diff options
Diffstat (limited to 'vnfs/DAaaS/prometheus-operator/templates/prometheus')
19 files changed, 580 insertions, 0 deletions
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml new file mode 100644 index 00000000..1c54f40b --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-relabel-confg + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus-am-relabel-confg +{{ include "prometheus-operator.labels" . | indent 4 }} +data: + additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }} +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml new file mode 100644 index 00000000..4475e7bd --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-confg + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus-am-confg +{{ include "prometheus-operator.labels" . | indent 4 }} +data: + additional-alertmanager-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs | b64enc | quote }} +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml new file mode 100644 index 00000000..9d6bb616 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-scrape-confg + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus-scrape-confg +{{ include "prometheus-operator.labels" . | indent 4 }} +data: + additional-scrape-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs | b64enc | quote }} +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml new file mode 100644 index 00000000..799027d9 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - list + - watch +# This permission are not in the prometheus-operator repo +# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml +- apiGroups: [""] + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - extensions + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml new file mode 100644 index 00000000..b0c0e9e1 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "prometheus-operator.fullname" . }}-prometheus +subjects: + - kind: ServiceAccount + name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} + diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml new file mode 100644 index 00000000..e013e960 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }} +{{- $routePrefix := .Values.prometheus.prometheusSpec.routePrefix }} +{{- $serviceName := printf "%s-%s" (include "prometheus-operator.fullname" .) "prometheus" }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: +{{- if .Values.prometheus.ingress.annotations }} + annotations: +{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }} +{{- end }} + name: {{ $serviceName }} + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +{{- if .Values.prometheus.ingress.labels }} +{{ toYaml .Values.prometheus.ingress.labels | indent 4 }} +{{- end }} +spec: + rules: + {{- range $host := .Values.prometheus.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: "{{ $routePrefix }}" + backend: + serviceName: {{ $serviceName }} + servicePort: 9090 + {{- end }} +{{- if .Values.prometheus.ingress.tls }} + tls: +{{ toYaml .Values.prometheus.ingress.tls | indent 4 }} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml new file mode 100644 index 00000000..a51cda5d --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +spec: + {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: prometheus + prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml new file mode 100644 index 00000000..509142e2 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml @@ -0,0 +1,173 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} +kind: Prometheus +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +spec: + alerting: + alertmanagers: +{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }} +{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }} +{{- else }} + - namespace: {{ .Release.Namespace }} + name: {{ template "prometheus-operator.fullname" . }}-alertmanager + port: web + {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} + pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" + {{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.image }} + baseImage: {{ .Values.prometheus.prometheusSpec.image.repository }} + version: {{ .Values.prometheus.prometheusSpec.image.tag }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalLabels }} + externalLabels: +{{ toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4}} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalUrl }} + externalUrl: "{{ .Values.prometheus.prometheusSpec.externalUrl }}" +{{- else if .Values.prometheus.ingress.enabled }} + externalUrl: "http://{{ index .Values.prometheus.ingress.hosts 0 }}{{ .Values.prometheus.prometheusSpec.routePrefix }}" +{{- else }} + externalUrl: http://{{ template "prometheus-operator.fullname" . }}-prometheus.{{ .Release.Namespace }}:9090 +{{- end }} +{{- if .Values.prometheus.prometheusSpec.nodeSelector }} + nodeSelector: +{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.prometheus.prometheusSpec.paused }} + replicas: {{ .Values.prometheus.prometheusSpec.replicas }} + logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }} + listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }} +{{- if .Values.prometheus.prometheusSpec.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.resources }} + resources: +{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }} +{{- end }} + retention: {{ .Values.prometheus.prometheusSpec.retention | quote }} +{{- if .Values.prometheus.prometheusSpec.routePrefix }} + routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.secrets }} + secrets: +{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.configMaps }} + configMaps: +{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }} +{{- end }} + serviceAccountName: {{ template "prometheus-operator.prometheus.serviceAccountName" . }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }} + serviceMonitorSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }} + serviceMonitorSelector: + matchLabels: + release: {{ .Release.Name | quote }} +{{ else }} + serviceMonitorSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }} +{{ else }} + serviceMonitorNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.remoteRead }} + remoteRead: +{{ toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.remoteWrite }} + remoteWrite: +{{ toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }} +{{- end }} + +{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }} + ruleNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ruleSelector }} + ruleSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}} +{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }} + ruleSelector: + matchLabels: + app: {{ template "prometheus-operator.name" . }} + release: {{ .Release.Name | quote }} + {{- end }} +{{- if .Values.prometheus.prometheusSpec.storageSpec }} + storage: +{{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }} +{{- end }} + {{- if .Values.prometheus.prometheusSpec.podMetadata }} + podMetadata: +{{ toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4 }} + {{- end }} +{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app: prometheus + prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus +{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app: prometheus + prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus +{{- end }} +{{- if .Values.prometheus.prometheusSpec.tolerations }} + tolerations: +{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if or .Values.prometheus.prometheusSpec.additionalScrapeConfigs .Values.prometheus.prometheusSpec.additionalScrapeConfigsExternal }} + additionalScrapeConfigs: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-scrape-confg + key: additional-scrape-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} + additionalAlertManagerConfigs: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-confg + key: additional-alertmanager-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} + additionalAlertRelabelConfigs: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-relabel-confg + key: additional-alert-relabel-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.containers }} + containers: +{{ toYaml .Values.prometheus.prometheusSpec.containers | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.priorityClassName }} + priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.thanos }} + thanos: +{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }} +{{- end }} +{{- end }} diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml new file mode 100644 index 00000000..a2ab02db --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus-operator.fullname" . }}-prometheus +{{- end }} diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml new file mode 100644 index 00000000..08faa722 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp +subjects: + - kind: ServiceAccount + name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} + diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml new file mode 100644 index 00000000..40d33462 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml new file mode 100644 index 00000000..eef28dad --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-config + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +{{- end}}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml new file mode 100644 index 00000000..9fe3f20e --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.prometheus.rbac.roleNamespaces }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleList +items: +{{- range uniq (append .Values.prometheus.rbac.roleNamespaces .Release.Namespace) }} +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: {{ template "prometheus-operator.fullname" $ }}-prometheus + labels: + app: {{ template "prometheus-operator.name" $ }}-prometheus +{{ include "prometheus-operator.labels" $ | indent 6 }} + namespace: {{ . | quote }} + rules: + - apiGroups: + - "" + resources: + - nodes + - services + - endpoints + - pods + verbs: + - get + - list + - watch +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml new file mode 100644 index 00000000..89fb9ce7 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus-config + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "prometheus-operator.fullname" . }}-prometheus +subjects: +- kind: ServiceAccount + name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml new file mode 100644 index 00000000..64161876 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBindingList +items: +{{- range uniq (append .Values.prometheus.rbac.roleNamespaces .Release.Namespace) }} +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: {{ template "prometheus-operator.fullname" $ }}-prometheus + labels: + app: {{ template "prometheus-operator.name" $ }}-prometheus +{{ include "prometheus-operator.labels" $ | indent 6 }} + namespace: {{ . | quote }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "prometheus-operator.fullname" $ }}-prometheus + subjects: + - kind: ServiceAccount + name: {{ template "prometheus-operator.prometheus.serviceAccountName" $ }} + namespace: {{ $.Release.Namespace }} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml new file mode 100644 index 00000000..831a8814 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml @@ -0,0 +1,44 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +{{- if .Values.prometheus.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.prometheus.service.clusterIP }} + clusterIP: {{ .Values.prometheus.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: web + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.service.nodePort }} + {{- end }} + port: 9090 + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.service.nodePort }} + {{- end }} + targetPort: web + selector: + app: prometheus + prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus + type: "{{ .Values.prometheus.service.type }}" +{{- end }} diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml new file mode 100644 index 00000000..88df10ad --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }} + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml new file mode 100644 index 00000000..36790450 --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }} +apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} +kind: ServiceMonitor +metadata: + name: {{ template "prometheus-operator.fullname" . }}-prometheus + labels: + app: {{ template "prometheus-operator.name" . }}-prometheus +{{ include "prometheus-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-operator.name" . }}-prometheus + release: {{ .Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + endpoints: + - port: web + interval: 30s + path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics" +{{- end }} diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml new file mode 100644 index 00000000..61f3ca3c --- /dev/null +++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }} +apiVersion: v1 +kind: List +items: +{{- range .Values.prometheus.additionalServiceMonitors }} + - apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} + kind: ServiceMonitor + metadata: + name: {{ .name }} + labels: + app: {{ template "prometheus-operator.name" $ }}-prometheus +{{ include "prometheus-operator.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + endpoints: +{{ toYaml .endpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} + {{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} +{{- end }} +{{- end }} |