo-query"` | Docker image repository for the query-frontend image. Overrides `tempo.image.repository` | -| queryFrontend.query.image.tag | string | `nil` | Docker image tag for the query-frontend image. Overrides `tempo.image.tag` | +| queryFrontend.query.image.registry | string | `nil` | The Docker registry for the tempo-query image. Overrides `tempo.image.registry` | +| queryFrontend.query.image.repository | string | `"grafana/tempo-query"` | Docker image repository for the tempo-query image. Overrides `tempo.image.repository` | +| queryFrontend.query.image.tag | string | `nil` | Docker image tag for the tempo-query image. Overrides `tempo.image.tag` | | queryFrontend.query.resources | object | `{}` | Resource requests and limits for the query | | queryFrontend.replicas | int | `1` | Number of replicas for the query-frontend | | queryFrontend.resources | object | `{}` | Resource requests and limits for the query-frontend | @@ -806,7 +904,7 @@ The memcached default args are removed and should be provided manually. The sett | server.http_server_read_timeout | string | `"30s"` | Read timeout for HTTP server | | server.http_server_write_timeout | string | `"30s"` | Write timeout for HTTP server | | server.logFormat | string | `"logfmt"` | Log format. Can be set to logfmt (default) or json. | -| server.logLevel | string | `"info"` | Log level. Can be set to trace, debug, info (default), warn, error, fatal, panic | +| server.logLevel | string | `"info"` | Log level. Can be set to debug, info (default), warn, error | | serviceAccount.annotations | object | `{}` | Annotations for the service account | | serviceAccount.automountServiceAccountToken | bool | `false` | | | serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created | @@ -816,15 +914,23 @@ The memcached default args are removed and should be provided manually. The sett | storage.trace.backend | string | `"local"` | The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage | | storage.trace.block.dedicated_columns | list | `[]` | Lis with dedicated attribute columns (only for vParquet3 or later) | | storage.trace.block.version | string | `nil` | The supported block versions are specified here https://grafana.com/docs/tempo/latest/configuration/parquet/ | +| storage.trace.blocklist_poll | string | `"5m"` | How often to repoll the backend for new blocks | +| storage.trace.blocklist_poll_concurrency | string | `nil` | Number of blocks to process in parallel during polling. | +| storage.trace.blocklist_poll_fallback | string | `nil` | fallback to scanning the entire bucket. Set to false to disable this behavior. | +| storage.trace.blocklist_poll_stale_tenant_index | string | `nil` | The oldest allowable tenant index. | +| storage.trace.blocklist_poll_tenant_index_builders | string | `nil` | Maximum number of compactors that should build the tenant index. All other components will download the index. | | storage.trace.pool.max_workers | int | `400` | Total number of workers pulling jobs from the queue | | storage.trace.pool.queue_depth | int | `20000` | Length of job queue. imporatant for querier as it queues a job for every block it has to search | +| storage.trace.search.prefetch_trace_count | int | `1000` | Number of traces to prefetch while scanning blocks. Increasing this value can improve trace search performance at the cost of memory. | | tempo.image.pullPolicy | string | `"IfNotPresent"` | | | tempo.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `global.image.pullSecrets` | | tempo.image.registry | string | `"docker.io"` | The Docker registry | | tempo.image.repository | string | `"grafana/tempo"` | Docker image repository | | tempo.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | -| tempo.memberlist | object | `{"appProtocol":null}` | Memberlist service configuration. | +| tempo.memberlist | object | `{"appProtocol":null,"service":{"annotations":{}}}` | Memberlist service configuration. | | tempo.memberlist.appProtocol | string | `nil` | Adds the appProtocol field to the memberlist service. This allows memberlist to work with istio protocol selection. Set the optional service protocol. Ex: "tcp", "http" or "https". | +| tempo.memberlist.service | object | `{"annotations":{}}` | Adds the service field to the memberlist service | +| tempo.memberlist.service.annotations | object | `{}` | Sets optional annotations to the service field of the memberlist service. | | tempo.podAnnotations | object | `{}` | Common annotations for all pods | | tempo.podLabels | object | `{}` | Global labels for all tempo pods | | tempo.podSecurityContext | object | `{"fsGroup":1000}` | podSecurityContext holds pod-level security attributes and common container settings | @@ -832,8 +938,12 @@ The memcached default args are removed and should be provided manually. The sett | tempo.readinessProbe.httpGet.port | string | `"http-metrics"` | | | tempo.readinessProbe.initialDelaySeconds | int | `30` | | | tempo.readinessProbe.timeoutSeconds | int | `1` | | +| tempo.revisionHistoryLimit | int | `10` | The number of old ReplicaSets to retain to allow rollback | | tempo.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | SecurityContext holds container-level security attributes and common container settings | +| tempo.service.ipFamilies | list | `["IPv4"]` | Configure the IP families for all tempo services See the Service spec for details: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#servicespec-v1-core | +| tempo.service.ipFamilyPolicy | string | `"SingleStack"` | Configure the IP family policy for all tempo services. SingleStack, PreferDualStack or RequireDualStack | | tempo.structuredConfig | object | `{}` | Structured tempo configuration | +| tokengenJob.adminTokenSecret | string | `"admin-token"` | Name of the secret to store the admin token. If not specified, defaults to "-admin-token" | | tokengenJob.annotations | object | `{}` | | | tokengenJob.containerSecurityContext | object | `{"readOnlyRootFilesystem":true}` | The SecurityContext for tokenjobgen containers | | tokengenJob.enable | bool | `true` | | @@ -846,6 +956,7 @@ The memcached default args are removed and should be provided manually. The sett | tokengenJob.image.repository | string | `nil` | Docker image repository for the tokengenJob image. Overrides `tempo.image.repository` | | tokengenJob.image.tag | string | `nil` | Docker image tag for the tokengenJob image. Overrides `tempo.image.tag` | | tokengenJob.initContainers | list | `[]` | | +| tokengenJob.storeTokenInSecret | bool | `false` | | | traces.jaeger.grpc.enabled | bool | `false` | Enable Tempo to ingest Jaeger GRPC traces | | traces.jaeger.grpc.receiverConfig | object | `{}` | Jaeger GRPC receiver config | | traces.jaeger.thriftBinary.enabled | bool | `false` | Enable Tempo to ingest Jaeger Thrift Binary traces | @@ -880,7 +991,13 @@ The other components are optional and must be explicitly enabled. | compactor | no | | metrics-generator | yes | | memcached | yes | +| memcached-exporter | yes | | gateway | yes | +| federation-frontend | yes | +| rollout-operator | yes | +| minio | yes | +| admin-api | yes | +| enterprise-gateway | yes | ## [Configuration](https://grafana.com/docs/tempo/latest/configuration/) @@ -972,8 +1089,6 @@ config: | abort_if_cluster_join_fails: false join_members: - {{ include "tempo.fullname" . }}-memberlist - overrides: - per_tenant_override_config: /runtime-config/overrides.yaml server: http_listen_port: 3100 storage: diff --git a/charts/tempo/README.md.gotmpl b/charts/tempo/README.md.gotmpl index e6b2e33433..d2f21240d9 100644 --- a/charts/tempo/README.md.gotmpl +++ b/charts/tempo/README.md.gotmpl @@ -24,6 +24,8 @@ To install the chart with the release name `my-release`: helm install my-release grafana/tempo-distributed ``` +Refer to the [Get started with Grafana Tempo using the Helm chart](https://grafana.com/docs/helm-charts/tempo-distributed/next/get-started-helm-charts/) documentation for more details. + ## Uninstalling the Chart To uninstall/delete the my-release deployment: @@ -39,6 +41,34 @@ The command removes all the Kubernetes components associated with the chart and A major chart version change indicates that there is an incompatible breaking change needing manual actions. +### From Chart versions < 1.33.0 +* Breaking Change * +In order to reduce confusion, the overrides configurations have been renamed as below. + +`global_overrides` => `overrides` (this is where the defaults for every tenant is set) +`overrides` => `per_tenant_overrides` (this is where configurations for specific tenants can be set) + +### From Chart versions < 1.31.0 + +Tempo serverless was deprecated in [tempo 2.7 release](https://github.com/grafana/tempo/releases/tag/v2.7.0), +Config options related to serverless are being removed from helm chart, and this might be a breaking change if you were using tempo serverless. + +These config optioons are removed in [tempo#4599](https://github.com/grafana/tempo/pull/4599) and will not work from next release of tempo. + +### From Chart versions < 1.28.2 + +Please be aware that we've updated the Tempo version to 2.7, which includes some breaking changes +We recommend reviewing the [release notes](https://grafana.com/docs/tempo/latest/release-notes/v2-7/) before upgrading. + +### From Chart versions < 1.23.0 + +A default affinity has been defined in this version for the compactor following the standard used in other components. + +### From Chart versions < 1.21.0 + +Upgrading to chart 1.21.0 will set the memberlist cluster_label config option. During rollout your cluster will temporarilly be split into two memberlist clusters until all components are rolled out. +This will interrupt reads and writes. This config option is set to prevent cross talk between Tempo and other memberlist clusters. + ### From Chart versions < 1.18.0 Please be aware that we've updated the minor version to Tempo 2.6, which includes breaking changes. @@ -231,7 +261,14 @@ The other components are optional and must be explicitly enabled. | compactor | no | | metrics-generator | yes | | memcached | yes | +| memcached-exporter | yes | | gateway | yes | +| federation-frontend | yes | +| rollout-operator | yes | +| minio | yes | +| admin-api | yes | +| enterprise-gateway | yes | + ## [Configuration](https://grafana.com/docs/tempo/latest/configuration/) @@ -325,8 +362,6 @@ config: | abort_if_cluster_join_fails: false join_members: - {{"{{"}} include "tempo.fullname" . {{"}}"}}-memberlist - overrides: - per_tenant_override_config: /runtime-config/overrides.yaml server: http_listen_port: 3100 storage: diff --git a/charts/tempo/charts/grafana-agent-operator/.helmignore b/charts/tempo/charts/grafana-agent-operator/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/tempo/charts/grafana-agent-operator/Chart.yaml b/charts/tempo/charts/grafana-agent-operator/Chart.yaml new file mode 100644 index 0000000000..3281eece2f --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +appVersion: 0.43.3 +description: A Helm chart for Grafana Agent Operator +home: https://grafana.com/docs/agent/v0.43/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.43.3/docs/sources/assets/logo_and_name.png +maintainers: +- email: grafana-agent-team@googlegroups.com + name: Grafana Agent Team +name: grafana-agent-operator +sources: +- https://github.com/grafana/agent/tree/v0.43.3/static/operator +type: application +version: 0.5.0 diff --git a/charts/tempo/charts/grafana-agent-operator/README.md b/charts/tempo/charts/grafana-agent-operator/README.md new file mode 100644 index 0000000000..b39b26a979 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/README.md @@ -0,0 +1,82 @@ +# grafana-agent-operator + +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.43.3](https://img.shields.io/badge/AppVersion-0.43.3-informational?style=flat-square) + +A Helm chart for Grafana Agent Operator + +⚠️ **Please create issues relating to this Helm chart in the [Agent](https://github.com/grafana/agent/issues) repo.** + +## Source Code + +* + +Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. + +To learn how to deploy these resources, please see Grafana's [Agent Operator getting started guide](https://grafana.com/docs/agent/latest/operator/getting-started/). + +## CRDs + +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana-agent-operator +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. Until this chart's version reaches `v1.0`, there are no promises of backwards compatibility. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Pod affinity configuration | +| annotations | object | `{}` | Annotations for the Deployment | +| containerSecurityContext | object | `{}` | Container security context (allowPrivilegeEscalation, etc.) | +| extraArgs | list | `[]` | List of additional cli arguments to configure agent-operator (example: `--log.level`) | +| fullnameOverride | string | `""` | Overrides the chart's computed fullname | +| global.commonLabels | object | `{}` | Common labels for all object directly managed by this chart. | +| hostAliases | list | `[]` | hostAliases to add | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.pullSecrets | list | `[]` | Image pull secrets | +| image.registry | string | `"docker.io"` | Image registry | +| image.repository | string | `"grafana/agent-operator"` | Image repo | +| image.tag | string | `"v0.43.3"` | Image tag | +| kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | +| nameOverride | string | `""` | Overrides the chart's name | +| nodeSelector | object | `{}` | nodeSelector configuration | +| podAnnotations | object | `{}` | Annotations for the Deployment Pods | +| podLabels | object | `{}` | Annotations for the Deployment Pods | +| podSecurityContext | object | `{}` | Pod security context (runAsUser, etc.) | +| rbac.create | bool | `true` | Toggle to create ClusterRole and ClusterRoleBinding | +| rbac.podSecurityPolicyName | string | `""` | Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used. | +| resources | object | `{}` | Resource limits and requests config | +| serviceAccount.create | bool | `true` | Toggle to create ServiceAccount | +| serviceAccount.name | string | `nil` | Service account name | +| test.image.registry | string | `"docker.io"` | Test image registry | +| test.image.repository | string | `"library/busybox"` | Test image repo | +| test.image.tag | string | `"latest"` | Test image tag | +| tolerations | list | `[]` | Tolerations applied to Pods | diff --git a/charts/tempo/charts/grafana-agent-operator/README.md.gotmpl b/charts/tempo/charts/grafana-agent-operator/README.md.gotmpl new file mode 100644 index 0000000000..3dce97a945 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/README.md.gotmpl @@ -0,0 +1,52 @@ +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +⚠️ **Please create issues relating to this Helm chart in the [Agent](https://github.com/grafana/agent/issues) repo.** + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. + +To learn how to deploy these resources, please see Grafana's [Agent Operator getting started guide](https://grafana.com/docs/agent/latest/operator/getting-started/). + +## CRDs + +The CRDs are synced into this chart manually (for now) from the Grafana Agent [GitHub repo](https://github.com/grafana/agent/tree/main/operations/agent-static-operator/crds). To learn more about how Helm manages CRDs, please see [Custom Resource Definitions](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) from the Helm docs. + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana-agent-operator +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. Until this chart's version reaches `v1.0`, there are no promises of backwards compatibility. + +{{ template "chart.valuesSection" . }} diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml new file mode 100644 index 0000000000..153677bb17 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_podmonitors.yaml @@ -0,0 +1,424 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + shortNames: + - pmon + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + attachMetadata: + properties: + node: + type: boolean + type: object + jobLabel: + type: string + labelLimit: + format: int64 + type: integer + labelNameLengthLimit: + format: int64 + type: integer + labelValueLengthLimit: + format: int64 + type: integer + namespaceSelector: + properties: + any: + type: boolean + matchNames: + items: + type: string + type: array + type: object + podMetricsEndpoints: + items: + properties: + authorization: + properties: + credentials: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + type: string + type: object + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + type: boolean + filterRunning: + type: boolean + followRedirects: + type: boolean + honorLabels: + type: boolean + honorTimestamps: + type: boolean + interval: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + type: object + path: + type: string + port: + type: string + proxyUrl: + type: string + relabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + enum: + - http + - https + type: string + scrapeTimeout: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + type: boolean + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + type: object + type: array + podTargetLabels: + items: + type: string + type: array + sampleLimit: + format: int64 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + targetLimit: + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml new file mode 100644 index 0000000000..13fc36f9aa --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_probes.yaml @@ -0,0 +1,458 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + shortNames: + - prb + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + authorization: + properties: + credentials: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + type: string + type: object + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + interval: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + jobName: + type: string + labelLimit: + format: int64 + type: integer + labelNameLengthLimit: + format: int64 + type: integer + labelValueLengthLimit: + format: int64 + type: integer + metricRelabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + module: + type: string + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + prober: + properties: + path: + default: /probe + type: string + proxyUrl: + type: string + scheme: + enum: + - http + - https + type: string + url: + type: string + required: + - url + type: object + sampleLimit: + format: int64 + type: integer + scrapeTimeout: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetLimit: + format: int64 + type: integer + targets: + properties: + ingress: + properties: + namespaceSelector: + properties: + any: + type: boolean + matchNames: + items: + type: string + type: array + type: object + relabelingConfigs: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + staticConfig: + properties: + labels: + additionalProperties: + type: string + type: object + relabelingConfigs: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + static: + items: + type: string + type: array + type: object + type: object + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + type: boolean + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml new file mode 100644 index 0000000000..ff62f8f267 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml @@ -0,0 +1,436 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + shortNames: + - smon + singular: servicemonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + attachMetadata: + properties: + node: + type: boolean + type: object + endpoints: + items: + properties: + authorization: + properties: + credentials: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + type: string + type: object + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenFile: + type: string + bearerTokenSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + type: boolean + filterRunning: + type: boolean + followRedirects: + type: boolean + honorLabels: + type: boolean + honorTimestamps: + type: boolean + interval: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + type: object + path: + type: string + port: + type: string + proxyUrl: + type: string + relabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + enum: + - http + - https + type: string + scrapeTimeout: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + type: object + type: array + jobLabel: + type: string + labelLimit: + format: int64 + type: integer + labelNameLengthLimit: + format: int64 + type: integer + labelValueLengthLimit: + format: int64 + type: integer + namespaceSelector: + properties: + any: + type: boolean + matchNames: + items: + type: string + type: array + type: object + podTargetLabels: + items: + type: string + type: array + sampleLimit: + format: int64 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + targetLabels: + items: + type: string + type: array + targetLimit: + format: int64 + type: integer + required: + - endpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml new file mode 100644 index 0000000000..4ec31d67a4 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml @@ -0,0 +1,3711 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: grafanaagents.monitoring.grafana.com +spec: + group: monitoring.grafana.com + names: + categories: + - agent-operator + kind: GrafanaAgent + listKind: GrafanaAgentList + plural: grafanaagents + singular: grafanaagent + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + apiServer: + properties: + authorization: + properties: + credentials: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + type: string + type: + type: string + type: object + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + type: string + bearerTokenFile: + type: string + host: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + required: + - host + type: object + configMaps: + items: + type: string + type: array + configReloaderImage: + type: string + configReloaderVersion: + type: string + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + disableReporting: + default: false + type: boolean + disableSupportBundle: + default: false + type: boolean + enableConfigReadAPI: + default: false + type: boolean + image: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + integrations: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + logFormat: + type: string + logLevel: + type: string + logs: + properties: + clients: + items: + properties: + backoffConfig: + properties: + maxPeriod: + type: string + maxRetries: + type: integer + minPeriod: + type: string + type: object + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + batchSize: + type: integer + batchWait: + type: string + bearerToken: + type: string + bearerTokenFile: + type: string + externalLabels: + additionalProperties: + type: string + type: object + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: + type: string + tenantId: + type: string + timeout: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + url: + type: string + required: + - url + type: object + type: array + enforcedNamespaceLabel: + type: string + ignoreNamespaceSelectors: + type: boolean + instanceNamespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + instanceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + logsExternalLabelName: + type: string + type: object + metrics: + properties: + arbitraryFSAccessThroughSMs: + properties: + deny: + type: boolean + type: object + enforcedNamespaceLabel: + type: string + enforcedSampleLimit: + format: int64 + type: integer + enforcedTargetLimit: + format: int64 + type: integer + externalLabels: + additionalProperties: + type: string + type: object + ignoreNamespaceSelectors: + type: boolean + instanceNamespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + instanceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + metricsExternalLabelName: + type: string + overrideHonorLabels: + type: boolean + overrideHonorTimestamps: + type: boolean + remoteWrite: + items: + properties: + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + type: string + bearerTokenFile: + type: string + headers: + additionalProperties: + type: string + type: object + metadataConfig: + properties: + send: + type: boolean + sendInterval: + type: string + type: object + name: + type: string + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: + type: string + queueConfig: + properties: + batchSendDeadline: + type: string + capacity: + type: integer + maxBackoff: + type: string + maxRetries: + type: integer + maxSamplesPerSend: + type: integer + maxShards: + type: integer + minBackoff: + type: string + minShards: + type: integer + retryOnRateLimit: + type: boolean + type: object + remoteTimeout: + type: string + sigv4: + properties: + accessKey: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + type: string + region: + type: string + roleARN: + type: string + secretKey: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + url: + type: string + writeRelabelConfigs: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + type: string + replicas: + format: int32 + type: integer + scrapeInterval: + type: string + scrapeTimeout: + type: string + shards: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + paused: + type: boolean + podMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: object + portName: + type: string + priorityClassName: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeClassName: + type: string + secrets: + items: + type: string + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + storage: + properties: + disableMountSubPath: + type: boolean + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + type: string + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml new file mode 100644 index 0000000000..960b2f73ac --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_integrations.yaml @@ -0,0 +1,810 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: integrations.monitoring.grafana.com +spec: + group: monitoring.grafana.com + names: + categories: + - agent-operator + kind: Integration + listKind: IntegrationList + plural: integrations + singular: integration + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + config: + type: object + x-kubernetes-preserve-unknown-fields: true + configMaps: + items: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + name: + type: string + secrets: + items: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + type: + properties: + allNodes: + type: boolean + unique: + type: boolean + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - config + - name + - type + type: object + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml new file mode 100644 index 0000000000..517bb30c2e --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_logsinstances.yaml @@ -0,0 +1,299 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: logsinstances.monitoring.grafana.com +spec: + group: monitoring.grafana.com + names: + categories: + - agent-operator + kind: LogsInstance + listKind: LogsInstanceList + plural: logsinstances + singular: logsinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + additionalScrapeConfigs: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clients: + items: + properties: + backoffConfig: + properties: + maxPeriod: + type: string + maxRetries: + type: integer + minPeriod: + type: string + type: object + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + batchSize: + type: integer + batchWait: + type: string + bearerToken: + type: string + bearerTokenFile: + type: string + externalLabels: + additionalProperties: + type: string + type: object + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: + type: string + tenantId: + type: string + timeout: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + url: + type: string + required: + - url + type: object + type: array + podLogsNamespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + podLogsSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + targetConfig: + properties: + syncPeriod: + type: string + type: object + type: object + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml new file mode 100644 index 0000000000..610193f440 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml @@ -0,0 +1,495 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: metricsinstances.monitoring.grafana.com +spec: + group: monitoring.grafana.com + names: + categories: + - agent-operator + kind: MetricsInstance + listKind: MetricsInstanceList + plural: metricsinstances + singular: metricsinstance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + additionalScrapeConfigs: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxWALTime: + type: string + minWALTime: + type: string + podMonitorNamespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + podMonitorSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + probeNamespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + probeSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + remoteFlushDeadline: + type: string + remoteWrite: + items: + properties: + basicAuth: + properties: + password: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + type: string + bearerTokenFile: + type: string + headers: + additionalProperties: + type: string + type: object + metadataConfig: + properties: + send: + type: boolean + sendInterval: + type: string + type: object + name: + type: string + oauth2: + properties: + clientId: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + type: object + scopes: + items: + type: string + type: array + tokenUrl: + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyUrl: + type: string + queueConfig: + properties: + batchSendDeadline: + type: string + capacity: + type: integer + maxBackoff: + type: string + maxRetries: + type: integer + maxSamplesPerSend: + type: integer + maxShards: + type: integer + minBackoff: + type: string + minShards: + type: integer + retryOnRateLimit: + type: boolean + type: object + remoteTimeout: + type: string + sigv4: + properties: + accessKey: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + type: string + region: + type: string + roleARN: + type: string + secretKey: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + type: string + type: object + url: + type: string + writeRelabelConfigs: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + required: + - url + type: object + type: array + serviceMonitorNamespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + serviceMonitorSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + walTruncateFrequency: + type: string + writeStaleOnShutdown: + type: boolean + type: object + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml new file mode 100644 index 0000000000..f22d051b51 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/crds/monitoring.grafana.com_podlogs.yaml @@ -0,0 +1,308 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: podlogs.monitoring.grafana.com +spec: + group: monitoring.grafana.com + names: + categories: + - agent-operator + kind: PodLogs + listKind: PodLogsList + plural: podlogs + singular: podlogs + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + jobLabel: + type: string + namespaceSelector: + properties: + any: + type: boolean + matchNames: + items: + type: string + type: array + type: object + pipelineStages: + items: + properties: + cri: + type: object + docker: + type: object + drop: + properties: + dropCounterReason: + type: string + expression: + type: string + longerThan: + type: string + olderThan: + type: string + source: + type: string + value: + type: string + type: object + json: + properties: + expressions: + additionalProperties: + type: string + type: object + source: + type: string + type: object + labelAllow: + items: + type: string + type: array + labelDrop: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + limit: + properties: + burst: + type: integer + drop: + type: boolean + rate: + type: integer + type: object + match: + properties: + action: + type: string + dropCounterReason: + type: string + pipelineName: + type: string + selector: + type: string + stages: + type: string + required: + - selector + type: object + metrics: + additionalProperties: + properties: + action: + type: string + buckets: + items: + type: string + type: array + countEntryBytes: + type: boolean + description: + type: string + matchAll: + type: boolean + maxIdleDuration: + type: string + prefix: + type: string + source: + type: string + type: + type: string + value: + type: string + required: + - action + - type + type: object + type: object + multiline: + properties: + firstLine: + type: string + maxLines: + type: integer + maxWaitTime: + type: string + required: + - firstLine + type: object + output: + properties: + source: + type: string + required: + - source + type: object + pack: + properties: + ingestTimestamp: + type: boolean + labels: + items: + type: string + type: array + required: + - labels + type: object + regex: + properties: + expression: + type: string + source: + type: string + required: + - expression + type: object + replace: + properties: + expression: + type: string + replace: + type: string + source: + type: string + required: + - expression + type: object + template: + properties: + source: + type: string + template: + type: string + required: + - source + - template + type: object + tenant: + properties: + label: + type: string + source: + type: string + value: + type: string + type: object + timestamp: + properties: + actionOnFailure: + type: string + fallbackFormats: + items: + type: string + type: array + format: + type: string + location: + type: string + source: + type: string + required: + - format + - source + type: object + type: object + type: array + podTargetLabels: + items: + type: string + type: array + relabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + required: + - selector + type: object + type: object + served: true + storage: true diff --git a/charts/tempo/charts/grafana-agent-operator/templates/_helpers.tpl b/charts/tempo/charts/grafana-agent-operator/templates/_helpers.tpl new file mode 100644 index 0000000000..e374499d0c --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/templates/_helpers.tpl @@ -0,0 +1,70 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ga-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ga-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ga-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ga-operator.labels" -}} +{{ include "ga-operator.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: operator +helm.sh/chart: {{ include "ga-operator.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels }} +{{- end }} +{{- with .Values.global.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ga-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ga-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ga-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ga-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + diff --git a/charts/tempo/charts/grafana-agent-operator/templates/operator-clusterrole.yaml b/charts/tempo/charts/grafana-agent-operator/templates/operator-clusterrole.yaml new file mode 100644 index 0000000000..08ad58c169 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/templates/operator-clusterrole.yaml @@ -0,0 +1,62 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ga-operator.fullname" . }} + labels: +{{ include "ga-operator.labels" . | indent 4 }} +rules: +- apiGroups: [monitoring.grafana.com] + resources: + - grafanaagents + - metricsinstances + - logsinstances + - podlogs + - integrations + verbs: [get, list, watch] +- apiGroups: [monitoring.grafana.com] + resources: + - grafanaagents/finalizers + - metricsinstances/finalizers + - logsinstances/finalizers + - podlogs/finalizers + - integrations/finalizers + verbs: [get, list, watch, update] +- apiGroups: [monitoring.coreos.com] + resources: + - podmonitors + - probes + - servicemonitors + verbs: [get, list, watch] +- apiGroups: [monitoring.coreos.com] + resources: + - podmonitors/finalizers + - probes/finalizers + - servicemonitors/finalizers + verbs: [get, list, watch, update] +- apiGroups: [""] + resources: + - namespaces + - nodes + verbs: [get, list, watch] +- apiGroups: [""] + resources: + - secrets + - services + - configmaps + - endpoints + verbs: [get, list, watch, create, update, patch, delete] +- apiGroups: ["apps"] + resources: + - statefulsets + - daemonsets + - deployments + verbs: [get, list, watch, create, update, patch, delete] +{{- with .Values.rbac.podSecurityPolicyName }} +- apiGroups: [policy] + resources: + - podsecuritypolicies + verbs: [use] + resourceNames: [ {{ . }} ] +{{- end -}} +{{- end -}} diff --git a/charts/tempo/charts/grafana-agent-operator/templates/operator-clusterrolebinding.yaml b/charts/tempo/charts/grafana-agent-operator/templates/operator-clusterrolebinding.yaml new file mode 100644 index 0000000000..372d3108bb --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/templates/operator-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ga-operator.fullname" . }} + labels: +{{ include "ga-operator.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ga-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "ga-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} + diff --git a/charts/tempo/charts/grafana-agent-operator/templates/operator-deployment.yaml b/charts/tempo/charts/grafana-agent-operator/templates/operator-deployment.yaml new file mode 100644 index 0000000000..3367db194a --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/templates/operator-deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ga-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "ga-operator.labels" . | indent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: +{{ include "ga-operator.selectorLabels" . | indent 6 }} + template: + metadata: + labels: +{{ include "ga-operator.selectorLabels" . | indent 8 }} +{{- with .Values.podLabels }} +{{- toYaml . | nindent 8 }} +{{- end }} +{{- with .Values.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + serviceAccountName: {{ template "ga-operator.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ include "ga-operator.name" . }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- if or (and .Values.kubeletService.namespace .Values.kubeletService.serviceName) (.Values.extraArgs) }} + args: + {{- if and .Values.kubeletService.namespace .Values.kubeletService.serviceName }} + - --kubelet-service={{ .Values.kubeletService.namespace }}/{{ .Values.kubeletService.serviceName }} + {{- end }} + {{- if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/tempo/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml b/charts/tempo/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml new file mode 100644 index 0000000000..1f9b2077a2 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/templates/operator-serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "ga-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "ga-operator.labels" . | indent 4 }} +{{- end -}} + diff --git a/charts/tempo/charts/grafana-agent-operator/templates/tests/test-grafanaagent.yaml b/charts/tempo/charts/grafana-agent-operator/templates/tests/test-grafanaagent.yaml new file mode 100644 index 0000000000..4001da4e9e --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/templates/tests/test-grafanaagent.yaml @@ -0,0 +1,118 @@ +apiVersion: monitoring.grafana.com/v1alpha1 +kind: GrafanaAgent +metadata: + name: grafana-agent-test + labels: + app: grafana-agent-test + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + image: "{{ .Values.image.registry }}/grafana/agent:{{ .Values.image.tag }}" + logLevel: info + serviceAccountName: grafana-agent-test-sa + metrics: + instanceSelector: + matchLabels: + agent: grafana-agent-test + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: grafana-agent-test-sa + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: grafana-agent-test-cr + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- nonResourceURLs: + - /metrics + - /metrics/cadvisor + verbs: + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: grafana-agent-test-crb + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: grafana-agent-test-cr +subjects: +- kind: ServiceAccount + name: grafana-agent-test-sa + namespace: {{ .Release.Namespace }} + +--- + +apiVersion: monitoring.grafana.com/v1alpha1 +kind: MetricsInstance +metadata: + name: primary-test + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed + labels: + agent: grafana-agent-test +spec: {} + +--- + +apiVersion: v1 +kind: Pod +metadata: + name: grafana-agent-test-probe + annotations: + "helm.sh/hook": test + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + containers: + - name: busybox + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" + command: ['wget'] + args: ['grafana-agent-test-operated:8080/-/healthy'] + # Wait for GrafanaAgent CR + initContainers: + - name: sleep + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" + command: ['sleep', '60'] + restartPolicy: Never diff --git a/charts/tempo/charts/grafana-agent-operator/values.yaml b/charts/tempo/charts/grafana-agent-operator/values.yaml new file mode 100644 index 0000000000..5f7adc5cf6 --- /dev/null +++ b/charts/tempo/charts/grafana-agent-operator/values.yaml @@ -0,0 +1,84 @@ +global: + # -- Common labels for all object directly managed by this chart. + commonLabels: {} + +# -- Overrides the chart's name +nameOverride: "" + +# -- Overrides the chart's computed fullname +fullnameOverride: "" + +# -- Annotations for the Deployment +annotations: {} + +# -- Annotations for the Deployment Pods +podAnnotations: {} + +# -- Annotations for the Deployment Pods +podLabels: {} + +# -- Pod security context (runAsUser, etc.) +podSecurityContext: {} + +# -- Container security context (allowPrivilegeEscalation, etc.) +containerSecurityContext: {} + +rbac: + # -- Toggle to create ClusterRole and ClusterRoleBinding + create: true + # -- Name of a PodSecurityPolicy to use in the ClusterRole. If unset, no PodSecurityPolicy is used. + podSecurityPolicyName: '' + +serviceAccount: + # -- Toggle to create ServiceAccount + create: true + # -- Service account name + name: + +image: + # -- Image registry + registry: docker.io + # -- Image repo + repository: grafana/agent-operator + # -- Image tag + tag: v0.43.3 + # -- Image pull policy + pullPolicy: IfNotPresent + # -- Image pull secrets + pullSecrets: [] + +test: + image: + # -- Test image registry + registry: docker.io + # -- Test image repo + repository: library/busybox + # -- Test image tag + tag: latest + +# -- hostAliases to add +hostAliases: [] +# - ip: 1.2.3.4 +# hostnames: +# - domain.tld + +# -- If both are set, Agent Operator will create and maintain a service for scraping kubelets +# https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets +kubeletService: + namespace: default + serviceName: kubelet + +# -- List of additional cli arguments to configure agent-operator (example: `--log.level`) +extraArgs: [] + +# -- Resource limits and requests config +resources: {} + +# -- nodeSelector configuration +nodeSelector: {} + +# -- Tolerations applied to Pods +tolerations: [] + +# -- Pod affinity configuration +affinity: {} diff --git a/charts/tempo/charts/minio/.helmignore b/charts/tempo/charts/minio/.helmignore new file mode 100644 index 0000000000..a9fe727881 --- /dev/null +++ b/charts/tempo/charts/minio/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/charts/tempo/charts/minio/Chart.yaml b/charts/tempo/charts/minio/Chart.yaml new file mode 100644 index 0000000000..67824a4046 --- /dev/null +++ b/charts/tempo/charts/minio/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +appVersion: RELEASE.2022-08-13T21-54-44Z +description: Multi-Cloud Object Storage +home: https://min.io +icon: https://min.io/resources/img/logo/MINIO_wordmark.png +keywords: +- minio +- storage +- object-storage +- s3 +- cluster +maintainers: +- email: dev@minio.io + name: MinIO, Inc +name: minio +sources: +- https://github.com/minio/minio +version: 4.0.12 diff --git a/charts/tempo/charts/minio/README.md b/charts/tempo/charts/minio/README.md new file mode 100644 index 0000000000..898dcfa92d --- /dev/null +++ b/charts/tempo/charts/minio/README.md @@ -0,0 +1,236 @@ +# MinIO Helm Chart + +[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE) + +MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. + +For more detailed documentation please visit [here](https://docs.minio.io/) + +## Introduction + +This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Helm cli with Kubernetes cluster configured. +- PV provisioner support in the underlying infrastructure. (We recommend using ) +- Use Kubernetes version v1.19 and later for best experience. + +## Configure MinIO Helm repo + +```bash +helm repo add minio https://charts.min.io/ +``` + +### Installing the Chart + +Install this chart using: + +```bash +helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio +``` + +The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +### Upgrading the Chart + +You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command: + +```bash +helm get values my-release > old_values.yaml +``` + +Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using + +```bash +helm upgrade -f old_values.yaml my-release minio/minio +``` + +Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy. + +### Configuration + +Refer the [Values file](./values.yaml) for all the possible config fields. + +You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +helm install --name my-release --set persistence.size=1Ti minio/minio +``` + +The above command deploys MinIO server with a 1Ti backing persistent volume. + +Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example, + +```bash +helm install --name my-release -f values.yaml minio/minio +``` + +### Persistence + +This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by: + +```bash +helm install --set persistence.enabled=false minio/minio +``` + +> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* + +### Existing PersistentVolumeClaim + +If a Persistent Volume Claim already exists, specify it during installation. + +1. Create the PersistentVolume +2. Create the PersistentVolumeClaim +3. Install the chart + +```bash +helm install --set persistence.existingClaim=PVC_NAME minio/minio +``` + +### NetworkPolicy + +To enable network policy for MinIO, +install [a networking plugin that implements the Kubernetes +NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), +and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting +the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace: + +``` +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 9000. + +For more precise policy, set `networkPolicy.allowExternal=true`. This will +only allow pods with the generated client label to connect to MinIO. +This label will be displayed in the output of a successful install. + +### Existing secret + +Instead of having this chart create the secret for you, you can supply a preexisting secret, much +like an existing PersistentVolumeClaim. + +First, create the secret: + +```bash +kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux +``` + +Then install the chart, specifying that you want to use an existing secret: + +```bash +helm install --set existingSecret=my-minio-secret minio/minio +``` + +The following fields are expected in the secret: + +| .data.\ in Secret | Corresponding variable | Description | Required | +|:------------------------|:-----------------------|:---------------|:---------| +| `rootUser` | `rootUser` | Root user. | yes | +| `rootPassword` | `rootPassword` | Root password. | yes | + +All corresponding variables will be ignored in values file. + +### Configure TLS + +To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using + +```bash +kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt +``` + +Then install the chart, specifying that you want to use the TLS secret: + +```bash +helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio +``` + +### Installing certificates from third party CAs + +MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. + +For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: + +``` +kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt +``` + +If TLS is not enabled, you would need only the third party CA: + +``` +kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt +``` + +The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter: + +``` +trustedCertsSecret: "minio-trusted-certs" + +or + +--set trustedCertsSecret=minio-trusted-certs +``` + +### Create buckets after install + +Install the chart, specifying the buckets you want to create after install: + +```bash +helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio +``` + +Description of the configuration parameters used above - + +- `buckets[].name` - name of the bucket to create, must be a string with length > 0 +- `buckets[].policy` - can be one of none|download|upload|public +- `buckets[].purge` - purge if bucket exists already + +### Create policies after install + +Install the chart, specifying the policies you want to create after install: + +```bash +helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio +``` + +Description of the configuration parameters used above - + +- `policies[].name` - name of the policy to create, must be a string with length > 0 +- `policies[].statements[]` - list of statements, includes actions and resources +- `policies[].statements[].resources[]` - list of resources that applies the statement +- `policies[].statements[].actions[]` - list of actions granted + +### Create user after install + +Install the chart, specifying the users you want to create after install: + +```bash +helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio +``` + +Description of the configuration parameters used above - + +- `users[].accessKey` - accessKey of user +- `users[].secretKey` - secretKey of usersecretRef +- `users[].existingSecret` - secret name that contains the secretKey of user +- `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey +- `users[].policy` - name of the policy to assign to user + +## Uninstalling the Chart + +Assuming your release is named as `my-release`, delete it using the command: + +```bash +helm delete my-release +``` + +or + +```bash +helm uninstall my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/tempo/charts/minio/templates/NOTES.txt b/charts/tempo/charts/minio/templates/NOTES.txt new file mode 100644 index 0000000000..9337196945 --- /dev/null +++ b/charts/tempo/charts/minio/templates/NOTES.txt @@ -0,0 +1,43 @@ +{{- if eq .Values.service.type "ClusterIP" "NodePort" }} +MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: +{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To access MinIO from localhost, run the below commands: + + 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + + 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} + +Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ + +You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client: + + 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide + + 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }} + + 3. mc ls {{ template "minio.fullname" . }}-local + +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} +MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by: +kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }} + +Note that the public IP may take a couple of minutes to be available. + +You can now access MinIO server on http://:9000. Follow the below steps to connect to MinIO server with mc client: + + 1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide + + 2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@:{{ .Values.service.port }} + + 3. mc ls {{ template "minio.fullname" . }} + +Alternately, you can use your browser or the MinIO SDK to access the server - https://docs.minio.io/categories/17 +{{- end }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label +{{ template "minio.fullname" . }}-client=true" +will be able to connect to this minio cluster. +{{- end }} diff --git a/charts/tempo/charts/minio/templates/_helper_create_bucket.txt b/charts/tempo/charts/minio/templates/_helper_create_bucket.txt new file mode 100644 index 0000000000..ced600dfe5 --- /dev/null +++ b/charts/tempo/charts/minio/templates/_helper_create_bucket.txt @@ -0,0 +1,123 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkBucketExists ($bucket) +# Check if the bucket exists, by using the exit code of `mc ls` +checkBucketExists() { + BUCKET=$1 + CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) + return $? +} + +# createBucket ($bucket, $policy, $purge) +# Ensure bucket exists, purging if asked to +createBucket() { + BUCKET=$1 + POLICY=$2 + PURGE=$3 + VERSIONING=$4 + OBJECTLOCKING=$5 + + # Purge the bucket, if set & exists + # Since PURGE is user input, check explicitly for `true` + if [ $PURGE = true ]; then + if checkBucketExists $BUCKET ; then + echo "Purging bucket '$BUCKET'." + set +e ; # don't exit if this fails + ${MC} rm -r --force myminio/$BUCKET + set -e ; # reset `e` as active + else + echo "Bucket '$BUCKET' does not exist, skipping purge." + fi + fi + +# Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created) +if ! checkBucketExists $BUCKET ; then + if [ ! -z $OBJECTLOCKING ] ; then + if [ $OBJECTLOCKING = true ] ; then + echo "Creating bucket with OBJECTLOCKING '$BUCKET'" + ${MC} mb --with-lock myminio/$BUCKET + elif [ $OBJECTLOCKING = false ] ; then + echo "Creating bucket '$BUCKET'" + ${MC} mb myminio/$BUCKET + fi + elif [ -z $OBJECTLOCKING ] ; then + echo "Creating bucket '$BUCKET'" + ${MC} mb myminio/$BUCKET + else + echo "Bucket '$BUCKET' already exists." + fi + fi + + + # set versioning for bucket if objectlocking is disabled or not set + if [ -z $OBJECTLOCKING ] ; then + if [ ! -z $VERSIONING ] ; then + if [ $VERSIONING = true ] ; then + echo "Enabling versioning for '$BUCKET'" + ${MC} version enable myminio/$BUCKET + elif [ $VERSIONING = false ] ; then + echo "Suspending versioning for '$BUCKET'" + ${MC} version suspend myminio/$BUCKET + fi + fi + else + echo "Bucket '$BUCKET' versioning unchanged." + fi + + + # At this point, the bucket should exist, skip checking for existence + # Set policy on the bucket + echo "Setting policy of bucket '$BUCKET' to '$POLICY'." + ${MC} policy set $POLICY myminio/$BUCKET +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.buckets }} +{{ $global := . }} +# Create the buckets +{{- range .Values.buckets }} +createBucket {{ tpl .name $global }} {{ .policy }} {{ .purge }} {{ .versioning }} {{ .objectlocking }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/tempo/charts/minio/templates/_helper_create_policy.txt b/charts/tempo/charts/minio/templates/_helper_create_policy.txt new file mode 100644 index 0000000000..d565b161e3 --- /dev/null +++ b/charts/tempo/charts/minio/templates/_helper_create_policy.txt @@ -0,0 +1,75 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkPolicyExists ($policy) +# Check if the policy exists, by using the exit code of `mc admin policy info` +checkPolicyExists() { + POLICY=$1 + CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1) + return $? +} + +# createPolicy($name, $filename) +createPolicy () { + NAME=$1 + FILENAME=$2 + + # Create the name if it does not exist + echo "Checking policy: $NAME (in /config/$FILENAME.json)" + if ! checkPolicyExists $NAME ; then + echo "Creating policy '$NAME'" + else + echo "Policy '$NAME' already exists." + fi + ${MC} admin policy add myminio $NAME /config/$FILENAME.json + +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.policies }} +# Create the policies +{{- range $idx, $policy := .Values.policies }} +createPolicy {{ $policy.name }} policy_{{ $idx }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/tempo/charts/minio/templates/_helper_create_user.txt b/charts/tempo/charts/minio/templates/_helper_create_user.txt new file mode 100644 index 0000000000..ea2b3b675c --- /dev/null +++ b/charts/tempo/charts/minio/templates/_helper_create_user.txt @@ -0,0 +1,105 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters. +# Special characters for example : ',",<,>,{,} +MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp" + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkUserExists () +# Check if the user exists, by using the exit code of `mc admin user info` +checkUserExists() { + CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1) + return $? +} + +# createUser ($policy) +createUser() { + POLICY=$1 + #check accessKey_and_secretKey_tmp file + if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then + echo "credentials file does not exist" + return 1 + fi + if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then + echo "credentials file is invalid" + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + return 1 + fi + USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) + # Create the user if it does not exist + if ! checkUserExists ; then + echo "Creating user '$USER'" + cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio + else + echo "User '$USER' already exists." + fi + #clean up credentials files. + rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP + + # set policy for user + if [ ! -z $POLICY -a $POLICY != " " ] ; then + echo "Adding policy '$POLICY' for '$USER'" + ${MC} admin policy set myminio $POLICY user=$USER + else + echo "User '$USER' has no policy attached." + fi +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.users }} +{{ $global := . }} +# Create the users +{{- range .Values.users }} +echo {{ tpl .accessKey $global }} > $MINIO_ACCESSKEY_SECRETKEY_TMP +{{- if .existingSecret }} +cat /config/secrets/{{ tpl .existingSecretKey $global }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP +# Add a new line if it doesn't exist +sed -i '$a\' $MINIO_ACCESSKEY_SECRETKEY_TMP +createUser {{ .policy }} +{{ else }} +echo {{ .secretKey }} >> $MINIO_ACCESSKEY_SECRETKEY_TMP +createUser {{ .policy }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/_helper_custom_command.txt b/charts/tempo/charts/minio/templates/_helper_custom_command.txt new file mode 100644 index 0000000000..b583a7782f --- /dev/null +++ b/charts/tempo/charts/minio/templates/_helper_custom_command.txt @@ -0,0 +1,58 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc --insecure" +{{- end }} + +# connectToMinio +# Use a check-sleep-check loop to wait for MinIO service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# runCommand ($@) +# Run custom mc command +runCommand() { + ${MC} "$@" + return $? +} + +# Try connecting to MinIO instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{ if .Values.customCommands }} +# Run custom commands +{{- range .Values.customCommands }} +runCommand {{ .command }} +{{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/_helper_policy.tpl b/charts/tempo/charts/minio/templates/_helper_policy.tpl new file mode 100644 index 0000000000..83a2e153b6 --- /dev/null +++ b/charts/tempo/charts/minio/templates/_helper_policy.tpl @@ -0,0 +1,18 @@ +{{- $statements_length := len .statements -}} +{{- $statements_length := sub $statements_length 1 -}} +{ + "Version": "2012-10-17", + "Statement": [ +{{- range $i, $statement := .statements }} + { + "Effect": "Allow", + "Action": [ +"{{ $statement.actions | join "\",\n\"" }}" + ]{{ if $statement.resources }}, + "Resource": [ +"{{ $statement.resources | join "\",\n\"" }}" + ]{{ end }} + }{{ if lt $i $statements_length }},{{end }} +{{- end }} + ] +} diff --git a/charts/tempo/charts/minio/templates/_helpers.tpl b/charts/tempo/charts/minio/templates/_helpers.tpl new file mode 100644 index 0000000000..4e381941c7 --- /dev/null +++ b/charts/tempo/charts/minio/templates/_helpers.tpl @@ -0,0 +1,218 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "minio.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "minio.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "minio.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "minio.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "minio.deployment.apiVersion" -}} +{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "minio.statefulset.apiVersion" -}} +{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "minio.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for console ingress. +*/}} +{{- define "minio.consoleIngress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Determine secret name. +*/}} +{{- define "minio.secretName" -}} +{{- if .Values.existingSecret -}} +{{- .Values.existingSecret }} +{{- else -}} +{{- include "minio.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Determine name for scc role and rolebinding +*/}} +{{- define "minio.sccRoleName" -}} +{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Properly format optional additional arguments to MinIO binary +*/}} +{{- define "minio.extraArgs" -}} +{{- range .Values.extraArgs -}} +{{ " " }}{{ . }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "minio.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if .Values.imagePullSecrets }} +imagePullSecrets: + {{ toYaml .Values.imagePullSecrets }} +{{- end -}} +{{- else if .Values.imagePullSecrets }} +imagePullSecrets: + {{ toYaml .Values.imagePullSecrets }} +{{- end -}} +{{- end -}} + +{{/* +Formats volumeMount for MinIO TLS keys and trusted certs +*/}} +{{- define "minio.tlsKeysVolumeMount" -}} +{{- if .Values.tls.enabled }} +- name: cert-secret-volume + mountPath: {{ .Values.certsPath }} +{{- end }} +{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} +{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }} +- name: trusted-cert-secret-volume + mountPath: {{ $casPath }} +{{- end }} +{{- end -}} + +{{/* +Formats volume for MinIO TLS keys and trusted certs +*/}} +{{- define "minio.tlsKeysVolume" -}} +{{- if .Values.tls.enabled }} +- name: cert-secret-volume + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: public.crt + - key: {{ .Values.tls.privateKey }} + path: private.key +{{- end }} +{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} +{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }} +{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }} +- name: trusted-cert-secret-volume + secret: + secretName: {{ $certSecret }} + {{- if ne $publicCrt "" }} + items: + - key: {{ $publicCrt }} + path: public.crt + {{- end }} +{{- end }} +{{- end -}} + +{{/* +Returns the available value for certain key in an existing secret (if it exists), +otherwise it generates a random value. +*/}} +{{- define "minio.getValueFromSecret" }} + {{- $len := (default 16 .Length) | int -}} + {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} + {{- if $obj }} + {{- index $obj .Key | b64dec -}} + {{- else -}} + {{- randAlphaNum $len -}} + {{- end -}} +{{- end }} + +{{- define "minio.root.username" -}} + {{- if .Values.rootUser }} + {{- .Values.rootUser | toString }} + {{- else }} + {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }} + {{- end }} +{{- end -}} + +{{- define "minio.root.password" -}} + {{- if .Values.rootPassword }} + {{- .Values.rootPassword | toString }} + {{- else }} + {{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }} + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/tempo/charts/minio/templates/configmap.yaml b/charts/tempo/charts/minio/templates/configmap.yaml new file mode 100644 index 0000000000..95a7c6038a --- /dev/null +++ b/charts/tempo/charts/minio/templates/configmap.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "minio.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + initialize: |- +{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} + add-user: |- +{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }} + add-policy: |- +{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }} +{{- range $idx, $policy := .Values.policies }} + # {{ $policy.name }} + policy_{{ $idx }}.json: |- +{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }} +{{ end }} + custom-command: |- +{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }} diff --git a/charts/tempo/charts/minio/templates/console-ingress.yaml b/charts/tempo/charts/minio/templates/console-ingress.yaml new file mode 100644 index 0000000000..2ce9a93bf3 --- /dev/null +++ b/charts/tempo/charts/minio/templates/console-ingress.yaml @@ -0,0 +1,58 @@ +{{- if .Values.consoleIngress.enabled -}} +{{- $fullName := printf "%s-console" (include "minio.fullname" .) -}} +{{- $servicePort := .Values.consoleService.port -}} +{{- $ingressPath := .Values.consoleIngress.path -}} +apiVersion: {{ template "minio.consoleIngress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.consoleIngress.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + +{{- with .Values.consoleIngress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.consoleIngress.ingressClassName }} + ingressClassName: {{ .Values.consoleIngress.ingressClassName }} +{{- end }} +{{- if .Values.consoleIngress.tls }} + tls: + {{- range .Values.consoleIngress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.consoleIngress.hosts }} + - http: + paths: + - path: {{ $ingressPath }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if . }} + host: {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/console-service.yaml b/charts/tempo/charts/minio/templates/console-service.yaml new file mode 100644 index 0000000000..46da359744 --- /dev/null +++ b/charts/tempo/charts/minio/templates/console-service.yaml @@ -0,0 +1,48 @@ +{{ $scheme := "http" }} +{{- if .Values.tls.enabled }} +{{ $scheme = "https" }} +{{ end }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }}-console + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.consoleService.annotations }} + annotations: +{{ toYaml .Values.consoleService.annotations | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} + type: ClusterIP + {{- if not (empty .Values.consoleService.clusterIP) }} + clusterIP: {{ .Values.consoleService.clusterIP }} + {{end}} +{{- else if eq .Values.consoleService.type "LoadBalancer" }} + type: {{ .Values.consoleService.type }} + loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }} +{{- else }} + type: {{ .Values.consoleService.type }} +{{- end }} + ports: + - name: {{ $scheme }} + port: {{ .Values.consoleService.port }} + protocol: TCP +{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} + nodePort: {{ .Values.consoleService.nodePort }} +{{- else }} + targetPort: {{ .Values.minioConsolePort }} +{{- end}} +{{- if .Values.consoleService.externalIPs }} + externalIPs: +{{- range $i , $ip := .Values.consoleService.externalIPs }} + - {{ $ip }} +{{- end }} +{{- end }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} diff --git a/charts/tempo/charts/minio/templates/deployment.yaml b/charts/tempo/charts/minio/templates/deployment.yaml new file mode 100644 index 0000000000..062d141f27 --- /dev/null +++ b/charts/tempo/charts/minio/templates/deployment.yaml @@ -0,0 +1,195 @@ +{{- if eq .Values.mode "standalone" }} +{{ $scheme := "http" }} +{{- if .Values.tls.enabled }} +{{ $scheme = "https" }} +{{ end }} +{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} +apiVersion: {{ template "minio.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "minio.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} +{{- end }} +spec: + strategy: + type: {{ .Values.DeploymentUpdate.type }} + {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} + maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} + {{- end}} + replicas: 1 + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + annotations: +{{- if not .Values.ignoreChartChecksums }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} +{{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: "{{ .Values.runtimeClassName }}" + {{- end }} +{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} + fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} + {{- end }} +{{- end }} +{{ if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "/bin/sh" + - "-ce" + - "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}" + volumeMounts: + - name: minio-user + mountPath: "/tmp/credentials" + readOnly: true + {{- if .Values.persistence.enabled }} + - name: export + mountPath: {{ .Values.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: "{{ .Values.persistence.subPath }}" + {{- end }} + {{- end }} + {{- if .Values.extraSecret }} + - name: extra-secret + mountPath: "/tmp/minio-config-env" + {{- end }} + {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} + ports: + - name: {{ $scheme }} + containerPort: {{ .Values.minioAPIPort }} + - name: {{ $scheme }}-console + containerPort: {{ .Values.minioConsolePort }} + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootUser + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootPassword + {{- if .Values.extraSecret }} + - name: MINIO_CONFIG_ENV_FILE + value: "/tmp/minio-config-env/config.env" + {{- end}} + {{- if .Values.metrics.serviceMonitor.public }} + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + {{- end}} + {{- if .Values.oidc.enabled }} + - name: MINIO_IDENTITY_OPENID_CONFIG_URL + value: {{ .Values.oidc.configUrl }} + - name: MINIO_IDENTITY_OPENID_CLIENT_ID + value: {{ .Values.oidc.clientId }} + - name: MINIO_IDENTITY_OPENID_CLIENTs_SECRET + value: {{ .Values.oidc.clientSecret }} + - name: MINIO_IDENTITY_OPENID_CLAIM_NAME + value: {{ .Values.oidc.claimName }} + - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX + value: {{ .Values.oidc.claimPrefix }} + - name: MINIO_IDENTITY_OPENID_SCOPES + value: {{ .Values.oidc.scopes }} + - name: MINIO_IDENTITY_OPENID_REDIRECT_URI + value: {{ .Values.oidc.redirectUri }} + - name: MINIO_IDENTITY_OPENID_COMMENT + value: {{ .Values.oidc.comment }} + {{- end}} + {{- if .Values.etcd.endpoints }} + - name: MINIO_ETCD_ENDPOINTS + value: {{ join "," .Values.etcd.endpoints | quote }} + {{- if .Values.etcd.clientCert }} + - name: MINIO_ETCD_CLIENT_CERT + value: "/tmp/credentials/etcd_client_cert.pem" + {{- end }} + {{- if .Values.etcd.clientCertKey }} + - name: MINIO_ETCD_CLIENT_CERT_KEY + value: "/tmp/credentials/etcd_client_cert_key.pem" + {{- end }} + {{- if .Values.etcd.pathPrefix }} + - name: MINIO_ETCD_PATH_PREFIX + value: {{ .Values.etcd.pathPrefix }} + {{- end }} + {{- if .Values.etcd.corednsPathPrefix }} + - name: MINIO_ETCD_COREDNS_PATH + value: {{ .Values.etcd.corednsPathPrefix }} + {{- end }} + {{- end }} + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + resources: +{{ toYaml .Values.resources | indent 12 }} +{{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} +{{- end }} +{{- include "minio.imagePullSecrets" . | indent 6 }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: export + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.extraSecret }} + - name: extra-secret + secret: + secretName: {{ .Values.extraSecret }} + {{- end }} + - name: minio-user + secret: + secretName: {{ template "minio.secretName" . }} + {{- include "minio.tlsKeysVolume" . | indent 8 }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/gateway-deployment.yaml b/charts/tempo/charts/minio/templates/gateway-deployment.yaml new file mode 100644 index 0000000000..b14f86bd0e --- /dev/null +++ b/charts/tempo/charts/minio/templates/gateway-deployment.yaml @@ -0,0 +1,173 @@ +{{- if eq .Values.mode "gateway" }} +{{ $scheme := "http" }} +{{- if .Values.tls.enabled }} +{{ $scheme = "https" }} +{{ end }} +{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} +apiVersion: {{ template "minio.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "minio.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} +{{- end }} +spec: + strategy: + type: {{ .Values.DeploymentUpdate.type }} + {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} + maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} + {{- end}} + replicas: {{ .Values.gateway.replicas }} + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + annotations: +{{- if not .Values.ignoreChartChecksums }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} +{{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} +{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} +{{- end }} +{{ if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "/bin/sh" + - "-ce" + {{- if eq .Values.gateway.type "nas" }} + - "/usr/bin/docker-entrypoint.sh minio gateway nas {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }} " + {{- end }} + volumeMounts: + - name: minio-user + mountPath: "/tmp/credentials" + readOnly: true + {{- if .Values.persistence.enabled }} + - name: export + mountPath: {{ .Values.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: "{{ .Values.persistence.subPath }}" + {{- end }} + {{- end }} + {{- if .Values.extraSecret }} + - name: extra-secret + mountPath: "/tmp/minio-config-env" + {{- end }} + {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} + ports: + - name: {{ $scheme }} + containerPort: {{ .Values.minioAPIPort }} + - name: {{ $scheme }}-console + containerPort: {{ .Values.minioConsolePort }} + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootUser + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootPassword + {{- if .Values.extraSecret }} + - name: MINIO_CONFIG_ENV_FILE + value: "/tmp/minio-config-env/config.env" + {{- end}} + {{- if .Values.metrics.serviceMonitor.public }} + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + {{- end}} + {{- if .Values.etcd.endpoints }} + - name: MINIO_ETCD_ENDPOINTS + value: {{ join "," .Values.etcd.endpoints | quote }} + {{- if .Values.etcd.clientCert }} + - name: MINIO_ETCD_CLIENT_CERT + value: "/tmp/credentials/etcd_client.crt" + {{- end }} + {{- if .Values.etcd.clientCertKey }} + - name: MINIO_ETCD_CLIENT_CERT_KEY + value: "/tmp/credentials/etcd_client.key" + {{- end }} + {{- if .Values.etcd.pathPrefix }} + - name: MINIO_ETCD_PATH_PREFIX + value: {{ .Values.etcd.pathPrefix }} + {{- end }} + {{- if .Values.etcd.corednsPathPrefix }} + - name: MINIO_ETCD_COREDNS_PATH + value: {{ .Values.etcd.corednsPathPrefix }} + {{- end }} + {{- end }} + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + resources: +{{ toYaml .Values.resources | indent 12 }} +{{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} +{{- end }} +{{- include "minio.imagePullSecrets" . | indent 6 }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: export + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + - name: minio-user + secret: + secretName: {{ template "minio.secretName" . }} + {{- if .Values.extraSecret }} + - name: extra-secret + secret: + secretName: {{ .Values.extraSecret }} + {{- end }} + {{- include "minio.tlsKeysVolume" . | indent 8 }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/ingress.yaml b/charts/tempo/charts/minio/templates/ingress.yaml new file mode 100644 index 0000000000..8d9a837dc8 --- /dev/null +++ b/charts/tempo/charts/minio/templates/ingress.yaml @@ -0,0 +1,58 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "minio.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: {{ template "minio.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - http: + paths: + - path: {{ $ingressPath }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if . }} + host: {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/networkpolicy.yaml b/charts/tempo/charts/minio/templates/networkpolicy.yaml new file mode 100644 index 0000000000..ac219b937b --- /dev/null +++ b/charts/tempo/charts/minio/templates/networkpolicy.yaml @@ -0,0 +1,27 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "minio.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + ingress: + - ports: + - port: {{ .Values.minioAPIPort }} + - port: {{ .Values.minioConsolePort }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "minio.name" . }}-client: "true" + {{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/poddisruptionbudget.yaml b/charts/tempo/charts/minio/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..8037eb7430 --- /dev/null +++ b/charts/tempo/charts/minio/templates/poddisruptionbudget.yaml @@ -0,0 +1,14 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: minio + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} +spec: + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + app: {{ template "minio.name" . }} +{{- end }} \ No newline at end of file diff --git a/charts/tempo/charts/minio/templates/post-install-create-bucket-job.yaml b/charts/tempo/charts/minio/templates/post-install-create-bucket-job.yaml new file mode 100644 index 0000000000..37d4f6bd93 --- /dev/null +++ b/charts/tempo/charts/minio/templates/post-install-create-bucket-job.yaml @@ -0,0 +1,92 @@ +{{- if .Values.buckets }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "minio.fullname" . }}-make-bucket-job + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }}-make-bucket-job + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +{{- with .Values.makeBucketJob.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }}-job + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} +{{- if .Values.makeBucketJob.podAnnotations }} + annotations: +{{ toYaml .Values.makeBucketJob.podAnnotations | indent 8 }} +{{- end }} + spec: + restartPolicy: OnFailure +{{- include "minio.imagePullSecrets" . | indent 6 }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.makeBucketJob.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.makeBucketJob.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.makeBucketJob.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.makeBucketJob.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} + runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }} + fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }} +{{- end }} + volumes: + - name: minio-configuration + projected: + sources: + - configMap: + name: {{ template "minio.fullname" . }} + - secret: + name: {{ template "minio.secretName" . }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} + containers: + - name: minio-mc + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.makeBucketJob.exitCommand }} + command: ["/bin/sh", "-c"] + args: ["/bin/sh /config/initialize; x=$(echo $?); {{ .Values.makeBucketJob.exitCommand }} && exit $x" ] + {{- else }} + command: ["/bin/sh", "/config/initialize"] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{ end }} + resources: +{{ toYaml .Values.makeBucketJob.resources | indent 10 }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/post-install-create-policy-job.yaml b/charts/tempo/charts/minio/templates/post-install-create-policy-job.yaml new file mode 100644 index 0000000000..cf3c6602a3 --- /dev/null +++ b/charts/tempo/charts/minio/templates/post-install-create-policy-job.yaml @@ -0,0 +1,92 @@ +{{- if .Values.policies }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "minio.fullname" . }}-make-policies-job + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }}-make-policies-job + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +{{- with .Values.makePolicyJob.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }}-job + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} +{{- if .Values.makePolicyJob.podAnnotations }} + annotations: +{{ toYaml .Values.makePolicyJob.podAnnotations | indent 8 }} +{{- end }} + spec: + restartPolicy: OnFailure +{{- include "minio.imagePullSecrets" . | indent 6 }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.makePolicyJob.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.makePolicyJob.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.makePolicyJob.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.makePolicyJob.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} + runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} + fsGroup: {{ .Values.makePolicyJob.securityContext.fsGroup }} +{{- end }} + volumes: + - name: minio-configuration + projected: + sources: + - configMap: + name: {{ template "minio.fullname" . }} + - secret: + name: {{ template "minio.secretName" . }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} + containers: + - name: minio-mc + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.makePolicyJob.exitCommand }} + command: ["/bin/sh", "-c"] + args: ["/bin/sh /config/add-policy; x=$(echo $?); {{ .Values.makePolicyJob.exitCommand }} && exit $x" ] + {{- else }} + command: ["/bin/sh", "/config/add-policy"] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{ end }} + resources: +{{ toYaml .Values.makePolicyJob.resources | indent 10 }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/post-install-create-user-job.yaml b/charts/tempo/charts/minio/templates/post-install-create-user-job.yaml new file mode 100644 index 0000000000..7d7f6dd9da --- /dev/null +++ b/charts/tempo/charts/minio/templates/post-install-create-user-job.yaml @@ -0,0 +1,102 @@ +{{- $global := . -}} +{{- if .Values.users }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "minio.fullname" . }}-make-user-job + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }}-make-user-job + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +{{- with .Values.makeUserJob.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }}-job + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} +{{- if .Values.makeUserJob.podAnnotations }} + annotations: +{{ toYaml .Values.makeUserJob.podAnnotations | indent 8 }} +{{- end }} + spec: + restartPolicy: OnFailure +{{- include "minio.imagePullSecrets" . | indent 6 }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.makeUserJob.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.makeUserJob.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.makeUserJob.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.makeUserJob.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} + runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }} + fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }} +{{- end }} + volumes: + - name: minio-configuration + projected: + sources: + - configMap: + name: {{ template "minio.fullname" . }} + - secret: + name: {{ template "minio.secretName" . }} + {{- range .Values.users }} + {{- if .existingSecret }} + - secret: + name: {{ tpl .existingSecret $global }} + items: + - key: {{ .existingSecretKey }} + path: secrets/{{ tpl .existingSecretKey $global }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} + containers: + - name: minio-mc + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.makeUserJob.exitCommand }} + command: ["/bin/sh", "-c"] + args: ["/bin/sh /config/add-user; x=$(echo $?); {{ .Values.makeUserJob.exitCommand }} && exit $x" ] + {{- else }} + command: ["/bin/sh", "/config/add-user"] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{ end }} + resources: +{{ toYaml .Values.makeUserJob.resources | indent 10 }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/post-install-custom-command.yaml b/charts/tempo/charts/minio/templates/post-install-custom-command.yaml new file mode 100644 index 0000000000..48cbd75783 --- /dev/null +++ b/charts/tempo/charts/minio/templates/post-install-custom-command.yaml @@ -0,0 +1,92 @@ +{{- if .Values.customCommands }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "minio.fullname" . }}-custom-command-job + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }}-custom-command-job + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +{{- with .Values.customCommandJob.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }}-job + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} +{{- if .Values.customCommandJob.podAnnotations }} + annotations: +{{ toYaml .Values.customCommandJob.podAnnotations | indent 8 }} +{{- end }} + spec: + restartPolicy: OnFailure +{{- include "minio.imagePullSecrets" . | indent 6 }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.customCommandJob.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.customCommandJob.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.customCommandJob.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.customCommandJob.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }} + runAsGroup: {{ .Values.customCommandJob.securityContext.runAsGroup }} + fsGroup: {{ .Values.customCommandJob.securityContext.fsGroup }} +{{- end }} + volumes: + - name: minio-configuration + projected: + sources: + - configMap: + name: {{ template "minio.fullname" . }} + - secret: + name: {{ template "minio.secretName" . }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} + containers: + - name: minio-mc + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + {{- if .Values.customCommandJob.exitCommand }} + command: ["/bin/sh", "-c"] + args: ["/bin/sh /config/custom-command; x=$(echo $?); {{ .Values.customCommandJob.exitCommand }} && exit $x" ] + {{- else }} + command: ["/bin/sh", "/config/custom-command"] + {{- end }} + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{ end }} + resources: +{{ toYaml .Values.customCommandJob.resources | indent 10 }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/pvc.yaml b/charts/tempo/charts/minio/templates/pvc.yaml new file mode 100644 index 0000000000..369aade415 --- /dev/null +++ b/charts/tempo/charts/minio/templates/pvc.yaml @@ -0,0 +1,35 @@ +{{- if eq .Values.mode "standalone" }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "minio.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.persistence.VolumeName }} + volumeName: "{{ .Values.persistence.VolumeName }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/secrets.yaml b/charts/tempo/charts/minio/templates/secrets.yaml new file mode 100644 index 0000000000..da2ecab4a1 --- /dev/null +++ b/charts/tempo/charts/minio/templates/secrets.yaml @@ -0,0 +1,22 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "minio.secretName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + rootUser: {{ include "minio.root.username" . | b64enc | quote }} + rootPassword: {{ include "minio.root.password" . | b64enc | quote }} + {{- if .Values.etcd.clientCert }} + etcd_client.crt: {{ .Values.etcd.clientCert | toString | b64enc | quote }} + {{- end }} + {{- if .Values.etcd.clientCertKey }} + etcd_client.key: {{ .Values.etcd.clientCertKey | toString | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/templates/securitycontextconstraints.yaml b/charts/tempo/charts/minio/templates/securitycontextconstraints.yaml new file mode 100644 index 0000000000..4bac7e3728 --- /dev/null +++ b/charts/tempo/charts/minio/templates/securitycontextconstraints.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: false +allowedCapabilities: [] +readOnlyRootFilesystem: false +defaultAddCapabilities: [] +requiredDropCapabilities: +- KILL +- MKNOD +- SETUID +- SETGID +fsGroup: + type: MustRunAs + ranges: + - max: {{ .Values.securityContext.fsGroup }} + min: {{ .Values.securityContext.fsGroup }} +runAsUser: + type: MustRunAs + uid: {{ .Values.securityContext.runAsUser }} +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- projected +- secret +{{- end }} diff --git a/charts/tempo/charts/minio/templates/service.yaml b/charts/tempo/charts/minio/templates/service.yaml new file mode 100644 index 0000000000..741528df45 --- /dev/null +++ b/charts/tempo/charts/minio/templates/service.yaml @@ -0,0 +1,49 @@ +{{ $scheme := "http" }} +{{- if .Values.tls.enabled }} +{{ $scheme = "https" }} +{{ end }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + monitoring: "true" +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} + type: ClusterIP + {{- if not (empty .Values.service.clusterIP) }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} + ports: + - name: {{ $scheme }} + port: {{ .Values.service.port }} + protocol: TCP +{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} +{{- else }} + targetPort: {{ .Values.minioAPIPort }} +{{- end}} +{{- if .Values.service.externalIPs }} + externalIPs: +{{- range $i , $ip := .Values.service.externalIPs }} + - {{ $ip }} +{{- end }} +{{- end }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} diff --git a/charts/tempo/charts/minio/templates/serviceaccount.yaml b/charts/tempo/charts/minio/templates/serviceaccount.yaml new file mode 100644 index 0000000000..6a4bd94b3d --- /dev/null +++ b/charts/tempo/charts/minio/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name | quote }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/tempo/charts/minio/templates/servicemonitor.yaml b/charts/tempo/charts/minio/templates/servicemonitor.yaml new file mode 100644 index 0000000000..d3fb6291c2 --- /dev/null +++ b/charts/tempo/charts/minio/templates/servicemonitor.yaml @@ -0,0 +1,61 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "minio.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{ else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +{{- if .Values.metrics.serviceMonitor.annotations }} + annotations: +{{ toYaml .Values.metrics.serviceMonitor.annotations | trimSuffix "\n" | indent 4 }} +{{- end }} +spec: + endpoints: + {{- if .Values.tls.enabled }} + - port: https + scheme: https + tlsConfig: + ca: + secret: + name: {{ .Values.tls.certSecret }} + key: {{ .Values.tls.publicCrt }} + serverName: {{ template "minio.fullname" . }} + {{ else }} + - port: http + scheme: http + {{- end }} + path: /minio/v2/metrics/cluster + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelConfigs }} +{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} + {{- end }} + {{- if not .Values.metrics.serviceMonitor.public }} + bearerTokenSecret: + name: {{ template "minio.fullname" . }}-prometheus + key: token + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + app: {{ include "minio.name" . }} + release: {{ .Release.Name }} + monitoring: "true" +{{- end }} diff --git a/charts/tempo/charts/minio/templates/statefulset.yaml b/charts/tempo/charts/minio/templates/statefulset.yaml new file mode 100644 index 0000000000..6d695ddf5f --- /dev/null +++ b/charts/tempo/charts/minio/templates/statefulset.yaml @@ -0,0 +1,246 @@ +{{- if eq .Values.mode "distributed" }} +{{ $poolCount := .Values.pools | int }} +{{ $nodeCount := .Values.replicas | int }} +{{ $replicas := mul $poolCount $nodeCount }} +{{ $drivesPerNode := .Values.drivesPerNode | int }} +{{ $scheme := "http" }} +{{- if .Values.tls.enabled }} +{{ $scheme = "https" }} +{{ end }} +{{ $mountPath := .Values.mountPath }} +{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} +{{ $subPath := .Values.persistence.subPath }} +{{ $penabled := .Values.persistence.enabled }} +{{ $accessMode := .Values.persistence.accessMode }} +{{ $storageClass := .Values.persistence.storageClass }} +{{ $psize := .Values.persistence.size }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }}-svc + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + publishNotReadyAddresses: true + clusterIP: None + ports: + - name: {{ $scheme }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.minioAPIPort }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +--- +apiVersion: {{ template "minio.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "minio.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.additionalLabels }} +{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} +{{- end }} +{{- if .Values.additionalAnnotations }} + annotations: +{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} +{{- end }} +spec: + updateStrategy: + type: {{ .Values.StatefulSetUpdate.updateStrategy }} + podManagementPolicy: "Parallel" + serviceName: {{ template "minio.fullname" . }}-svc + replicas: {{ $replicas }} + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + annotations: +{{- if not .Values.ignoreChartChecksums }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} +{{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if .Values.runtimeClassName }} + runtimeClassName: "{{ .Values.runtimeClassName }}" + {{- end }} +{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} + fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} + {{- end }} +{{- end }} +{{ if .Values.serviceAccount.create }} + serviceAccountName: {{ .Values.serviceAccount.name }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ] + volumeMounts: + {{- if $penabled }} + {{- if (gt $drivesPerNode 1) }} + {{- range $i := until $drivesPerNode }} + - name: export-{{ $i }} + mountPath: {{ $mountPath }}-{{ $i }} + {{- if and $penabled $subPath }} + subPath: {{ $subPath }} + {{- end }} + {{- end }} + {{- else }} + - name: export + mountPath: {{ $mountPath }} + {{- if and $penabled $subPath }} + subPath: {{ $subPath }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.extraSecret }} + - name: extra-secret + mountPath: "/tmp/minio-config-env" + {{- end }} + {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} + ports: + - name: {{ $scheme }} + containerPort: {{ .Values.minioAPIPort }} + - name: {{ $scheme }}-console + containerPort: {{ .Values.minioConsolePort }} + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootUser + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "minio.secretName" . }} + key: rootPassword + {{- if .Values.extraSecret }} + - name: MINIO_CONFIG_ENV_FILE + value: "/tmp/minio-config-env/config.env" + {{- end}} + {{- if .Values.metrics.serviceMonitor.public }} + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + {{- end}} + {{- if .Values.oidc.enabled }} + - name: MINIO_IDENTITY_OPENID_CONFIG_URL + value: {{ .Values.oidc.configUrl }} + - name: MINIO_IDENTITY_OPENID_CLIENT_ID + value: {{ .Values.oidc.clientId }} + - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET + value: {{ .Values.oidc.clientSecret }} + - name: MINIO_IDENTITY_OPENID_CLAIM_NAME + value: {{ .Values.oidc.claimName }} + - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX + value: {{ .Values.oidc.claimPrefix }} + - name: MINIO_IDENTITY_OPENID_SCOPES + value: {{ .Values.oidc.scopes }} + - name: MINIO_IDENTITY_OPENID_REDIRECT_URI + value: {{ .Values.oidc.redirectUri }} + - name: MINIO_IDENTITY_OPENID_COMMENT + value: {{ .Values.oidc.comment }} + {{- end}} + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} +{{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml . | indent 8 }} + {{- end }} + {{- end }} + volumes: + - name: minio-user + secret: + secretName: {{ template "minio.secretName" . }} + {{- if .Values.extraSecret }} + - name: extra-secret + secret: + secretName: {{ .Values.extraSecret }} + {{- end }} + {{- include "minio.tlsKeysVolume" . | indent 8 }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + {{- if gt $drivesPerNode 1 }} + {{- range $diskId := until $drivesPerNode}} + - metadata: + name: export-{{ $diskId }} + {{- if $.Values.persistence.annotations }} + annotations: +{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} + {{- end }} + spec: + accessModes: [ {{ $accessMode | quote }} ] + {{- if $storageClass }} + storageClassName: {{ $storageClass }} + {{- end }} + resources: + requests: + storage: {{ $psize }} + {{- end }} + {{- else }} + - metadata: + name: export + {{- if $.Values.persistence.annotations }} + annotations: +{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} + {{- end }} + spec: + accessModes: [ {{ $accessMode | quote }} ] + {{- if $storageClass }} + storageClassName: {{ $storageClass }} + {{- end }} + resources: + requests: + storage: {{ $psize }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/tempo/charts/minio/values.yaml b/charts/tempo/charts/minio/values.yaml new file mode 100644 index 0000000000..457d647a9f --- /dev/null +++ b/charts/tempo/charts/minio/values.yaml @@ -0,0 +1,482 @@ +## Provide a name in place of minio for `app:` labels +## +nameOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## set kubernetes cluster domain where minio is running +## +clusterDomain: cluster.local + +## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the +## +image: + repository: quay.io/minio/minio + tag: RELEASE.2022-08-13T21-54-44Z + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio +## client used to create a default bucket). +## +mcImage: + repository: quay.io/minio/mc + tag: RELEASE.2022-08-11T00-30-48Z + pullPolicy: IfNotPresent + +## minio mode, i.e. standalone or distributed or gateway. +mode: distributed ## other supported values are "standalone", "gateway" + +## Additional labels to include with deployment or statefulset +additionalLabels: [] + +## Additional annotations to include with deployment or statefulset +additionalAnnotations: [] + +## Typically the deployment/statefulset includes checksums of secrets/config, +## So that when these change on a subsequent helm install, the deployment/statefulset +## is restarted. This can result in unnecessary restarts under GitOps tooling such as +## flux, so set to "true" to disable this behaviour. +ignoreChartChecksums: false + +## Additional arguments to pass to minio binary +extraArgs: [] + +## Internal port number for MinIO S3 API container +## Change service.port to change external port number +minioAPIPort: "9000" + +## Internal port number for MinIO Browser Console container +## Change consoleService.port to change external port number +minioConsolePort: "9001" + +## Update strategy for Deployments +DeploymentUpdate: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 100% + +## Update strategy for StatefulSets +StatefulSetUpdate: + updateStrategy: RollingUpdate + +## Pod priority settings +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" + +## Pod runtime class name +## ref https://kubernetes.io/docs/concepts/containers/runtime-class/ +## +runtimeClassName: "" + +## Set default rootUser, rootPassword +## AccessKey and secretKey is generated when not set +## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide +## +rootUser: "" +rootPassword: "" + +## Use existing Secret that store following variables: +## +## | Chart var | .data. in Secret | +## |:----------------------|:-------------------------| +## | rootUser | rootUser | +## | rootPassword | rootPassword | +## +## All mentioned variables will be ignored in values file. +## .data.rootUser and .data.rootPassword are mandatory, +## others depend on enabled status of corresponding sections. +existingSecret: "" + +## Directory on the MinIO pof +certsPath: "/etc/minio/certs/" +configPathmc: "/etc/minio/mc/" + +## Path where PV would be mounted on the MinIO Pod +mountPath: "/export" +## Override the root directory which the minio server should serve from. +## If left empty, it defaults to the value of {{ .Values.mountPath }} +## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }} +## +bucketRoot: "" + +# Number of drives attached to a node +drivesPerNode: 1 +# Number of MinIO containers running +replicas: 16 +# Number of expanded MinIO clusters +pools: 1 + +# Deploy if 'mode == gateway' - 4 replicas. +gateway: + type: "nas" # currently only "nas" are supported. + replicas: 4 + +## TLS Settings for MinIO +tls: + enabled: false + ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + certSecret: "" + publicCrt: public.crt + privateKey: private.key + +## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas +## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret +## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt. +## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret. +trustedCertsSecret: "" + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + enabled: true + annotations: {} + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## minio data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## Storage class of PV to bind. By default it looks for standard storage class. + ## If the PV uses a different storage class, specify that here. + storageClass: "" + VolumeName: "" + accessMode: ReadWriteOnce + size: 500Gi + + ## If subPath is set mount a sub folder of a volume instead of the root of the volume. + ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs). + ## + subPath: "" + +## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + type: ClusterIP + clusterIP: ~ + port: "9000" + nodePort: 32000 + +## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## + +ingress: + enabled: false + # ingressClassName: "" + labels: {} + # node-role.kubernetes.io/ingress: platform + + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.allow-http: "false" + # kubernetes.io/ingress.global-static-ip-name: "" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 + path: / + hosts: + - minio-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +consoleService: + type: ClusterIP + clusterIP: ~ + port: "9001" + nodePort: 32001 + +consoleIngress: + enabled: false + # ingressClassName: "" + labels: {} + # node-role.kubernetes.io/ingress: platform + + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.allow-http: "false" + # kubernetes.io/ingress.global-static-ip-name: "" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 + path: / + hosts: + - console.minio-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +tolerations: [] +affinity: {} +topologySpreadConstraints: [] + +## Add stateful containers to have security context, if enabled MinIO will run as this +## user and group NOTE: securityContext is only enabled if persistence.enabled=true +securityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: "OnRootMismatch" + +# Additational pod annotations +podAnnotations: {} + +# Additional pod labels +podLabels: {} + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 16Gi + +## List of policies to be created after minio install +## +## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics] +## you can define additional policies with custom supported actions and resources +policies: [] +## writeexamplepolicy policy grants creation or deletion of buckets with name +## starting with example. In addition, grants objects write permissions on buckets starting with +## example. +# - name: writeexamplepolicy +# statements: +# - resources: +# - 'arn:aws:s3:::example*/*' +# actions: +# - "s3:AbortMultipartUpload" +# - "s3:GetObject" +# - "s3:DeleteObject" +# - "s3:PutObject" +# - "s3:ListMultipartUploadParts" +# - resources: +# - 'arn:aws:s3:::example*' +# actions: +# - "s3:CreateBucket" +# - "s3:DeleteBucket" +# - "s3:GetBucketLocation" +# - "s3:ListBucket" +# - "s3:ListBucketMultipartUploads" +## readonlyexamplepolicy policy grants access to buckets with name starting with example. +## In addition, grants objects read permissions on buckets starting with example. +# - name: readonlyexamplepolicy +# statements: +# - resources: +# - 'arn:aws:s3:::example*/*' +# actions: +# - "s3:GetObject" +# - resources: +# - 'arn:aws:s3:::example*' +# actions: +# - "s3:GetBucketLocation" +# - "s3:ListBucket" +# - "s3:ListBucketMultipartUploads" +## Additional Annotations for the Kubernetes Job makePolicyJob +makePolicyJob: + podAnnotations: + annotations: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + resources: + requests: + memory: 128Mi + nodeSelector: {} + tolerations: [] + affinity: {} + # Command to run after the main command on exit + exitCommand: "" + +## List of users to be created after minio install +## +users: + ## Username, password and policy to be assigned to the user + ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] + ## Add new policies as explained here https://docs.min.io/docs/minio-multi-user-quickstart-guide.html + ## NOTE: this will fail if LDAP is enabled in your MinIO deployment + ## make sure to disable this if you are using LDAP. + - accessKey: console + secretKey: console123 + policy: consoleAdmin + # Or you can refer to specific secret + #- accessKey: externalSecret + # existingSecret: my-secret + # existingSecretKey: password + # policy: readonly + + +## Additional Annotations for the Kubernetes Job makeUserJob +makeUserJob: + podAnnotations: + annotations: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + resources: + requests: + memory: 128Mi + nodeSelector: {} + tolerations: [] + affinity: {} + # Command to run after the main command on exit + exitCommand: "" + +## List of buckets to be created after minio install +## +buckets: + # # Name of the bucket + # - name: bucket1 + # # Policy to be set on the + # # bucket [none|download|upload|public] + # policy: none + # # Purge if bucket exists already + # purge: false + # # set versioning for + # # bucket [true|false] + # versioning: false + # # set objectlocking for + # # bucket [true|false] NOTE: versioning is enabled by default if you use locking + # objectlocking: false + # - name: bucket2 + # policy: none + # purge: false + # versioning: true + # # set objectlocking for + # # bucket [true|false] NOTE: versioning is enabled by default if you use locking + # objectlocking: false + +## Additional Annotations for the Kubernetes Job makeBucketJob +makeBucketJob: + podAnnotations: + annotations: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + resources: + requests: + memory: 128Mi + nodeSelector: {} + tolerations: [] + affinity: {} + # Command to run after the main command on exit + exitCommand: "" + +## List of command to run after minio install +## NOTE: the mc command TARGET is always "myminio" +customCommands: + # - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'" + +## Additional Annotations for the Kubernetes Job customCommandJob +customCommandJob: + podAnnotations: + annotations: + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + resources: + requests: + memory: 128Mi + nodeSelector: {} + tolerations: [] + affinity: {} + # Command to run after the main command on exit + exitCommand: "" + +## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s) +## when Chart is deployed +environment: + ## Please refer for comprehensive list https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html + ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io" + ## MINIO_BROWSER: "off" + +## The name of a secret in the same kubernetes namespace which contain secret values +## This can be useful for LDAP password, etc +## The key in the secret must be 'config.env' +## +# extraSecret: minio-extraenv + +## OpenID Identity Management +## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. +## See https://docs.min.io/minio/baremetal/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.html#minio-external-identity-management-openid for a tutorial on using these variables. +oidc: + enabled: false + configUrl: "https://identity-provider-url/.well-known/openid-configuration" + clientId: "minio" + clientSecret: "" + claimName: "policy" + scopes: "openid,profile,email" + redirectUri: "https://console-endpoint-url/oauth_callback" + # Can leave empty + claimPrefix: "" + comment: "" + +networkPolicy: + enabled: false + allowExternal: true + +## PodDisruptionBudget settings +## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ +## +podDisruptionBudget: + enabled: false + maxUnavailable: 1 + +## Specify the service account to use for the MinIO pods. If 'create' is set to 'false' +## and 'name' is left unspecified, the account 'default' will be used. +serviceAccount: + create: true + ## The name of the service account to use. If 'create' is 'true', a service account with that name + ## will be created. + name: "minio-sa" + +metrics: + serviceMonitor: + enabled: false + public: true + additionalLabels: {} + annotations: {} + relabelConfigs: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + +## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md +## Define endpoints to enable this section. +etcd: + endpoints: [] + pathPrefix: "" + corednsPathPrefix: "" + clientCert: "" + clientCertKey: "" diff --git a/charts/tempo/charts/rollout-operator/.helmignore b/charts/tempo/charts/rollout-operator/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/charts/tempo/charts/rollout-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/tempo/charts/rollout-operator/Chart.yaml b/charts/tempo/charts/rollout-operator/Chart.yaml new file mode 100644 index 0000000000..efd581c214 --- /dev/null +++ b/charts/tempo/charts/rollout-operator/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: v0.24.0 +description: Grafana rollout-operator +home: https://github.com/grafana/rollout-operator +kubeVersion: ^1.10.0-0 +name: rollout-operator +type: application +version: 0.24.0 diff --git a/charts/tempo/charts/rollout-operator/README.md b/charts/tempo/charts/rollout-operator/README.md new file mode 100644 index 0000000000..9e676ead5c --- /dev/null +++ b/charts/tempo/charts/rollout-operator/README.md @@ -0,0 +1,72 @@ +# Grafana rollout-operator Helm Chart + +Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/rollout-operator) to Kubernetes. + +# rollout-operator + +![Version: 0.24.0](https://img.shields.io/badge/Version-0.24.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.24.0](https://img.shields.io/badge/AppVersion-v0.24.0-informational?style=flat-square) + +Grafana rollout-operator + +## Requirements + +Kubernetes: `^1.10.0-0` + +## Installation + +This section describes various use cases for installation, upgrade and migration from different systems and versions. + +### Preparation + +These are the common tasks to perform before any of the use cases. + +```bash +# Add the repository +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +### Installation of Grafana Rollout Operator + +```bash +helm install -n grafana/rollout-operator +``` + +The Grafana rollout-operator should be installed in the same namespace as the statefulsets it is operating upon. +It is not a highly available application and runs as a single pod. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| fullnameOverride | string | `""` | | +| global.commonLabels | object | `{}` | Common labels for all object directly managed by this chart. | +| hostAliases | list | `[]` | hostAliases to add | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"grafana/rollout-operator"` | | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | | +| minReadySeconds | int | `10` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | Pod Annotations | +| podLabels | object | `{}` | Pod (extra) Labels | +| podSecurityContext | object | `{}` | | +| priorityClassName | string | `""` | | +| resources.limits.memory | string | `"200Mi"` | | +| resources.requests.cpu | string | `"100m"` | | +| resources.requests.memory | string | `"100Mi"` | | +| securityContext | object | `{}` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| serviceMonitor.annotations | object | `{}` | ServiceMonitor annotations | +| serviceMonitor.enabled | bool | `false` | Create ServiceMonitor to scrape metrics for Prometheus | +| serviceMonitor.interval | string | `nil` | ServiceMonitor scrape interval | +| serviceMonitor.labels | object | `{}` | Additional ServiceMonitor labels | +| serviceMonitor.namespace | string | `nil` | Alternative namespace for ServiceMonitor resources | +| serviceMonitor.namespaceSelector | object | `{}` | Namespace selector for ServiceMonitor resources | +| serviceMonitor.relabelings | list | `[]` | ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig | +| serviceMonitor.scrapeTimeout | string | `nil` | ServiceMonitor scrape timeout in Go duration format (e.g. 15s) | +| tolerations | list | `[]` | | diff --git a/charts/tempo/charts/rollout-operator/README.md.gotmpl b/charts/tempo/charts/rollout-operator/README.md.gotmpl new file mode 100644 index 0000000000..0ac2d4747e --- /dev/null +++ b/charts/tempo/charts/rollout-operator/README.md.gotmpl @@ -0,0 +1,38 @@ +# Grafana rollout-operator Helm Chart + +Helm chart for deploying [Grafana rollout-operator]({{ template "chart.homepage" . }}) to Kubernetes. + +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +## Installation + +This section describes various use cases for installation, upgrade and migration from different systems and versions. + +### Preparation + +These are the common tasks to perform before any of the use cases. + +```bash +# Add the repository +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +### Installation of Grafana Rollout Operator + +```bash +helm install -n grafana/rollout-operator +``` + +The Grafana rollout-operator should be installed in the same namespace as the statefulsets it is operating upon. +It is not a highly available application and runs as a single pod. + +{{ template "chart.valuesSection" . }} diff --git a/charts/tempo/charts/rollout-operator/templates/NOTES.txt b/charts/tempo/charts/rollout-operator/templates/NOTES.txt new file mode 100644 index 0000000000..a76e5ba078 --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/NOTES.txt @@ -0,0 +1,10 @@ +Repo : {{ .Chart.Home }} + +Validation: + +Check the logs of the pod and ensure messages for reconcilliation of the statefulsets are present. +``` +kubectl logs -n {{ .Release.Namespace }} -l {{ include "cli.labels" . }} +``` +Example log line: +level=debug ts=2022-04-20T13:59:52.783051541Z msg="reconciling StatefulSet" statefulset=mimir-store-gateway-zone-a diff --git a/charts/tempo/charts/rollout-operator/templates/_helpers.tpl b/charts/tempo/charts/rollout-operator/templates/_helpers.tpl new file mode 100644 index 0000000000..68ae702a06 --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/_helpers.tpl @@ -0,0 +1,82 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "rollout-operator.name" -}} +{{- default (include "rollout-operator.chartName" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "rollout-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default (include "rollout-operator.chartName" .) .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Recalculate the chart name, because it may be sub-chart included as rollout_operator, +and _ is not valid in resource names. +*/}} +{{- define "rollout-operator.chartName" -}} +{{- print .Chart.Name | replace "_" "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "rollout-operator.chart" -}} +{{- printf "%s-%s" (include "rollout-operator.chartName" .) .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "rollout-operator.labels" -}} +helm.sh/chart: {{ include "rollout-operator.chart" . }} +{{ include "rollout-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.global.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "rollout-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "rollout-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "rollout-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "rollout-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + + +{{- define "cli.labels" -}} +{{- $list := list -}} +{{- range $k, $v := ( include "rollout-operator.selectorLabels" . | fromYaml ) -}} +{{- $list = append $list (printf "%s=%s" $k $v) -}} +{{- end -}} +{{ join "," $list }} +{{- end -}} diff --git a/charts/tempo/charts/rollout-operator/templates/deployment.yaml b/charts/tempo/charts/rollout-operator/templates/deployment.yaml new file mode 100644 index 0000000000..d35b866d0e --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "rollout-operator.fullname" . }} + labels: + {{- include "rollout-operator.labels" . | nindent 4 }} +spec: + replicas: 1 + minReadySeconds: {{ .Values.minReadySeconds }} + selector: + matchLabels: + {{- include "rollout-operator.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "rollout-operator.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "rollout-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: rollout-operator + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - -kubernetes.namespace={{ .Release.Namespace }} + ports: + - name: http-metrics + containerPort: 8001 + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: http-metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/tempo/charts/rollout-operator/templates/role.yaml b/charts/tempo/charts/rollout-operator/templates/role.yaml new file mode 100644 index 0000000000..7bc2570b4e --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "rollout-operator.fullname" . }} + labels: + {{- include "rollout-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - get + - watch + - delete +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - list + - get + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - update diff --git a/charts/tempo/charts/rollout-operator/templates/rolebinding.yaml b/charts/tempo/charts/rollout-operator/templates/rolebinding.yaml new file mode 100644 index 0000000000..d1cfe6826c --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "rollout-operator.fullname" . }} + labels: + {{- include "rollout-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "rollout-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "rollout-operator.serviceAccountName" . }} diff --git a/charts/tempo/charts/rollout-operator/templates/service.yaml b/charts/tempo/charts/rollout-operator/templates/service.yaml new file mode 100644 index 0000000000..60ce5b1e83 --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/service.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "rollout-operator.fullname" . }} + labels: + {{- include "rollout-operator.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: 8001 + targetPort: http-metrics + protocol: TCP + name: http-metrics + selector: + {{- include "rollout-operator.selectorLabels" . | nindent 4 }} +{{- end -}} diff --git a/charts/tempo/charts/rollout-operator/templates/serviceaccount.yaml b/charts/tempo/charts/rollout-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000000..37698a4f4b --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "rollout-operator.serviceAccountName" . }} + labels: + {{- include "rollout-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/tempo/charts/rollout-operator/templates/servicemonitor.yaml b/charts/tempo/charts/rollout-operator/templates/servicemonitor.yaml new file mode 100644 index 0000000000..8fa7c1b23e --- /dev/null +++ b/charts/tempo/charts/rollout-operator/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "rollout-operator.fullname" . }} + {{- with .Values.serviceMonitor.namespace }} + namespace: {{ . }} + {{- end }} + labels: + {{- include "rollout-operator.labels" . | nindent 4 }} + {{- with .Values.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.serviceMonitor.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "rollout-operator.selectorLabels" . | nindent 6 }} + endpoints: + - port: http-metrics + {{- with .Values.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + scheme: http +{{- end -}} diff --git a/charts/tempo/charts/rollout-operator/values.yaml b/charts/tempo/charts/rollout-operator/values.yaml new file mode 100644 index 0000000000..1711671f7a --- /dev/null +++ b/charts/tempo/charts/rollout-operator/values.yaml @@ -0,0 +1,89 @@ +# Default values for rollout-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + + +global: + # -- Common labels for all object directly managed by this chart. + commonLabels: {} + + +image: + repository: grafana/rollout-operator + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] + +# -- hostAliases to add +hostAliases: [] +# - ip: 1.2.3.4 +# hostnames: +# - domain.tld + +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- Pod Annotations +podAnnotations: {} + +# -- Pod (extra) Labels +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: + limits: + # cpu: "1" + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + +minReadySeconds: 10 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +priorityClassName: "" + +serviceMonitor: + # -- Create ServiceMonitor to scrape metrics for Prometheus + enabled: false + # -- Alternative namespace for ServiceMonitor resources + namespace: null + # -- Namespace selector for ServiceMonitor resources + namespaceSelector: {} + # -- ServiceMonitor annotations + annotations: {} + # -- Additional ServiceMonitor labels + labels: {} + # -- ServiceMonitor scrape interval + interval: null + # -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s) + scrapeTimeout: null + # -- ServiceMonitor relabel configs to apply to samples before scraping + # https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + relabelings: [] diff --git a/charts/tempo/templates/_helpers.tpl b/charts/tempo/templates/_helpers.tpl index 81e08f6f0e..55167a659c 100644 --- a/charts/tempo/templates/_helpers.tpl +++ b/charts/tempo/templates/_helpers.tpl @@ -189,7 +189,7 @@ Renders the overrides config */}} {{- define "tempo.overridesConfig" -}} overrides: -{{ toYaml .Values.overrides | indent 2 }} +{{ toYaml .Values.per_tenant_overrides | indent 2 }} {{- end -}} {{/* diff --git a/charts/tempo/templates/compactor/deployment-compactor.yaml b/charts/tempo/templates/compactor/deployment-compactor.yaml index 37f5342204..3786ca06e1 100644 --- a/charts/tempo/templates/compactor/deployment-compactor.yaml +++ b/charts/tempo/templates/compactor/deployment-compactor.yaml @@ -11,9 +11,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - minReadySeconds: 10 + minReadySeconds: {{ .Values.compactor.minReadySeconds }} replicas: {{ .Values.compactor.replicas }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} selector: matchLabels: {{- include "tempo.selectorLabels" $dict | nindent 6 }} @@ -54,6 +54,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.compactor.initContainers | nindent 8 }} containers: - args: - -target=compactor @@ -103,6 +105,9 @@ spec: {{- with .Values.compactor.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.compactor.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.compactor.terminationGracePeriodSeconds }} {{- if semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version }} {{- with .Values.compactor.topologySpreadConstraints }} diff --git a/charts/tempo/templates/compactor/service-compactor.yaml b/charts/tempo/templates/compactor/service-compactor.yaml index dcbacc273b..fde2125f1b 100644 --- a/charts/tempo/templates/compactor/service-compactor.yaml +++ b/charts/tempo/templates/compactor/service-compactor.yaml @@ -17,3 +17,5 @@ spec: protocol: TCP selector: {{- include "tempo.selectorLabels" (dict "ctx" . "component" "compactor") | nindent 4 }} + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} diff --git a/charts/tempo/templates/distributor/deployment-distributor.yaml b/charts/tempo/templates/distributor/deployment-distributor.yaml index c7495b3832..f3c0a1efd9 100644 --- a/charts/tempo/templates/distributor/deployment-distributor.yaml +++ b/charts/tempo/templates/distributor/deployment-distributor.yaml @@ -11,14 +11,18 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - minReadySeconds: 10 + minReadySeconds: {{ .Values.distributor.minReadySeconds }} {{- if not .Values.distributor.autoscaling.enabled }} replicas: {{ .Values.distributor.replicas }} {{- end }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} selector: matchLabels: {{- include "tempo.selectorLabels" $dict | nindent 6 }} +{{- with .Values.distributor.strategy }} + strategy: +{{- toYaml . | nindent 4 }} +{{- end }} template: metadata: labels: @@ -52,6 +56,10 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.distributor.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - args: - -target=distributor @@ -144,6 +152,9 @@ spec: {{- with .Values.distributor.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.distributor.extraContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.distributor.terminationGracePeriodSeconds }} {{- if semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version }} {{- with .Values.distributor.topologySpreadConstraints }} diff --git a/charts/tempo/templates/distributor/service-distributor.yaml b/charts/tempo/templates/distributor/service-distributor.yaml index a7174f2a00..15c6317544 100644 --- a/charts/tempo/templates/distributor/service-distributor.yaml +++ b/charts/tempo/templates/distributor/service-distributor.yaml @@ -14,7 +14,10 @@ metadata: {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: + internalTrafficPolicy: {{ .Values.distributor.service.internalTrafficPolicy }} type: {{ .Values.distributor.service.type }} + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} ports: - name: http-metrics port: 3100 diff --git a/charts/tempo/templates/enterprise-federation-frontend/deployment-federation-frontend.yaml b/charts/tempo/templates/enterprise-federation-frontend/deployment-federation-frontend.yaml index 20f2d8fa44..59a1b142fe 100644 --- a/charts/tempo/templates/enterprise-federation-frontend/deployment-federation-frontend.yaml +++ b/charts/tempo/templates/enterprise-federation-frontend/deployment-federation-frontend.yaml @@ -16,7 +16,7 @@ spec: {{- if not .Values.enterpriseFederationFrontend.autoscaling.enabled }} replicas: {{ .Values.enterpriseFederationFrontend.replicas }} {{- end }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} selector: matchLabels: {{- include "tempo.selectorLabels" $dict | nindent 6 }} diff --git a/charts/tempo/templates/gateway/deployment-gateway.yaml b/charts/tempo/templates/gateway/deployment-gateway.yaml index ea6cd5dd34..bccf609911 100644 --- a/charts/tempo/templates/gateway/deployment-gateway.yaml +++ b/charts/tempo/templates/gateway/deployment-gateway.yaml @@ -7,12 +7,16 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "tempo.labels" $dict | nindent 4 }} + {{- with .Values.gateway.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: - minReadySeconds: 10 + minReadySeconds: {{ .Values.gateway.minReadySeconds }} {{- if not .Values.gateway.autoscaling.enabled }} replicas: {{ .Values.gateway.replicas }} {{- end }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} selector: matchLabels: {{- include "tempo.selectorLabels" $dict | nindent 6 }} diff --git a/charts/tempo/templates/gossip-ring/service-gossip-ring.yaml b/charts/tempo/templates/gossip-ring/service-gossip-ring.yaml index 948a739503..35fd54d1c4 100644 --- a/charts/tempo/templates/gossip-ring/service-gossip-ring.yaml +++ b/charts/tempo/templates/gossip-ring/service-gossip-ring.yaml @@ -5,9 +5,15 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "tempo.labels" (dict "ctx" . "component" "gossip-ring") | nindent 4 }} + annotations: + {{- with .Values.tempo.memberlist.service.annotations | default dict }} + {{- toYaml . | nindent 4}} + {{- end }} spec: type: ClusterIP clusterIP: None + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} ports: - name: gossip-ring port: {{ include "tempo.memberlistBindPort" . }} diff --git a/charts/tempo/templates/ingester/_helpers-ingester.tpl b/charts/tempo/templates/ingester/_helpers-ingester.tpl index 4d417ada2c..f7018f507c 100644 --- a/charts/tempo/templates/ingester/_helpers-ingester.tpl +++ b/charts/tempo/templates/ingester/_helpers-ingester.tpl @@ -13,12 +13,10 @@ {{- $requestedReplicas := .ctx.Values.ingester.replicas -}} {{- $replicaPerZone := div (add $requestedReplicas $numberOfZones -1) $numberOfZones -}} {{- range $idx, $rolloutZone := .ctx.Values.ingester.zoneAwareReplication.zones -}} -{{- $_ := set $zonesMap $rolloutZone.name (dict -"affinity" (($rolloutZone.extraAffinity | default (dict)) | mergeOverwrite (include "ingester.zoneAntiAffinity" (dict "rolloutZoneName" $rolloutZone.name "topologyKey" $.ctx.Values.ingester.zoneAwareReplication.topologyKey) | fromYaml)) -"nodeSelector" ($rolloutZone.nodeSelector | default (dict) ) -"replicas" $replicaPerZone -"storageClass" $rolloutZone.storageClass -) -}} +{{- $extraAffinity := $rolloutZone.extraAffinity | default (dict) -}} +{{- $zoneAntiAffinity := include "ingester.zoneAntiAffinity" (dict "rolloutZoneName" $rolloutZone.name "topologyKey" $.ctx.Values.ingester.zoneAwareReplication.topologyKey) | fromYaml -}} +{{- $mergedAffinity := mergeOverwrite $extraAffinity $zoneAntiAffinity -}} +{{- $_ := set $zonesMap $rolloutZone.name (dict "affinity" $mergedAffinity "nodeSelector" ($rolloutZone.nodeSelector | default (dict)) "replicas" $replicaPerZone "storageClass" $rolloutZone.storageClass) -}} {{- end -}} {{- else -}} {{- $_ := set $zonesMap "" $defaultZone -}} diff --git a/charts/tempo/templates/ingester/service-ingester.yaml b/charts/tempo/templates/ingester/service-ingester.yaml index 988c891028..96867f0dcd 100644 --- a/charts/tempo/templates/ingester/service-ingester.yaml +++ b/charts/tempo/templates/ingester/service-ingester.yaml @@ -1,8 +1,12 @@ {{- $dict := dict "ctx" . "component" "ingester" true }} +{{- $zonesMap := include "ingester.zoneAwareReplicationMap" $dict | fromYaml -}} +{{- range $zoneName, $rolloutZone := $zonesMap -}} +{{- with $ -}} +{{- $_ := set $dict "rolloutZoneName" $zoneName -}} apiVersion: v1 kind: Service metadata: - name: {{ template "tempo.resourceName" $dict }} + name: {{ template "ingester.resourceName" $dict }} namespace: {{ .Release.Namespace }} labels: {{- include "tempo.labels" $dict | nindent 4 }} @@ -11,6 +15,10 @@ metadata: {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: + type: {{ .Values.ingester.service.type }} + internalTrafficPolicy: {{ .Values.ingester.service.internalTrafficPolicy }} + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} ports: - name: http-metrics port: 3100 @@ -24,4 +32,7 @@ spec: appProtocol: {{ .Values.ingester.appProtocol.grpc }} {{- end }} selector: - {{- include "tempo.selectorLabels" $dict | nindent 4 }} + {{- include "ingester.selectorLabels" $dict | nindent 4 }} +--- +{{ end }} +{{ end }} diff --git a/charts/tempo/templates/ingester/statefulset-ingester.yaml b/charts/tempo/templates/ingester/statefulset-ingester.yaml index 123b26790d..c5bf7f5dd8 100644 --- a/charts/tempo/templates/ingester/statefulset-ingester.yaml +++ b/charts/tempo/templates/ingester/statefulset-ingester.yaml @@ -1,5 +1,7 @@ {{- $dict := dict "ctx" . "component" "ingester" "memberlist" true -}} {{- $zonesMap := include "ingester.zoneAwareReplicationMap" $dict | fromYaml -}} +{{- $storageClass := .Values.ingester.persistence.storageClass | default .Values.global.storageClass }} +{{- if eq $storageClass "-" }}{{- $storageClass = "" }}{{- end }} {{- range $zoneName, $rolloutZone := $zonesMap -}} {{- with $ -}} {{- $_ := set $dict "rolloutZoneName" $zoneName -}} @@ -32,8 +34,7 @@ spec: {{- if .Values.ingester.zoneAwareReplication.enabled }} type: OnDelete {{- else }} - rollingUpdate: - partition: 0 + {{- toYaml .Values.ingester.statefulStrategy | nindent 4 }} {{- end }} template: metadata: @@ -42,9 +43,6 @@ spec: {{- with .Values.tempo.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.ingester.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap-tempo.yaml") . | sha256sum }} {{- with .Values.tempo.podAnnotations }} @@ -75,6 +73,9 @@ spec: - -target=ingester - -config.file=/conf/tempo.yaml - -mem-ballast-size-mbs=1024 + {{- if ne $zoneName ""}} + - -ingester.availability-zone={{ $zoneName }} + {{- end }} {{- with .Values.ingester.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} @@ -176,6 +177,11 @@ spec: sizeLimit: {{ .Values.ingester.persistence.size }} {{- end }} {{- else }} + {{- if .Values.ingester.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.ingester.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.ingester.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim @@ -184,13 +190,15 @@ spec: annotations: {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.ingester.persistence.labels }} + labels: + {{- toYaml . | nindent 10 }} + {{- end }} name: data spec: accessModes: - ReadWriteOnce - {{- with .Values.ingester.persistence.storageClass }} - storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} - {{- end }} + storageClassName: {{ if $storageClass }}{{ $storageClass }}{{ else }}{{- "" }}{{ end }} resources: requests: storage: {{ .Values.ingester.persistence.size | quote }} diff --git a/charts/tempo/templates/memcached/service-memcached.yaml b/charts/tempo/templates/memcached/service-memcached.yaml index 64806afc63..ab9d99d6e8 100644 --- a/charts/tempo/templates/memcached/service-memcached.yaml +++ b/charts/tempo/templates/memcached/service-memcached.yaml @@ -11,6 +11,8 @@ metadata: {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} ports: - name: memcached-client port: 11211 diff --git a/charts/tempo/templates/memcached/statefulset-memcached.yaml b/charts/tempo/templates/memcached/statefulset-memcached.yaml index 6827e6dc2e..1c98c9fd5c 100644 --- a/charts/tempo/templates/memcached/statefulset-memcached.yaml +++ b/charts/tempo/templates/memcached/statefulset-memcached.yaml @@ -51,6 +51,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.memcached.initContainers | nindent 8 }} containers: - image: {{ include "tempo.imageReference" $dict }} imagePullPolicy: {{ .Values.memcached.image.pullPolicy }} @@ -81,10 +83,17 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.memcached.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.memcachedExporter.enabled }} - args: - --memcached.address=localhost:11211 - --web.listen-address=0.0.0.0:9150 + {{- with .Values.memcachedExporter.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} image: {{ include "tempo.imageReference" (dict "ctx" . "component" "memcached-exporter") }} imagePullPolicy: {{ .Values.memcachedExporter.image.pullPolicy }} name: exporter @@ -97,6 +106,10 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.memcached.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- if semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version }} {{- with .Values.memcached.topologySpreadConstraints }} @@ -116,6 +129,10 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.memcached.extraVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} updateStrategy: type: RollingUpdate {{- end}} diff --git a/charts/tempo/templates/metrics-generator/deployment-metrics-generator.yaml b/charts/tempo/templates/metrics-generator/deployment-metrics-generator.yaml index 55c7094ea1..94b70f0220 100644 --- a/charts/tempo/templates/metrics-generator/deployment-metrics-generator.yaml +++ b/charts/tempo/templates/metrics-generator/deployment-metrics-generator.yaml @@ -12,9 +12,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - minReadySeconds: 10 + minReadySeconds: {{ .Values.metricsGenerator.minReadySeconds }} replicas: {{ .Values.metricsGenerator.replicas }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} selector: matchLabels: {{- include "tempo.selectorLabels" $dict | nindent 6 }} @@ -51,6 +51,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.metricsGenerator.initContainers | nindent 8 }} containers: - args: - -target=metrics-generator diff --git a/charts/tempo/templates/metrics-generator/service-metrics-generator.yaml b/charts/tempo/templates/metrics-generator/service-metrics-generator.yaml index f0ca27a68e..cc3055e95f 100644 --- a/charts/tempo/templates/metrics-generator/service-metrics-generator.yaml +++ b/charts/tempo/templates/metrics-generator/service-metrics-generator.yaml @@ -12,6 +12,8 @@ metadata: {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} ports: {{- range .Values.metricsGenerator.ports }} {{- if .service }} diff --git a/charts/tempo/templates/metrics-generator/statefulset-metrics-generator.yaml b/charts/tempo/templates/metrics-generator/statefulset-metrics-generator.yaml index f057fba246..c2489aa14d 100644 --- a/charts/tempo/templates/metrics-generator/statefulset-metrics-generator.yaml +++ b/charts/tempo/templates/metrics-generator/statefulset-metrics-generator.yaml @@ -1,5 +1,7 @@ {{- if and (.Values.metricsGenerator.enabled) (eq .Values.metricsGenerator.kind "StatefulSet") }} {{ $dict := dict "ctx" . "component" "metrics-generator" "memberlist" true }} +{{- $storageClass := .Values.metricsGenerator.persistence.storageClass | default .Values.global.storageClass }} +{{- if eq $storageClass "-" }}{{- $storageClass = "" }}{{- end }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -12,9 +14,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - minReadySeconds: 10 + minReadySeconds: {{ .Values.metricsGenerator.minReadySeconds }} replicas: {{ .Values.metricsGenerator.replicas }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} podManagementPolicy: Parallel updateStrategy: rollingUpdate: @@ -144,6 +146,11 @@ spec: - name: wal emptyDir: {{- toYaml .Values.metricsGenerator.walEmptyDir | nindent 12 }} {{- else }} + {{- if .Values.metricsGenerator.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.metricsGenerator.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.metricsGenerator.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim @@ -152,13 +159,15 @@ spec: annotations: {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.ingester.persistence.labels }} + labels: + {{- toYaml . | nindent 10 }} + {{- end }} name: wal spec: accessModes: - ReadWriteOnce - {{- with .Values.metricsGenerator.persistence.storageClass }} - storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} - {{- end }} + storageClassName: {{ if $storageClass }}{{ $storageClass }}{{ else }}{{- "" }}{{ end }} resources: requests: storage: {{ .Values.metricsGenerator.persistence.size | quote }} diff --git a/charts/tempo/templates/provisioner/provisioner-job.yaml b/charts/tempo/templates/provisioner/provisioner-job.yaml new file mode 100644 index 0000000000..6b471e9260 --- /dev/null +++ b/charts/tempo/templates/provisioner/provisioner-job.yaml @@ -0,0 +1,131 @@ +{{- if and .Values.provisioner.enabled .Values.enterprise.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "tempo.resourceName" (dict "ctx" . "component" "provisioner") }} + labels: + {{- include "tempo.labels" (dict "ctx" . "component" "provisioner") | nindent 4 }} + {{- with .Values.provisioner.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.provisioner.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + "helm.sh/hook": "{{ .Values.provisioner.hookType }}" + "helm.sh/hook-weight": "20" + "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" + namespace: {{ .Release.Namespace | quote }} +spec: + backoffLimit: 6 + completions: 1 + parallelism: 1 + selector: + template: + metadata: + labels: + {{- include "tempo.podLabels" (dict "ctx" . "component" "provisioner") | nindent 8 }} + annotations: + {{- include "tempo.podAnnotations" (dict "ctx" . "component" "provisioner") | nindent 8 }} + namespace: {{ .Release.Namespace | quote }} + spec: + serviceAccountName: {{ include "tempo.resourceName" (dict "ctx" . "component" "provisioner") }} + {{- if .Values.provisioner.priorityClassName }} + priorityClassName: {{ .Values.provisioner.priorityClassName }} + {{- end }} + securityContext: + {{- toYaml .Values.provisioner.securityContext | nindent 8 }} + {{- if .Values.tempo.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.tempo.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + initContainers: + - name: provisioner + image: "{{ $.Values.provisioner.image.registry }}/{{ $.Values.provisioner.image.repository }}:{{ $.Values.provisioner.image.tag }}" + imagePullPolicy: {{ $.Values.provisioner.image.pullPolicy }} + command: + - /bin/bash + - -euc + - | + {{- range $tenant := .Values.provisioner.additionalTenants }} + /usr/bin/provisioner \ + -bootstrap-path=/bootstrap \ + -cluster-name={{ include "tempo.clusterName" $ }} \ + -api-url={{ $.Values.provisioner.apiUrl }} \ + -tenant={{ $tenant.name }} \ + -access-policy=write-{{ $tenant.name }}:{{ $tenant.name }}:traces:write \ + -access-policy=read-{{ $tenant.name }}:{{ $tenant.name }}:traces:read \ + -token=write-{{ $tenant.name }} \ + -token=read-{{ $tenant.name }} + {{- range $flag, $value := $.Values.provisioner.extraArgs }} + - -{{ $flag }}={{ $value }} + {{- end }} + {{- end }} + volumeMounts: + {{- if $.Values.provisioner.extraVolumeMounts }} + {{ toYaml $.Values.provisioner.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- if $.Values.global.extraVolumeMounts }} + {{ toYaml $.Values.global.extraVolumeMounts | nindent 12 }} + {{- end }} + - name: bootstrap + mountPath: /bootstrap + - name: admin-token + mountPath: /bootstrap/token + subPath: token + {{- with $.Values.provisioner.env }} + env: + {{ toYaml . | nindent 12 }} + {{- end }} + containers: + - name: create-secret + image: {{ .Values.kubectlImage.repository }}:{{ .Values.kubectlImage.tag }} + imagePullPolicy: {{ .Values.kubectlImage.pullPolicy | default "IfNotPresent" }} + command: + - /bin/bash + - -exuc + - | + # In this case, the admin resources have already been created, the provisioner job + # does not write the token files to the bootstrap mount. + # Therefore, secrets are only created if the respective token files exist. + # Note: the following bash commands should always return a success status code. + # Therefore, in case the token file does not exist, the first clause of the + # or-operation is successful. + {{- $secretPrefix := .Values.provisioner.provisionedSecretPrefix | default (include "tempo.resourceName" (dict "ctx" . "component" "token")) }} + {{- range .Values.provisioner.additionalTenants }} + ! test -s /bootstrap/token-write-{{ .name }} || \ + kubectl --namespace "{{ .secretNamespace }}" create secret generic "{{ $secretPrefix }}-{{ .name }}" \ + --from-literal=token-write="$(cat /bootstrap/token-write-{{ .name }})" \ + --from-literal=token-read="$(cat /bootstrap/token-read-{{ .name }})" + {{- end }} + volumeMounts: + - name: bootstrap + mountPath: /bootstrap + {{- with .Values.provisioner.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.provisioner.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.provisioner.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + volumes: + - name: admin-token + secret: + secretName: {{ .Values.tokengenJob.adminTokenSecret }} + - name: bootstrap + emptyDir: {} + {{- if .Values.provisioner.extraVolumes }} + {{- toYaml .Values.provisioner.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.global.extraVolumes }} + {{- toYaml .Values.global.extraVolumes | nindent 8 }} + {{- end }} +{{- end -}} diff --git a/charts/tempo/templates/provisioner/provisioner-rbac.yaml b/charts/tempo/templates/provisioner/provisioner-rbac.yaml new file mode 100644 index 0000000000..8f58bae31f --- /dev/null +++ b/charts/tempo/templates/provisioner/provisioner-rbac.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.provisioner.enabled .Values.enterprise.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tempo.resourceName" (dict "ctx" . "component" "provisioner") }} + labels: + {{- include "tempo.labels" (dict "ctx" . "component" "provisioner") | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tempo.resourceName" (dict "ctx" . "component" "provisioner") }} + labels: + {{- include "tempo.labels" (dict "ctx" . "component" "provisioner") | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tempo.resourceName" (dict "ctx" . "component" "provisioner") }} +subjects: +- kind: ServiceAccount + name: {{ include "tempo.resourceName" (dict "ctx" . "component" "provisioner") }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/tempo/templates/provisioner/provisioner-serviceaccount.yaml b/charts/tempo/templates/provisioner/provisioner-serviceaccount.yaml new file mode 100644 index 0000000000..66af34c78c --- /dev/null +++ b/charts/tempo/templates/provisioner/provisioner-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.provisioner.enabled .Values.enterprise.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tempo.resourceName" (dict "ctx" . "component" "provisioner") }} + labels: + {{- include "tempo.labels" (dict "ctx" . "component" "provisioner") | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/tempo/templates/querier/deployment-querier.yaml b/charts/tempo/templates/querier/deployment-querier.yaml index 8412589860..a88595b5c7 100644 --- a/charts/tempo/templates/querier/deployment-querier.yaml +++ b/charts/tempo/templates/querier/deployment-querier.yaml @@ -11,18 +11,18 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - minReadySeconds: 10 + minReadySeconds: {{ .Values.querier.minReadySeconds }} {{- if not .Values.querier.autoscaling.enabled }} replicas: {{ .Values.querier.replicas }} {{- end }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} selector: matchLabels: {{- include "tempo.selectorLabels" $dict | nindent 6 }} strategy: rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 + maxSurge: {{ .Values.querier.maxSurge }} + maxUnavailable: {{ .Values.querier.rollingUpdate.maxUnavailable }} template: metadata: labels: @@ -56,6 +56,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.querier.initContainers | nindent 8 }} containers: - args: - -target=querier diff --git a/charts/tempo/templates/querier/service-querier.yaml b/charts/tempo/templates/querier/service-querier.yaml index b13348b0f8..05dd42c106 100644 --- a/charts/tempo/templates/querier/service-querier.yaml +++ b/charts/tempo/templates/querier/service-querier.yaml @@ -10,6 +10,8 @@ metadata: {{- tpl (toYaml . | nindent 4) $ }} {{- end }} spec: + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} ports: - name: http-metrics port: 3100 diff --git a/charts/tempo/templates/query-frontend/deployment-query-frontend.yaml b/charts/tempo/templates/query-frontend/deployment-query-frontend.yaml index 01f05b21cf..94ace95927 100644 --- a/charts/tempo/templates/query-frontend/deployment-query-frontend.yaml +++ b/charts/tempo/templates/query-frontend/deployment-query-frontend.yaml @@ -11,11 +11,11 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - minReadySeconds: 10 + minReadySeconds: {{ .Values.queryFrontend.minReadySeconds }} {{- if not .Values.queryFrontend.autoscaling.enabled }} replicas: {{ .Values.queryFrontend.replicas }} {{- end }} - revisionHistoryLimit: 10 + revisionHistoryLimit: {{ .Values.tempo.revisionHistoryLimit }} selector: matchLabels: {{- include "tempo.selectorLabels" $dict | nindent 6 }} @@ -56,6 +56,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.queryFrontend.initContainers | nindent 8 }} containers: - args: - -target=query-frontend @@ -107,9 +109,7 @@ spec: {{- end }} {{- if .Values.queryFrontend.query.enabled }} - args: - - --query.base-path=/ - - --grpc-storage-plugin.configuration-file=/conf/tempo-query.yaml - - --query.bearer-token-propagation=true + - -config=/conf/tempo.yaml {{- with .Values.queryFrontend.query.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} diff --git a/charts/tempo/templates/query-frontend/service-query-frontend.yaml b/charts/tempo/templates/query-frontend/service-query-frontend.yaml index d737e7e52c..ad7c568d70 100644 --- a/charts/tempo/templates/query-frontend/service-query-frontend.yaml +++ b/charts/tempo/templates/query-frontend/service-query-frontend.yaml @@ -14,6 +14,8 @@ metadata: {{- end }} spec: type: {{ .Values.queryFrontend.service.type }} + ipFamilies: {{ .Values.tempo.service.ipFamilies }} + ipFamilyPolicy: {{ .Values.tempo.service.ipFamilyPolicy }} ports: - name: http-metrics port: 3100 diff --git a/charts/tempo/templates/tokengen/tokengen-job.yaml b/charts/tempo/templates/tokengen/tokengen-job.yaml index 0af68007c7..860798145e 100644 --- a/charts/tempo/templates/tokengen/tokengen-job.yaml +++ b/charts/tempo/templates/tokengen/tokengen-job.yaml @@ -1,5 +1,4 @@ -{{- if .Values.enterprise.enabled -}} -{{ if .Values.tokengenJob.enable }} +{{- if and .Values.enterprise.enabled .Values.tokengenJob.enable -}} {{ $dict := dict "ctx" . "component" "tokengen-job" }} apiVersion: batch/v1 kind: Job @@ -26,20 +25,30 @@ spec: {{- end }} namespace: {{ .Release.Namespace | quote }} spec: - serviceAccountName: {{ template "tempo.serviceAccountName" . }} + serviceAccountName: {{ include "tempo.resourceName" (dict "ctx" . "component" "tokengen") }} {{- if .Values.tokengenJob.priorityClassName }} priorityClassName: {{ .Values.tokengenJob.priorityClassName }} {{- end }} securityContext: {{- toYaml .Values.tokengenJob.securityContext | nindent 8 }} - {{- include "tempo.tokengenJobImagePullSecrets" . | nindent 6 -}} + {{- if .Values.tempo.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.tempo.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} {{- with .Values.tokengenJob.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} - initContainers: + {{- if .Values.tokengenJob.storeTokenInSecret }} + initContainers: + {{- if .Values.tokengenJob.initContainers }} {{- toYaml .Values.tokengenJob.initContainers | nindent 8 }} + {{- end }} + {{ else }} containers: + {{- end }} - name: tokengen image: "{{ include "tempo.imageReference" $dict }}" imagePullPolicy: {{ .Values.tempo.image.pullPolicy }} @@ -47,6 +56,7 @@ spec: - "-target=tokengen" - "-config.expand-env=true" - "-config.file=/conf/tempo.yaml" + - "-tokengen.token-file=/shared/admin-token" {{- range $key, $value := .Values.tokengenJob.extraArgs }} - "-{{ $key }}={{ $value }}" {{- end }} @@ -57,6 +67,8 @@ spec: name: runtime-config - name: license mountPath: /license + - name: shared + mountPath: /shared {{- if .Values.tokengenJob.extraVolumeMounts }} {{ toYaml .Values.tokengenJob.extraVolumeMounts | nindent 12 }} {{- end }} @@ -74,8 +86,30 @@ spec: {{- with .Values.tokengenJob.extraEnvFrom }} {{- toYaml . | nindent 12 }} {{- end }} - securityContext: - {{- toYaml .Values.tokengenJob.containerSecurityContext | nindent 12 }} + {{- if .Values.tokengenJob.storeTokenInSecret }} + containers: + - name: kubectl + image: {{ .Values.kubectlImage.repository }}:{{ .Values.kubectlImage.tag }} + imagePullPolicy: {{ .Values.kubectlImage.pullPolicy }} + command: + - "/bin/sh" + - "-c" + - | + if cat /shared/admin-token; then + echo "Admin token generated successfully and is readable" + # Create or update the secret with the admin token + kubectl create secret generic {{ .Values.tokengenJob.adminTokenSecret }} \ + --from-file=token=/shared/admin-token \ + --dry-run=client -o yaml | kubectl apply -f - + echo "Admin token secret created/updated successfully" + else + echo "Error: Admin token file not found or not readable at /shared/admin-token" + exit 1 + fi + volumeMounts: + - name: shared + mountPath: /shared + {{- end }} restartPolicy: OnFailure volumes: - name: config @@ -90,5 +124,6 @@ spec: secretName: {{ tpl .Values.license.secretName . }} - name: storage emptyDir: {} -{{- end -}} + - name: shared + emptyDir: {} {{- end -}} diff --git a/charts/tempo/templates/tokengen/tokengen-rbac.yaml b/charts/tempo/templates/tokengen/tokengen-rbac.yaml new file mode 100644 index 0000000000..8b1ff9b018 --- /dev/null +++ b/charts/tempo/templates/tokengen/tokengen-rbac.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.enterprise.enabled .Values.tokengenJob.enable -}} +{{ $dict := dict "ctx" . "component" "tokengen" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tempo.resourceName" $dict }} + labels: + {{- include "tempo.labels" $dict | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tempo.resourceName" $dict }} + labels: + {{- include "tempo.labels" $dict | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +subjects: +- kind: ServiceAccount + name: {{ include "tempo.resourceName" $dict }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tempo.resourceName" $dict }} +{{- end -}} diff --git a/charts/tempo/templates/tokengen/tokengen-serviceaccount.yaml b/charts/tempo/templates/tokengen/tokengen-serviceaccount.yaml new file mode 100644 index 0000000000..8b6d45c4f7 --- /dev/null +++ b/charts/tempo/templates/tokengen/tokengen-serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if and .Values.enterprise.enabled .Values.tokengenJob.enable -}} +{{ $dict := dict "ctx" . "component" "tokengen" }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tempo.resourceName" $dict }} + labels: + {{- include "tempo.labels" $dict | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/tempo/values.yaml b/charts/tempo/values.yaml old mode 100755 new mode 100644 index 31d32c1eff..5ae04dfd63 --- a/charts/tempo/values.yaml +++ b/charts/tempo/values.yaml @@ -19,6 +19,8 @@ global: # -- Common environment variables to add to all pods directly managed by this chart. # scope: admin-api, compactor, distributor, enterprise-federation-frontend, gateway, ingester, memcached, metrics-generator, querier, query-frontend, tokengen extraEnv: [] + # -- Global storage class to be used for persisted components + storageClass: null fullnameOverride: '' # fullnameOverride: tempo @@ -66,6 +68,8 @@ tempo: podLabels: {} # -- Common annotations for all pods podAnnotations: {} + # -- The number of old ReplicaSets to retain to allow rollback + revisionHistoryLimit: 10 # -- SecurityContext holds container-level security attributes and common container settings securityContext: runAsNonRoot: true @@ -85,7 +89,18 @@ tempo: memberlist: # -- Adds the appProtocol field to the memberlist service. This allows memberlist to work with istio protocol selection. Set the optional service protocol. Ex: "tcp", "http" or "https". appProtocol: null - + # -- Adds the service field to the memberlist service + service: + # -- Sets optional annotations to the service field of the memberlist service. + annotations: {} + service: + # -- Configure the IP families for all tempo services + # See the Service spec for details: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#servicespec-v1-core + ipFamilies: + - 'IPv4' + # - 'IPv6' + # -- Configure the IP family policy for all tempo services. SingleStack, PreferDualStack or RequireDualStack + ipFamilyPolicy: 'SingleStack' serviceAccount: # -- Specifies whether a ServiceAccount should be created create: true @@ -192,6 +207,7 @@ ingester: extraVolumeMounts: [] # -- Extra volumes for ingester deployment extraVolumes: [] + # -- Persistence configuration for ingester persistence: # -- Enable creating PVCs which is required when using boltdb-shipper enabled: false @@ -207,6 +223,20 @@ ingester: storageClass: null # -- Annotations for ingester's persist volume claim annotations: {} + # -- Labels for ingester's persist volume claim + labels: {} + + # -- updateStrategy of the ingester statefulset. This is ignored when ingester.zoneAwareReplication.enabled=true. + statefulStrategy: + rollingUpdate: + partition: 0 + persistentVolumeClaimRetentionPolicy: + # -- Enable Persistent volume retention policy for StatefulSet + enabled: false + # -- Volume retention behavior when the replica count of the StatefulSet is reduced + whenScaled: Retain + # -- Volume retention behavior that applies when the StatefulSet is deleted + whenDeleted: Retain config: # -- Number of copies of spans to store in the ingester ring replication_factor: 3 @@ -225,6 +255,10 @@ ingester: service: # -- Annotations for ingester service annotations: {} + # -- Type of the service: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: ClusterIP + # -- https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ + internalTrafficPolicy: Cluster # -- Adds the appProtocol field to the ingester service. This allows ingester to work with istio protocol selection. appProtocol: # -- Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" @@ -295,6 +329,7 @@ metricsGenerator: # - ip: 1.2.3.4 # hostnames: # - domain.tld + # -- Init containers for the metrics generator pod initContainers: [] image: # -- The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` @@ -350,6 +385,8 @@ metricsGenerator: topologyKey: topology.kubernetes.io/zone # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 + # -- Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating + minReadySeconds: 10 # -- Node selector for metrics-generator pods nodeSelector: {} # -- Tolerations for metrics-generator pods @@ -367,6 +404,8 @@ metricsGenerator: storageClass: null # -- Annotations for metrics generator PVCs annotations: {} + # -- Labels for metrics generator PVCs + labels: {} # -- The EmptyDir location where the /var/tempo will be mounted on. Defaults to local disk, can be set to memory. walEmptyDir: {} ## Here shows how to configure 1Gi memory as emptyDir. @@ -377,6 +416,13 @@ metricsGenerator: extraVolumeMounts: [] # -- Extra volumes for metrics-generator deployment extraVolumes: [] + persistentVolumeClaimRetentionPolicy: + # -- Enable Persistent volume retention policy for StatefulSet + enabled: false + # -- Volume retention behavior when the replica count of the StatefulSet is reduced + whenScaled: Retain + # -- Volume retention behavior that applies when the StatefulSet is deleted + whenDeleted: Retain # -- Default ports ports: - name: grpc @@ -395,10 +441,10 @@ metricsGenerator: external_labels: {} stale_duration: 15m processor: - # -- For processors to be enabled and generate metrics, pass the names of the processors to overrides.metrics_generator_processors value like [service-graphs, span-metrics] + # -- For processors to be enabled and generate metrics, pass the names of the processors to `overrides.defaults.metrics_generator.processors` value like `[service-graphs, span-metrics]`. service_graphs: - # -- Additional dimensions to add to the metrics. Dimensions are searched for in the - # -- resource and span attributes and are added to the metrics if present. + # -- Additional dimensions to add to the metrics along with the default dimensions. + # -- The resource and span attributes to be added to the service graph metrics, if present. dimensions: [] histogram_buckets: [0.1, 0.2, 0.4, 0.8, 1.6, 3.2, 6.4, 12.8] max_items: 10000 @@ -406,7 +452,7 @@ metricsGenerator: workers: 10 span_metrics: # -- Additional dimensions to add to the metrics along with the default dimensions. - # -- Dimensions are searched for in the resource and span attributes and are added to the metrics if present. + # -- The resource and span attributes to be added to the span metrics, if present. dimensions: [] histogram_buckets: [0.002, 0.004, 0.008, 0.016, 0.032, 0.064, 0.128, 0.256, 0.512, 1.02, 2.05, 4.10] storage: @@ -453,13 +499,13 @@ distributor: # -- Target memory utilisation percentage for the distributor targetMemoryUtilizationPercentage: image: - # -- The Docker registry for the ingester image. Overrides `tempo.image.registry` + # -- The Docker registry for the distributor image. Overrides `tempo.image.registry` registry: null # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` pullSecrets: [] - # -- Docker image repository for the ingester image. Overrides `tempo.image.repository` + # -- Docker image repository for the distributor image. Overrides `tempo.image.repository` repository: null - # -- Docker image tag for the ingester image. Overrides `tempo.image.tag` + # -- Docker image tag for the distributor image. Overrides `tempo.image.tag` tag: null service: # -- Annotations for distributor service @@ -474,6 +520,8 @@ distributor: loadBalancerSourceRanges: [] # -- If type is LoadBalancer you can set it to 'Local' [preserve the client source IP](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) externalTrafficPolicy: null + # -- https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ + internalTrafficPolicy: Cluster serviceDiscovery: # -- Annotations for distributorDiscovery service annotations: {} @@ -491,6 +539,10 @@ distributor: extraEnv: [] # -- Environment variables from secrets or configmaps to add to the distributor pods extraEnvFrom: [] + # -- Init containers to add to the distributor pods + initContainers: [] + # -- Containers to add to the distributor pod + extraContainers: [] # -- Resource requests and limits for the distributor resources: {} # -- Grace period to allow the distributor to shutdown before it is killed @@ -520,8 +572,15 @@ distributor: matchLabels: {{- include "tempo.selectorLabels" (dict "ctx" . "component" "distributor") | nindent 12 }} topologyKey: topology.kubernetes.io/zone + # Strategy of updating pods + strategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 + # -- Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating + minReadySeconds: 10 # -- Node selector for distributor pods nodeSelector: {} # -- Tolerations for distributor pods @@ -539,6 +598,10 @@ distributor: enabled: false include_all_attributes: false filter_by_status_error: false + log_discarded_spans: + enabled: false + include_all_attributes: false + filter_by_status_error: false # -- Disables write extension with inactive ingesters extend_writes: null # -- Adds the appProtocol field to the distributor service. This allows distributor to work with istio protocol selection. @@ -606,18 +669,40 @@ compactor: podLabels: {} # -- Annotations for compactor pods podAnnotations: {} + # -- Affinity for compactor pods. Passed through `tpl` and, thus, to be configured as string + # @default -- Hard node and soft zone anti-affinity + affinity: | + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + {{- include "tempo.selectorLabels" (dict "ctx" . "component" "compactor") | nindent 10 }} + topologyKey: kubernetes.io/hostname + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + {{- include "tempo.selectorLabels" (dict "ctx" . "component" "compactor") | nindent 12 }} + topologyKey: topology.kubernetes.io/zone # -- Additional CLI args for the compactor extraArgs: [] # -- Environment variables to add to the compactor pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to the compactor pods extraEnvFrom: [] + # -- Init containers to add to the compactor pod + initContainers: [] + # -- Containers to add to the compactor pod + extraContainers: [] # -- Resource requests and limits for the compactor resources: {} # -- Grace period to allow the compactor to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 + # -- Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating + minReadySeconds: 10 # -- Node selector for compactor pods nodeSelector: {} # -- Tolerations for compactor pods @@ -734,10 +819,17 @@ querier: topologyKey: topology.kubernetes.io/zone # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 + # -- Max Surge for querier pods + maxSurge: 0 + rollingUpdate: + # -- Maximum number of Pods that can be unavailable during the update process + maxUnavailable: 1 # -- Node selector for querier pods nodeSelector: {} # -- Tolerations for querier pods tolerations: [] + # -- Init containers for the querier pod + initContainers: [] # -- Extra volumes for querier pods extraVolumeMounts: [] # -- Extra volumes for querier deployment @@ -752,20 +844,6 @@ querier: search: # -- Timeout for search requests query_timeout: 30s - # -- If search_external_endpoints is set then the querier will primarily act as a proxy for whatever serverless backend you have configured. This setting allows the operator to have the querier prefer itself for a configurable number of subqueries. - prefer_self: 10 - # -- If set to a non-zero value a second request will be issued at the provided duration. Recommended to be set to p99 of external search requests to reduce long tail latency. - external_hedge_requests_at: 8s - # -- The maximum number of requests to execute when hedging. Requires hedge_requests_at to be set. - external_hedge_requests_up_to: 2 - # -- A list of external endpoints that the querier will use to offload backend search requests - external_endpoints: [] - # -- The serverless backend to use. The default value of "" omits - # -- credentials when querying the external backend. - external_backend: "" - # -- Google Cloud Run configuration. Will be used only if the value of - # -- external_backend is "google_cloud_run". - google_cloud_run: {} # -- This value controls the overall number of simultaneous subqueries that the querier will service at once. It does not distinguish between the types of queries. max_concurrent_queries: 20 @@ -783,13 +861,13 @@ queryFrontend: # -- Required for grafana version <7.5 for compatibility with jaeger-ui. Doesn't work on ARM arch enabled: false image: - # -- The Docker registry for the query-frontend image. Overrides `tempo.image.registry` + # -- The Docker registry for the tempo-query image. Overrides `tempo.image.registry` registry: null # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` pullSecrets: [] - # -- Docker image repository for the query-frontend image. Overrides `tempo.image.repository` + # -- Docker image repository for the tempo-query image. Overrides `tempo.image.repository` repository: grafana/tempo-query - # -- Docker image tag for the query-frontend image. Overrides `tempo.image.tag` + # -- Docker image tag for the tempo-query image. Overrides `tempo.image.tag` tag: null # -- Resource requests and limits for the query resources: {} @@ -822,10 +900,33 @@ queryFrontend: concurrent_jobs: 1000 # -- The target number of bytes for each job to handle when performing a backend search target_bytes_per_job: 104857600 + # -- The maximum allowed value of spans per span set. 0 disables this limit. + max_spans_per_span_set: 100 # -- Trace by ID lookup configuration trace_by_id: # -- The number of shards to split a trace by id query into. query_shards: 50 + metrics: + # -- The number of concurrent jobs to execute when querying the backend. + concurrent_jobs: 1000 + # -- The target number of bytes for each job to handle when querying the backend. + target_bytes_per_job: 104857600 + # -- The maximum allowed time range for a metrics query. + # 0 disables this limit. + max_duration: 3h + # -- query_backend_after controls where the query-frontend searches for traces. + # Time ranges older than query_backend_after will be searched in the backend/object storage only. + # Time ranges between query_backend_after and now will be queried from the metrics-generators. + query_backend_after: 30m + # -- The target length of time for each job to handle when querying the backend. + interval: 5m + # -- If set to a non-zero value, it's value will be used to decide if query is within SLO or not. + # Query is within SLO if it returned 200 within duration_slo seconds OR processed throughput_slo bytes/s data. + # NOTE: `duration_slo` and `throughput_bytes_slo` both must be configured for it to work + duration_slo: 0s + # -- If set to a non-zero value, it's value will be used to decide if query is within SLO or not. + # Query is within SLO if it returned 200 within duration_slo seconds OR processed throughput_slo bytes/s data. + throughput_bytes_slo: 0 autoscaling: # -- Enable autoscaling for the query-frontend enabled: false @@ -928,10 +1029,14 @@ queryFrontend: topologyKey: topology.kubernetes.io/zone # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 + # -- Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating + minReadySeconds: 10 # -- Node selector for query-frontend pods nodeSelector: {} # -- Tolerations for query-frontend pods tolerations: [] + # -- Init containers for the query-frontend pod + initContainers: [] # -- Extra volumes for query-frontend pods extraVolumeMounts: [] # -- Extra volumes for query-frontend deployment @@ -953,7 +1058,7 @@ enterpriseFederationFrontend: # - ip: 1.2.3.4 # hostnames: # - domain.tld - # proxy_targets: + proxy_targets: [] # - name: own-data-center # url: http://get/tempo # - name: grafana-cloud @@ -961,7 +1066,6 @@ enterpriseFederationFrontend: # basic_auth: # username: # password: - proxy_targets: [] autoscaling: # -- Enable autoscaling for the federation-frontend enabled: false @@ -1115,6 +1219,7 @@ traces: # -- Memberlist configuration. Please refer to https://grafana.com/docs/tempo/latest/configuration/#memberlist memberlist: node_name: "" + cluster_label: "{{ .Release.Name }}.{{ .Release.Namespace }}" randomize_node_name: true stream_timeout: "10s" retransmit_factor: 2 @@ -1305,6 +1410,12 @@ config: | kafka: {{- toYaml .Values.traces.kafka | nindent 6 }} {{- end }} + {{- if .Values.distributor.config.log_discarded_spans.enabled }} + log_discarded_spans: + enabled: {{ .Values.distributor.config.log_discarded_spans.enabled }} + include_all_attributes: {{ .Values.distributor.config.log_discarded_spans.include_all_attributes }} + filter_by_status_error: {{ .Values.distributor.config.log_discarded_spans.filter_by_status_error }} + {{- end }} {{- if or .Values.distributor.config.log_received_traces .Values.distributor.config.log_received_spans.enabled }} log_received_spans: enabled: {{ or .Values.distributor.config.log_received_traces .Values.distributor.config.log_received_spans.enabled }} @@ -1324,16 +1435,7 @@ config: | trace_by_id: query_timeout: {{ .Values.querier.config.trace_by_id.query_timeout }} search: - external_endpoints: {{- toYaml .Values.querier.config.search.external_endpoints | nindent 6 }} query_timeout: {{ .Values.querier.config.search.query_timeout }} - prefer_self: {{ .Values.querier.config.search.prefer_self }} - external_hedge_requests_at: {{ .Values.querier.config.search.external_hedge_requests_at }} - external_hedge_requests_up_to: {{ .Values.querier.config.search.external_hedge_requests_up_to }} - external_backend: {{ .Values.querier.config.search.external_backend }} - {{- if .Values.querier.config.search.google_cloud_run }} - google_cloud_run: - {{- toYaml .Values.querier.config.search.google_cloud_run | nindent 6 }} - {{- end }} max_concurrent_queries: {{ .Values.querier.config.max_concurrent_queries }} query_frontend: max_outstanding_per_tenant: {{ .Values.queryFrontend.config.max_outstanding_per_tenant }} @@ -1343,7 +1445,14 @@ config: | concurrent_jobs: {{ .Values.queryFrontend.config.search.concurrent_jobs }} trace_by_id: query_shards: {{ .Values.queryFrontend.config.trace_by_id.query_shards }} - + metrics: + concurrent_jobs: {{ .Values.queryFrontend.config.metrics.concurrent_jobs }} + target_bytes_per_job: {{ .Values.queryFrontend.config.metrics.target_bytes_per_job }} + max_duration: {{ .Values.queryFrontend.config.metrics.max_duration }} + query_backend_after: {{ .Values.queryFrontend.config.metrics.query_backend_after }} + interval: {{ .Values.queryFrontend.config.metrics.interval }} + duration_slo: {{ .Values.queryFrontend.config.metrics.duration_slo }} + throughput_bytes_slo: {{ .Values.queryFrontend.config.metrics.throughput_bytes_slo }} ingester: lifecycler: ring: @@ -1379,7 +1488,7 @@ config: | join_members: - dns+{{ include "tempo.fullname" . }}-gossip-ring:{{ .Values.memberlist.bind_port }} overrides: - {{- toYaml .Values.global_overrides | nindent 2 }} + {{- toYaml .Values.overrides | nindent 2 }} server: http_listen_port: {{ .Values.server.httpListenPort }} log_level: {{ .Values.server.logLevel }} @@ -1421,13 +1530,31 @@ config: | path: /var/tempo/traces wal: path: /var/tempo/wal + search: + {{- toYaml .Values.storage.trace.search | nindent 6}} + + {{- if .Values.storage.trace.blocklist_poll }} + blocklist_poll: {{ .Values.storage.trace.blocklist_poll }} + {{- end }} + {{- if .Values.storage.trace.blocklist_poll_concurrency }} + blocklist_poll_concurrency: {{ .Values.storage.trace.blocklist_poll_concurrency }} + {{- end }} + {{- if .Values.storage.trace.blocklist_poll_fallback }} + blocklist_poll_fallback: {{ .Values.storage.trace.blocklist_poll_fallback }} + {{- end }} + {{- if .Values.storage.trace.blocklist_poll_tenant_index_builders }} + blocklist_poll_tenant_index_builders: {{ .Values.storage.trace.blocklist_poll_tenant_index_builders }} + {{- end }} + {{- if .Values.storage.trace.blocklist_poll_stale_tenant_index }} + blocklist_poll_stale_tenant_index: {{ .Values.storage.trace.blocklist_poll_stale_tenant_index }} + {{- end }} # Set Tempo server configuration # Refers to https://grafana.com/docs/tempo/latest/configuration/#server server: # -- HTTP server listen host httpListenPort: 3100 - # -- Log level. Can be set to trace, debug, info (default), warn, error, fatal, panic + # -- Log level. Can be set to debug, info (default), warn, error logLevel: info # -- Log format. Can be set to logfmt (default) or json. logFormat: logfmt @@ -1473,23 +1600,46 @@ storage: dedicated_columns: [] # -- The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/tempo/latest/configuration/#storage backend: local - # The worker pool is used primarily when finding traces by id, but is also used by other. + # The worker pool is used primarily when finding traces by id, but is also used by others. pool: # -- Total number of workers pulling jobs from the queue max_workers: 400 # -- Length of job queue. imporatant for querier as it queues a job for every block it has to search queue_depth: 20000 + # The supported search are specified here https://grafana.com/docs/tempo/latest/configuration/#search-config + search: + # -- Number of traces to prefetch while scanning blocks. Increasing this value can improve trace search performance at the cost of memory. + prefetch_trace_count: 1000 + # -- How often to repoll the backend for new blocks + blocklist_poll: 5m + # -- Number of blocks to process in parallel during polling. + blocklist_poll_concurrency: null + # -- By default components will pull the blocklist from the tenant index. If that fails the component can + # -- fallback to scanning the entire bucket. Set to false to disable this behavior. + blocklist_poll_fallback: null + # -- Maximum number of compactors that should build the tenant index. All other components will download the index. + blocklist_poll_tenant_index_builders: null + # -- The oldest allowable tenant index. + blocklist_poll_stale_tenant_index: null # Settings for the Admin client storage backend and buckets. Only valid is enterprise.enabled is true. admin: # -- The supported storage backends are gcs, s3 and azure, as specified in https://grafana.com/docs/enterprise-traces/latest/configure/reference/#admin_client_config backend: filesystem -# Global overrides -global_overrides: +# -- The standard overrides configuration section. This can include a `defaults` object for applying to all tenants (not to be confused with the `global` property of the same name, which overrides `max_byte_per_trace` for all tenants). For an example on how to enable the metrics generator using the `overrides` object, see the 'Activate metrics generator' section below. Refer to [Standard overrides](https://grafana.com/docs/tempo/latest/configuration/#standard-overrides) for more details. +overrides: + # -- default config values for all tenants, can be overridden by per-tenant overrides. If a tenant's specific overrides are not found in the `per_tenant_overrides` block, the values in this `default` block will be used. Configs inside this block should follow the new overrides indentation format + defaults: {} + # -- Path to the per tenant override config file. The values of the `per_tenant_overrides` config below will be written to the default path which is `/runtime-config/overrides.yaml`. Users can set tenant-specific overrides settings in a separate file and point per_tenant_override_config to it if not using the per_tenant_overrides block below. per_tenant_override_config: /runtime-config/overrides.yaml -# Per tenants overrides -overrides: {} +# -- The `per tenant` runtime overrides in place of the `per_tenant_override_config` file for Tempo (see `overrides` and the `per_tenant_override_config` property). This allows overriding the configs like `ingestion` and `global` values on a per-tenant basis. Note that *all* values must be given for each per-tenant configuration block. Refer to [Runtime overrides](https://grafana.com/docs/tempo/latest/configuration/#runtime-overrides) documentation for more details. +per_tenant_overrides: + # 'tenant-id': + # metrics_generator: + # processors: + # - service-graphs + # - span-metrics # memcached is for all of the Tempo pieces to coordinate with each other. # you can use your self memcacherd by set enable: false and host + service @@ -1504,7 +1654,7 @@ memcached: # -- Memcached Docker image repository repository: memcached # -- Memcached Docker image tag - tag: 1.6.29-alpine + tag: 1.6.33-alpine # -- Memcached Docker image pull policy pullPolicy: IfNotPresent host: memcached @@ -1512,6 +1662,8 @@ memcached: replicas: 1 # -- Additional CLI args for memcached extraArgs: [] + # -- Toleration for memcached pods + tolerations: [] # -- Environment variables to add to memcached pods extraEnv: [] # -- Environment variables from secrets or configmaps to add to memcached pods @@ -1523,7 +1675,7 @@ memcached: # -- Resource requests and limits for memcached resources: {} # -- topologySpread for memcached pods. Passed through `tpl` and, thus, to be configured as string - # @default -- Defaults to allow skew no more then 1 node per AZ + # @default -- Defaults to allow skew no more than 1 node per AZ topologySpreadConstraints: | - maxSkew: 1 topologyKey: topology.kubernetes.io/zone @@ -1549,10 +1701,15 @@ memcached: topologyKey: topology.kubernetes.io/zone # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 + # -- Init containers for the memcached pod + initContainers: [] + # -- Extra volumes for memcached pods + extraVolumeMounts: [] + # -- Extra volumes for memcached statefulSet + extraVolumes: [] service: # -- Annotations for memcached service annotations: {} - memcachedExporter: # -- Specifies whether the Memcached Exporter should be enabled enabled: false @@ -1574,7 +1731,8 @@ memcachedExporter: pullPolicy: IfNotPresent # -- Memcached Exporter resource requests and limits resources: {} - + # -- Additional CLI args for the memcached exporter + extraArgs: [] metaMonitoring: # ServiceMonitor configuration serviceMonitor: @@ -1771,6 +1929,8 @@ gateway: priorityClassName: null # -- Labels for gateway pods podLabels: {} + # -- Annotations for gateway deployment + annotations: {} # -- Annotations for gateway pods podAnnotations: {} # -- Additional CLI args for the gateway @@ -1788,7 +1948,7 @@ gateway: # -- Grace period to allow the gateway to shutdown before it is killed terminationGracePeriodSeconds: 30 # -- topologySpread for gateway pods. Passed through `tpl` and, thus, to be configured as string - # @default -- Defaults to allow skew no more then 1 node per AZ + # @default -- Defaults to allow skew no more than 1 node per AZ topologySpreadConstraints: | - maxSkew: 1 topologyKey: topology.kubernetes.io/zone @@ -1814,6 +1974,8 @@ gateway: topologyKey: topology.kubernetes.io/zone # -- Pod Disruption Budget maxUnavailable maxUnavailable: 1 + # -- Minimum number of seconds for which a newly created Pod should be ready without any of its containers crashing/terminating + minReadySeconds: 10 # -- Node selector for gateway pods nodeSelector: {} # -- Tolerations for gateway pods @@ -1828,13 +1990,13 @@ gateway: clusterIP: null # -- Node port if service type is NodePort nodePort: null - # -- Load balancer IPO address if service type is LoadBalancer + # -- Load balancer IP address if service type is LoadBalancer loadBalancerIP: null # -- Annotations for the gateway service annotations: {} # -- Labels for gateway service labels: {} - # -- Additional ports to be opneed on gateway service (e.g. for RPC connections) + # -- Additional ports to be opened on gateway service (e.g. for RPC connections) additionalPorts: [] # Gateway ingress configuration ingress: @@ -2016,10 +2178,10 @@ enterprise: enabled: false image: - # -- Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' + # -- Grafana Enterprise Traces container image repository. Note: for Grafana Tempo use the value 'image.repository' repository: grafana/enterprise-traces - # -- Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' - tag: v2.4.0 + # -- Grafana Enterprise Traces container image tag. Note: for Grafana Tempo use the value 'image.tag' + tag: v2.6.1 # Note: pullPolicy and optional pullSecrets are set in toplevel 'image' section, not here # In order to use Grafana Enterprise Traces features, you will need to provide the contents of your Grafana Enterprise Traces @@ -2044,6 +2206,9 @@ tokengenJob: env: [] extraEnvFrom: [] annotations: {} + storeTokenInSecret: false + # -- Name of the secret to store the admin token. If not specified, defaults to "-admin-token" + adminTokenSecret: "admin-token" image: # -- The Docker registry for the tokengenJob image. Overrides `tempo.image.registry` registry: null @@ -2058,6 +2223,67 @@ tokengenJob: containerSecurityContext: readOnlyRootFilesystem: true +provisioner: + # -- Whether the job should be part of the deployment + enabled: false + # -- Name of the secret to store provisioned tokens in + provisionedSecretPrefix: null + # -- Hook type(s) to customize when the job runs. defaults to post-install + hookType: "post-install" + # -- URL for the admin API service. Must be set to a valid URL. + # Example: "http://tempo-admin-api.namespace.svc:3100" + apiUrl: "" + # -- Additional tenants to be created. Each tenant will get a read and write policy + # and associated token. Tenant must have a name and a namespace for the secret containting + # the token to be created in. For example + # additionalTenants: + # - name: tempo + # secretNamespace: grafana + additionalTenants: [] + # -- Additional arguments for the provisioner command + extraArgs: {} + # -- Additional Kubernetes environment + env: [] + # -- Additional labels for the `provisioner` Job + labels: {} + # -- Additional annotations for the `provisioner` Job + annotations: {} + # -- Affinity for tokengen Pods + affinity: {} + # -- Node selector for tokengen Pods + nodeSelector: {} + # -- Tolerations for tokengen Pods + tolerations: [] + # -- The name of the PriorityClass for provisioner Job + priorityClassName: null + # -- Run containers as nonroot user (uid=10001)` + securityContext: + runAsNonRoot: true + runAsGroup: 10001 + runAsUser: 10001 + # -- Provisioner image to Utilize + image: + # -- The Docker registry + registry: us-docker.pkg.dev + # -- Docker image repository + repository: grafanalabs-global/docker-enterprise-provisioner-prod/enterprise-provisioner + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent + # -- Volume mounts to add to the provisioner pods + extraVolumeMounts: [] + # -- Volumes to add to the provisioner pods + extraVolumes: [] + + +kubectlImage: + repository: bitnami/kubectl + tag: latest + pullPolicy: IfNotPresent + # Settings for the admin_api service providing authentication and authorization service. # Can only be enabled if enterprise.enabled is true - requires license. adminApi: @@ -2096,7 +2322,7 @@ adminApi: nodeSelector: {} # -- topologySpread for admin-api pods. Passed through `tpl` and, thus, to be configured as string - # @default -- Defaults to allow skew no more then 1 node per AZ + # @default -- Defaults to allow skew no more than 1 node per AZ topologySpreadConstraints: | - maxSkew: 1 topologyKey: topology.kubernetes.io/zone @@ -2188,7 +2414,7 @@ enterpriseGateway: type: ClusterIP # -- ClusterIP of the enterprise gateway service clusterIP: null - # -- Load balancer IPO address if service type is LoadBalancer for enterprise gateway service + # -- Load balancer IP address if service type is LoadBalancer for enterprise gateway service loadBalancerIP: null # -- Annotations for the enterprise gateway service annotations: {} @@ -2209,7 +2435,7 @@ enterpriseGateway: nodeSelector: {} # -- topologySpread for enterprise-gateway pods. Passed through `tpl` and, thus, to be configured as string - # @default -- Defaults to allow skew no more then 1 node per AZ + # @default -- Defaults to allow skew no more than 1 node per AZ topologySpreadConstraints: | - maxSkew: 1 topologyKey: topology.kubernetes.io/zone @@ -2238,7 +2464,7 @@ enterpriseGateway: securityContext: {} - # -- The SecurityContext for gateway containers + # -- The SecurityContext for enterprise-gateway containers containerSecurityContext: readOnlyRootFilesystem: true @@ -2271,20 +2497,20 @@ enterpriseGateway: # Ingress configuration ingress: - # -- Specifies whether an ingress for the gateway should be created + # -- Specifies whether an ingress for the enterprise-gateway should be created enabled: false # -- Ingress Class Name. MAY be required for Kubernetes versions >= 1.18 # ingressClassName: gateway - # -- Annotations for the gateway ingress + # -- Annotations for the enterprise-gateway ingress annotations: {} - # -- Hosts configuration for the gateway ingress + # -- Hosts configuration for the enterprise-gateway ingress hosts: - host: gateway.gem.example.com paths: - path: / # -- pathType (e.g. ImplementationSpecific, Prefix, .. etc.) might also be required by some Ingress Controllers # pathType: Prefix - # -- TLS configuration for the gateway ingress + # -- TLS configuration for the enterprise-gateway ingress tls: - secretName: gem-gateway-tls hosts: