summaryrefslogtreecommitdiffstats
path: root/vnfs/DAaaS/prometheus-operator/templates/prometheus
diff options
context:
space:
mode:
Diffstat (limited to 'vnfs/DAaaS/prometheus-operator/templates/prometheus')
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml11
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml11
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml11
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml35
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml18
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml33
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml20
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml173
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml15
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml18
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml47
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml16
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml27
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml17
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml23
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml44
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml11
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml21
-rw-r--r--vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml29
19 files changed, 580 insertions, 0 deletions
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml
new file mode 100644
index 00000000..1c54f40b
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertRelabelConfigs.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-relabel-confg
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus-am-relabel-confg
+{{ include "prometheus-operator.labels" . | indent 4 }}
+data:
+ additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }}
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml
new file mode 100644
index 00000000..4475e7bd
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalAlertmanagerConfigs.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-confg
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus-am-confg
+{{ include "prometheus-operator.labels" . | indent 4 }}
+data:
+ additional-alertmanager-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs | b64enc | quote }}
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml
new file mode 100644
index 00000000..9d6bb616
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/additionalScrapeConfigs.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-scrape-confg
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus-scrape-confg
+{{ include "prometheus-operator.labels" . | indent 4 }}
+data:
+ additional-scrape-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs | b64enc | quote }}
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
new file mode 100644
index 00000000..799027d9
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrole.yaml
@@ -0,0 +1,35 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes/metrics
+ verbs:
+ - get
+ - list
+ - watch
+# This permission are not in the prometheus-operator repo
+# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
+- apiGroups: [""]
+ resources:
+ - nodes
+ - nodes/proxy
+ - services
+ - endpoints
+ - pods
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+ verbs: ["get"]
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml
new file mode 100644
index 00000000..b0c0e9e1
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
+
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml
new file mode 100644
index 00000000..e013e960
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/ingress.yaml
@@ -0,0 +1,33 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }}
+{{- $routePrefix := .Values.prometheus.prometheusSpec.routePrefix }}
+{{- $serviceName := printf "%s-%s" (include "prometheus-operator.fullname" .) "prometheus" }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+{{- if .Values.prometheus.ingress.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }}
+{{- end }}
+ name: {{ $serviceName }}
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+{{- if .Values.prometheus.ingress.labels }}
+{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
+{{- end }}
+spec:
+ rules:
+ {{- range $host := .Values.prometheus.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: "{{ $routePrefix }}"
+ backend:
+ serviceName: {{ $serviceName }}
+ servicePort: 9090
+ {{- end }}
+{{- if .Values.prometheus.ingress.tls }}
+ tls:
+{{ toYaml .Values.prometheus.ingress.tls | indent 4 }}
+{{- end }}
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml
new file mode 100644
index 00000000..a51cda5d
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/podDisruptionBudget.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+ {{- if .Values.prometheus.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: prometheus
+ prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml
new file mode 100644
index 00000000..509142e2
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/prometheus.yaml
@@ -0,0 +1,173 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }}
+kind: Prometheus
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+ alerting:
+ alertmanagers:
+{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }}
+{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }}
+{{- else }}
+ - namespace: {{ .Release.Namespace }}
+ name: {{ template "prometheus-operator.fullname" . }}-alertmanager
+ port: web
+ {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
+ pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
+ {{- end }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.image }}
+ baseImage: {{ .Values.prometheus.prometheusSpec.image.repository }}
+ version: {{ .Values.prometheus.prometheusSpec.image.tag }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.externalLabels }}
+ externalLabels:
+{{ toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4}}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.externalUrl }}
+ externalUrl: "{{ .Values.prometheus.prometheusSpec.externalUrl }}"
+{{- else if .Values.prometheus.ingress.enabled }}
+ externalUrl: "http://{{ index .Values.prometheus.ingress.hosts 0 }}{{ .Values.prometheus.prometheusSpec.routePrefix }}"
+{{- else }}
+ externalUrl: http://{{ template "prometheus-operator.fullname" . }}-prometheus.{{ .Release.Namespace }}:9090
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }}
+{{- end }}
+ paused: {{ .Values.prometheus.prometheusSpec.paused }}
+ replicas: {{ .Values.prometheus.prometheusSpec.replicas }}
+ logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }}
+ listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }}
+{{- if .Values.prometheus.prometheusSpec.scrapeInterval }}
+ scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.evaluationInterval }}
+ evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.resources }}
+ resources:
+{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }}
+{{- end }}
+ retention: {{ .Values.prometheus.prometheusSpec.retention | quote }}
+{{- if .Values.prometheus.prometheusSpec.routePrefix }}
+ routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.secrets }}
+ secrets:
+{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.configMaps }}
+ configMaps:
+{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }}
+{{- end }}
+ serviceAccountName: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }}
+ serviceMonitorSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }}
+{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }}
+ serviceMonitorSelector:
+ matchLabels:
+ release: {{ .Release.Name | quote }}
+{{ else }}
+ serviceMonitorSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }}
+ serviceMonitorNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }}
+{{ else }}
+ serviceMonitorNamespaceSelector: {}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.remoteRead }}
+ remoteRead:
+{{ toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.remoteWrite }}
+ remoteWrite:
+{{ toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.securityContext }}
+ securityContext:
+{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }}
+{{- end }}
+
+{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }}
+ ruleNamespaceSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.ruleSelector }}
+ ruleSelector:
+{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}}
+{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }}
+ ruleSelector:
+ matchLabels:
+ app: {{ template "prometheus-operator.name" . }}
+ release: {{ .Release.Name | quote }}
+ {{- end }}
+{{- if .Values.prometheus.prometheusSpec.storageSpec }}
+ storage:
+{{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }}
+{{- end }}
+ {{- if .Values.prometheus.prometheusSpec.podMetadata }}
+ podMetadata:
+{{ toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4 }}
+ {{- end }}
+{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ app: prometheus
+ prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ app: prometheus
+ prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.tolerations }}
+ tolerations:
+{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }}
+{{- end }}
+{{- if .Values.global.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 4 }}
+{{- end }}
+{{- if or .Values.prometheus.prometheusSpec.additionalScrapeConfigs .Values.prometheus.prometheusSpec.additionalScrapeConfigsExternal }}
+ additionalScrapeConfigs:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-scrape-confg
+ key: additional-scrape-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
+ additionalAlertManagerConfigs:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-confg
+ key: additional-alertmanager-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
+ additionalAlertRelabelConfigs:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-am-relabel-confg
+ key: additional-alert-relabel-configs.yaml
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.containers }}
+ containers:
+{{ toYaml .Values.prometheus.prometheusSpec.containers | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.priorityClassName }}
+ priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }}
+{{- end }}
+{{- if .Values.prometheus.prometheusSpec.thanos }}
+ thanos:
+{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml
new file mode 100644
index 00000000..a2ab02db
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrole.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups: ['extensions']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ template "prometheus-operator.fullname" . }}-prometheus
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml
new file mode 100644
index 00000000..08faa722
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp-clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
+
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml
new file mode 100644
index 00000000..40d33462
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/psp.yaml
@@ -0,0 +1,47 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+ privileged: false
+ # Required to prevent escalations to root.
+ # allowPrivilegeEscalation: false
+ # This is redundant with non-root + disallow privilege escalation,
+ # but we can provide it for defense in depth.
+ #requiredDropCapabilities:
+ # - ALL
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ - 'persistentVolumeClaim'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Permits the container to run with root privileges as well.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 0
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 0
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml
new file mode 100644
index 00000000..eef28dad
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-config.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-config
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+{{- end}} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml
new file mode 100644
index 00000000..9fe3f20e
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/role-specificNamespace.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.prometheus.rbac.roleNamespaces }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleList
+items:
+{{- range uniq (append .Values.prometheus.rbac.roleNamespaces .Release.Namespace) }}
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+ name: {{ template "prometheus-operator.fullname" $ }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" $ }}-prometheus
+{{ include "prometheus-operator.labels" $ | indent 6 }}
+ namespace: {{ . | quote }}
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+{{- end }}
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml
new file mode 100644
index 00000000..89fb9ce7
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-config.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus-config
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+subjects:
+- kind: ServiceAccount
+ name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml
new file mode 100644
index 00000000..64161876
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/rolebinding-specificNamespace.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBindingList
+items:
+{{- range uniq (append .Values.prometheus.rbac.roleNamespaces .Release.Namespace) }}
+- apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+ name: {{ template "prometheus-operator.fullname" $ }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" $ }}-prometheus
+{{ include "prometheus-operator.labels" $ | indent 6 }}
+ namespace: {{ . | quote }}
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "prometheus-operator.fullname" $ }}-prometheus
+ subjects:
+ - kind: ServiceAccount
+ name: {{ template "prometheus-operator.prometheus.serviceAccountName" $ }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
+{{- end }} \ No newline at end of file
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml
new file mode 100644
index 00000000..831a8814
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/service.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.prometheus.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+{{- if .Values.prometheus.service.annotations }}
+ annotations:
+{{ toYaml .Values.prometheus.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.prometheus.service.clusterIP }}
+ clusterIP: {{ .Values.prometheus.service.clusterIP }}
+{{- end }}
+{{- if .Values.prometheus.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }}
+{{- end }}
+{{- if .Values.prometheus.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.prometheus.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+ {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+ {{- end }}
+{{- end }}
+ ports:
+ - name: web
+ {{- if eq .Values.prometheus.service.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.service.nodePort }}
+ {{- end }}
+ port: 9090
+ {{- if eq .Values.prometheus.service.type "NodePort" }}
+ nodePort: {{ .Values.prometheus.service.nodePort }}
+ {{- end }}
+ targetPort: web
+ selector:
+ app: prometheus
+ prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus
+ type: "{{ .Values.prometheus.service.type }}"
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml
new file mode 100644
index 00000000..88df10ad
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.prometheus.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "prometheus-operator.prometheus.serviceAccountName" . }}
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+imagePullSecrets:
+{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml
new file mode 100644
index 00000000..36790450
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitor.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }}
+apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }}
+kind: ServiceMonitor
+metadata:
+ name: {{ template "prometheus-operator.fullname" . }}-prometheus
+ labels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+{{ include "prometheus-operator.labels" . | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "prometheus-operator.name" . }}-prometheus
+ release: {{ .Release.Name | quote }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace | quote }}
+ endpoints:
+ - port: web
+ interval: 30s
+ path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics"
+{{- end }}
diff --git a/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml
new file mode 100644
index 00000000..61f3ca3c
--- /dev/null
+++ b/vnfs/DAaaS/prometheus-operator/templates/prometheus/servicemonitors.yaml
@@ -0,0 +1,29 @@
+{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }}
+apiVersion: v1
+kind: List
+items:
+{{- range .Values.prometheus.additionalServiceMonitors }}
+ - apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }}
+ kind: ServiceMonitor
+ metadata:
+ name: {{ .name }}
+ labels:
+ app: {{ template "prometheus-operator.name" $ }}-prometheus
+{{ include "prometheus-operator.labels" $ | indent 8 }}
+ {{- if .additionalLabels }}
+{{ toYaml .additionalLabels | indent 8 }}
+ {{- end }}
+ spec:
+ endpoints:
+{{ toYaml .endpoints | indent 8 }}
+ {{- if .jobLabel }}
+ jobLabel: {{ .jobLabel }}
+ {{- end }}
+ {{- if .namespaceSelector }}
+ namespaceSelector:
+{{ toYaml .namespaceSelector | indent 8 }}
+ {{- end }}
+ selector:
+{{ toYaml .selector | indent 8 }}
+{{- end }}
+{{- end }}