sa_8001/cmoa_installer_ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ansible v2 (release 3.4.9)

Browse Source
This commit is contained in:
havelight-ee
2023-02-16 16:20:12 +09:00
parent 7f08fdd9ff
commit 59a199e50f
3525 changed files with 435537 additions and 62726 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
roles/agent_os_setting/defaults/main.yml Normal file
View File

@@ -0,0 +1,142 @@
helm_checksum: sha256:72f1c0fcfb17b41b89087e9232e50f20c606e44a0edc2bb9737e05d1c75b8c4f
helm_version: v3.10.2
kubernetes_version: 1.25.2
kubernetes_kubelet_extra_args: ""
kubernetes_kubeadm_init_extra_opts: ""
kubernetes_join_command_extra_opts: ""
kubernetes_pod_network:
cni: 'calico'
cidr: '10.96.0.0/12'
kubernetes_calico_manifest_file: "{{ role_path }}/files/calico.yaml"
kubernetes_metric_server_file: "{{ role_path }}/files/components.yaml"
ansible_kube_config: "/tmp/agent_config"
containerd_config:
version: 2
root: /var/lib/containerd
state: /run/containerd
plugin_dir: ""
disabled_plugins: []
required_plugins: []
oom_score: 0
grpc:
address: /run/containerd/containerd.sock
tcp_address: ""
tcp_tls_cert: ""
tcp_tls_key: ""
uid: 0
gid: 0
max_recv_message_size: 16777216
max_send_message_size: 16777216
ttrpc:
address: ""
uid: 0
gid: 0
debug:
address: ""
uid: 0
gid: 0
level: ""
metrics:
address: ""
grpc_histogram: false
cgroup:
path: ""
timeouts:
"io.containerd.timeout.shim.cleanup": 5s
"io.containerd.timeout.shim.load": 5s
"io.containerd.timeout.shim.shutdown": 3s
"io.containerd.timeout.task.state": 2s
plugins:
"io.containerd.gc.v1.scheduler":
pause_threshold: 0.02
deletion_threshold: 0
mutation_threshold: 100
schedule_delay: 0s
startup_delay: 100ms
"io.containerd.grpc.v1.cri":
disable_tcp_service: true
stream_server_address: 127.0.0.1
stream_server_port: "0"
stream_idle_timeout: 4h0m0s
enable_selinux: false
sandbox_image: k8s.gcr.io/pause:3.1
stats_collect_period: 10
systemd_cgroup: false
enable_tls_streaming: false
max_container_log_line_size: 16384
disable_cgroup: false
disable_apparmor: false
restrict_oom_score_adj: false
max_concurrent_downloads: 3
disable_proc_mount: false
containerd:
snapshotter: overlayfs
default_runtime_name: runc
no_pivot: false
default_runtime:
runtime_type: ""
runtime_engine: ""
runtime_root: ""
privileged_without_host_devices: false
untrusted_workload_runtime:
runtime_type: ""
runtime_engine: ""
runtime_root: ""
privileged_without_host_devices: false
runtimes:
runc:
runtime_type: io.containerd.runc.v1
runtime_engine: ""
runtime_root: ""
privileged_without_host_devices: false
cni:
bin_dir: /opt/cni/bin
conf_dir: /etc/cni/net.d
max_conf_num: 1
conf_template: ""
registry:
configs:
"10.10.31.243:5000":
tls:
insecure_skip_verify: true
mirrors:
"docker.io":
endpoint:
- https://registry-1.docker.io
"10.10.31.243:5000":
endpoint:
- http://10.10.31.243:5000
x509_key_pair_streaming:
tls_cert_file: ""
tls_key_file: ""
"io.containerd.internal.v1.opt":
path: /opt/containerd
"io.containerd.internal.v1.restart":
interval: 10s
"io.containerd.metadata.v1.bolt":
content_sharing_policy: shared
"io.containerd.monitor.v1.cgroups":
no_prometheus: false
"io.containerd.runtime.v1.linux":
shim: containerd-shim
runtime: runc
runtime_root: ""
no_shim: false
shim_debug: false
"io.containerd.runtime.v2.task":
platforms:
- linux/amd64
"io.containerd.service.v1.diff-service":
default:
- walking
"io.containerd.snapshotter.v1.devmapper":
root_path: ""
pool_name: ""
base_image_size: ""

645
roles/agent_os_setting/files/get-docker.sh Executable file
View File

@@ -0,0 +1,645 @@
#!/bin/sh
set -e
# Docker CE for Linux installation script
#
# See https://docs.docker.com/engine/install/ for the installation steps.
#
# This script is meant for quick & easy install via:
# $ curl -fsSL https://get.docker.com -o get-docker.sh
# $ sh get-docker.sh
#
# For test builds (ie. release candidates):
# $ curl -fsSL https://test.docker.com -o test-docker.sh
# $ sh test-docker.sh
#
# NOTE: Make sure to verify the contents of the script
# you downloaded matches the contents of install.sh
# located at https://github.com/docker/docker-install
# before executing.
#
# Git commit from https://github.com/docker/docker-install when
# the script was uploaded (Should only be modified by upload job):
SCRIPT_COMMIT_SHA="66474034547a96caa0a25be56051ff8b726a1b28"
# strip "v" prefix if present
VERSION="${VERSION#v}"
# The channel to install from:
# * nightly
# * test
# * stable
# * edge (deprecated)
DEFAULT_CHANNEL_VALUE="stable"
if [ -z "$CHANNEL" ]; then
CHANNEL=$DEFAULT_CHANNEL_VALUE
fi
DEFAULT_DOWNLOAD_URL="https://download.docker.com"
if [ -z "$DOWNLOAD_URL" ]; then
DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
fi
DEFAULT_REPO_FILE="docker-ce.repo"
if [ -z "$REPO_FILE" ]; then
REPO_FILE="$DEFAULT_REPO_FILE"
fi
mirror=''
DRY_RUN=${DRY_RUN:-}
while [ $# -gt 0 ]; do
case "$1" in
--mirror)
mirror="$2"
shift
;;
--dry-run)
DRY_RUN=1
;;
--*)
echo "Illegal option $1"
;;
esac
shift $(( $# > 0 ? 1 : 0 ))
done
case "$mirror" in
Aliyun)
DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
;;
AzureChinaCloud)
DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
;;
esac
command_exists() {
command -v "$@" > /dev/null 2>&1
}
# version_gte checks if the version specified in $VERSION is at least
# the given CalVer (YY.MM) version. returns 0 (success) if $VERSION is either
# unset (=latest) or newer or equal than the specified version. Returns 1 (fail)
# otherwise.
#
# examples:
#
# VERSION=20.10
# version_gte 20.10 // 0 (success)
# version_gte 19.03 // 0 (success)
# version_gte 21.10 // 1 (fail)
version_gte() {
if [ -z "$VERSION" ]; then
return 0
fi
eval calver_compare "$VERSION" "$1"
}
# calver_compare compares two CalVer (YY.MM) version strings. returns 0 (success)
# if version A is newer or equal than version B, or 1 (fail) otherwise. Patch
# releases and pre-release (-alpha/-beta) are not taken into account
#
# examples:
#
# calver_compare 20.10 19.03 // 0 (success)
# calver_compare 20.10 20.10 // 0 (success)
# calver_compare 19.03 20.10 // 1 (fail)
calver_compare() (
set +x
yy_a="$(echo "$1" | cut -d'.' -f1)"
yy_b="$(echo "$2" | cut -d'.' -f1)"
if [ "$yy_a" -lt "$yy_b" ]; then
return 1
fi
if [ "$yy_a" -gt "$yy_b" ]; then
return 0
fi
mm_a="$(echo "$1" | cut -d'.' -f2)"
mm_b="$(echo "$2" | cut -d'.' -f2)"
if [ "${mm_a#0}" -lt "${mm_b#0}" ]; then
return 1
fi
return 0
)
is_dry_run() {
if [ -z "$DRY_RUN" ]; then
return 1
else
return 0
fi
}
is_wsl() {
case "$(uname -r)" in
*microsoft* ) true ;; # WSL 2
*Microsoft* ) true ;; # WSL 1
* ) false;;
esac
}
is_darwin() {
case "$(uname -s)" in
*darwin* ) true ;;
*Darwin* ) true ;;
* ) false;;
esac
}
deprecation_notice() {
distro=$1
distro_version=$2
echo
printf "\033[91;1mDEPRECATION WARNING\033[0m\n"
printf " This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version"
echo " No updates or security fixes will be released for this distribution, and users are recommended"
echo " to upgrade to a currently maintained version of $distro."
echo
printf "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue."
echo
sleep 10
}
get_distribution() {
lsb_dist=""
# Every system that we officially support has /etc/os-release
if [ -r /etc/os-release ]; then
lsb_dist="$(. /etc/os-release && echo "$ID")"
fi
# Returning an empty string here should be alright since the
# case statements don't act unless you provide an actual value
echo "$lsb_dist"
}
echo_docker_as_nonroot() {
if is_dry_run; then
return
fi
if command_exists docker && [ -e /var/run/docker.sock ]; then
(
set -x
$sh_c 'docker version'
) || true
fi
# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
echo
echo "================================================================================"
echo
if version_gte "20.10"; then
echo "To run Docker as a non-privileged user, consider setting up the"
echo "Docker daemon in rootless mode for your user:"
echo
echo " dockerd-rootless-setuptool.sh install"
echo
echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode."
echo
fi
echo
echo "To run the Docker daemon as a fully privileged service, but granting non-root"
echo "users access, refer to https://docs.docker.com/go/daemon-access/"
echo
echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent"
echo " to root access on the host. Refer to the 'Docker daemon attack surface'"
echo " documentation for details: https://docs.docker.com/go/attack-surface/"
echo
echo "================================================================================"
echo
}
# Check if this is a forked Linux distro
check_forked() {
# Check for lsb_release command existence, it usually exists in forked distros
if command_exists lsb_release; then
# Check if the `-u` option is supported
set +e
lsb_release -a -u > /dev/null 2>&1
lsb_release_exit_code=$?
set -e
# Check if the command has exited successfully, it means we're in a forked distro
if [ "$lsb_release_exit_code" = "0" ]; then
# Print info about current distro
cat <<-EOF
You're using '$lsb_dist' version '$dist_version'.
EOF
# Get the upstream release info
lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
# Print info about upstream distro
cat <<-EOF
Upstream release is '$lsb_dist' version '$dist_version'.
EOF
else
if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
if [ "$lsb_dist" = "osmc" ]; then
# OSMC runs Raspbian
lsb_dist=raspbian
else
# We're Debian and don't even know it!
lsb_dist=debian
fi
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
11)
dist_version="bullseye"
;;
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8)
dist_version="jessie"
;;
esac
fi
fi
fi
}
do_install() {
echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
if command_exists docker; then
cat >&2 <<-'EOF'
Warning: the "docker" command appears to already exist on this system.
If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation.
If you installed the current Docker package using this script and are using it
again to update Docker, you can safely ignore this message.
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
user="$(id -un 2>/dev/null || true)"
sh_c='sh -c'
if [ "$user" != 'root' ]; then
if command_exists sudo; then
sh_c='sudo -E sh -c'
elif command_exists su; then
sh_c='su -c'
else
cat >&2 <<-'EOF'
Error: this installer needs the ability to run commands as root.
We are unable to find either "sudo" or "su" available to make this happen.
EOF
exit 1
fi
fi
if is_dry_run; then
sh_c="echo"
fi
# perform some very rudimentary platform detection
lsb_dist=$( get_distribution )
lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
if is_wsl; then
echo
echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
cat >&2 <<-'EOF'
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 20 )
fi
case "$lsb_dist" in
ubuntu)
if command_exists lsb_release; then
dist_version="$(lsb_release --codename | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
fi
;;
debian|raspbian)
dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
case "$dist_version" in
11)
dist_version="bullseye"
;;
10)
dist_version="buster"
;;
9)
dist_version="stretch"
;;
8)
dist_version="jessie"
;;
esac
;;
centos|rhel|sles)
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
*)
if command_exists lsb_release; then
dist_version="$(lsb_release --release | cut -f2)"
fi
if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
fi
;;
esac
# Check if this is a forked Linux distro
check_forked
# Print deprecation warnings for distro versions that recently reached EOL,
# but may still be commonly used (especially LTS versions).
case "$lsb_dist.$dist_version" in
debian.stretch|debian.jessie)
deprecation_notice "$lsb_dist" "$dist_version"
;;
raspbian.stretch|raspbian.jessie)
deprecation_notice "$lsb_dist" "$dist_version"
;;
ubuntu.xenial|ubuntu.trusty)
deprecation_notice "$lsb_dist" "$dist_version"
;;
fedora.*)
if [ "$dist_version" -lt 33 ]; then
deprecation_notice "$lsb_dist" "$dist_version"
fi
;;
esac
# Run setup for each distro accordingly
case "$lsb_dist" in
ubuntu|debian|raspbian)
pre_reqs="apt-transport-https ca-certificates curl"
if ! command -v gpg > /dev/null; then
pre_reqs="$pre_reqs gnupg"
fi
apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
(
if ! is_dry_run; then
set -x
fi
$sh_c 'apt-get update -qq >/dev/null'
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
$sh_c 'mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings'
$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg"
$sh_c "chmod a+r /etc/apt/keyrings/docker.gpg"
$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
$sh_c 'apt-get update -qq >/dev/null'
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g")"
search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
echo
exit 1
fi
if version_gte "18.09"; then
search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
echo "INFO: $search_command"
cli_pkg_version="=$($sh_c "$search_command")"
fi
pkg_version="=$pkg_version"
fi
fi
(
pkgs="docker-ce${pkg_version%=}"
if version_gte "18.09"; then
# older versions didn't ship the cli and containerd as separate packages
pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io"
fi
if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then
# also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently)
pkgs="$pkgs docker-scan-plugin"
fi
if version_gte "20.10"; then
pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
fi
if version_gte "23.0"; then
pkgs="$pkgs docker-buildx-plugin"
fi
if ! is_dry_run; then
set -x
fi
$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pkgs >/dev/null"
)
echo_docker_as_nonroot
exit 0
;;
centos|fedora|rhel)
if [ "$(uname -m)" != "s390x" ] && [ "$lsb_dist" = "rhel" ]; then
echo "Packages for RHEL are currently only available for s390x."
exit 1
fi
if [ "$lsb_dist" = "fedora" ]; then
pkg_manager="dnf"
config_manager="dnf config-manager"
enable_channel_flag="--set-enabled"
disable_channel_flag="--set-disabled"
pre_reqs="dnf-plugins-core"
pkg_suffix="fc$dist_version"
else
pkg_manager="yum"
config_manager="yum-config-manager"
enable_channel_flag="--enable"
disable_channel_flag="--disable"
pre_reqs="yum-utils"
pkg_suffix="el"
fi
repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
(
if ! is_dry_run; then
set -x
fi
$sh_c "$pkg_manager install -y -q $pre_reqs"
$sh_c "$config_manager --add-repo $repo_file_url"
if [ "$CHANNEL" != "stable" ]; then
$sh_c "$config_manager $disable_channel_flag docker-ce-*"
$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
fi
$sh_c "$pkg_manager makecache"
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
echo
exit 1
fi
if version_gte "18.09"; then
# older versions don't support a cli package
search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
fi
# Cut out the epoch and prefix with a '-'
pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
fi
fi
(
pkgs="docker-ce$pkg_version"
if version_gte "18.09"; then
# older versions didn't ship the cli and containerd as separate packages
if [ -n "$cli_pkg_version" ]; then
pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"
else
pkgs="$pkgs docker-ce-cli containerd.io"
fi
fi
if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then
# also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently)
pkgs="$pkgs docker-scan-plugin"
fi
if version_gte "20.10"; then
pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
fi
if version_gte "23.0"; then
pkgs="$pkgs docker-buildx-plugin"
fi
if ! is_dry_run; then
set -x
fi
$sh_c "$pkg_manager install -y -q $pkgs"
)
echo_docker_as_nonroot
exit 0
;;
sles)
if [ "$(uname -m)" != "s390x" ]; then
echo "Packages for SLES are currently only available for s390x"
exit 1
fi
if [ "$dist_version" = "15.3" ]; then
sles_version="SLE_15_SP3"
else
sles_minor_version="${dist_version##*.}"
sles_version="15.$sles_minor_version"
fi
opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/$sles_version/security:SELinux.repo"
repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
pre_reqs="ca-certificates curl libseccomp2 awk"
(
if ! is_dry_run; then
set -x
fi
$sh_c "zypper install -y $pre_reqs"
$sh_c "zypper addrepo $repo_file_url"
if ! is_dry_run; then
cat >&2 <<-'EOF'
WARNING!!
openSUSE repository (https://download.opensuse.org/repositories/security:SELinux) will be enabled now.
Do you wish to continue?
You may press Ctrl+C now to abort this script.
EOF
( set -x; sleep 30 )
fi
$sh_c "zypper addrepo $opensuse_repo"
$sh_c "zypper --gpg-auto-import-keys refresh"
$sh_c "zypper lr -d"
)
pkg_version=""
if [ -n "$VERSION" ]; then
if is_dry_run; then
echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
else
pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g")"
search_command="zypper search -s --match-exact 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"
pkg_version="$($sh_c "$search_command")"
echo "INFO: Searching repository for VERSION '$VERSION'"
echo "INFO: $search_command"
if [ -z "$pkg_version" ]; then
echo
echo "ERROR: '$VERSION' not found amongst zypper list results"
echo
exit 1
fi
search_command="zypper search -s --match-exact 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"
# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
cli_pkg_version="$($sh_c "$search_command")"
pkg_version="-$pkg_version"
fi
fi
(
pkgs="docker-ce$pkg_version"
if version_gte "18.09"; then
if [ -n "$cli_pkg_version" ]; then
# older versions didn't ship the cli and containerd as separate packages
pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"
else
pkgs="$pkgs docker-ce-cli containerd.io"
fi
fi
if version_gte "20.10"; then
pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
fi
if version_gte "23.0"; then
pkgs="$pkgs docker-buildx-plugin"
fi
if ! is_dry_run; then
set -x
fi
$sh_c "zypper -q install -y $pkgs"
)
echo_docker_as_nonroot
exit 0
;;
*)
if [ -z "$lsb_dist" ]; then
if is_darwin; then
echo
echo "ERROR: Unsupported operating system 'macOS'"
echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
echo
exit 1
fi
fi
echo
echo "ERROR: Unsupported distribution '$lsb_dist'"
echo
exit 1
;;
esac
exit 1
}
# wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
do_install

22
roles/agent_os_setting/handlers/main.yml Normal file
View File

@@ -0,0 +1,22 @@
---
- name: Reload systemd configuration
service:
daemon_reload: True
- name: Restart containerd service
service:
name: containerd
enabled: true
state: restarted
- name: Restart docker service
service:
name: docker
enabled: true
state: restarted
- name: Restart crio service
service:
name: crio
enabled: true
state: restarted

52
roles/agent_os_setting/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

77
roles/agent_os_setting/tasks/00-centos-os-main.yml Normal file
View File

@@ -0,0 +1,77 @@
---
- name: Update and upgrade yum packages
yum:
name: "*"
state: latest
- name: Install yum packages
yum:
name: ['cloud-utils', 'ca-certificates', 'socat', 'conntrack', 'gnupg', 'bash-completion', 'net-tools']
state: present
- name: Disable firewalld
systemd: name=firewalld state=stopped
ignore_errors: yes
tags:
- install
- atomic
- firewalld
- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
command: 'swapoff -a'
- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
replace:
path: /etc/fstab
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
replace: '# \1'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/modules-load.d/k8s2.conf
line: "{{ item }}"
create: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
modprobe:
name: "{{ item }}"
state: present
become: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/sysctl.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'net.bridge.bridge-nf-call-iptables = 1'
- 'net.bridge.bridge-nf-call-ip6tables = 1'
- 'net.ipv4.ip_forward = 1'
- name: Disable net.bridge.bridge-nf-call-iptables
sysctl:
name: "{{ item }}"
value: 1
with_items:
- 'net.bridge.bridge-nf-call-iptables'
- 'net.bridge.bridge-nf-call-ip6tables'
- name: Disable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: "1"
- name: Setting hosts file
template:
src: hosts.j2
dest: /etc/hosts
- name: Disable SELinux
ansible.posix.selinux:
state: disabled

71
roles/agent_os_setting/tasks/00-ubuntu-os-main.yml Normal file
View File

@@ -0,0 +1,71 @@
---
- name: Update and upgrade apt packages
apt:
upgrade: yes
update_cache: yes
force_apt_get: yes
cache_valid_time: 86400
- name: Install apt packages
apt:
name: ['cloud-utils', 'apt-transport-https', 'ca-certificates', 'curl', 'socat', 'conntrack', 'gnupg', 'lsb-release', 'bash-completion', 'chrony']
state: present
- name: Disable ufw
command: 'ufw disable'
when: ansible_distribution_version == '20.04'
- name: Disable SWAP since kubernetes can't work with swap enabled (1/2)
command: 'swapoff -a'
- name: Disable SWAP in fstab since kubernetes can't work with swap enabled (2/2)
replace:
path: /etc/fstab
regexp: '^([^#].*?\sswap\s+sw\s+.*)$'
replace: '# \1'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/modules-load.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
modprobe:
name: "{{ item }}"
state: present
become: true
with_items:
- 'overlay'
- 'br_netfilter'
- name: Add br_netfilter to module autoload
lineinfile:
path: /etc/sysctl.d/k8s.conf
line: "{{ item }}"
create: true
with_items:
- 'net.bridge.bridge-nf-call-iptables = 1'
- 'net.bridge.bridge-nf-call-ip6tables = 1'
- 'net.ipv4.ip_forward = 1'
- name: Disable net.bridge.bridge-nf-call-iptables
sysctl:
name: "{{ item }}"
value: 1
with_items:
- 'net.bridge.bridge-nf-call-iptables'
- 'net.bridge.bridge-nf-call-ip6tables'
- name: Disable net.ipv4.ip_forward
sysctl:
name: net.ipv4.ip_forward
value: "1"
- name: Setting hosts file
template:
src: hosts.j2
dest: /etc/hosts

4
roles/cmoa_os_setting/tasks/01-centos-os-runtime.yml → roles/agent_os_setting/tasks/01-centos-os-containerd.yml
View File

@@ -42,4 +42,6 @@
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
exclude: kubernetes
notify:
- Reload systemd configuration

53
roles/agent_os_setting/tasks/01-centos-os-crio.yml Normal file
View File

@@ -0,0 +1,53 @@
---
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.23.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.23/CentOS_7/devel:kubic:libcontainers:stable:cri-o:1.23.repo
- name: Create crio configuration directory
file:
path: /etc/containers/registries.conf.d
state: directory
- name: Configure crio
template:
src: myregistry.conf.j2
dest: /etc/containers/registries.conf.d/myregistry.conf
notify:
- Restart crio service
- name: Install required packages
yum:
name: ['crio']
state: present
notify:
- Reload systemd configuration
- Restart crio service
- meta: flush_handlers
- name: Enable crio service
service:
name: crio
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration
- name: manual reload
command: systemctl daemon-reload

58
roles/agent_os_setting/tasks/01-centos-os-docker.yml Normal file
View File

@@ -0,0 +1,58 @@
---
- name: Add docker script
command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
- name: install docker
command: sh /root/get-docker.sh
- name: Create docker configuration directory
file:
path: /etc/docker
state: directory
#- name: Install required packages
# yum:
# name: ['docker-ce']
# state: present
# notify:
# - Reload systemd configuration
# - Restart docker service
- name: Configure docker
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify:
- Reload systemd configuration
- Restart docker service
#- name: Delete containerd config
# file:
# path: /etc/containerd/config.toml
# state: absent
# notify:
# - Restart containerd service
- meta: flush_handlers
- name: Enable docker service
service:
name: docker
enabled: True
state: started
- name: Add kubernetes yum repository
ansible.builtin.yum_repository:
name: kubernetes
description: kubernetes
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled: 1
gpgcheck: 1
gpgkey: https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: Install kubernetes utils
ansible.builtin.yum:
name: ['kubelet-{{kubernetes_version}}','kubeadm-{{kubernetes_version}}','kubectl-{{kubernetes_version}}']
exclude: kubernetes
notify:
- Reload systemd configuration

0
roles/cmoa_os_setting/tasks/01-ubuntu-os-runtime.yml → roles/agent_os_setting/tasks/01-ubuntu-os-containerd.yml
View File

65
roles/agent_os_setting/tasks/01-ubuntu-os-crio.yml Normal file
View File

@@ -0,0 +1,65 @@
---
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/devel:kubic:libcontainers:stable.repo
- name: Add crio yum repository
command: sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.23.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.23/CentOS_7/devel:kubic:libcontainers:stable:cri-o:1.23.repo
- name: Create crio configuration directory
file:
path: /etc/containers/registries.conf.d
state: directory
- name: Configure crio
template:
src: myregistry.conf.j2
dest: /etc/containers/registries.conf.d/myregistry.conf
notify:
- Restart crio service
- name: Install required packages
apt:
name:
- crio
notify:
- Reload systemd configuration
- Restart crio service
- meta: flush_handlers
- name: Enable crio service
service:
name: crio
enabled: True
state: started
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

50
roles/agent_os_setting/tasks/01-ubuntu-os-docker.yml Normal file
View File

@@ -0,0 +1,50 @@
---
- name: Add docker script
command: curl -fsSL https://get.docker.com -o /root/get-docker.sh
- name: install docker
command: sh /root/get-docker.sh
- name: Create docker configuration directory
file:
path: /etc/docker
state: directory
- name: Configure docker
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
notify:
- Reload systemd configuration
- Restart docker service
- name: Install kubernetes
block:
- name: 'Add kubernetes repo key'
apt_key:
url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
state: present
become: true
- name: Add kubernetes repository
apt_repository:
repo: deb http://apt.kubernetes.io kubernetes-xenial main
state: present
filename: 'kubernetes'
become: true
- name: Install kubernetes components
apt:
name: ['kubelet={{kubernetes_version}}-*', 'kubeadm={{kubernetes_version}}-*', 'kubectl={{kubernetes_version}}-*']
state: present
update_cache: yes
force: yes
dpkg_options: force-downgrade
- name: Hold kubernetes packages
dpkg_selections:
name: "{{item}}"
selection: hold
with_items:
- kubelet
- kubectl
- kubeadm

43
roles/agent_os_setting/tasks/02-k8s-main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
- name: Enable kubelet service
systemd:
name: kubelet
enabled: true
masked: false
- name: Check if Kubernetes has already been initialized.
stat:
path: /etc/kubernetes/admin.conf
register: kubernetes_init_stat
# Set up master.
- include_tasks: 03-k8s-master.yml
when: kubernetes_role == 'master'
# Set up nodes.
- name: Get the kubeadm join command from the Kubernetes master.
command: kubeadm token create --print-join-command
changed_when: false
when: kubernetes_role == 'master'
register: kubernetes_join_command_result
- name: Get kubeconfig
fetch:
src: /etc/kubernetes/admin.conf
dest: "{{ ansible_kube_config }}"
flat: yes
when: kubernetes_role == 'master'
- name: Set the kubeadm join command globally.
set_fact:
kubernetes_join_command: >
{{ kubernetes_join_command_result.stdout }}
{{ kubernetes_join_command_extra_opts }}
when: kubernetes_join_command_result.stdout is defined
delegate_to: "{{ item }}"
delegate_facts: true
with_items: "{{ groups['all'] }}"
- include_tasks: 05-k8s-node.yml
when: kubernetes_role == 'node'

51
roles/agent_os_setting/tasks/03-k8s-master.yml Normal file
View File

@@ -0,0 +1,51 @@
---
- name: Initialize Kubernetes master with kubeadm init.
command: >
kubeadm init
--pod-network-cidr={{ kubernetes_pod_network.cidr }}
--apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }}
{{ kubernetes_kubeadm_init_extra_opts }}
register: kubeadmin_init
when: not kubernetes_init_stat.stat.exists
- name: Print the init output to screen.
debug:
var: kubeadmin_init.stdout
verbosity: 2
when: not kubernetes_init_stat.stat.exists
- name: Ensure .kube directory exists.
file:
path: ~/.kube
state: directory
- name: Symlink the kubectl admin.conf to ~/.kube/conf.
file:
src: /etc/kubernetes/admin.conf
dest: ~/.kube/config
state: link
force: yes
- name: copy the kubectl config to ~/.kube/ansible_config
copy:
src: /etc/kubernetes/admin.conf
dest: ~/.kube/ansible_config
remote_src: true
- name: Get kubeconfig
fetch:
src: /etc/kubernetes/admin.conf
dest: "{{ ansible_kube_config }}"
flat: yes
- name: Configure Calico networking and Metric Server
include_tasks: 04-k8s-master-yaml.yml
- name: Kubectl Cheat Sheet
lineinfile:
path: ~/.bashrc
line: "{{ item }}"
with_items:
- source <(kubectl completion bash)
- alias k=kubectl
- complete -o default -F __start_kubectl k

21
roles/agent_os_setting/tasks/04-k8s-master-yaml.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Copy calico yaml
template:
src: calico.yaml.j2
dest: /tmp/calico.yaml
- name: Copy metric server yaml
template:
src: components.yaml.j2
dest: /tmp/components.yaml
- name: Configure Calico networking.
command: kubectl apply -f /tmp/calico.yaml
register: calico_result
changed_when: "'created' in calico_result.stdout"
when: kubernetes_pod_network.cni == 'calico'
- name: Configure Metric Server
command: kubectl apply -f /tmp/components.yaml
register: metric_server_result
changed_when: "'created' in metric_server_result.stdout"

6
roles/agent_os_setting/tasks/05-k8s-node.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Join node to Kubernetes master
shell: >
{{ kubernetes_join_command }}
creates=/etc/kubernetes/kubelet.conf
tags: ['skip_ansible_lint']

35
roles/agent_os_setting/tasks/main.yml Normal file
View File

@@ -0,0 +1,35 @@
---
- include: 00-centos-os-main.yml
tags: centos
when: ansible_distribution == 'CentOS'
- include: 00-ubuntu-os-main.yml
tags: ubuntu
when: ansible_distribution == 'Ubuntu'
- include: 01-centos-os-docker.yml
tags: cent-docker
when: ansible_distribution == 'CentOS' and runtime == 'docker'
- include: 01-centos-os-containerd.yml
tags: cent-containerd
when: ansible_distribution == 'CentOS' and runtime == 'containerd'
- include: 01-centos-os-crio.yml
tags: cent-crio
when: ansible_distribution == 'CentOS' and runtime == 'crio'
- include: 01-ubuntu-os-docker.yml
tags: ubuntu-docker
when: ansible_distribution == 'Ubuntu' and runtime == 'docker'
- include: 01-ubuntu-os-containerd.yml
tags: ubuntu-containerd
when: ansible_distribution == 'Ubuntu' and runtime == 'containerd'
- include: 01-ubuntu-os-crio.yml
tags: ubuntu-crio
when: ansible_distribution == 'Ubuntu' and runtime == 'crio'
- include: 02-k8s-main.yml
tags: k8s-main

4779
roles/agent_os_setting/templates/calico.yaml.j2 Normal file
View File

File diff suppressed because it is too large Load Diff

197
roles/agent_os_setting/templates/components.yaml.j2 Normal file
View File

@@ -0,0 +1,197 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls
image: k8s.gcr.io/metrics-server/metrics-server:v0.6.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100

5
roles/agent_os_setting/templates/config.toml.j2 Normal file
View File

@@ -0,0 +1,5 @@
# {{ ansible_managed }}
{% from 'yaml2toml_macro.j2' import yaml2toml with context -%}
{{ yaml2toml(containerd_config) }}

9
roles/agent_os_setting/templates/daemon.json.j2 Normal file
View File

@@ -0,0 +1,9 @@
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"insecure-registries": ["10.10.31.243:5000"]
}

6
roles/agent_os_setting/templates/hosts.j2 Normal file
View File

@@ -0,0 +1,6 @@
127.0.0.1 localhost
:: 1 localhost
{% for host in groups.all %}
{{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_fqdn }} {{ hostvars[host].ansible_hostname }}
{%endfor%}

3
roles/agent_os_setting/templates/myregistry.conf.j2 Normal file
View File

@@ -0,0 +1,3 @@
[[registry]]
location = "10.10.31.243:5000"
insecure = true

58
roles/agent_os_setting/templates/yaml2toml_macro.j2 Normal file
View File

@@ -0,0 +1,58 @@
{%- macro yaml2inline_toml(item, depth) -%}
{%- if item is string or item is number -%}
{#- First, process all primitive types. -#}
{{ item | to_json }}
{%- elif item is mapping -%}
{#- Second, process all mappings. -#}
{#- Note that inline mappings must not contain newlines (except inside contained lists). -#}
{{ "{" }}
{%- for key, value in item.items() | sort -%}
{{ " "
+ (key | to_json)
+ " = "
+ yaml2inline_toml(value, depth)
}}
{%- if not loop.last -%}{{ "," }}{%- endif -%}
{%- endfor -%}
{{ " }" }}
{%- else -%}
{#- Third, process all lists. -#}
{%- if item | length == 0 -%}{{ "[]" }}{%- else -%}
{{ "[" }}
{%- for entry in item -%}
{{ "\n"
+ (" " * (depth + 1))
+ yaml2inline_toml(entry, depth + 1)
}}
{%- if not loop.last -%}{{ "," }}{%- endif -%}
{%- endfor -%}
{{ "\n" + (" " * depth) + "]" }}
{%- endif -%}
{%- endif -%}
{%- endmacro -%}
{%- macro yaml2toml(item, super_keys=[]) -%}
{%- for key, value in item.items() | sort -%}
{%- if value is not mapping -%}
{#- First, process all non-mappings. -#}
{{ (" " * (super_keys | length))
+ (key | to_json)
+ " = "
+ (yaml2inline_toml(value, super_keys | length))
+ "\n"
}}
{%- endif -%}
{%- endfor -%}
{%- for key, value in item.items() | sort -%}
{%- if value is mapping -%}
{#- Second, process all mappings. -#}
{{ "\n"
+ (" " * (super_keys | length))
+ "["
+ ((super_keys+[key]) | map('to_json') | join("."))
+ "]\n"
+ yaml2toml(value, super_keys+[key])
}}
{%- endif -%}
{%- endfor -%}
{%- endmacro -%}

2
roles/agent_os_setting/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/agent_os_setting/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- apache

2
roles/agent_os_setting/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# vars file for apache

64
roles/cmoa_demo_install/defaults/main.yml
View File

@@ -1,64 +0,0 @@
# helm file install
helm_checksum: sha256:950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2
helm_version: v3.10.3
# cmoa info
cmoa_namespace: imxc
cmoa_version: rel3.4.8
# default ip/version (not change)
before_ip: 111.111.111.111
before_version: rel0.0.0
# files/00-default in role
docker_secret_file: secret_nexus.yaml
# all, jaeger, jspd
imxc_ui: all
# [docker_config_path]
docker_config_nexus: dockerconfig/docker_config_nexus.json
# [jaeger]
jaeger_servicename: imxc-ui-service-jaeger
jaeger_service_port: 80
jaeger_nodePort: 31080 # only imxc-ui-jaeger option (imxc-ui-jaeger template default port=31084)
# [minio]
minio_service_name: minio
minio_service_port: 9000
minio_nodePort: 32002
minio_user: cloudmoa
minio_pass: admin1234
bucket_name: cortex-bucket
days: 42
rule_id: cloudmoa
# [Elasticsearch]
elasticsearch_service_name: elasticsearch
elasticsearch_service_port: 9200
elasticsearch_nodePort: 30200
# [Keycloak]
# Keycloak configuration settings
keycloak_http_port: 31082
keycloak_https_port: 8443
keycloak_management_http_port: 31990
keycloak_realm: exem
# Keycloak administration console user
keycloak_admin_user: admin
keycloak_admin_password: admin
keycloak_auth_realm: master
keycloak_auth_client: admin-cli
keycloak_context: /auth
# keycloak_clients
keycloak_clients:
- name: 'authorization_server'
client_id: authorization_server
realm: exem
redirect_uris: "http://10.10.30.75:31080/*,http://10.10.30.75:31084/*,http://localhost:8080/*,http://localhost:8081/*"
public_client: True

8
roles/cmoa_demo_install/files/00-default/sa_patch.sh
View File

@@ -1,8 +0,0 @@
#!/bin/bash
export KUBECONFIG=$1
kubectl wait node --for=condition=ready --all --timeout=60s
#kubectl -n imxc patch sa default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
kubectl -n default patch sa default -p '{"imagePullSecrets": [{"name": "regcred"}]}'

7
roles/cmoa_demo_install/files/00-default/secret_dockerhub.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: regcred
data:
.dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICJhdXRoIjogIlpYaGxiV1JsZGpJNk0yWXlObVV6T0RjdFlqY3paQzAwTkRVMUxUazNaRFV0T1dWaU9EWmtObVl4WXpOayIKICAgIH0KICB9Cn0KCg==
type: kubernetes.io/dockerconfigjson

8
roles/cmoa_demo_install/files/00-default/secret_nexus.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
data:
.dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICIxMC4xMC4zMS4yNDM6NTAwMCI6IHsKICAgICAgImF1dGgiOiAiWTI5eVpUcGpiM0psWVdSdGFXNHhNak0wIgogICAgfQogIH0KfQoK
kind: Secret
metadata:
name: regcred
type: kubernetes.io/dockerconfigjson

6
roles/cmoa_demo_install/files/01-storage/00-storageclass.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: exem-local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

92
roles/cmoa_demo_install/files/01-storage/01-persistentvolume.yaml
View File

@@ -1,92 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-0
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv1
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-1
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv2
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-2
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv3
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-3
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv4
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2

63
roles/cmoa_demo_install/files/01-storage/cmoa_minio
View File

@@ -1,63 +0,0 @@
#! /usr/bin/python3
#-*- coding:utf-8 -*-
import os, sys, time, urllib3
from minio import Minio
from minio.lifecycleconfig import Expiration, LifecycleConfig, Rule, Transition
from minio.commonconfig import ENABLED, Filter
def minio_conn(ipaddr, portnum, ac_key, sec_key):
conn='{}:{}'.format(ipaddr,portnum)
url='http://{}'.format(conn)
print(url)
minio_client = Minio(
conn, access_key=ac_key, secret_key=sec_key, secure=False,
http_client=urllib3.ProxyManager(
url, timeout=urllib3.Timeout.DEFAULT_TIMEOUT,
retries=urllib3.Retry(
total=5, backoff_factor=0.2,
status_forcelist=[
500, 502, 503, 504
],
),
),
)
return minio_client
def minio_create_buckets(minio_client, bucket_name, days, rule_id="cloudmoa"):
config = LifecycleConfig(
[
Rule(
ENABLED,
rule_filter=Filter(prefix=""),
rule_id=rule_id,
expiration=Expiration(days=days),
),
],
)
minio_client.set_bucket_lifecycle(bucket_name, config)
def minio_delete_bucket(client, bucket_name):
client.delete_bucket_lifecycle(bucket_name)
def main():
s3_url = os.sys.argv[1].split(':')[0]
s3_url_port = os.sys.argv[1].split(':')[1]
minio_user = os.sys.argv[2]
minio_pass = os.sys.argv[3]
bucket_name = os.sys.argv[4]
minio_days = os.sys.argv[5]
rule_id = os.sys.argv[6]
print(s3_url, s3_url_port, minio_user, minio_pass)
minio_client=minio_conn(s3_url, s3_url_port, minio_user, minio_pass)
minio_create_buckets(minio_client, bucket_name, minio_days, rule_id)
if __name__ == "__main__":
try:
main()
except Exception as err:
print("[Usage] minio {url:port} {username} {password} {bucketName} {days} {ruleId}")
print(err)

23
roles/cmoa_demo_install/files/01-storage/minio/.helmignore
View File

@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# OWNERS file for Kubernetes
OWNERS

18
roles/cmoa_demo_install/files/01-storage/minio/Chart.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: v1
description: Multi-Cloud Object Storage
name: minio
version: 4.0.2
appVersion: RELEASE.2022-05-08T23-50-31Z
keywords:
- minio
- storage
- object-storage
- s3
- cluster
home: https://min.io
icon: https://min.io/resources/img/logo/MINIO_wordmark.png
sources:
- https://github.com/minio/minio
maintainers:
- name: MinIO, Inc
email: dev@minio.io

235
roles/cmoa_demo_install/files/01-storage/minio/README.md
View File

@@ -1,235 +0,0 @@
# MinIO Helm Chart
[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE)
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
For more detailed documentation please visit [here](https://docs.minio.io/)
## Introduction
This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Helm cli with Kubernetes cluster configured.
- PV provisioner support in the underlying infrastructure. (We recommend using <https://github.com/minio/direct-csi>)
- Use Kubernetes version v1.19 and later for best experience.
## Configure MinIO Helm repo
```bash
helm repo add minio https://charts.min.io/
```
### Installing the Chart
Install this chart using:
```bash
helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio
```
The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
### Upgrading the Chart
You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command:
```bash
helm get values my-release > old_values.yaml
```
Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using
```bash
helm upgrade -f old_values.yaml my-release minio/minio
```
Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy.
### Configuration
Refer the [Values file](./values.yaml) for all the possible config fields.
You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
helm install --name my-release --set persistence.size=1Ti minio/minio
```
The above command deploys MinIO server with a 1Ti backing persistent volume.
Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example,
```bash
helm install --name my-release -f values.yaml minio/minio
```
### Persistence
This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by:
```bash
helm install --set persistence.enabled=false minio/minio
```
> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
### Existing PersistentVolumeClaim
If a Persistent Volume Claim already exists, specify it during installation.
1. Create the PersistentVolume
2. Create the PersistentVolumeClaim
3. Install the chart
```bash
helm install --set persistence.existingClaim=PVC_NAME minio/minio
```
### NetworkPolicy
To enable network policy for MinIO,
install [a networking plugin that implements the Kubernetes
NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin),
and set `networkPolicy.enabled` to `true`.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace:
```
kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```
With NetworkPolicy enabled, traffic will be limited to just port 9000.
For more precise policy, set `networkPolicy.allowExternal=true`. This will
only allow pods with the generated client label to connect to MinIO.
This label will be displayed in the output of a successful install.
### Existing secret
Instead of having this chart create the secret for you, you can supply a preexisting secret, much
like an existing PersistentVolumeClaim.
First, create the secret:
```bash
kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
```
Then install the chart, specifying that you want to use an existing secret:
```bash
helm install --set existingSecret=my-minio-secret minio/minio
```
The following fields are expected in the secret:
| .data.\<key\> in Secret | Corresponding variable | Description | Required |
|:------------------------|:-----------------------|:---------------|:---------|
| `rootUser` | `rootUser` | Root user. | yes |
| `rootPassword` | `rootPassword` | Root password. | yes |
All corresponding variables will be ignored in values file.
### Configure TLS
To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using
```bash
kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
```
Then install the chart, specifying that you want to use the TLS secret:
```bash
helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio
```
### Installing certificates from third party CAs
MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted.
For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`:
```
kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt
```
If TLS is not enabled, you would need only the third party CA:
```
kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt
```
The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter:
```
trustedCertsSecret: "minio-trusted-certs"
or
--set trustedCertsSecret=minio-trusted-certs
```
### Create buckets after install
Install the chart, specifying the buckets you want to create after install:
```bash
helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio
```
Description of the configuration parameters used above -
- `buckets[].name` - name of the bucket to create, must be a string with length > 0
- `buckets[].policy` - can be one of none|download|upload|public
- `buckets[].purge` - purge if bucket exists already
33# Create policies after install
Install the chart, specifying the policies you want to create after install:
```bash
helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio
```
Description of the configuration parameters used above -
- `policies[].name` - name of the policy to create, must be a string with length > 0
- `policies[].statements[]` - list of statements, includes actions and resources
- `policies[].statements[].resources[]` - list of resources that applies the statement
- `policies[].statements[].actions[]` - list of actions granted
### Create user after install
Install the chart, specifying the users you want to create after install:
```bash
helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio
```
Description of the configuration parameters used above -
- `users[].accessKey` - accessKey of user
- `users[].secretKey` - secretKey of usersecretRef
- `users[].existingSecret` - secret name that contains the secretKey of user
- `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey
- `users[].policy` - name of the policy to assign to user
## Uninstalling the Chart
Assuming your release is named as `my-release`, delete it using the command:
```bash
helm delete my-release
```
or
```bash
helm uninstall my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.

43
roles/cmoa_demo_install/files/01-storage/minio/templates/NOTES.txt
View File

@@ -1,43 +0,0 @@
{{- if eq .Values.service.type "ClusterIP" "NodePort" }}
MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
To access MinIO from localhost, run the below commands:
1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }}
Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/
You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client:
1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }}
3. mc ls {{ template "minio.fullname" . }}-local
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by:
kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }}
Note that the public IP may take a couple of minutes to be available.
You can now access MinIO server on http://<External-IP>:9000. Follow the below steps to connect to MinIO server with mc client:
1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@<External-IP>:{{ .Values.service.port }}
3. mc ls {{ template "minio.fullname" . }}
Alternately, you can use your browser or the MinIO SDK to access the server - https://docs.minio.io/categories/17
{{- end }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
{{ template "minio.fullname" . }}-client=true"
will be able to connect to this minio cluster.
{{- end }}

109
roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_create_bucket.txt
View File

@@ -1,109 +0,0 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkBucketExists ($bucket)
# Check if the bucket exists, by using the exit code of `mc ls`
checkBucketExists() {
BUCKET=$1
CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1)
return $?
}
# createBucket ($bucket, $policy, $purge)
# Ensure bucket exists, purging if asked to
createBucket() {
BUCKET=$1
POLICY=$2
PURGE=$3
VERSIONING=$4
# Purge the bucket, if set & exists
# Since PURGE is user input, check explicitly for `true`
if [ $PURGE = true ]; then
if checkBucketExists $BUCKET ; then
echo "Purging bucket '$BUCKET'."
set +e ; # don't exit if this fails
${MC} rm -r --force myminio/$BUCKET
set -e ; # reset `e` as active
else
echo "Bucket '$BUCKET' does not exist, skipping purge."
fi
fi
# Create the bucket if it does not exist
if ! checkBucketExists $BUCKET ; then
echo "Creating bucket '$BUCKET'"
${MC} mb myminio/$BUCKET
else
echo "Bucket '$BUCKET' already exists."
fi
# set versioning for bucket
if [ ! -z $VERSIONING ] ; then
if [ $VERSIONING = true ] ; then
echo "Enabling versioning for '$BUCKET'"
${MC} version enable myminio/$BUCKET
elif [ $VERSIONING = false ] ; then
echo "Suspending versioning for '$BUCKET'"
${MC} version suspend myminio/$BUCKET
fi
else
echo "Bucket '$BUCKET' versioning unchanged."
fi
# At this point, the bucket should exist, skip checking for existence
# Set policy on the bucket
echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
${MC} policy set $POLICY myminio/$BUCKET
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.buckets }}
{{ $global := . }}
# Create the buckets
{{- range .Values.buckets }}
createBucket {{ tpl .name $global }} {{ .policy }} {{ .purge }} {{ .versioning }}
{{- end }}
{{- end }}

75
roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_create_policy.txt
View File

@@ -1,75 +0,0 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkPolicyExists ($policy)
# Check if the policy exists, by using the exit code of `mc admin policy info`
checkPolicyExists() {
POLICY=$1
CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1)
return $?
}
# createPolicy($name, $filename)
createPolicy () {
NAME=$1
FILENAME=$2
# Create the name if it does not exist
echo "Checking policy: $NAME (in /config/$FILENAME.json)"
if ! checkPolicyExists $NAME ; then
echo "Creating policy '$NAME'"
else
echo "Policy '$NAME' already exists."
fi
${MC} admin policy add myminio $NAME /config/$FILENAME.json
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.policies }}
# Create the policies
{{- range $idx, $policy := .Values.policies }}
createPolicy {{ $policy.name }} policy_{{ $idx }}
{{- end }}
{{- end }}

88
roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_create_user.txt
View File

@@ -1,88 +0,0 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkUserExists ($username)
# Check if the user exists, by using the exit code of `mc admin user info`
checkUserExists() {
USER=$1
CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1)
return $?
}
# createUser ($username, $password, $policy)
createUser() {
USER=$1
PASS=$2
POLICY=$3
# Create the user if it does not exist
if ! checkUserExists $USER ; then
echo "Creating user '$USER'"
${MC} admin user add myminio $USER $PASS
else
echo "User '$USER' already exists."
fi
# set policy for user
if [ ! -z $POLICY -a $POLICY != " " ] ; then
echo "Adding policy '$POLICY' for '$USER'"
${MC} admin policy set myminio $POLICY user=$USER
else
echo "User '$USER' has no policy attached."
fi
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.users }}
{{ $global := . }}
# Create the users
{{- range .Values.users }}
{{- if .existingSecret }}
createUser {{ tpl .accessKey $global }} $(cat /config/secrets/{{ tpl .accessKey $global }}) {{ .policy }}
{{ else }}
createUser {{ tpl .accessKey $global }} {{ .secretKey }} {{ .policy }}
{{- end }}
{{- end }}
{{- end }}

58
roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_custom_command.txt
View File

@@ -1,58 +0,0 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# runCommand ($@)
# Run custom mc command
runCommand() {
${MC} "$@"
return $?
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.customCommands }}
# Run custom commands
{{- range .Values.customCommands }}
runCommand {{ .command }}
{{- end }}
{{- end }}

18
roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_policy.tpl
View File

@@ -1,18 +0,0 @@
{{- $statements_length := len .statements -}}
{{- $statements_length := sub $statements_length 1 -}}
{
"Version": "2012-10-17",
"Statement": [
{{- range $i, $statement := .statements }}
{
"Effect": "Allow",
"Action": [
"{{ $statement.actions | join "\",\n\"" }}"
]{{ if $statement.resources }},
"Resource": [
"{{ $statement.resources | join "\",\n\"" }}"
]{{ end }}
}{{ if lt $i $statements_length }},{{end }}
{{- end }}
]
}

218
roles/cmoa_demo_install/files/01-storage/minio/templates/_helpers.tpl
View File

@@ -1,218 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "minio.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "minio.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "minio.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "minio.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "minio.deployment.apiVersion" -}}
{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "minio.statefulset.apiVersion" -}}
{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "minio.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for console ingress.
*/}}
{{- define "minio.consoleIngress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Determine secret name.
*/}}
{{- define "minio.secretName" -}}
{{- if .Values.existingSecret -}}
{{- .Values.existingSecret }}
{{- else -}}
{{- include "minio.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Determine name for scc role and rolebinding
*/}}
{{- define "minio.sccRoleName" -}}
{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Properly format optional additional arguments to MinIO binary
*/}}
{{- define "minio.extraArgs" -}}
{{- range .Values.extraArgs -}}
{{ " " }}{{ . }}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "minio.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets }}
{{- end -}}
{{- else if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets }}
{{- end -}}
{{- end -}}
{{/*
Formats volumeMount for MinIO TLS keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolumeMount" -}}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume
mountPath: {{ .Values.certsPath }}
{{- end }}
{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }}
- name: trusted-cert-secret-volume
mountPath: {{ $casPath }}
{{- end }}
{{- end -}}
{{/*
Formats volume for MinIO TLS keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolume" -}}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: public.crt
- key: {{ .Values.tls.privateKey }}
path: private.key
{{- end }}
{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }}
{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }}
- name: trusted-cert-secret-volume
secret:
secretName: {{ $certSecret }}
{{- if ne $publicCrt "" }}
items:
- key: {{ $publicCrt }}
path: public.crt
{{- end }}
{{- end }}
{{- end -}}
{{/*
Returns the available value for certain key in an existing secret (if it exists),
otherwise it generates a random value.
*/}}
{{- define "minio.getValueFromSecret" }}
{{- $len := (default 16 .Length) | int -}}
{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
{{- if $obj }}
{{- index $obj .Key | b64dec -}}
{{- else -}}
{{- randAlphaNum $len -}}
{{- end -}}
{{- end }}
{{- define "minio.root.username" -}}
{{- if .Values.rootUser }}
{{- .Values.rootUser | toString }}
{{- else }}
{{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }}
{{- end }}
{{- end -}}
{{- define "minio.root.password" -}}
{{- if .Values.rootPassword }}
{{- .Values.rootPassword | toString }}
{{- else }}
{{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }}
{{- end }}
{{- end -}}

24
roles/cmoa_demo_install/files/01-storage/minio/templates/configmap.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
initialize: |-
{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }}
add-user: |-
{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }}
add-policy: |-
{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }}
{{- range $idx, $policy := .Values.policies }}
# {{ $policy.name }}
policy_{{ $idx }}.json: |-
{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }}
{{ end }}
custom-command: |-
{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }}

58
roles/cmoa_demo_install/files/01-storage/minio/templates/console-ingress.yaml
View File

@@ -1,58 +0,0 @@
{{- if .Values.consoleIngress.enabled -}}
{{- $fullName := printf "%s-console" (include "minio.fullname" .) -}}
{{- $servicePort := .Values.consoleService.port -}}
{{- $ingressPath := .Values.consoleIngress.path -}}
apiVersion: {{ template "minio.consoleIngress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.consoleIngress.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.consoleIngress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.consoleIngress.ingressClassName }}
ingressClassName: {{ .Values.consoleIngress.ingressClassName }}
{{- end }}
{{- if .Values.consoleIngress.tls }}
tls:
{{- range .Values.consoleIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.consoleIngress.hosts }}
- http:
paths:
- path: {{ $ingressPath }}
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- if . }}
host: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}

48
roles/cmoa_demo_install/files/01-storage/minio/templates/console-service.yaml
View File

@@ -1,48 +0,0 @@
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "minio.fullname" . }}-console
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.consoleService.annotations }}
annotations:
{{ toYaml .Values.consoleService.annotations | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }}
type: ClusterIP
{{- if not (empty .Values.consoleService.clusterIP) }}
clusterIP: {{ .Values.consoleService.clusterIP }}
{{end}}
{{- else if eq .Values.consoleService.type "LoadBalancer" }}
type: {{ .Values.consoleService.type }}
loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }}
{{- else }}
type: {{ .Values.consoleService.type }}
{{- end }}
ports:
- name: {{ $scheme }}
port: {{ .Values.consoleService.port }}
protocol: TCP
{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }}
nodePort: {{ .Values.consoleService.nodePort }}
{{- else }}
targetPort: {{ .Values.consoleService.port }}
{{- end}}
{{- if .Values.consoleService.externalIPs }}
externalIPs:
{{- range $i , $ip := .Values.consoleService.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}

174
roles/cmoa_demo_install/files/01-storage/minio/templates/deployment.yaml
View File

@@ -1,174 +0,0 @@
{{- if eq .Values.mode "standalone" }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
apiVersion: {{ template "minio.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
strategy:
type: {{ .Values.DeploymentUpdate.type }}
{{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ .Values.DeploymentUpdate.maxSurge }}
maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }}
{{- end}}
replicas: 1
selector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }}
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }}
{{- end }}
{{- end }}
{{ if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-ce"
- "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}"
volumeMounts:
- name: minio-user
mountPath: "/tmp/credentials"
readOnly: true
{{- if .Values.persistence.enabled }}
- name: export
mountPath: {{ .Values.mountPath }}
{{- if .Values.persistence.subPath }}
subPath: "{{ .Values.persistence.subPath }}"
{{- end }}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
- name: {{ $scheme }}-console
containerPort: {{ .Values.minioConsolePort }}
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootPassword
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- if .Values.etcd.endpoints }}
- name: MINIO_ETCD_ENDPOINTS
value: {{ join "," .Values.etcd.endpoints | quote }}
{{- if .Values.etcd.clientCert }}
- name: MINIO_ETCD_CLIENT_CERT
value: "/tmp/credentials/etcd_client_cert.pem"
{{- end }}
{{- if .Values.etcd.clientCertKey }}
- name: MINIO_ETCD_CLIENT_CERT_KEY
value: "/tmp/credentials/etcd_client_cert_key.pem"
{{- end }}
{{- if .Values.etcd.pathPrefix }}
- name: MINIO_ETCD_PATH_PREFIX
value: {{ .Values.etcd.pathPrefix }}
{{- end }}
{{- if .Values.etcd.corednsPathPrefix }}
- name: MINIO_ETCD_COREDNS_PATH
value: {{ .Values.etcd.corednsPathPrefix }}
{{- end }}
{{- end }}
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: export
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
secret:
secretName: {{ .Values.extraSecret }}
{{- end }}
- name: minio-user
secret:
secretName: {{ template "minio.secretName" . }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
{{- end }}

173
roles/cmoa_demo_install/files/01-storage/minio/templates/gateway-deployment.yaml
View File

@@ -1,173 +0,0 @@
{{- if eq .Values.mode "gateway" }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
apiVersion: {{ template "minio.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
strategy:
type: {{ .Values.DeploymentUpdate.type }}
{{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ .Values.DeploymentUpdate.maxSurge }}
maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }}
{{- end}}
replicas: {{ .Values.gateway.replicas }}
selector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{ if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-ce"
{{- if eq .Values.gateway.type "nas" }}
- "/usr/bin/docker-entrypoint.sh minio gateway nas {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }} "
{{- end }}
volumeMounts:
- name: minio-user
mountPath: "/tmp/credentials"
readOnly: true
{{- if .Values.persistence.enabled }}
- name: export
mountPath: {{ .Values.mountPath }}
{{- if .Values.persistence.subPath }}
subPath: "{{ .Values.persistence.subPath }}"
{{- end }}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
- name: {{ $scheme }}-console
containerPort: {{ .Values.minioConsolePort }}
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootPassword
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- if .Values.etcd.endpoints }}
- name: MINIO_ETCD_ENDPOINTS
value: {{ join "," .Values.etcd.endpoints | quote }}
{{- if .Values.etcd.clientCert }}
- name: MINIO_ETCD_CLIENT_CERT
value: "/tmp/credentials/etcd_client.crt"
{{- end }}
{{- if .Values.etcd.clientCertKey }}
- name: MINIO_ETCD_CLIENT_CERT_KEY
value: "/tmp/credentials/etcd_client.key"
{{- end }}
{{- if .Values.etcd.pathPrefix }}
- name: MINIO_ETCD_PATH_PREFIX
value: {{ .Values.etcd.pathPrefix }}
{{- end }}
{{- if .Values.etcd.corednsPathPrefix }}
- name: MINIO_ETCD_COREDNS_PATH
value: {{ .Values.etcd.corednsPathPrefix }}
{{- end }}
{{- end }}
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: export
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
- name: minio-user
secret:
secretName: {{ template "minio.secretName" . }}
{{- if .Values.extraSecret }}
- name: extra-secret
secret:
secretName: {{ .Values.extraSecret }}
{{- end }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
{{- end }}

58
roles/cmoa_demo_install/files/01-storage/minio/templates/ingress.yaml
View File

@@ -1,58 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "minio.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: {{ template "minio.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.ingress.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- http:
paths:
- path: {{ $ingressPath }}
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- if . }}
host: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}

27
roles/cmoa_demo_install/files/01-storage/minio/templates/networkpolicy.yaml
View File

@@ -1,27 +0,0 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "minio.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
ingress:
- ports:
- port: {{ .Values.service.port }}
- port: {{ .Values.consoleService.port }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "minio.name" . }}-client: "true"
{{- end }}
{{- end }}

14
roles/cmoa_demo_install/files/01-storage/minio/templates/poddisruptionbudget.yaml
View File

@@ -1,14 +0,0 @@
{{- if .Values.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: minio
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
spec:
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
selector:
matchLabels:
app: {{ template "minio.name" . }}
{{- end }}

87
roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-create-bucket-job.yaml
View File

@@ -1,87 +0,0 @@
{{- if .Values.buckets }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-make-bucket-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-make-bucket-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.makeBucketJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.makeBucketJob.podAnnotations }}
annotations:
{{ toYaml .Values.makeBucketJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.makeBucketJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.makeBucketJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.makeBucketJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.makeBucketJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/initialize"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.makeBucketJob.resources | indent 10 }}
{{- end }}

87
roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-create-policy-job.yaml
View File

@@ -1,87 +0,0 @@
{{- if .Values.policies }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-make-policies-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-make-policies-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.makePolicyJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.makePolicyJob.podAnnotations }}
annotations:
{{ toYaml .Values.makePolicyJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.makePolicyJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.makePolicyJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.makePolicyJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.makePolicyJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.makePolicyJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/add-policy"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.makePolicyJob.resources | indent 10 }}
{{- end }}

97
roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-create-user-job.yaml
View File

@@ -1,97 +0,0 @@
{{- $global := . -}}
{{- if .Values.users }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-make-user-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-make-user-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.makeUserJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.makeUserJob.podAnnotations }}
annotations:
{{ toYaml .Values.makeUserJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.makeUserJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.makeUserJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.makeUserJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.makeUserJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- range .Values.users }}
{{- if .existingSecret }}
- secret:
name: {{ tpl .existingSecret $global }}
items:
- key: {{ .existingSecretKey }}
path: secrets/{{ tpl .accessKey $global }}
{{- end }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/add-user"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.makeUserJob.resources | indent 10 }}
{{- end }}

87
roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-custom-command.yaml
View File

@@ -1,87 +0,0 @@
{{- if .Values.customCommands }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-custom-command-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-custom-command-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.customCommandJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.customCommandJob.podAnnotations }}
annotations:
{{ toYaml .Values.customCommandJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.customCommandJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.customCommandJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.customCommandJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.customCommandJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.customCommandJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.customCommandJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/custom-command"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.customCommandJob.resources | indent 10 }}
{{- end }}

35
roles/cmoa_demo_install/files/01-storage/minio/templates/pvc.yaml
View File

@@ -1,35 +0,0 @@
{{- if eq .Values.mode "standalone" }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.persistence.VolumeName }}
volumeName: "{{ .Values.persistence.VolumeName }}"
{{- end }}
{{- end }}
{{- end }}

22
roles/cmoa_demo_install/files/01-storage/minio/templates/secrets.yaml
View File

@@ -1,22 +0,0 @@
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "minio.secretName" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
rootUser: {{ include "minio.root.username" . | b64enc | quote }}
rootPassword: {{ include "minio.root.password" . | b64enc | quote }}
{{- if .Values.etcd.clientCert }}
etcd_client.crt: {{ .Values.etcd.clientCert | toString | b64enc | quote }}
{{- end }}
{{- if .Values.etcd.clientCertKey }}
etcd_client.key: {{ .Values.etcd.clientCertKey | toString | b64enc | quote }}
{{- end }}
{{- end }}

45
roles/cmoa_demo_install/files/01-storage/minio/templates/securitycontextconstraints.yaml
View File

@@ -1,45 +0,0 @@
{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: []
readOnlyRootFilesystem: false
defaultAddCapabilities: []
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
fsGroup:
type: MustRunAs
ranges:
- max: {{ .Values.securityContext.fsGroup }}
min: {{ .Values.securityContext.fsGroup }}
runAsUser:
type: MustRunAs
uid: {{ .Values.securityContext.runAsUser }}
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
{{- end }}

49
roles/cmoa_demo_install/files/01-storage/minio/templates/service.yaml
View File

@@ -1,49 +0,0 @@
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
monitoring: "true"
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }}
type: ClusterIP
{{- if not (empty .Values.service.clusterIP) }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
ports:
- name: {{ $scheme }}
port: {{ .Values.service.port }}
protocol: TCP
{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }}
nodePort: {{ .Values.service.nodePort }}
{{- else }}
targetPort: 9000
{{- end}}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- range $i , $ip := .Values.service.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}

7
roles/cmoa_demo_install/files/01-storage/minio/templates/serviceaccount.yaml
View File

@@ -1,7 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name | quote }}
namespace: {{ .Release.Namespace | quote }}
{{- end -}}

51
roles/cmoa_demo_install/files/01-storage/minio/templates/servicemonitor.yaml
View File

@@ -1,51 +0,0 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "minio.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{ else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
spec:
endpoints:
{{- if .Values.tls.enabled }}
- port: https
scheme: https
{{ else }}
- port: http
scheme: http
{{- end }}
path: /minio/v2/metrics/cluster
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelConfigs }}
{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }}
{{- end }}
{{- if not .Values.metrics.serviceMonitor.public }}
bearerTokenSecret:
name: {{ template "minio.fullname" . }}-prometheus
key: token
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
selector:
matchLabels:
app: {{ include "minio.name" . }}
release: {{ .Release.Name }}
monitoring: "true"
{{- end }}

217
roles/cmoa_demo_install/files/01-storage/minio/templates/statefulset.yaml
View File

@@ -1,217 +0,0 @@
{{- if eq .Values.mode "distributed" }}
{{ $poolCount := .Values.pools | int }}
{{ $nodeCount := .Values.replicas | int }}
{{ $drivesPerNode := .Values.drivesPerNode | int }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $mountPath := .Values.mountPath }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
{{ $subPath := .Values.persistence.subPath }}
{{ $penabled := .Values.persistence.enabled }}
{{ $accessMode := .Values.persistence.accessMode }}
{{ $storageClass := .Values.persistence.storageClass }}
{{ $psize := .Values.persistence.size }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "minio.fullname" . }}-svc
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
publishNotReadyAddresses: true
clusterIP: None
ports:
- name: {{ $scheme }}
port: {{ .Values.service.port }}
protocol: TCP
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
---
apiVersion: {{ template "minio.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
updateStrategy:
type: {{ .Values.StatefulSetUpdate.updateStrategy }}
podManagementPolicy: "Parallel"
serviceName: {{ template "minio.fullname" . }}-svc
replicas: {{ mul $poolCount $nodeCount }}
selector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }}
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }}
{{- end }}
{{- end }}
{{ if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "/bin/sh",
"-ce",
"/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ]
volumeMounts:
{{- if $penabled }}
{{- if (gt $drivesPerNode 1) }}
{{- range $i := until $drivesPerNode }}
- name: export-{{ $i }}
mountPath: {{ $mountPath }}-{{ $i }}
{{- if and $penabled $subPath }}
subPath: {{ $subPath }}
{{- end }}
{{- end }}
{{- else }}
- name: export
mountPath: {{ $mountPath }}
{{- if and $penabled $subPath }}
subPath: {{ $subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
- name: {{ $scheme }}-console
containerPort: {{ .Values.minioConsolePort }}
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootPassword
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: minio-user
secret:
secretName: {{ template "minio.secretName" . }}
{{- if .Values.extraSecret }}
- name: extra-secret
secret:
secretName: {{ .Values.extraSecret }}
{{- end }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
{{- if gt $drivesPerNode 1 }}
{{- range $diskId := until $drivesPerNode}}
- metadata:
name: export-{{ $diskId }}
{{- if $.Values.persistence.annotations }}
annotations:
{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }}
{{- end }}
spec:
accessModes: [ {{ $accessMode | quote }} ]
{{- if $storageClass }}
storageClassName: {{ $storageClass }}
{{- end }}
resources:
requests:
storage: {{ $psize }}
{{- end }}
{{- else }}
- metadata:
name: export
{{- if $.Values.persistence.annotations }}
annotations:
{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }}
{{- end }}
spec:
accessModes: [ {{ $accessMode | quote }} ]
{{- if $storageClass }}
storageClassName: {{ $storageClass }}
{{- end }}
resources:
requests:
storage: {{ $psize }}
{{- end }}
{{- end }}
{{- end }}

461
roles/cmoa_demo_install/files/01-storage/minio/values.yaml
View File

@@ -1,461 +0,0 @@
## Provide a name in place of minio for `app:` labels
##
nameOverride: ""
## Provide a name to substitute for the full names of resources
##
fullnameOverride: ""
## set kubernetes cluster domain where minio is running
##
clusterDomain: cluster.local
## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the
##
image:
repository: 10.10.31.243:5000/cmoa3/minio
tag: RELEASE.2022-05-08T23-50-31Z
pullPolicy: IfNotPresent
imagePullSecrets:
- name: "regcred"
# - name: "image-pull-secret"
## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
## client used to create a default bucket).
##
mcImage:
repository: 10.10.31.243:5000/cmoa3/mc
tag: RELEASE.2022-05-09T04-08-26Z
pullPolicy: IfNotPresent
## minio mode, i.e. standalone or distributed or gateway.
mode: distributed ## other supported values are "standalone", "gateway"
## Additional labels to include with deployment or statefulset
additionalLabels: []
## Additional annotations to include with deployment or statefulset
additionalAnnotations: []
## Typically the deployment/statefulset includes checksums of secrets/config,
## So that when these change on a subsequent helm install, the deployment/statefulset
## is restarted. This can result in unnecessary restarts under GitOps tooling such as
## flux, so set to "true" to disable this behaviour.
ignoreChartChecksums: false
## Additional arguments to pass to minio binary
extraArgs: []
## Port number for MinIO S3 API Access
minioAPIPort: "9000"
## Port number for MinIO Browser COnsole Access
minioConsolePort: "9001"
## Update strategy for Deployments
DeploymentUpdate:
type: RollingUpdate
maxUnavailable: 0
maxSurge: 100%
## Update strategy for StatefulSets
StatefulSetUpdate:
updateStrategy: RollingUpdate
## Pod priority settings
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## Set default rootUser, rootPassword
## AccessKey and secretKey is generated when not set
## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide
##
rootUser: "admin"
rootPassword: "passW0rd"
## Use existing Secret that store following variables:
##
## | Chart var | .data.<key> in Secret |
## |:----------------------|:-------------------------|
## | rootUser | rootUser |
## | rootPassword | rootPassword |
##
## All mentioned variables will be ignored in values file.
## .data.rootUser and .data.rootPassword are mandatory,
## others depend on enabled status of corresponding sections.
existingSecret: ""
## Directory on the MinIO pof
certsPath: "/etc/minio/certs/"
configPathmc: "/etc/minio/mc/"
## Path where PV would be mounted on the MinIO Pod
mountPath: "/export"
## Override the root directory which the minio server should serve from.
## If left empty, it defaults to the value of {{ .Values.mountPath }}
## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }}
##
bucketRoot: ""
# Number of drives attached to a node
drivesPerNode: 2
# Number of MinIO containers running
#replicas: 16
replicas: 2
# Number of expanded MinIO clusters
pools: 1
# Deploy if 'mode == gateway' - 4 replicas.
gateway:
type: "nas" # currently only "nas" are supported.
replicas: 4
## TLS Settings for MinIO
tls:
enabled: false
## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
certSecret: ""
publicCrt: public.crt
privateKey: private.key
## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas
## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt.
## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret.
trustedCertsSecret: ""
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: true
annotations: {}
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: ""
## minio data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
## Storage class of PV to bind. By default it looks for standard storage class.
## If the PV uses a different storage class, specify that here.
storageClass: "exem-local-storage"
VolumeName: ""
accessMode: ReadWriteOnce
size: 50Gi
## If subPath is set mount a sub folder of a volume instead of the root of the volume.
## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
##
subPath: ""
## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
#service:
# type: NodePort
# clusterIP: ~
## Make sure to match it to minioAPIPort
# port: "9000"
# nodePort: "32002"
service:
type: ClusterIP
clusterIP: ~
## Make sure to match it to minioAPIPort
port: "9000"
## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
enabled: false
# ingressClassName: ""
labels: {}
# node-role.kubernetes.io/ingress: platform
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# kubernetes.io/ingress.allow-http: "false"
# kubernetes.io/ingress.global-static-ip-name: ""
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
path: /
hosts:
- minio-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
consoleService:
type: NodePort
clusterIP: ~
## Make sure to match it to minioConsolePort
port: "9001"
nodePort: "32001"
consoleIngress:
enabled: false
# ingressClassName: ""
labels: {}
# node-role.kubernetes.io/ingress: platform
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# kubernetes.io/ingress.allow-http: "false"
# kubernetes.io/ingress.global-static-ip-name: ""
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
path: /
hosts:
- console.minio-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
tolerations: []
affinity: {}
## Add stateful containers to have security context, if enabled MinIO will run as this
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
securityContext:
enabled: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
# Additational pod annotations
podAnnotations: {}
# Additional pod labels
podLabels: {}
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
#memory: 16Gi
memory: 1Gi
cpu: 200m
## List of policies to be created after minio install
##
## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## you can define additional policies with custom supported actions and resources
policies: []
## writeexamplepolicy policy grants creation or deletion of buckets with name
## starting with example. In addition, grants objects write permissions on buckets starting with
## example.
# - name: writeexamplepolicy
# statements:
# - resources:
# - 'arn:aws:s3:::example*/*'
# actions:
# - "s3:AbortMultipartUpload"
# - "s3:GetObject"
# - "s3:DeleteObject"
# - "s3:PutObject"
# - "s3:ListMultipartUploadParts"
# - resources:
# - 'arn:aws:s3:::example*'
# actions:
# - "s3:CreateBucket"
# - "s3:DeleteBucket"
# - "s3:GetBucketLocation"
# - "s3:ListBucket"
# - "s3:ListBucketMultipartUploads"
## readonlyexamplepolicy policy grants access to buckets with name starting with example.
## In addition, grants objects read permissions on buckets starting with example.
# - name: readonlyexamplepolicy
# statements:
# - resources:
# - 'arn:aws:s3:::example*/*'
# actions:
# - "s3:GetObject"
# - resources:
# - 'arn:aws:s3:::example*'
# actions:
# - "s3:GetBucketLocation"
# - "s3:ListBucket"
# - "s3:ListBucketMultipartUploads"
## Additional Annotations for the Kubernetes Job makePolicyJob
makePolicyJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## List of users to be created after minio install
##
users:
## Username, password and policy to be assigned to the user
## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## Add new policies as explained here https://docs.min.io/docs/minio-multi-user-quickstart-guide.html
## NOTE: this will fail if LDAP is enabled in your MinIO deployment
## make sure to disable this if you are using LDAP.
- accessKey: cloudmoa
secretKey: admin1234
policy: consoleAdmin
# Or you can refer to specific secret
#- accessKey: externalSecret
# existingSecret: my-secret
# existingSecretKey: password
# policy: readonly
## Additional Annotations for the Kubernetes Job makeUserJob
makeUserJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## List of buckets to be created after minio install
##
buckets:
- name: cortex-bucket
policy: none
purge: false
versioning: false
# # Name of the bucket
# - name: bucket1
# # Policy to be set on the
# # bucket [none|download|upload|public]
# policy: none
# # Purge if bucket exists already
# purge: false
# # set versioning for
# # bucket [true|false]
# versioning: false
# - name: bucket2
# policy: none
# purge: false
# versioning: true
## Additional Annotations for the Kubernetes Job makeBucketJob
makeBucketJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## List of command to run after minio install
## NOTE: the mc command TARGET is always "myminio"
customCommands:
# - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'"
## Additional Annotations for the Kubernetes Job customCommandJob
customCommandJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
## when Chart is deployed
environment:
## Please refer for comprehensive list https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
## MINIO_BROWSER: "off"
## The name of a secret in the same kubernetes namespace which contain secret values
## This can be useful for LDAP password, etc
## The key in the secret must be 'config.env'
##
# extraSecret: minio-extraenv
networkPolicy:
enabled: false
allowExternal: true
## PodDisruptionBudget settings
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
##
podDisruptionBudget:
enabled: false
maxUnavailable: 1
## Specify the service account to use for the MinIO pods. If 'create' is set to 'false'
## and 'name' is left unspecified, the account 'default' will be used.
serviceAccount:
create: true
## The name of the service account to use. If 'create' is 'true', a service account with that name
## will be created.
name: "minio-sa"
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
relabelConfigs: {}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md
## Define endpoints to enable this section.
etcd:
endpoints: []
pathPrefix: ""
corednsPathPrefix: ""
clientCert: ""
clientCertKey: ""

161
roles/cmoa_demo_install/files/02-base/00-kafka-broker-config.yaml
View File

@@ -1,161 +0,0 @@
kind: ConfigMap
metadata:
name: broker-config
namespace: imxc
apiVersion: v1
data:
init.sh: |-
#!/bin/bash
set -e
set -x
cp /etc/kafka-configmap/log4j.properties /etc/kafka/
KAFKA_BROKER_ID=${HOSTNAME##*-}
SEDS=("s/#init#broker.id=#init#/broker.id=$KAFKA_BROKER_ID/")
LABELS="kafka-broker-id=$KAFKA_BROKER_ID"
ANNOTATIONS=""
hash kubectl 2>/dev/null || {
SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# kubectl not found in path/")
} && {
ZONE=$(kubectl get node "$NODE_NAME" -o=go-template='{{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}')
if [ $? -ne 0 ]; then
SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# zone lookup failed, see -c init-config logs/")
elif [ "x$ZONE" == "x<no value>" ]; then
SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# zone label not found for node $NODE_NAME/")
else
SEDS+=("s/#init#broker.rack=#init#/broker.rack=$ZONE/")
LABELS="$LABELS kafka-broker-rack=$ZONE"
fi
# Node Port 설정 주석처리
# OUTSIDE_HOST=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}')
OUTSIDE_HOST=kafka-outside-${KAFKA_BROKER_ID}
GLOBAL_HOST=kafka-global-${KAFKA_BROKER_ID}
if [ $? -ne 0 ]; then
echo "Outside (i.e. cluster-external access) host lookup command failed"
else
OUTSIDE_PORT=3240${KAFKA_BROKER_ID}
GLOBAL_PORT=3250${KAFKA_BROKER_ID}
# datagate 도입했으므로 Kube DNS 기반 통신
SEDS+=("s|#init#advertised.listeners=OUTSIDE://#init#|advertised.listeners=OUTSIDE://${OUTSIDE_HOST}:${OUTSIDE_PORT},GLOBAL://${GLOBAL_HOST}:${GLOBAL_PORT}|")
ANNOTATIONS="$ANNOTATIONS kafka-listener-outside-host=$OUTSIDE_HOST kafka-listener-outside-port=$OUTSIDE_PORT"
fi
if [ ! -z "$LABELS" ]; then
kubectl -n $POD_NAMESPACE label pod $POD_NAME $LABELS || echo "Failed to label $POD_NAMESPACE.$POD_NAME - RBAC issue?"
fi
if [ ! -z "$ANNOTATIONS" ]; then
kubectl -n $POD_NAMESPACE annotate pod $POD_NAME $ANNOTATIONS || echo "Failed to annotate $POD_NAMESPACE.$POD_NAME - RBAC issue?"
fi
}
printf '%s\n' "${SEDS[@]}" | sed -f - /etc/kafka-configmap/server.properties > /etc/kafka/server.properties.tmp
[ $? -eq 0 ] && mv /etc/kafka/server.properties.tmp /etc/kafka/server.properties
server.properties: |-
log.dirs=/var/lib/kafka/data/topics
############################# Zookeeper #############################
zookeeper.connect=zookeeper:2181
#zookeeper.connection.timeout.ms=6000
############################# Group Coordinator Settings #############################
#group.initial.rebalance.delay.ms=0
############################# Thread #############################
#background.threads=10
#num.recovery.threads.per.data.dir=1
############################# Topic #############################
auto.create.topics.enable=true
delete.topic.enable=true
default.replication.factor=2
############################# Msg Replication #############################
min.insync.replicas=1
num.io.threads=10
num.network.threads=4
num.replica.fetchers=4
replica.fetch.min.bytes=1
socket.receive.buffer.bytes=1048576
socket.send.buffer.bytes=1048576
replica.socket.receive.buffer.bytes=1048576
socket.request.max.bytes=204857600
############################# Partition #############################
#auto.leader.rebalance.enable=true
num.partitions=12
############################# Log size #############################
message.max.bytes=204857600
max.message.bytes=204857600
############################# Log Flush Policy #############################
#log.flush.interval.messages=10000
#log.flush.interval.ms=1000
############################# Log Retention Policy #############################
log.retention.minutes=1
offsets.retention.minutes=1440
#log.retention.bytes=1073741824
#log.segment.bytes=1073741824
log.retention.check.interval.ms=10000
############################# Internal Topic Settings #############################
offsets.topic.replication.factor=1
#transaction.state.log.replication.factor=1
#transaction.state.log.min.isr=1
############################# ETC #############################
listeners=OUTSIDE://:9094,PLAINTEXT://:9092,GLOBAL://:9095
listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL,OUTSIDE:PLAINTEXT,GLOBAL:PLAINTEXT
#listeners=PLAINTEXT://:9092
inter.broker.listener.name=PLAINTEXT
#init#broker.id=#init#
#init#broker.rack=#init#
log4j.properties: |-
# Unspecified loggers and loggers with additivity=true output to server.log and stdout
# Note that INFO only applies to unspecified loggers, the log level of the child logger is used otherwise
log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log
log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log
log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log
log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log
log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log
log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log
log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
# Change the two lines below to adjust ZK client logging
log4j.logger.org.I0Itec.zkclient.ZkClient=INFO
log4j.logger.org.apache.zookeeper=INFO
# Change the two lines below to adjust the general broker logging level (output to server.log and stdout)
log4j.logger.kafka=INFO
log4j.logger.org.apache.kafka=INFO
# Change to DEBUG or TRACE to enable request logging
log4j.logger.kafka.request.logger=WARN, requestAppender
log4j.additivity.kafka.request.logger=false
# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output
# related to the handling of requests
#log4j.logger.kafka.network.Processor=TRACE, requestAppender
#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender
#log4j.additivity.kafka.server.KafkaApis=false
log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender
log4j.additivity.kafka.network.RequestChannel$=false
log4j.logger.kafka.controller=TRACE, controllerAppender
log4j.additivity.kafka.controller=false
log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender
log4j.additivity.kafka.log.LogCleaner=false
log4j.logger.state.change.logger=TRACE, stateChangeAppender
log4j.additivity.state.change.logger=false
# Change to DEBUG to enable audit log for the authorizer
log4j.logger.kafka.authorizer.logger=WARN, authorizerAppender
log4j.additivity.kafka.authorizer.logger=false

35
roles/cmoa_demo_install/files/02-base/01-coredns.yaml
View File

@@ -1,35 +0,0 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: kube-dns
kubernetes.io/name: coredns
name: coredns
namespace: kube-system
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: dns
port: 53
protocol: UDP
targetPort: 53
- name: dns-tcp
port: 53
protocol: TCP
targetPort: 53
- name: metrics
port: 9153
protocol: TCP
targetPort: 9153
selector:
k8s-app: kube-dns
sessionAffinity: None
type: ClusterIP

22
roles/cmoa_demo_install/files/02-base/base/.helmignore
View File

@@ -1,22 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
roles/cmoa_demo_install/files/02-base/base/Chart.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: base
version: 0.1.0

22
roles/cmoa_demo_install/files/02-base/base/charts/analysis/.helmignore
View File

@@ -1,22 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
roles/cmoa_demo_install/files/02-base/base/charts/analysis/Chart.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: analysis
version: 0.1.0

87
roles/cmoa_demo_install/files/02-base/base/charts/analysis/templates/imxc-metric-analyzer-master.yaml
View File

@@ -1,87 +0,0 @@
#docker run -d --hostname my-rabbit --name some-rabbit -p 8080:15672 -p 5672:5672 rabbitmq:3-management
---
kind: Service
apiVersion: v1
metadata:
name: metric-analyzer-master
namespace: imxc
spec:
# clusterIP: None # We need a headless service to allow the pods to discover each
ports: # other during autodiscover phase for cluster creation.
- name: http # A ClusterIP will prevent resolving dns requests for other pods
protocol: TCP # under the same service.
port: 15672
targetPort: 15672
# nodePort: 30001
- name: amqp
protocol: TCP
port: 5672
targetPort: 5672
# nodePort: 30002
selector:
app: metric-analyzer-master
# type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metric-analyzer-master
name: metric-analyzer-master
namespace: imxc
spec:
replicas: 1
selector:
matchLabels:
app: metric-analyzer-master
template:
metadata:
labels:
app: metric-analyzer-master
spec:
containers:
- image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric_analyzer:{{ .Values.global.METRIC_ANALYZER_MASTER_VERSION }}
imagePullPolicy: IfNotPresent
name: master
# volumeMounts:
# - mountPath: /etc/localtime
# name: timezone-config
env:
- name: BROKER
value: base-rabbitmq
- name: IMXC_RABBITMQ_CLIENT_ID
value: "user"
- name: IMXC_RABBITMQ_CLIENT_PASSWORD
value: "eorbahrhkswp"
- name: POSTGRES_SERVER
value: postgres
- name: POSTGRES_USER
value: admin
- name: POSTGRES_PW
value: eorbahrhkswp
- name: POSTGRES_DB
value: postgresdb
- name: PROMETHEUS_URL
value: http://base-cortex-nginx/prometheus
- name: POSTGRES_PORT
value: "5432"
- name: ES_SERVER
value: elasticsearch
- name: ES_PORT
value: "9200"
- name: ES_ID
value: "elastic"
- name: ES_PWD
value: "elastic"
- name: LOG_LEVEL
value: INFO
- name: AI_TYPE
value: BASELINE
- name: BASELINE_SIZE
value: "3"
- name: CHECK_DAY
value: "2"
resources:
requests:
memory: "100Mi"

38
roles/cmoa_demo_install/files/02-base/base/charts/analysis/templates/imxc-metric-analyzer-worker.yaml
View File

@@ -1,38 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metric-analyzer-worker
name: metric-analyzer-worker
namespace: imxc
spec:
replicas: 10
selector:
matchLabels:
app: metric-analyzer-worker
template:
metadata:
labels:
app: metric-analyzer-worker
spec:
containers:
- image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric_analyzer_worker:{{ .Values.global.METRIC_ANALYZER_WORKER_VERSION }}
imagePullPolicy: IfNotPresent
name: worker
# volumeMounts:
# - mountPath: /etc/localtime
# name: timezone-config
env:
- name: BROKER
value: base-rabbitmq
- name: IMXC_RABBITMQ_CLIENT_ID
value: "user"
- name: IMXC_RABBITMQ_CLIENT_PASSWORD
value: "eorbahrhkswp"
# volumes:
# - hostPath:
# path: /usr/share/zoneinfo/Asia/Seoul
# name: timezone-config
resources:
requests:
memory: "100Mi"

68
roles/cmoa_demo_install/files/02-base/base/charts/analysis/values.yaml
View File

@@ -1,68 +0,0 @@
# Default values for analysis.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: 10.10.31.243:5000/cmoa3/nginx
tag: stable
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

29
roles/cmoa_demo_install/files/02-base/base/charts/cortex/.helmignore
View File

@@ -1,29 +0,0 @@
# Git
.git/
.gitignore
.github/
# IDE
.project
.idea/
*.tmproj
# Common backup files
*.swp
*.bak
*.tmp
*~
# Cortex ignore
docs/
tools/
ct.yaml
ci/
README.md.gotmpl
.prettierignore
CHANGELOG.md
MAINTAINERS.md
LICENSE
Makefile
renovate.json

24
roles/cmoa_demo_install/files/02-base/base/charts/cortex/Chart.lock
View File

@@ -1,24 +0,0 @@
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
digest: sha256:a6b7c1239f9cabc85dd647798a6f92ae8a9486756ab1e87fc11af2180ab03ee4
generated: "2021-12-25T19:21:57.666697218Z"

56
roles/cmoa_demo_install/files/02-base/base/charts/cortex/Chart.yaml
View File

@@ -1,56 +0,0 @@
apiVersion: v2
appVersion: v1.11.0
dependencies:
- alias: memcached
condition: memcached.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-index-read
condition: memcached-index-read.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-index-write
condition: memcached-index-write.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-frontend
condition: memcached-frontend.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-blocks-index
name: memcached
repository: https://charts.bitnami.com/bitnami
tags:
- blocks-storage-memcached
version: 5.15.12
- alias: memcached-blocks
name: memcached
repository: https://charts.bitnami.com/bitnami
tags:
- blocks-storage-memcached
version: 5.15.12
- alias: memcached-blocks-metadata
name: memcached
repository: https://charts.bitnami.com/bitnami
tags:
- blocks-storage-memcached
version: 5.15.12
description: Horizontally scalable, highly available, multi-tenant, long term Prometheus.
home: https://cortexmetrics.io/
icon: https://avatars2.githubusercontent.com/u/43045022?s=200&v=4
kubeVersion: ^1.19.0-0
maintainers:
- email: thayward@infoblox.com
name: Tom Hayward
url: https://github.com/kd7lxl
- email: Niclas.Schad@plusserver.com
name: Niclas Schad
url: https://github.com/ShuzZzle
name: cortex
sources:
- https://github.com/cortexproject/cortex-helm-chart
version: 1.2.0

754
roles/cmoa_demo_install/files/02-base/base/charts/cortex/README.md
View File

@@ -1,754 +0,0 @@
<!-- README.md is a generated file. Make any changes in README.md.gotmpl or values.yaml. -->
# cortex
![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: v1.11.0](https://img.shields.io/badge/AppVersion-v1.11.0-informational?style=flat-square)
Horizontally scalable, highly available, multi-tenant, long term Prometheus.
**Homepage:** <https://cortexmetrics.io/>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| Tom Hayward | thayward@infoblox.com | https://github.com/kd7lxl |
| Niclas Schad | Niclas.Schad@plusserver.com | https://github.com/ShuzZzle |
## Documentation
Checkout our documentation for the cortex-helm-chart [here](https://cortexproject.github.io/cortex-helm-chart/)
## Dependencies
### Key-Value store
Cortex requires a Key-Value (KV) store to store the ring. It can use traditional KV stores like [Consul](https://www.consul.io/) or [etcd](https://etcd.io/), but it can also build its own KV store on top of memberlist library using a gossip algorithm.
The recommended approach is to use the built-in memberlist as a KV store, where supported.
External KV stores can be installed alongside Cortex using their respective helm charts https://github.com/bitnami/charts/tree/master/bitnami/etcd and https://github.com/helm/charts/tree/master/stable/consul.
### Storage
Cortex requires a storage backend to store metrics and indexes.
See [cortex documentation](https://cortexmetrics.io/docs/) for details on storage types and documentation
## Installation
[Helm](https://helm.sh) must be installed to use the charts.
Please refer to Helm's [documentation](https://helm.sh/docs/) to get started.
Once Helm is set up properly, add the repo as follows:
```bash
helm repo add cortex-helm https://cortexproject.github.io/cortex-helm-chart
```
Cortex can now be installed with the following command:
```bash
helm install cortex --namespace cortex cortex-helm/cortex
```
If you have custom options or values you want to override:
```bash
helm install cortex --namespace cortex -f my-cortex-values.yaml cortex-helm/cortex
```
Specific versions of the chart can be installed using the `--version` option, with the default being the latest release.
What versions are available for installation can be listed with the following command:
```bash
helm search repo cortex-helm
```
As part of this chart many different pods and services are installed which all
have varying resource requirements. Please make sure that you have sufficient
resources (CPU/memory) available in your cluster before installing Cortex Helm
chart.
## Upgrades
To upgrade Cortex use the following command:
```bash
helm upgrade cortex -f my-cortex-values.yaml cortex-helm/cortex
```
Note that it might be necessary to use `--reset-values` since some default values in the values.yaml might have changed or were removed.
Source code can be found [here](https://cortexmetrics.io/)
## Requirements
Kubernetes: `^1.19.0-0`
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | memcached(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-index-read(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-index-write(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-frontend(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-blocks-index(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-blocks(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-blocks-metadata(memcached) | 5.15.12 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alertmanager.&ZeroWidthSpace;affinity | object | `{}` | |
| alertmanager.&ZeroWidthSpace;annotations | object | `{}` | |
| alertmanager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| alertmanager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| alertmanager.&ZeroWidthSpace;enabled | bool | `true` | |
| alertmanager.&ZeroWidthSpace;env | list | `[]` | Extra env variables to pass to the cortex container |
| alertmanager.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log level (debug, info, warn, error) |
| alertmanager.&ZeroWidthSpace;extraContainers | list | `[]` | Additional containers to be added to the cortex pod. |
| alertmanager.&ZeroWidthSpace;extraPorts | list | `[]` | Additional ports to the cortex services. Useful to expose extra container ports. |
| alertmanager.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | Extra volume mounts that will be added to the cortex container |
| alertmanager.&ZeroWidthSpace;extraVolumes | list | `[]` | Additional volumes to the cortex pod. |
| alertmanager.&ZeroWidthSpace;initContainers | list | `[]` | Init containers to be added to the cortex pod. |
| alertmanager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| alertmanager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| alertmanager.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | Alertmanager data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | Alertmanager data Persistent Volume Claim annotations |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true and alertmanager.statefulSet.enabled is true, Alertmanager will create/use a Persistent Volume Claim If false, use emptyDir |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | Alertmanager data Persistent Volume size |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | Alertmanager data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of Alertmanager data Persistent Volume to mount Useful if the volume's root directory is not empty |
| alertmanager.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| alertmanager.&ZeroWidthSpace;podDisruptionBudget | object | `{"maxUnavailable":1}` | If not set then a PodDisruptionBudget will not be created |
| alertmanager.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| alertmanager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| alertmanager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| alertmanager.&ZeroWidthSpace;replicas | int | `1` | |
| alertmanager.&ZeroWidthSpace;resources | object | `{}` | |
| alertmanager.&ZeroWidthSpace;securityContext | object | `{}` | |
| alertmanager.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| alertmanager.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| alertmanager.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| alertmanager.&ZeroWidthSpace;sidecar | object | `{"containerSecurityContext":{"enabled":true,"readOnlyRootFilesystem":true},"defaultFolderName":null,"enableUniqueFilenames":false,"enabled":false,"folder":"/data","folderAnnotation":null,"image":{"repository":"quay.io/kiwigrid/k8s-sidecar","sha":"","tag":"1.10.7"},"imagePullPolicy":"IfNotPresent","label":"cortex_alertmanager","labelValue":null,"resources":{},"searchNamespace":null,"skipTlsVerify":false,"watchMethod":null}` | Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders |
| alertmanager.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;skipTlsVerify | bool | `false` | skipTlsVerify Set to true to skip tls verification for kube api calls |
| alertmanager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| alertmanager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| alertmanager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| alertmanager.&ZeroWidthSpace;statefulSet.&ZeroWidthSpace;enabled | bool | `false` | If true, use a statefulset instead of a deployment for pod management. This is useful for using a persistent volume for storing silences between restarts. |
| alertmanager.&ZeroWidthSpace;statefulStrategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| alertmanager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| alertmanager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| alertmanager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| alertmanager.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `60` | |
| alertmanager.&ZeroWidthSpace;tolerations | list | `[]` | Tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| clusterDomain | string | `"cluster.local"` | Kubernetes cluster DNS domain |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"compactor"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| compactor.&ZeroWidthSpace;annotations | object | `{}` | |
| compactor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| compactor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| compactor.&ZeroWidthSpace;enabled | bool | `true` | |
| compactor.&ZeroWidthSpace;env | list | `[]` | |
| compactor.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| compactor.&ZeroWidthSpace;extraContainers | list | `[]` | |
| compactor.&ZeroWidthSpace;extraPorts | list | `[]` | |
| compactor.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| compactor.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| compactor.&ZeroWidthSpace;initContainers | list | `[]` | |
| compactor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| compactor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| compactor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| compactor.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | compactor data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | compactor data Persistent Volume Claim annotations |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true compactor will create/use a Persistent Volume Claim If false, use emptyDir |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | compactor data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of compactor data Persistent Volume to mount Useful if the volume's root directory is not empty |
| compactor.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| compactor.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| compactor.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| compactor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| compactor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| compactor.&ZeroWidthSpace;replicas | int | `1` | |
| compactor.&ZeroWidthSpace;resources | object | `{}` | |
| compactor.&ZeroWidthSpace;securityContext | object | `{}` | |
| compactor.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| compactor.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| compactor.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `60` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;initialDelaySeconds | int | `120` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;periodSeconds | int | `30` | |
| compactor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| compactor.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `240` | |
| compactor.&ZeroWidthSpace;tolerations | list | `[]` | |
| config.&ZeroWidthSpace;alertmanager.&ZeroWidthSpace;enable_api | bool | `false` | Enable the experimental alertmanager config api. |
| config.&ZeroWidthSpace;alertmanager.&ZeroWidthSpace;external_url | string | `"/api/prom/alertmanager"` | |
| config.&ZeroWidthSpace;alertmanager.&ZeroWidthSpace;storage | object | `{}` | Type of backend to use to store alertmanager configs. Supported values are: "configdb", "gcs", "s3", "local". refer to: https://cortexmetrics.io/docs/configuration/configuration-file/#alertmanager_config |
| config.&ZeroWidthSpace;api.&ZeroWidthSpace;prometheus_http_prefix | string | `"/prometheus"` | |
| config.&ZeroWidthSpace;api.&ZeroWidthSpace;response_compression_enabled | bool | `true` | Use GZIP compression for API responses. Some endpoints serve large YAML or JSON blobs which can benefit from compression. |
| config.&ZeroWidthSpace;auth_enabled | bool | `false` | |
| config.&ZeroWidthSpace;blocks_storage.&ZeroWidthSpace;bucket_store.&ZeroWidthSpace;bucket_index.&ZeroWidthSpace;enabled | bool | `true` | |
| config.&ZeroWidthSpace;blocks_storage.&ZeroWidthSpace;bucket_store.&ZeroWidthSpace;sync_dir | string | `"/data/tsdb-sync"` | |
| config.&ZeroWidthSpace;blocks_storage.&ZeroWidthSpace;tsdb.&ZeroWidthSpace;dir | string | `"/data/tsdb"` | |
| config.&ZeroWidthSpace;distributor.&ZeroWidthSpace;pool.&ZeroWidthSpace;health_check_ingesters | bool | `true` | |
| config.&ZeroWidthSpace;distributor.&ZeroWidthSpace;shard_by_all_labels | bool | `true` | Distribute samples based on all labels, as opposed to solely by user and metric name. |
| config.&ZeroWidthSpace;frontend.&ZeroWidthSpace;log_queries_longer_than | string | `"10s"` | |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;final_sleep | string | `"30s"` | Duration to sleep for before exiting, to ensure metrics are scraped. |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;join_after | string | `"10s"` | We don't want to join immediately, but wait a bit to see other ingesters and their tokens first. It can take a while to have the full picture when using gossip |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;num_tokens | int | `512` | |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;observe_period | string | `"10s"` | To avoid generating same tokens by multiple ingesters, they can "observe" the ring for a while, after putting their own tokens into it. This is only useful when using gossip, since multiple ingesters joining at the same time can have conflicting tokens if they don't see each other yet. |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;ring.&ZeroWidthSpace;kvstore.&ZeroWidthSpace;store | string | `"memberlist"` | |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;ring.&ZeroWidthSpace;replication_factor | int | `3` | Ingester replication factor per default is 3 |
| config.&ZeroWidthSpace;ingester_client.&ZeroWidthSpace;grpc_client_config.&ZeroWidthSpace;max_recv_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;ingester_client.&ZeroWidthSpace;grpc_client_config.&ZeroWidthSpace;max_send_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;enforce_metric_name | bool | `true` | Enforce that every sample has a metric name |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;max_query_lookback | string | `"0s"` | |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;reject_old_samples | bool | `true` | |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;reject_old_samples_max_age | string | `"168h"` | |
| config.&ZeroWidthSpace;memberlist.&ZeroWidthSpace;bind_port | int | `7946` | |
| config.&ZeroWidthSpace;memberlist.&ZeroWidthSpace;join_members | list | `["{{ include \"cortex.fullname\" $ }}-memberlist"]` | the service name of the memberlist if using memberlist discovery |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;active_query_tracker_dir | string | `"/data/active-query-tracker"` | |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;query_ingesters_within | string | `"13h"` | Maximum lookback beyond which queries are not sent to ingester. 0 means all queries are sent to ingester. Ingesters by default have no data older than 12 hours, so we can safely set this 13 hours |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;query_store_after | string | `"12h"` | The time after which a metric should be queried from storage and not just ingesters. |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;store_gateway_addresses | string | automatic | Comma separated list of store-gateway addresses in DNS Service Discovery format. This option should is set automatically when using the blocks storage and the store-gateway sharding is disabled (when enabled, the store-gateway instances form a ring and addresses are picked from the ring). |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;align_queries_with_step | bool | `true` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;cache_results | bool | `true` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;results_cache.&ZeroWidthSpace;cache.&ZeroWidthSpace;memcached.&ZeroWidthSpace;expiration | string | `"1h"` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;results_cache.&ZeroWidthSpace;cache.&ZeroWidthSpace;memcached_client.&ZeroWidthSpace;timeout | string | `"1s"` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;split_queries_by_interval | string | `"24h"` | |
| config.&ZeroWidthSpace;ruler.&ZeroWidthSpace;enable_alertmanager_discovery | bool | `false` | |
| config.&ZeroWidthSpace;ruler.&ZeroWidthSpace;enable_api | bool | `true` | Enable the experimental ruler config api. |
| config.&ZeroWidthSpace;ruler.&ZeroWidthSpace;storage | object | `{}` | Method to use for backend rule storage (configdb, azure, gcs, s3, swift, local) refer to https://cortexmetrics.io/docs/configuration/configuration-file/#ruler_config |
| config.&ZeroWidthSpace;runtime_config.&ZeroWidthSpace;file | string | `"/etc/cortex-runtime-config/runtime_config.yaml"` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_listen_port | int | `9095` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_server_max_concurrent_streams | int | `10000` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_server_max_recv_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_server_max_send_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;http_listen_port | int | `8080` | |
| config.&ZeroWidthSpace;storage | object | `{"engine":"blocks","index_queries_cache_config":{"memcached":{"expiration":"1h"},"memcached_client":{"timeout":"1s"}}}` | See https://github.com/cortexproject/cortex/blob/master/docs/configuration/config-file-reference.md#storage_config |
| config.&ZeroWidthSpace;storage.&ZeroWidthSpace;index_queries_cache_config.&ZeroWidthSpace;memcached.&ZeroWidthSpace;expiration | string | `"1h"` | How long keys stay in the memcache |
| config.&ZeroWidthSpace;storage.&ZeroWidthSpace;index_queries_cache_config.&ZeroWidthSpace;memcached_client.&ZeroWidthSpace;timeout | string | `"1s"` | Maximum time to wait before giving up on memcached requests. |
| config.&ZeroWidthSpace;store_gateway | object | `{"sharding_enabled":false}` | https://cortexmetrics.io/docs/configuration/configuration-file/#store_gateway_config |
| configs.&ZeroWidthSpace;affinity | object | `{}` | |
| configs.&ZeroWidthSpace;annotations | object | `{}` | |
| configs.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| configs.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| configs.&ZeroWidthSpace;enabled | bool | `false` | |
| configs.&ZeroWidthSpace;env | list | `[]` | |
| configs.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| configs.&ZeroWidthSpace;extraContainers | list | `[]` | |
| configs.&ZeroWidthSpace;extraPorts | list | `[]` | |
| configs.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| configs.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| configs.&ZeroWidthSpace;initContainers | list | `[]` | |
| configs.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| configs.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| configs.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| configs.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| configs.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| configs.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| configs.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| configs.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| configs.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| configs.&ZeroWidthSpace;replicas | int | `1` | |
| configs.&ZeroWidthSpace;resources | object | `{}` | |
| configs.&ZeroWidthSpace;securityContext | object | `{}` | |
| configs.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| configs.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| configs.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| configs.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| configs.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| configs.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| configs.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| configs.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| configs.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| configs.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| configs.&ZeroWidthSpace;tolerations | list | `[]` | |
| configsdb_postgresql.&ZeroWidthSpace;auth.&ZeroWidthSpace;existing_secret.&ZeroWidthSpace;key | string | `nil` | |
| configsdb_postgresql.&ZeroWidthSpace;auth.&ZeroWidthSpace;existing_secret.&ZeroWidthSpace;name | string | `nil` | |
| configsdb_postgresql.&ZeroWidthSpace;auth.&ZeroWidthSpace;password | string | `nil` | |
| configsdb_postgresql.&ZeroWidthSpace;enabled | bool | `false` | |
| configsdb_postgresql.&ZeroWidthSpace;uri | string | `nil` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"distributor"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| distributor.&ZeroWidthSpace;annotations | object | `{}` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior | object | `{}` | Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | Creates a HorizontalPodAutoscaler for the distributor pods. |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `2` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetCPUUtilizationPercentage | int | `80` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `0` | |
| distributor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| distributor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| distributor.&ZeroWidthSpace;env | list | `[]` | |
| distributor.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| distributor.&ZeroWidthSpace;extraContainers | list | `[]` | |
| distributor.&ZeroWidthSpace;extraPorts | list | `[]` | |
| distributor.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| distributor.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| distributor.&ZeroWidthSpace;initContainers | list | `[]` | |
| distributor.&ZeroWidthSpace;lifecycle | object | `{}` | |
| distributor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| distributor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| distributor.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| distributor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| distributor.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| distributor.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| distributor.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| distributor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| distributor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| distributor.&ZeroWidthSpace;replicas | int | `2` | |
| distributor.&ZeroWidthSpace;resources | object | `{}` | |
| distributor.&ZeroWidthSpace;securityContext | object | `{}` | |
| distributor.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| distributor.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| distributor.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| distributor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| distributor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| distributor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| distributor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| distributor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| distributor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| distributor.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `60` | |
| distributor.&ZeroWidthSpace;tolerations | list | `[]` | |
| externalConfigSecretName | string | `"secret-with-config.yaml"` | |
| externalConfigVersion | string | `"0"` | |
| image.&ZeroWidthSpace;pullPolicy | string | `"IfNotPresent"` | |
| image.&ZeroWidthSpace;pullSecrets | list | `[]` | Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| image.&ZeroWidthSpace;repository | string | `"quay.io/cortexproject/cortex"` | |
| image.&ZeroWidthSpace;tag | string | `""` | Allows you to override the cortex version in this chart. Use at your own risk. |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"ingester"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| ingester.&ZeroWidthSpace;annotations | object | `{}` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior.&ZeroWidthSpace;scaleDown.&ZeroWidthSpace;policies | list | `[{"periodSeconds":1800,"type":"Pods","value":1}]` | see https://cortexmetrics.io/docs/guides/ingesters-scaling-up-and-down/#scaling-down for scaledown details |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior.&ZeroWidthSpace;scaleDown.&ZeroWidthSpace;stabilizationWindowSeconds | int | `3600` | uses metrics from the past 1h to make scaleDown decisions |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior.&ZeroWidthSpace;scaleUp.&ZeroWidthSpace;policies | list | `[{"periodSeconds":1800,"type":"Pods","value":1}]` | This default scaleup policy allows adding 1 pod every 30 minutes. Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `3` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `80` | |
| ingester.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| ingester.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| ingester.&ZeroWidthSpace;env | list | `[]` | |
| ingester.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| ingester.&ZeroWidthSpace;extraContainers | list | `[]` | |
| ingester.&ZeroWidthSpace;extraPorts | list | `[]` | |
| ingester.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| ingester.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| ingester.&ZeroWidthSpace;initContainers | list | `[]` | |
| ingester.&ZeroWidthSpace;lifecycle.&ZeroWidthSpace;preStop | object | `{"httpGet":{"path":"/ingester/shutdown","port":"http-metrics"}}` | The /shutdown preStop hook is recommended as part of the ingester scaledown process, but can be removed to optimize rolling restarts in instances that will never be scaled down or when using chunks storage with WAL disabled. https://cortexmetrics.io/docs/guides/ingesters-scaling-up-and-down/#scaling-down |
| ingester.&ZeroWidthSpace;livenessProbe | object | `{}` | Startup/liveness probes for ingesters are not recommended. Ref: https://cortexmetrics.io/docs/guides/running-cortex-on-kubernetes/#take-extra-care-with-ingesters |
| ingester.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | Ingester data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | Ingester data Persistent Volume Claim annotations |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true and ingester.statefulSet.enabled is true, Ingester will create/use a Persistent Volume Claim If false, use emptyDir |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | Ingester data Persistent Volume size |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | Ingester data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of Ingester data Persistent Volume to mount Useful if the volume's root directory is not empty |
| ingester.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| ingester.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ingester.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| ingester.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ingester.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ingester.&ZeroWidthSpace;replicas | int | `3` | |
| ingester.&ZeroWidthSpace;resources | object | `{}` | |
| ingester.&ZeroWidthSpace;securityContext | object | `{}` | |
| ingester.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| ingester.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| ingester.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `nil` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| ingester.&ZeroWidthSpace;startupProbe | object | `{}` | Startup/liveness probes for ingesters are not recommended. Ref: https://cortexmetrics.io/docs/guides/running-cortex-on-kubernetes/#take-extra-care-with-ingesters |
| ingester.&ZeroWidthSpace;statefulSet.&ZeroWidthSpace;enabled | bool | `false` | If true, use a statefulset instead of a deployment for pod management. This is useful when using WAL |
| ingester.&ZeroWidthSpace;statefulSet.&ZeroWidthSpace;podManagementPolicy | string | `"OrderedReady"` | ref: https://cortexmetrics.io/docs/guides/ingesters-scaling-up-and-down/#scaling-down and https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies for scaledown details |
| ingester.&ZeroWidthSpace;statefulStrategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| ingester.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| ingester.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ingester.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| ingester.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `240` | |
| ingester.&ZeroWidthSpace;tolerations | list | `[]` | |
| ingress.&ZeroWidthSpace;annotations | object | `{}` | |
| ingress.&ZeroWidthSpace;enabled | bool | `false` | |
| ingress.&ZeroWidthSpace;hosts[0].&ZeroWidthSpace;host | string | `"chart-example.local"` | |
| ingress.&ZeroWidthSpace;hosts[0].&ZeroWidthSpace;paths[0] | string | `"/"` | |
| ingress.&ZeroWidthSpace;ingressClass.&ZeroWidthSpace;enabled | bool | `false` | |
| ingress.&ZeroWidthSpace;ingressClass.&ZeroWidthSpace;name | string | `"nginx"` | |
| ingress.&ZeroWidthSpace;tls | list | `[]` | |
| memcached | object | `{"architecture":"high-availability","enabled":false,"extraEnv":[{"name":"MEMCACHED_CACHE_SIZE","value":"1024"},{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"},{"name":"MEMCACHED_THREADS","value":"4"}],"metrics":{"enabled":true,"serviceMonitor":{"enabled":false}},"replicaCount":2,"resources":{}}` | chunk caching for legacy chunk storage engine |
| memcached-blocks-index.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-blocks-index.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-blocks-index.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-blocks-index.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-blocks-index.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-blocks-index.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-blocks-index.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-blocks-index.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-blocks-metadata.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-blocks-metadata.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-blocks-metadata.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-blocks-metadata.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-blocks-metadata.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-blocks-metadata.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-blocks-metadata.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-blocks-metadata.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-blocks.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-blocks.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-blocks.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-blocks.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-blocks.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-blocks.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-blocks.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-blocks.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-frontend.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-frontend.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-frontend.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-frontend.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-frontend.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-frontend.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-frontend.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-frontend.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-frontend.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-index-read | object | `{"architecture":"high-availability","enabled":false,"extraEnv":[{"name":"MEMCACHED_CACHE_SIZE","value":"1024"},{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"},{"name":"MEMCACHED_THREADS","value":"4"}],"metrics":{"enabled":true,"serviceMonitor":{"enabled":false}},"replicaCount":2,"resources":{}}` | index read caching for legacy chunk storage engine |
| memcached-index-read.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-index-read.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-index-read.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-index-write | object | `{"architecture":"high-availability","enabled":false,"extraEnv":[{"name":"MEMCACHED_CACHE_SIZE","value":"1024"},{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"},{"name":"MEMCACHED_THREADS","value":"4"}],"metrics":{"enabled":true,"serviceMonitor":{"enabled":false}},"replicaCount":2,"resources":{}}` | index write caching for legacy chunk storage engine |
| memcached-index-write.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-index-write.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-index-write.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| nginx.&ZeroWidthSpace;affinity | object | `{}` | |
| nginx.&ZeroWidthSpace;annotations | object | `{}` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior | object | `{}` | Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | Creates a HorizontalPodAutoscaler for the nginx pods. |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `2` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetCPUUtilizationPercentage | int | `80` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `0` | |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;auth_orgs | list | `[]` | (optional) List of [auth tenants](https://cortexmetrics.io/docs/guides/auth/) to set in the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;basicAuthSecretName | string | `""` | (optional) Name of basic auth secret. In order to use this option, a secret with htpasswd formatted contents at the key ".htpasswd" must exist. For example: apiVersion: v1 kind: Secret metadata: name: my-secret namespace: <same as cortex installation> stringData: .htpasswd: | user1:$apr1$/woC1jnP$KAh0SsVn5qeSMjTtn0E9Q0 user2:$apr1$QdR8fNLT$vbCEEzDj7LyqCMyNpSoBh/ Please note that the use of basic auth will not identify organizations the way X-Scope-OrgID does. Thus, the use of basic auth alone will not prevent one tenant from viewing the metrics of another. To ensure tenants are scoped appropriately, explicitly set the `X-Scope-OrgID` header in the nginx config. Example setHeaders: X-Scope-OrgID: $remote_user |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;client_max_body_size | string | `"1M"` | ref: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;dnsResolver | string | `"coredns.kube-system.svc.cluster.local"` | |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;httpSnippet | string | `""` | arbitrary snippet to inject in the http { } section of the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;mainSnippet | string | `""` | arbitrary snippet to inject in the top section of the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;serverSnippet | string | `""` | arbitrary snippet to inject in the server { } section of the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;setHeaders | object | `{}` | |
| nginx.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| nginx.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `false` | |
| nginx.&ZeroWidthSpace;enabled | bool | `true` | |
| nginx.&ZeroWidthSpace;env | list | `[]` | |
| nginx.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| nginx.&ZeroWidthSpace;extraContainers | list | `[]` | |
| nginx.&ZeroWidthSpace;extraPorts | list | `[]` | |
| nginx.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| nginx.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| nginx.&ZeroWidthSpace;http_listen_port | int | `80` | |
| nginx.&ZeroWidthSpace;image.&ZeroWidthSpace;pullPolicy | string | `"IfNotPresent"` | |
| nginx.&ZeroWidthSpace;image.&ZeroWidthSpace;repository | string | `"nginx"` | |
| nginx.&ZeroWidthSpace;image.&ZeroWidthSpace;tag | float | `1.21` | |
| nginx.&ZeroWidthSpace;initContainers | list | `[]` | |
| nginx.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/healthz"` | |
| nginx.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| nginx.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| nginx.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| nginx.&ZeroWidthSpace;podAnnotations | object | `{}` | Pod Annotations |
| nginx.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| nginx.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| nginx.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/healthz"` | |
| nginx.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| nginx.&ZeroWidthSpace;replicas | int | `2` | |
| nginx.&ZeroWidthSpace;resources | object | `{}` | |
| nginx.&ZeroWidthSpace;securityContext | object | `{}` | |
| nginx.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| nginx.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| nginx.&ZeroWidthSpace;service.&ZeroWidthSpace;type | string | `"ClusterIP"` | |
| nginx.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| nginx.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| nginx.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/healthz"` | |
| nginx.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| nginx.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| nginx.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| nginx.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| nginx.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `10` | |
| nginx.&ZeroWidthSpace;tolerations | list | `[]` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"querier"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| querier.&ZeroWidthSpace;annotations | object | `{}` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior | object | `{}` | Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | Creates a HorizontalPodAutoscaler for the querier pods. |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `2` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetCPUUtilizationPercentage | int | `80` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `0` | |
| querier.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| querier.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| querier.&ZeroWidthSpace;env | list | `[]` | |
| querier.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| querier.&ZeroWidthSpace;extraContainers | list | `[]` | |
| querier.&ZeroWidthSpace;extraPorts | list | `[]` | |
| querier.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| querier.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| querier.&ZeroWidthSpace;initContainers | list | `[]` | |
| querier.&ZeroWidthSpace;lifecycle | object | `{}` | |
| querier.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| querier.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| querier.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| querier.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| querier.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| querier.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| querier.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| querier.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| querier.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| querier.&ZeroWidthSpace;replicas | int | `2` | |
| querier.&ZeroWidthSpace;resources | object | `{}` | |
| querier.&ZeroWidthSpace;securityContext | object | `{}` | |
| querier.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| querier.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| querier.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| querier.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| querier.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| querier.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| querier.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| querier.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| querier.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| querier.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| querier.&ZeroWidthSpace;tolerations | list | `[]` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"query-frontend"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| query_frontend.&ZeroWidthSpace;annotations | object | `{}` | |
| query_frontend.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| query_frontend.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| query_frontend.&ZeroWidthSpace;env | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| query_frontend.&ZeroWidthSpace;extraContainers | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraPorts | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| query_frontend.&ZeroWidthSpace;initContainers | list | `[]` | |
| query_frontend.&ZeroWidthSpace;lifecycle | object | `{}` | |
| query_frontend.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| query_frontend.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| query_frontend.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| query_frontend.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| query_frontend.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| query_frontend.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| query_frontend.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| query_frontend.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| query_frontend.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| query_frontend.&ZeroWidthSpace;replicas | int | `2` | |
| query_frontend.&ZeroWidthSpace;resources | object | `{}` | |
| query_frontend.&ZeroWidthSpace;securityContext | object | `{}` | |
| query_frontend.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| query_frontend.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| query_frontend.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| query_frontend.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| query_frontend.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| query_frontend.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| query_frontend.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| query_frontend.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| query_frontend.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| query_frontend.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| query_frontend.&ZeroWidthSpace;tolerations | list | `[]` | |
| ruler.&ZeroWidthSpace;affinity | object | `{}` | |
| ruler.&ZeroWidthSpace;annotations | object | `{}` | |
| ruler.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| ruler.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| ruler.&ZeroWidthSpace;directories | object | `{}` | allow configuring rules via configmap. ref: https://cortexproject.github.io/cortex-helm-chart/guides/configure_rules_via_configmap.html |
| ruler.&ZeroWidthSpace;enabled | bool | `true` | |
| ruler.&ZeroWidthSpace;env | list | `[]` | |
| ruler.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| ruler.&ZeroWidthSpace;extraContainers | list | `[]` | |
| ruler.&ZeroWidthSpace;extraPorts | list | `[]` | |
| ruler.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| ruler.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| ruler.&ZeroWidthSpace;initContainers | list | `[]` | |
| ruler.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ruler.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ruler.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| ruler.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| ruler.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| ruler.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ruler.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| ruler.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ruler.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ruler.&ZeroWidthSpace;replicas | int | `1` | |
| ruler.&ZeroWidthSpace;resources | object | `{}` | |
| ruler.&ZeroWidthSpace;securityContext | object | `{}` | |
| ruler.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| ruler.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| ruler.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| ruler.&ZeroWidthSpace;sidecar | object | `{"containerSecurityContext":{"enabled":true,"readOnlyRootFilesystem":true},"defaultFolderName":null,"enableUniqueFilenames":false,"enabled":false,"folder":"/tmp/rules","folderAnnotation":null,"image":{"repository":"quay.io/kiwigrid/k8s-sidecar","sha":"","tag":"1.10.7"},"imagePullPolicy":"IfNotPresent","label":"cortex_rules","labelValue":null,"resources":{},"searchNamespace":null,"watchMethod":null}` | Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;defaultFolderName | string | `nil` | The default folder name, it will create a subfolder under the `folder` and put rules in there instead |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;folder | string | `"/tmp/rules"` | folder in the pod that should hold the collected rules (unless `defaultFolderName` is set) |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;folderAnnotation | string | `nil` | If specified, the sidecar will look for annotation with this name to create folder and put graph here. You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;label | string | `"cortex_rules"` | label that the configmaps with rules are marked with |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;labelValue | string | `nil` | value of label that the configmaps with rules are set to |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;searchNamespace | string | `nil` | If specified, the sidecar will search for rules config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces |
| ruler.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| ruler.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ruler.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ruler.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| ruler.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ruler.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| ruler.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| ruler.&ZeroWidthSpace;tolerations | list | `[]` | |
| runtimeconfigmap.&ZeroWidthSpace;annotations | object | `{}` | |
| runtimeconfigmap.&ZeroWidthSpace;create | bool | `true` | If true, a configmap for the `runtime_config` will be created. If false, the configmap _must_ exist already on the cluster or pods will fail to create. |
| runtimeconfigmap.&ZeroWidthSpace;runtime_config | object | `{}` | https://cortexmetrics.io/docs/configuration/arguments/#runtime-configuration-file |
| serviceAccount.&ZeroWidthSpace;annotations | object | `{}` | |
| serviceAccount.&ZeroWidthSpace;automountServiceAccountToken | bool | `true` | |
| serviceAccount.&ZeroWidthSpace;create | bool | `true` | |
| serviceAccount.&ZeroWidthSpace;name | string | `nil` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"store-gateway"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| store_gateway.&ZeroWidthSpace;annotations | object | `{}` | |
| store_gateway.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| store_gateway.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| store_gateway.&ZeroWidthSpace;env | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| store_gateway.&ZeroWidthSpace;extraContainers | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraPorts | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| store_gateway.&ZeroWidthSpace;initContainers | list | `[]` | |
| store_gateway.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| store_gateway.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| store_gateway.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| store_gateway.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | Store-gateway data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | Store-gateway data Persistent Volume Claim annotations |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true Store-gateway will create/use a Persistent Volume Claim If false, use emptyDir |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | Store-gateway data Persistent Volume size |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | Store-gateway data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of Store-gateway data Persistent Volume to mount Useful if the volume's root directory is not empty |
| store_gateway.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| store_gateway.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| store_gateway.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| store_gateway.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| store_gateway.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| store_gateway.&ZeroWidthSpace;replicas | int | `1` | |
| store_gateway.&ZeroWidthSpace;resources | object | `{}` | |
| store_gateway.&ZeroWidthSpace;securityContext | object | `{}` | |
| store_gateway.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| store_gateway.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| store_gateway.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `60` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;initialDelaySeconds | int | `120` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;periodSeconds | int | `30` | |
| store_gateway.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| store_gateway.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `240` | |
| store_gateway.&ZeroWidthSpace;tolerations | list | `[]` | |
| table_manager.&ZeroWidthSpace;affinity | object | `{}` | |
| table_manager.&ZeroWidthSpace;annotations | object | `{}` | |
| table_manager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| table_manager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| table_manager.&ZeroWidthSpace;env | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| table_manager.&ZeroWidthSpace;extraContainers | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraPorts | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| table_manager.&ZeroWidthSpace;initContainers | list | `[]` | |
| table_manager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| table_manager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| table_manager.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| table_manager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| table_manager.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| table_manager.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| table_manager.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| table_manager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| table_manager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| table_manager.&ZeroWidthSpace;replicas | int | `1` | |
| table_manager.&ZeroWidthSpace;resources | object | `{}` | |
| table_manager.&ZeroWidthSpace;securityContext | object | `{}` | |
| table_manager.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| table_manager.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| table_manager.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| table_manager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| table_manager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| table_manager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| table_manager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| table_manager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| table_manager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| table_manager.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| table_manager.&ZeroWidthSpace;tolerations | list | `[]` | |
| tags.&ZeroWidthSpace;blocks-storage-memcached | bool | `false` | Set to true to enable block storage memcached caching |
| useConfigMap | bool | `false` | |
| useExternalConfig | bool | `false` | |

9
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/NOTES.txt
View File

@@ -1,9 +0,0 @@
{{- if eq .Values.config.storage.engine "chunks" }}
Cortex chunks storage has been deprecated, and it's now in maintenance mode: all Cortex users are encouraged to migrate to the blocks storage.
No new features will be added to the chunks storage.
Unlike the official cortex default configuration this helm-chart does not run the chunk engine by default.
{{- end }}
Verify the application is working by running these commands:
kubectl --namespace {{ .Release.Namespace }} port-forward service/{{ include "cortex.querierFullname" . }} {{ .Values.config.server.http_listen_port }}
curl http://127.0.0.1:{{ .Values.config.server.http_listen_port }}/services

155
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/_helpers.tpl
View File

@@ -1,155 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "cortex.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cortex.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cortex.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account
*/}}
{{- define "cortex.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "cortex.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the app name of cortex clients. Defaults to the same logic as "cortex.fullname", and default client expects "prometheus".
*/}}
{{- define "client.name" -}}
{{- if .Values.client.name -}}
{{- .Values.client.name -}}
{{- else if .Values.client.fullnameOverride -}}
{{- .Values.client.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default "prometheus" .Values.client.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "cortex.labels" -}}
helm.sh/chart: {{ include "cortex.chart" . }}
{{ include "cortex.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cortex.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cortex.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create configuration parameters for memcached configuration
*/}}
{{- define "cortex.memcached" -}}
{{- if and (eq .Values.config.storage.engine "blocks") (index .Values "tags" "blocks-storage-memcached") }}
- "-blocks-storage.bucket-store.index-cache.backend=memcached"
- "-blocks-storage.bucket-store.index-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached-blocks-index.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
- "-blocks-storage.bucket-store.chunks-cache.backend=memcached"
- "-blocks-storage.bucket-store.chunks-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached-blocks.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
- "-blocks-storage.bucket-store.metadata-cache.backend=memcached"
- "-blocks-storage.bucket-store.metadata-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached-blocks-metadata.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- if and (ne .Values.config.storage.engine "blocks") .Values.memcached.enabled }}
- "-store.chunks-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- if and (ne .Values.config.storage.engine "blocks") (index .Values "memcached-index-read" "enabled") }}
- "-store.index-cache-read.memcached.addresses=dns+{{ .Release.Name }}-memcached-index-read.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- if and (ne .Values.config.storage.engine "blocks") (index .Values "memcached-index-write" "enabled") }}
- "-store.index-cache-write.memcached.addresses=dns+{{ .Release.Name }}-memcached-index-write.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- end -}}
{{/*
Create configuration for frontend memcached configuration
*/}}
{{- define "cortex.frontend-memcached" -}}
{{- if index .Values "memcached-frontend" "enabled" }}
- "-frontend.memcached.addresses=dns+{{ template "cortex.fullname" . }}-memcached-frontend.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- end -}}
{{/*
Determine the policy api version
*/}}
{{- define "cortex.pdbVersion" -}}
{{- if or (.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget") (semverCompare ">=1.21" .Capabilities.KubeVersion.Version) -}}
policy/v1
{{- else -}}
policy/v1beta1
{{- end -}}
{{- end -}}
{{/*
Get checksum of config secret or configMap
*/}}
{{- define "cortex.configChecksum" -}}
{{- if .Values.useExternalConfig -}}
{{- .Values.externalConfigVersion -}}
{{- else if .Values.useConfigMap -}}
{{- include (print $.Template.BasePath "/configmap.yaml") . | sha256sum -}}
{{- else -}}
{{- include (print $.Template.BasePath "/secret.yaml") . | sha256sum -}}
{{- end -}}
{{- end -}}
{{/*
Get volume of config secret of configMap
*/}}
{{- define "cortex.configVolume" -}}
- name: config
{{- if .Values.useExternalConfig }}
secret:
secretName: {{ .Values.externalConfigSecretName }}
{{- else if .Values.useConfigMap }}
configMap:
name: {{ template "cortex.fullname" . }}-config
{{- else }}
secret:
secretName: {{ template "cortex.fullname" . }}
{{- end }}
{{- end -}}

30
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/alertmanager/alertmanager-dep.yaml
View File

@@ -1,30 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: alertmanager
namespace: imxc
spec:
replicas: 1
selector:
matchLabels:
name: alertmanager
template:
metadata:
labels:
name: alertmanager
spec:
containers:
- name: alertmanager
# image: quay.io/cortexproject/cortex:v1.9.0
# image: registry.cloud.intermax:5000/library/cortex:v1.11.0
image: {{ .Values.global.IMXC_IN_REGISTRY }}/cortex:v1.11.0
imagePullPolicy: IfNotPresent
args:
- -target=alertmanager
# - -log.level=debug
- -server.http-listen-port=80
- -alertmanager.configs.url=http://{{ template "cortex.fullname" . }}-configs:8080
- -alertmanager.web.external-url=/alertmanager
ports:
- containerPort: 80

10
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/alertmanager/alertmanager-svc.yaml
View File

@@ -1,10 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: alertmanager
spec:
ports:
- port: 80
selector:
name: alertmanager

12
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/clusterrole.yaml
View File

@@ -1,12 +0,0 @@
{{- if or .Values.ruler.sidecar.enabled .Values.alertmanager.sidecar.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cortex.fullname" . }}-clusterrole
labels:
{{- include "cortex.labels" . | nindent 4 }}
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end }}

16
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/clusterrolebinding.yaml
View File

@@ -1,16 +0,0 @@
{{- if or .Values.ruler.sidecar.enabled .Values.alertmanager.sidecar.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cortex.fullname" . }}-clusterrolebinding
labels:
{{- include "cortex.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "cortex.fullname" . }}-clusterrole
subjects:
- kind: ServiceAccount
name: {{ template "cortex.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

23
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/_helpers-compactor.tpl
View File

@@ -1,23 +0,0 @@
{{/*
compactor fullname
*/}}
{{- define "cortex.compactorFullname" -}}
{{ include "cortex.fullname" . }}-compactor
{{- end }}
{{/*
compactor common labels
*/}}
{{- define "cortex.compactorLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: compactor
{{- end }}
{{/*
compactor selector labels
*/}}
{{- define "cortex.compactorSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: compactor
{{- end }}

14
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-poddisruptionbudget.yaml
View File

@@ -1,14 +0,0 @@
{{- if and (gt (int .Values.compactor.replicas) 1) (.Values.compactor.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.compactorSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.compactor.podDisruptionBudget | nindent 2 }}
{{- end }}

42
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-servicemonitor.yaml
View File

@@ -1,42 +0,0 @@
{{- if .Values.compactor.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
{{- if .Values.compactor.serviceMonitor.additionalLabels }}
{{ toYaml .Values.compactor.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.compactor.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.compactorSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.compactor.serviceMonitor.interval }}
interval: {{ .Values.compactor.serviceMonitor.interval }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.compactor.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.compactor.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.compactor.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.compactor.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

141
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-statefulset.yaml
View File

@@ -1,141 +0,0 @@
{{- if eq .Values.config.storage.engine "blocks" -}}
{{- if .Values.compactor.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- toYaml .Values.compactor.annotations | nindent 4 }}
spec:
replicas: {{ .Values.compactor.replicas }}
selector:
matchLabels:
{{- include "cortex.compactorSelectorLabels" . | nindent 6 }}
updateStrategy:
{{- toYaml .Values.compactor.strategy | nindent 4 }}
serviceName: {{ template "cortex.fullname" . }}-compactor
{{- if .Values.compactor.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage
{{- if .Values.compactor.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.compactor.persistentVolume.annotations | nindent 10 }}
{{- end }}
spec:
{{- if .Values.compactor.persistentVolume.storageClass }}
{{- if (eq "-" .Values.compactor.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.compactor.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
accessModes:
{{ toYaml .Values.compactor.persistentVolume.accessModes | nindent 10 }}
resources:
requests:
storage: "{{ .Values.compactor.persistentVolume.size }}"
{{- end }}
template:
metadata:
labels:
{{- include "cortex.compactorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.compactor.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.compactor.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.compactor.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.compactor.priorityClassName }}
priorityClassName: {{ .Values.compactor.priorityClassName }}
{{- end }}
{{- if .Values.compactor.securityContext.enabled }}
securityContext: {{- omit .Values.compactor.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.compactor.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
nodeSelector:
{{- toYaml .Values.compactor.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.compactor.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.compactor.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.compactor.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
{{- if not .Values.compactor.persistentVolume.enabled }}
- name: storage
emptyDir: {}
{{- end }}
{{- if .Values.compactor.extraVolumes }}
{{- toYaml .Values.compactor.extraVolumes | nindent 8 }}
{{- end }}
containers:
{{- if .Values.compactor.extraContainers }}
{{ toYaml .Values.compactor.extraContainers | nindent 8 }}
{{- end }}
- name: compactor
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=compactor"
- "-config.file=/etc/cortex/cortex.yaml"
{{- include "cortex.memcached" . | nindent 12}}
{{- range $key, $value := .Values.compactor.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.compactor.extraVolumeMounts }}
{{- toYaml .Values.compactor.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
- name: storage
mountPath: "/data"
{{- if .Values.compactor.persistentVolume.subPath }}
subPath: {{ .Values.compactor.persistentVolume.subPath }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.compactor.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.compactor.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.compactor.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.compactor.resources | nindent 12 }}
{{- if .Values.compactor.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.compactor.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.compactor.env }}
env:
{{- toYaml .Values.compactor.env | nindent 12 }}
{{- end }}
{{- end -}}
{{- end -}}

25
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-svc.yaml
View File

@@ -1,25 +0,0 @@
{{- if eq .Values.config.storage.engine "blocks" -}}
{{- if .Values.compactor.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
{{- with .Values.compactor.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.compactor.service.annotations | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.config.server.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.compactorSelectorLabels" . | nindent 4 }}
{{- end -}}
{{- end -}}

12
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configmap.yaml
View File

@@ -1,12 +0,0 @@
{{- if (and (not .Values.useExternalConfig) (.Values.useConfigMap)) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "cortex.fullname" . }}-config
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.labels" . | nindent 4 }}
data:
cortex.yaml: |
{{- tpl (toYaml .Values.config) . | nindent 4 }}
{{- end }}

23
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/_helpers-configs.tpl
View File

@@ -1,23 +0,0 @@
{{/*
configs fullname
*/}}
{{- define "cortex.configsFullname" -}}
{{ include "cortex.fullname" . }}-configs
{{- end }}
{{/*
configs common labels
*/}}
{{- define "cortex.configsLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: configs
{{- end }}
{{/*
configs selector labels
*/}}
{{- define "cortex.configsSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: configs
{{- end }}

124
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-dep.yaml
View File

@@ -1,124 +0,0 @@
{{- if .Values.configs.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
annotations:
{{- toYaml .Values.configs.annotations | nindent 4 }}
spec:
replicas: {{ .Values.configs.replicas }}
selector:
matchLabels:
{{- include "cortex.configsSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.configs.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.configsLabels" . | nindent 8 }}
{{- with .Values.configs.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.configs.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.configs.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.configs.priorityClassName }}
priorityClassName: {{ .Values.configs.priorityClassName }}
{{- end }}
{{- if .Values.configs.securityContext.enabled }}
securityContext: {{- omit .Values.configs.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.configs.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: configs
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=configs"
- "-config.file=/etc/cortex/cortex.yaml"
{{- if .Values.configsdb_postgresql.enabled }}
- "-configs.database.uri={{ .Values.configsdb_postgresql.uri }}"
- "-configs.database.password-file=/etc/postgresql/password"
- "-configs.database.migrations-dir=/migrations"
{{- else }}
- "-configs.database.uri=memory://"
{{- end }}
{{- range $key, $value := .Values.configs.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/cortex
subPath: {{ .Values.configs.persistentVolume.subPath }}
- name: runtime-config
mountPath: /etc/cortex-runtime-config
{{- if .Values.configsdb_postgresql.enabled }}
- name: postgres-password
mountPath: /etc/postgresql
{{- end }}
{{- if .Values.configs.extraVolumeMounts }}
{{- toYaml .Values.configs.extraVolumeMounts | nindent 12}}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.configs.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.configs.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.configs.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.configs.resources | nindent 12 }}
{{- if .Values.configs.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.configs.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.configs.env }}
env:
{{- toYaml .Values.configs.env | nindent 12 }}
{{- end }}
{{- if .Values.configs.extraContainers }}
{{- toYaml .Values.configs.extraContainers | nindent 8}}
{{- end }}
nodeSelector:
{{- toYaml .Values.configs.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.configs.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.configs.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.configs.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
{{- if .Values.configsdb_postgresql.enabled }}
- name: postgres-password
secret:
secretName: {{ if .Values.configsdb_postgresql.auth.existing_secret.name }}{{ .Values.configsdb_postgresql.auth.existing_secret.name }}{{ else }}{{ template "cortex.fullname" . }}-postgresql{{ end }}
items:
- key: {{ if .Values.configsdb_postgresql.auth.existing_secret.name }}{{ .Values.configsdb_postgresql.auth.existing_secret.key }}{{ else }}postgresql-password{{ end }}
path: password
{{- end }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
{{- if .Values.configs.extraVolumes }}
{{- toYaml .Values.configs.extraVolumes | nindent 8}}
{{- end }}
{{- end }}

14
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-poddisruptionbudget.yaml
View File

@@ -1,14 +0,0 @@
{{- if and (gt (int .Values.configs.replicas) 1) (.Values.configs.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.configsSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.configs.podDisruptionBudget | nindent 2 }}
{{- end }}

42
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-servicemonitor.yaml
View File

@@ -1,42 +0,0 @@
{{- if .Values.configs.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
{{- if .Values.configs.serviceMonitor.additionalLabels }}
{{ toYaml .Values.configs.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.configs.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.configs.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.configsSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.configs.serviceMonitor.interval }}
interval: {{ .Values.configs.serviceMonitor.interval }}
{{- end }}
{{- if .Values.configs.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.configs.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.configs.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.configs.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.configs.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.configs.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.configs.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

23
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-svc.yaml
View File

@@ -1,23 +0,0 @@
{{- if .Values.configs.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
{{- with .Values.configs.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.configs.service.annotations | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.config.server.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.configsSelectorLabels" . | nindent 4 }}
{{- end }}

68
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/cortex-pv.yaml
View File

@@ -1,68 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: ingester-pv-0
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.global.DEFAULT_STORAGE_CLASS }}
local:
path: {{ .Values.global.IMXC_INGESTER_PV_PATH1 }}
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .Values.global.affinity_key }}
operator: In
values:
- {{ .Values.global.affinity_value1 }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: ingester-pv-1
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.global.DEFAULT_STORAGE_CLASS }}
local:
path: {{ .Values.global.IMXC_INGESTER_PV_PATH2 }}
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .Values.global.affinity_key }}
operator: In
values:
- {{ .Values.global.affinity_value2 }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: ingester-pv-2
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.global.DEFAULT_STORAGE_CLASS }}
local:
path: {{ .Values.global.IMXC_INGESTER_PV_PATH3 }}
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .Values.global.affinity_key }}
operator: In
values:
- {{ .Values.global.affinity_value3 }}

23
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/_helpers-distributor.tpl
View File

@@ -1,23 +0,0 @@
{{/*
distributor fullname
*/}}
{{- define "cortex.distributorFullname" -}}
{{ include "cortex.fullname" . }}-distributor
{{- end }}
{{/*
distributor common labels
*/}}
{{- define "cortex.distributorLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: distributor
{{- end }}
{{/*
distributor selector labels
*/}}
{{- define "cortex.distributorSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: distributor
{{- end }}

121
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-dep.yaml
View File

@@ -1,121 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- toYaml .Values.distributor.annotations | nindent 4 }}
spec:
{{- if not .Values.distributor.autoscaling.enabled }}
replicas: {{ .Values.distributor.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "cortex.distributorSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.distributor.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.distributorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.distributor.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.distributor.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.distributor.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.distributor.priorityClassName }}
priorityClassName: {{ .Values.distributor.priorityClassName }}
{{- end }}
{{- if .Values.distributor.securityContext.enabled }}
securityContext: {{- omit .Values.distributor.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.distributor.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: distributor
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=distributor"
- "-config.file=/etc/cortex/cortex.yaml"
{{- range $key, $value := .Values.distributor.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.distributor.extraVolumeMounts }}
{{- toYaml .Values.distributor.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
- name: storage
mountPath: "/data"
subPath: {{ .Values.distributor.persistentVolume.subPath }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.config.server.grpc_listen_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.distributor.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.distributor.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.distributor.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.distributor.resources | nindent 12 }}
{{- if .Values.distributor.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.distributor.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.distributor.env }}
env:
{{- toYaml .Values.distributor.env | nindent 12 }}
{{- end }}
{{- with .Values.distributor.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
requests:
cpu: "100m"
{{- if .Values.distributor.extraContainers }}
{{- toYaml .Values.distributor.extraContainers | nindent 8}}
{{- end }}
nodeSelector:
{{- toYaml .Values.distributor.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.distributor.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.distributor.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.distributor.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
- name: storage
emptyDir: {}
{{- if .Values.distributor.extraVolumes }}
{{- toYaml .Values.distributor.extraVolumes | nindent 8}}
{{- end }}

39
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-hpa.yaml
View File

@@ -1,39 +0,0 @@
{{- with .Values.distributor.autoscaling -}}
{{- if .enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "cortex.distributorFullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" $ | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "cortex.distributorFullname" $ }}
minReplicas: {{ .minReplicas }}
maxReplicas: {{ .maxReplicas }}
metrics:
{{- with .targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

14
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-poddisruptionbudget.yaml
View File

@@ -1,14 +0,0 @@
{{- if and (gt (int .Values.distributor.replicas) 1) (.Values.distributor.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.distributorSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.distributor.podDisruptionBudget | nindent 2 }}
{{- end }}

42
roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-servicemonitor.yaml
View File

@@ -1,42 +0,0 @@
{{- if .Values.distributor.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
{{- if .Values.distributor.serviceMonitor.additionalLabels }}
{{ toYaml .Values.distributor.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.distributor.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.distributorSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.distributor.serviceMonitor.interval }}
interval: {{ .Values.distributor.serviceMonitor.interval }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.distributor.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.distributor.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.distributor.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.distributor.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More