sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ansible Script 추가

Browse Source
This commit is contained in:
ByeonJungHun
2023-12-19 13:36:16 +09:00
parent 0273450ff6
commit 05cb8d9269
2610 changed files with 281893 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
ansible/01_old/roles/cmoa_demo_install/defaults/main.yml Normal file
View File

@@ -0,0 +1,64 @@
# helm file install
helm_checksum: sha256:950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2
helm_version: v3.10.3
# cmoa info
cmoa_namespace: imxc
cmoa_version: rel3.4.8
# default ip/version (not change)
before_ip: 111.111.111.111
before_version: rel0.0.0
# files/00-default in role
docker_secret_file: secret_nexus.yaml
# all, jaeger, jspd
imxc_ui: all
# [docker_config_path]
docker_config_nexus: dockerconfig/docker_config_nexus.json
# [jaeger]
jaeger_servicename: imxc-ui-service-jaeger
jaeger_service_port: 80
jaeger_nodePort: 31080 # only imxc-ui-jaeger option (imxc-ui-jaeger template default port=31084)
# [minio]
minio_service_name: minio
minio_service_port: 9000
minio_nodePort: 32002
minio_user: cloudmoa
minio_pass: admin1234
bucket_name: cortex-bucket
days: 42
rule_id: cloudmoa
# [Elasticsearch]
elasticsearch_service_name: elasticsearch
elasticsearch_service_port: 9200
elasticsearch_nodePort: 30200
# [Keycloak]
# Keycloak configuration settings
keycloak_http_port: 31082
keycloak_https_port: 8443
keycloak_management_http_port: 31990
keycloak_realm: exem
# Keycloak administration console user
keycloak_admin_user: admin
keycloak_admin_password: admin
keycloak_auth_realm: master
keycloak_auth_client: admin-cli
keycloak_context: /auth
# keycloak_clients
keycloak_clients:
- name: 'authorization_server'
client_id: authorization_server
realm: exem
redirect_uris: "http://10.10.30.75:31080/*,http://10.10.30.75:31084/*,http://localhost:8080/*,http://localhost:8081/*"
public_client: True

8
ansible/01_old/roles/cmoa_demo_install/files/00-default/sa_patch.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
export KUBECONFIG=$1
kubectl wait node --for=condition=ready --all --timeout=60s
#kubectl -n imxc patch sa default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
kubectl -n default patch sa default -p '{"imagePullSecrets": [{"name": "regcred"}]}'

7
ansible/01_old/roles/cmoa_demo_install/files/00-default/secret_dockerhub.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: regcred
data:
.dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICJhdXRoIjogIlpYaGxiV1JsZGpJNk0yWXlObVV6T0RjdFlqY3paQzAwTkRVMUxUazNaRFV0T1dWaU9EWmtObVl4WXpOayIKICAgIH0KICB9Cn0KCg==
type: kubernetes.io/dockerconfigjson

8
ansible/01_old/roles/cmoa_demo_install/files/00-default/secret_nexus.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
data:
.dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICIxMC4xMC4zMS4yNDM6NTAwMCI6IHsKICAgICAgImF1dGgiOiAiWTI5eVpUcGpiM0psWVdSdGFXNHhNak0wIgogICAgfQogIH0KfQoK
kind: Secret
metadata:
name: regcred
type: kubernetes.io/dockerconfigjson

6
ansible/01_old/roles/cmoa_demo_install/files/01-storage/00-storageclass.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: exem-local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer

92
ansible/01_old/roles/cmoa_demo_install/files/01-storage/01-persistentvolume.yaml Normal file
View File

@@ -0,0 +1,92 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-0
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv1
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-1
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv2
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker1
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-2
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv3
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv-3
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: exem-local-storage
local:
path: /media/data/minio/pv4
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: cmoa
operator: In
values:
- worker2

63
ansible/01_old/roles/cmoa_demo_install/files/01-storage/cmoa_minio Executable file
View File

@@ -0,0 +1,63 @@
#! /usr/bin/python3
#-*- coding:utf-8 -*-
import os, sys, time, urllib3
from minio import Minio
from minio.lifecycleconfig import Expiration, LifecycleConfig, Rule, Transition
from minio.commonconfig import ENABLED, Filter
def minio_conn(ipaddr, portnum, ac_key, sec_key):
conn='{}:{}'.format(ipaddr,portnum)
url='http://{}'.format(conn)
print(url)
minio_client = Minio(
conn, access_key=ac_key, secret_key=sec_key, secure=False,
http_client=urllib3.ProxyManager(
url, timeout=urllib3.Timeout.DEFAULT_TIMEOUT,
retries=urllib3.Retry(
total=5, backoff_factor=0.2,
status_forcelist=[
500, 502, 503, 504
],
),
),
)
return minio_client
def minio_create_buckets(minio_client, bucket_name, days, rule_id="cloudmoa"):
config = LifecycleConfig(
[
Rule(
ENABLED,
rule_filter=Filter(prefix=""),
rule_id=rule_id,
expiration=Expiration(days=days),
),
],
)
minio_client.set_bucket_lifecycle(bucket_name, config)
def minio_delete_bucket(client, bucket_name):
client.delete_bucket_lifecycle(bucket_name)
def main():
s3_url = os.sys.argv[1].split(':')[0]
s3_url_port = os.sys.argv[1].split(':')[1]
minio_user = os.sys.argv[2]
minio_pass = os.sys.argv[3]
bucket_name = os.sys.argv[4]
minio_days = os.sys.argv[5]
rule_id = os.sys.argv[6]
print(s3_url, s3_url_port, minio_user, minio_pass)
minio_client=minio_conn(s3_url, s3_url_port, minio_user, minio_pass)
minio_create_buckets(minio_client, bucket_name, minio_days, rule_id)
if __name__ == "__main__":
try:
main()
except Exception as err:
print("[Usage] minio {url:port} {username} {password} {bucketName} {days} {ruleId}")
print(err)

23
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# OWNERS file for Kubernetes
OWNERS

18
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/Chart.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
description: Multi-Cloud Object Storage
name: minio
version: 4.0.2
appVersion: RELEASE.2022-05-08T23-50-31Z
keywords:
- minio
- storage
- object-storage
- s3
- cluster
home: https://min.io
icon: https://min.io/resources/img/logo/MINIO_wordmark.png
sources:
- https://github.com/minio/minio
maintainers:
- name: MinIO, Inc
email: dev@minio.io

235
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/README.md Normal file
View File

@@ -0,0 +1,235 @@
# MinIO Helm Chart
[![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io) [![license](https://img.shields.io/badge/license-AGPL%20V3-blue)](https://github.com/minio/minio/blob/master/LICENSE)
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
For more detailed documentation please visit [here](https://docs.minio.io/)
## Introduction
This chart bootstraps MinIO Cluster on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Helm cli with Kubernetes cluster configured.
- PV provisioner support in the underlying infrastructure. (We recommend using <https://github.com/minio/direct-csi>)
- Use Kubernetes version v1.19 and later for best experience.
## Configure MinIO Helm repo
```bash
helm repo add minio https://charts.min.io/
```
### Installing the Chart
Install this chart using:
```bash
helm install --namespace minio --set rootUser=rootuser,rootPassword=rootpass123 --generate-name minio/minio
```
The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
### Upgrading the Chart
You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command:
```bash
helm get values my-release > old_values.yaml
```
Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using
```bash
helm upgrade -f old_values.yaml my-release minio/minio
```
Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy.
### Configuration
Refer the [Values file](./values.yaml) for all the possible config fields.
You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```bash
helm install --name my-release --set persistence.size=1Ti minio/minio
```
The above command deploys MinIO server with a 1Ti backing persistent volume.
Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example,
```bash
helm install --name my-release -f values.yaml minio/minio
```
### Persistence
This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by:
```bash
helm install --set persistence.enabled=false minio/minio
```
> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
### Existing PersistentVolumeClaim
If a Persistent Volume Claim already exists, specify it during installation.
1. Create the PersistentVolume
2. Create the PersistentVolumeClaim
3. Install the chart
```bash
helm install --set persistence.existingClaim=PVC_NAME minio/minio
```
### NetworkPolicy
To enable network policy for MinIO,
install [a networking plugin that implements the Kubernetes
NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin),
and set `networkPolicy.enabled` to `true`.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
the DefaultDeny namespace annotation. Note: this will enforce policy for *all* pods in the namespace:
```
kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
```
With NetworkPolicy enabled, traffic will be limited to just port 9000.
For more precise policy, set `networkPolicy.allowExternal=true`. This will
only allow pods with the generated client label to connect to MinIO.
This label will be displayed in the output of a successful install.
### Existing secret
Instead of having this chart create the secret for you, you can supply a preexisting secret, much
like an existing PersistentVolumeClaim.
First, create the secret:
```bash
kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux
```
Then install the chart, specifying that you want to use an existing secret:
```bash
helm install --set existingSecret=my-minio-secret minio/minio
```
The following fields are expected in the secret:
| .data.\<key\> in Secret | Corresponding variable | Description | Required |
|:------------------------|:-----------------------|:---------------|:---------|
| `rootUser` | `rootUser` | Root user. | yes |
| `rootPassword` | `rootPassword` | Root password. | yes |
All corresponding variables will be ignored in values file.
### Configure TLS
To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using
```bash
kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
```
Then install the chart, specifying that you want to use the TLS secret:
```bash
helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio
```
### Installing certificates from third party CAs
MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true` and you're installing certificates for third party CAs, remember to include MinIO's own certificate with key `public.crt`, if it also needs to be trusted.
For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`:
```
kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt
```
If TLS is not enabled, you would need only the third party CA:
```
kubectl -n minio create secret generic minio-trusted-certs --from-file=keycloak.crt
```
The name of the generated secret can then be passed to Helm using a values file or the `--set` parameter:
```
trustedCertsSecret: "minio-trusted-certs"
or
--set trustedCertsSecret=minio-trusted-certs
```
### Create buckets after install
Install the chart, specifying the buckets you want to create after install:
```bash
helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false minio/minio
```
Description of the configuration parameters used above -
- `buckets[].name` - name of the bucket to create, must be a string with length > 0
- `buckets[].policy` - can be one of none|download|upload|public
- `buckets[].purge` - purge if bucket exists already
33# Create policies after install
Install the chart, specifying the policies you want to create after install:
```bash
helm install --set policies[0].name=mypolicy,policies[0].statements[0].resources[0]='arn:aws:s3:::bucket1',policies[0].statements[0].actions[0]='s3:ListBucket',policies[0].statements[0].actions[1]='s3:GetObject' minio/minio
```
Description of the configuration parameters used above -
- `policies[].name` - name of the policy to create, must be a string with length > 0
- `policies[].statements[]` - list of statements, includes actions and resources
- `policies[].statements[].resources[]` - list of resources that applies the statement
- `policies[].statements[].actions[]` - list of actions granted
### Create user after install
Install the chart, specifying the users you want to create after install:
```bash
helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio
```
Description of the configuration parameters used above -
- `users[].accessKey` - accessKey of user
- `users[].secretKey` - secretKey of usersecretRef
- `users[].existingSecret` - secret name that contains the secretKey of user
- `users[].existingSecretKey` - data key in existingSecret secret containing the secretKey
- `users[].policy` - name of the policy to assign to user
## Uninstalling the Chart
Assuming your release is named as `my-release`, delete it using the command:
```bash
helm delete my-release
```
or
```bash
helm uninstall my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.

43
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,43 @@
{{- if eq .Values.service.type "ClusterIP" "NodePort" }}
MinIO can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
To access MinIO from localhost, run the below commands:
1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }}
Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/
You can now access MinIO server on http://localhost:9000. Follow the below steps to connect to MinIO server with mc client:
1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }}
3. mc ls {{ template "minio.fullname" . }}-local
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
MinIO can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by:
kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }}
Note that the public IP may take a couple of minutes to be available.
You can now access MinIO server on http://<External-IP>:9000. Follow the below steps to connect to MinIO server with mc client:
1. Download the MinIO mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
2. export MC_HOST_{{ template "minio.fullname" . }}-local=http://$(kubectl get secret {{ template "minio.secretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@<External-IP>:{{ .Values.service.port }}
3. mc ls {{ template "minio.fullname" . }}
Alternately, you can use your browser or the MinIO SDK to access the server - https://docs.minio.io/categories/17
{{- end }}
{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
Note: Since NetworkPolicy is enabled, only pods with label
{{ template "minio.fullname" . }}-client=true"
will be able to connect to this minio cluster.
{{- end }}

109
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_create_bucket.txt Normal file
View File

@@ -0,0 +1,109 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkBucketExists ($bucket)
# Check if the bucket exists, by using the exit code of `mc ls`
checkBucketExists() {
BUCKET=$1
CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1)
return $?
}
# createBucket ($bucket, $policy, $purge)
# Ensure bucket exists, purging if asked to
createBucket() {
BUCKET=$1
POLICY=$2
PURGE=$3
VERSIONING=$4
# Purge the bucket, if set & exists
# Since PURGE is user input, check explicitly for `true`
if [ $PURGE = true ]; then
if checkBucketExists $BUCKET ; then
echo "Purging bucket '$BUCKET'."
set +e ; # don't exit if this fails
${MC} rm -r --force myminio/$BUCKET
set -e ; # reset `e` as active
else
echo "Bucket '$BUCKET' does not exist, skipping purge."
fi
fi
# Create the bucket if it does not exist
if ! checkBucketExists $BUCKET ; then
echo "Creating bucket '$BUCKET'"
${MC} mb myminio/$BUCKET
else
echo "Bucket '$BUCKET' already exists."
fi
# set versioning for bucket
if [ ! -z $VERSIONING ] ; then
if [ $VERSIONING = true ] ; then
echo "Enabling versioning for '$BUCKET'"
${MC} version enable myminio/$BUCKET
elif [ $VERSIONING = false ] ; then
echo "Suspending versioning for '$BUCKET'"
${MC} version suspend myminio/$BUCKET
fi
else
echo "Bucket '$BUCKET' versioning unchanged."
fi
# At this point, the bucket should exist, skip checking for existence
# Set policy on the bucket
echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
${MC} policy set $POLICY myminio/$BUCKET
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.buckets }}
{{ $global := . }}
# Create the buckets
{{- range .Values.buckets }}
createBucket {{ tpl .name $global }} {{ .policy }} {{ .purge }} {{ .versioning }}
{{- end }}
{{- end }}

75
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_create_policy.txt Normal file
View File

@@ -0,0 +1,75 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkPolicyExists ($policy)
# Check if the policy exists, by using the exit code of `mc admin policy info`
checkPolicyExists() {
POLICY=$1
CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1)
return $?
}
# createPolicy($name, $filename)
createPolicy () {
NAME=$1
FILENAME=$2
# Create the name if it does not exist
echo "Checking policy: $NAME (in /config/$FILENAME.json)"
if ! checkPolicyExists $NAME ; then
echo "Creating policy '$NAME'"
else
echo "Policy '$NAME' already exists."
fi
${MC} admin policy add myminio $NAME /config/$FILENAME.json
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.policies }}
# Create the policies
{{- range $idx, $policy := .Values.policies }}
createPolicy {{ $policy.name }} policy_{{ $idx }}
{{- end }}
{{- end }}

88
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_create_user.txt Normal file
View File

@@ -0,0 +1,88 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkUserExists ($username)
# Check if the user exists, by using the exit code of `mc admin user info`
checkUserExists() {
USER=$1
CMD=$(${MC} admin user info myminio $USER > /dev/null 2>&1)
return $?
}
# createUser ($username, $password, $policy)
createUser() {
USER=$1
PASS=$2
POLICY=$3
# Create the user if it does not exist
if ! checkUserExists $USER ; then
echo "Creating user '$USER'"
${MC} admin user add myminio $USER $PASS
else
echo "User '$USER' already exists."
fi
# set policy for user
if [ ! -z $POLICY -a $POLICY != " " ] ; then
echo "Adding policy '$POLICY' for '$USER'"
${MC} admin policy set myminio $POLICY user=$USER
else
echo "User '$USER' has no policy attached."
fi
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.users }}
{{ $global := . }}
# Create the users
{{- range .Values.users }}
{{- if .existingSecret }}
createUser {{ tpl .accessKey $global }} $(cat /config/secrets/{{ tpl .accessKey $global }}) {{ .policy }}
{{ else }}
createUser {{ tpl .accessKey $global }} {{ .secretKey }} {{ .policy }}
{{- end }}
{{- end }}
{{- end }}

58
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_custom_command.txt Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
{{- if .Values.configPathmc }}
MC_CONFIG_DIR="{{ .Values.configPathmc }}"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
{{- else }}
MC="/usr/bin/mc --insecure"
{{- end }}
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# runCommand ($@)
# Run custom mc command
runCommand() {
${MC} "$@"
return $?
}
# Try connecting to MinIO instance
{{- if .Values.tls.enabled }}
scheme=https
{{- else }}
scheme=http
{{- end }}
connectToMinio $scheme
{{ if .Values.customCommands }}
# Run custom commands
{{- range .Values.customCommands }}
runCommand {{ .command }}
{{- end }}
{{- end }}

18
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/_helper_policy.tpl Normal file
View File

@@ -0,0 +1,18 @@
{{- $statements_length := len .statements -}}
{{- $statements_length := sub $statements_length 1 -}}
{
"Version": "2012-10-17",
"Statement": [
{{- range $i, $statement := .statements }}
{
"Effect": "Allow",
"Action": [
"{{ $statement.actions | join "\",\n\"" }}"
]{{ if $statement.resources }},
"Resource": [
"{{ $statement.resources | join "\",\n\"" }}"
]{{ end }}
}{{ if lt $i $statements_length }},{{end }}
{{- end }}
]
}

218
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,218 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "minio.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "minio.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "minio.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "minio.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "minio.deployment.apiVersion" -}}
{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "minio.statefulset.apiVersion" -}}
{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "minio.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for console ingress.
*/}}
{{- define "minio.consoleIngress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Determine secret name.
*/}}
{{- define "minio.secretName" -}}
{{- if .Values.existingSecret -}}
{{- .Values.existingSecret }}
{{- else -}}
{{- include "minio.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Determine name for scc role and rolebinding
*/}}
{{- define "minio.sccRoleName" -}}
{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Properly format optional additional arguments to MinIO binary
*/}}
{{- define "minio.extraArgs" -}}
{{- range .Values.extraArgs -}}
{{ " " }}{{ . }}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "minio.imagePullSecrets" -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
Also, we can not use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- else if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets }}
{{- end -}}
{{- else if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets }}
{{- end -}}
{{- end -}}
{{/*
Formats volumeMount for MinIO TLS keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolumeMount" -}}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume
mountPath: {{ .Values.certsPath }}
{{- end }}
{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }}
- name: trusted-cert-secret-volume
mountPath: {{ $casPath }}
{{- end }}
{{- end -}}
{{/*
Formats volume for MinIO TLS keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolume" -}}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: public.crt
- key: {{ .Values.tls.privateKey }}
path: private.key
{{- end }}
{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }}
{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }}
- name: trusted-cert-secret-volume
secret:
secretName: {{ $certSecret }}
{{- if ne $publicCrt "" }}
items:
- key: {{ $publicCrt }}
path: public.crt
{{- end }}
{{- end }}
{{- end -}}
{{/*
Returns the available value for certain key in an existing secret (if it exists),
otherwise it generates a random value.
*/}}
{{- define "minio.getValueFromSecret" }}
{{- $len := (default 16 .Length) | int -}}
{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
{{- if $obj }}
{{- index $obj .Key | b64dec -}}
{{- else -}}
{{- randAlphaNum $len -}}
{{- end -}}
{{- end }}
{{- define "minio.root.username" -}}
{{- if .Values.rootUser }}
{{- .Values.rootUser | toString }}
{{- else }}
{{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 20 "Key" "rootUser") }}
{{- end }}
{{- end -}}
{{- define "minio.root.password" -}}
{{- if .Values.rootPassword }}
{{- .Values.rootPassword | toString }}
{{- else }}
{{- include "minio.getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "minio.fullname" .) "Length" 40 "Key" "rootPassword") }}
{{- end }}
{{- end -}}

24
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
initialize: |-
{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }}
add-user: |-
{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }}
add-policy: |-
{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }}
{{- range $idx, $policy := .Values.policies }}
# {{ $policy.name }}
policy_{{ $idx }}.json: |-
{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }}
{{ end }}
custom-command: |-
{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }}

58
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/console-ingress.yaml Normal file
View File

@@ -0,0 +1,58 @@
{{- if .Values.consoleIngress.enabled -}}
{{- $fullName := printf "%s-console" (include "minio.fullname" .) -}}
{{- $servicePort := .Values.consoleService.port -}}
{{- $ingressPath := .Values.consoleIngress.path -}}
apiVersion: {{ template "minio.consoleIngress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.consoleIngress.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.consoleIngress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.consoleIngress.ingressClassName }}
ingressClassName: {{ .Values.consoleIngress.ingressClassName }}
{{- end }}
{{- if .Values.consoleIngress.tls }}
tls:
{{- range .Values.consoleIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.consoleIngress.hosts }}
- http:
paths:
- path: {{ $ingressPath }}
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- if . }}
host: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}

48
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/console-service.yaml Normal file
View File

@@ -0,0 +1,48 @@
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "minio.fullname" . }}-console
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.consoleService.annotations }}
annotations:
{{ toYaml .Values.consoleService.annotations | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }}
type: ClusterIP
{{- if not (empty .Values.consoleService.clusterIP) }}
clusterIP: {{ .Values.consoleService.clusterIP }}
{{end}}
{{- else if eq .Values.consoleService.type "LoadBalancer" }}
type: {{ .Values.consoleService.type }}
loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }}
{{- else }}
type: {{ .Values.consoleService.type }}
{{- end }}
ports:
- name: {{ $scheme }}
port: {{ .Values.consoleService.port }}
protocol: TCP
{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }}
nodePort: {{ .Values.consoleService.nodePort }}
{{- else }}
targetPort: {{ .Values.consoleService.port }}
{{- end}}
{{- if .Values.consoleService.externalIPs }}
externalIPs:
{{- range $i , $ip := .Values.consoleService.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}

174
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,174 @@
{{- if eq .Values.mode "standalone" }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
apiVersion: {{ template "minio.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
strategy:
type: {{ .Values.DeploymentUpdate.type }}
{{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ .Values.DeploymentUpdate.maxSurge }}
maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }}
{{- end}}
replicas: 1
selector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }}
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }}
{{- end }}
{{- end }}
{{ if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-ce"
- "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}"
volumeMounts:
- name: minio-user
mountPath: "/tmp/credentials"
readOnly: true
{{- if .Values.persistence.enabled }}
- name: export
mountPath: {{ .Values.mountPath }}
{{- if .Values.persistence.subPath }}
subPath: "{{ .Values.persistence.subPath }}"
{{- end }}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
- name: {{ $scheme }}-console
containerPort: {{ .Values.minioConsolePort }}
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootPassword
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- if .Values.etcd.endpoints }}
- name: MINIO_ETCD_ENDPOINTS
value: {{ join "," .Values.etcd.endpoints | quote }}
{{- if .Values.etcd.clientCert }}
- name: MINIO_ETCD_CLIENT_CERT
value: "/tmp/credentials/etcd_client_cert.pem"
{{- end }}
{{- if .Values.etcd.clientCertKey }}
- name: MINIO_ETCD_CLIENT_CERT_KEY
value: "/tmp/credentials/etcd_client_cert_key.pem"
{{- end }}
{{- if .Values.etcd.pathPrefix }}
- name: MINIO_ETCD_PATH_PREFIX
value: {{ .Values.etcd.pathPrefix }}
{{- end }}
{{- if .Values.etcd.corednsPathPrefix }}
- name: MINIO_ETCD_COREDNS_PATH
value: {{ .Values.etcd.corednsPathPrefix }}
{{- end }}
{{- end }}
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: export
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
secret:
secretName: {{ .Values.extraSecret }}
{{- end }}
- name: minio-user
secret:
secretName: {{ template "minio.secretName" . }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
{{- end }}

173
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/gateway-deployment.yaml Normal file
View File

@@ -0,0 +1,173 @@
{{- if eq .Values.mode "gateway" }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
apiVersion: {{ template "minio.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
strategy:
type: {{ .Values.DeploymentUpdate.type }}
{{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }}
rollingUpdate:
maxSurge: {{ .Values.DeploymentUpdate.maxSurge }}
maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }}
{{- end}}
replicas: {{ .Values.gateway.replicas }}
selector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{ if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- "/bin/sh"
- "-ce"
{{- if eq .Values.gateway.type "nas" }}
- "/usr/bin/docker-entrypoint.sh minio gateway nas {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }} "
{{- end }}
volumeMounts:
- name: minio-user
mountPath: "/tmp/credentials"
readOnly: true
{{- if .Values.persistence.enabled }}
- name: export
mountPath: {{ .Values.mountPath }}
{{- if .Values.persistence.subPath }}
subPath: "{{ .Values.persistence.subPath }}"
{{- end }}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
- name: {{ $scheme }}-console
containerPort: {{ .Values.minioConsolePort }}
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootPassword
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- if .Values.etcd.endpoints }}
- name: MINIO_ETCD_ENDPOINTS
value: {{ join "," .Values.etcd.endpoints | quote }}
{{- if .Values.etcd.clientCert }}
- name: MINIO_ETCD_CLIENT_CERT
value: "/tmp/credentials/etcd_client.crt"
{{- end }}
{{- if .Values.etcd.clientCertKey }}
- name: MINIO_ETCD_CLIENT_CERT_KEY
value: "/tmp/credentials/etcd_client.key"
{{- end }}
{{- if .Values.etcd.pathPrefix }}
- name: MINIO_ETCD_PATH_PREFIX
value: {{ .Values.etcd.pathPrefix }}
{{- end }}
{{- if .Values.etcd.corednsPathPrefix }}
- name: MINIO_ETCD_COREDNS_PATH
value: {{ .Values.etcd.corednsPathPrefix }}
{{- end }}
{{- end }}
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: export
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end }}
- name: minio-user
secret:
secretName: {{ template "minio.secretName" . }}
{{- if .Values.extraSecret }}
- name: extra-secret
secret:
secretName: {{ .Values.extraSecret }}
{{- end }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
{{- end }}

58
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,58 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "minio.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: {{ template "minio.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.ingress.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- http:
paths:
- path: {{ $ingressPath }}
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- if . }}
host: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}

27
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "minio.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
ingress:
- ports:
- port: {{ .Values.service.port }}
- port: {{ .Values.consoleService.port }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "minio.name" . }}-client: "true"
{{- end }}
{{- end }}

14
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: minio
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
spec:
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
selector:
matchLabels:
app: {{ template "minio.name" . }}
{{- end }}

87
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-create-bucket-job.yaml Normal file
View File

@@ -0,0 +1,87 @@
{{- if .Values.buckets }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-make-bucket-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-make-bucket-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.makeBucketJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.makeBucketJob.podAnnotations }}
annotations:
{{ toYaml .Values.makeBucketJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.makeBucketJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.makeBucketJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.makeBucketJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.makeBucketJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/initialize"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.makeBucketJob.resources | indent 10 }}
{{- end }}

87
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-create-policy-job.yaml Normal file
View File

@@ -0,0 +1,87 @@
{{- if .Values.policies }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-make-policies-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-make-policies-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.makePolicyJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.makePolicyJob.podAnnotations }}
annotations:
{{ toYaml .Values.makePolicyJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.makePolicyJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.makePolicyJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.makePolicyJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.makePolicyJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.makePolicyJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/add-policy"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.makePolicyJob.resources | indent 10 }}
{{- end }}

97
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-create-user-job.yaml Normal file
View File

@@ -0,0 +1,97 @@
{{- $global := . -}}
{{- if .Values.users }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-make-user-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-make-user-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.makeUserJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.makeUserJob.podAnnotations }}
annotations:
{{ toYaml .Values.makeUserJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.makeUserJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.makeUserJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.makeUserJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.makeUserJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- range .Values.users }}
{{- if .existingSecret }}
- secret:
name: {{ tpl .existingSecret $global }}
items:
- key: {{ .existingSecretKey }}
path: secrets/{{ tpl .accessKey $global }}
{{- end }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/add-user"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.makeUserJob.resources | indent 10 }}
{{- end }}

87
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/post-install-custom-command.yaml Normal file
View File

@@ -0,0 +1,87 @@
{{- if .Values.customCommands }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "minio.fullname" . }}-custom-command-job
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}-custom-command-job
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
{{- with .Values.customCommandJob.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
app: {{ template "minio.name" . }}-job
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.customCommandJob.podAnnotations }}
annotations:
{{ toYaml .Values.customCommandJob.podAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.customCommandJob.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.customCommandJob.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.customCommandJob.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.customCommandJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.customCommandJob.securityContext.runAsGroup }}
fsGroup: {{ .Values.customCommandJob.securityContext.fsGroup }}
{{- end }}
volumes:
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ template "minio.fullname" . }}
- secret:
name: {{ template "minio.secretName" . }}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.tls.certSecret }}
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
containers:
- name: minio-mc
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/custom-command"]
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{ toYaml .Values.customCommandJob.resources | indent 10 }}
{{- end }}

35
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- if eq .Values.mode "standalone" }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.persistence.VolumeName }}
volumeName: "{{ .Values.persistence.VolumeName }}"
{{- end }}
{{- end }}
{{- end }}

22
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,22 @@
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "minio.secretName" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
rootUser: {{ include "minio.root.username" . | b64enc | quote }}
rootPassword: {{ include "minio.root.password" . | b64enc | quote }}
{{- if .Values.etcd.clientCert }}
etcd_client.crt: {{ .Values.etcd.clientCert | toString | b64enc | quote }}
{{- end }}
{{- if .Values.etcd.clientCertKey }}
etcd_client.key: {{ .Values.etcd.clientCertKey | toString | b64enc | quote }}
{{- end }}
{{- end }}

45
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/securitycontextconstraints.yaml Normal file
View File

@@ -0,0 +1,45 @@
{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: []
readOnlyRootFilesystem: false
defaultAddCapabilities: []
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
fsGroup:
type: MustRunAs
ranges:
- max: {{ .Values.securityContext.fsGroup }}
min: {{ .Values.securityContext.fsGroup }}
runAsUser:
type: MustRunAs
uid: {{ .Values.securityContext.runAsUser }}
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
{{- end }}

49
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/service.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
monitoring: "true"
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }}
type: ClusterIP
{{- if not (empty .Values.service.clusterIP) }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
ports:
- name: {{ $scheme }}
port: {{ .Values.service.port }}
protocol: TCP
{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }}
nodePort: {{ .Values.service.nodePort }}
{{- else }}
targetPort: 9000
{{- end}}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- range $i , $ip := .Values.service.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}

7
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,7 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name | quote }}
namespace: {{ .Release.Namespace | quote }}
{{- end -}}

51
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,51 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "minio.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{ else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
spec:
endpoints:
{{- if .Values.tls.enabled }}
- port: https
scheme: https
{{ else }}
- port: http
scheme: http
{{- end }}
path: /minio/v2/metrics/cluster
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelConfigs }}
{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }}
{{- end }}
{{- if not .Values.metrics.serviceMonitor.public }}
bearerTokenSecret:
name: {{ template "minio.fullname" . }}-prometheus
key: token
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
selector:
matchLabels:
app: {{ include "minio.name" . }}
release: {{ .Release.Name }}
monitoring: "true"
{{- end }}

217
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,217 @@
{{- if eq .Values.mode "distributed" }}
{{ $poolCount := .Values.pools | int }}
{{ $nodeCount := .Values.replicas | int }}
{{ $drivesPerNode := .Values.drivesPerNode | int }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $mountPath := .Values.mountPath }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
{{ $subPath := .Values.persistence.subPath }}
{{ $penabled := .Values.persistence.enabled }}
{{ $accessMode := .Values.persistence.accessMode }}
{{ $storageClass := .Values.persistence.storageClass }}
{{ $psize := .Values.persistence.size }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "minio.fullname" . }}-svc
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
publishNotReadyAddresses: true
clusterIP: None
ports:
- name: {{ $scheme }}
port: {{ .Values.service.port }}
protocol: TCP
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
---
apiVersion: {{ template "minio.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "minio.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
spec:
updateStrategy:
type: {{ .Values.StatefulSetUpdate.updateStrategy }}
podManagementPolicy: "Parallel"
serviceName: {{ template "minio.fullname" . }}-svc
replicas: {{ mul $poolCount $nodeCount }}
selector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }}
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }}
{{- end }}
{{- end }}
{{ if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "/bin/sh",
"-ce",
"/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ]
volumeMounts:
{{- if $penabled }}
{{- if (gt $drivesPerNode 1) }}
{{- range $i := until $drivesPerNode }}
- name: export-{{ $i }}
mountPath: {{ $mountPath }}-{{ $i }}
{{- if and $penabled $subPath }}
subPath: {{ $subPath }}
{{- end }}
{{- end }}
{{- else }}
- name: export
mountPath: {{ $mountPath }}
{{- if and $penabled $subPath }}
subPath: {{ $subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
mountPath: "/tmp/minio-config-env"
{{- end }}
{{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
ports:
- name: {{ $scheme }}
containerPort: {{ .Values.minioAPIPort }}
- name: {{ $scheme }}-console
containerPort: {{ .Values.minioConsolePort }}
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "minio.secretName" . }}
key: rootPassword
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: minio-user
secret:
secretName: {{ template "minio.secretName" . }}
{{- if .Values.extraSecret }}
- name: extra-secret
secret:
secretName: {{ .Values.extraSecret }}
{{- end }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
{{- if gt $drivesPerNode 1 }}
{{- range $diskId := until $drivesPerNode}}
- metadata:
name: export-{{ $diskId }}
{{- if $.Values.persistence.annotations }}
annotations:
{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }}
{{- end }}
spec:
accessModes: [ {{ $accessMode | quote }} ]
{{- if $storageClass }}
storageClassName: {{ $storageClass }}
{{- end }}
resources:
requests:
storage: {{ $psize }}
{{- end }}
{{- else }}
- metadata:
name: export
{{- if $.Values.persistence.annotations }}
annotations:
{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }}
{{- end }}
spec:
accessModes: [ {{ $accessMode | quote }} ]
{{- if $storageClass }}
storageClassName: {{ $storageClass }}
{{- end }}
resources:
requests:
storage: {{ $psize }}
{{- end }}
{{- end }}
{{- end }}

461
ansible/01_old/roles/cmoa_demo_install/files/01-storage/minio/values.yaml Normal file
View File

@@ -0,0 +1,461 @@
## Provide a name in place of minio for `app:` labels
##
nameOverride: ""
## Provide a name to substitute for the full names of resources
##
fullnameOverride: ""
## set kubernetes cluster domain where minio is running
##
clusterDomain: cluster.local
## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the
##
image:
repository: 10.10.31.243:5000/cmoa3/minio
tag: RELEASE.2022-05-08T23-50-31Z
pullPolicy: IfNotPresent
imagePullSecrets:
- name: "regcred"
# - name: "image-pull-secret"
## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
## client used to create a default bucket).
##
mcImage:
repository: 10.10.31.243:5000/cmoa3/mc
tag: RELEASE.2022-05-09T04-08-26Z
pullPolicy: IfNotPresent
## minio mode, i.e. standalone or distributed or gateway.
mode: distributed ## other supported values are "standalone", "gateway"
## Additional labels to include with deployment or statefulset
additionalLabels: []
## Additional annotations to include with deployment or statefulset
additionalAnnotations: []
## Typically the deployment/statefulset includes checksums of secrets/config,
## So that when these change on a subsequent helm install, the deployment/statefulset
## is restarted. This can result in unnecessary restarts under GitOps tooling such as
## flux, so set to "true" to disable this behaviour.
ignoreChartChecksums: false
## Additional arguments to pass to minio binary
extraArgs: []
## Port number for MinIO S3 API Access
minioAPIPort: "9000"
## Port number for MinIO Browser COnsole Access
minioConsolePort: "9001"
## Update strategy for Deployments
DeploymentUpdate:
type: RollingUpdate
maxUnavailable: 0
maxSurge: 100%
## Update strategy for StatefulSets
StatefulSetUpdate:
updateStrategy: RollingUpdate
## Pod priority settings
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## Set default rootUser, rootPassword
## AccessKey and secretKey is generated when not set
## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide
##
rootUser: "admin"
rootPassword: "passW0rd"
## Use existing Secret that store following variables:
##
## | Chart var | .data.<key> in Secret |
## |:----------------------|:-------------------------|
## | rootUser | rootUser |
## | rootPassword | rootPassword |
##
## All mentioned variables will be ignored in values file.
## .data.rootUser and .data.rootPassword are mandatory,
## others depend on enabled status of corresponding sections.
existingSecret: ""
## Directory on the MinIO pof
certsPath: "/etc/minio/certs/"
configPathmc: "/etc/minio/mc/"
## Path where PV would be mounted on the MinIO Pod
mountPath: "/export"
## Override the root directory which the minio server should serve from.
## If left empty, it defaults to the value of {{ .Values.mountPath }}
## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }}
##
bucketRoot: ""
# Number of drives attached to a node
drivesPerNode: 2
# Number of MinIO containers running
#replicas: 16
replicas: 2
# Number of expanded MinIO clusters
pools: 1
# Deploy if 'mode == gateway' - 4 replicas.
gateway:
type: "nas" # currently only "nas" are supported.
replicas: 4
## TLS Settings for MinIO
tls:
enabled: false
## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
certSecret: ""
publicCrt: public.crt
privateKey: private.key
## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas
## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt.
## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret.
trustedCertsSecret: ""
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: true
annotations: {}
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: ""
## minio data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
## Storage class of PV to bind. By default it looks for standard storage class.
## If the PV uses a different storage class, specify that here.
storageClass: "exem-local-storage"
VolumeName: ""
accessMode: ReadWriteOnce
size: 50Gi
## If subPath is set mount a sub folder of a volume instead of the root of the volume.
## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
##
subPath: ""
## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
#service:
# type: NodePort
# clusterIP: ~
## Make sure to match it to minioAPIPort
# port: "9000"
# nodePort: "32002"
service:
type: ClusterIP
clusterIP: ~
## Make sure to match it to minioAPIPort
port: "9000"
## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
enabled: false
# ingressClassName: ""
labels: {}
# node-role.kubernetes.io/ingress: platform
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# kubernetes.io/ingress.allow-http: "false"
# kubernetes.io/ingress.global-static-ip-name: ""
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
path: /
hosts:
- minio-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
consoleService:
type: NodePort
clusterIP: ~
## Make sure to match it to minioConsolePort
port: "9001"
nodePort: "32001"
consoleIngress:
enabled: false
# ingressClassName: ""
labels: {}
# node-role.kubernetes.io/ingress: platform
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# kubernetes.io/ingress.allow-http: "false"
# kubernetes.io/ingress.global-static-ip-name: ""
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
path: /
hosts:
- console.minio-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
tolerations: []
affinity: {}
## Add stateful containers to have security context, if enabled MinIO will run as this
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
securityContext:
enabled: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
# Additational pod annotations
podAnnotations: {}
# Additional pod labels
podLabels: {}
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
#memory: 16Gi
memory: 1Gi
cpu: 200m
## List of policies to be created after minio install
##
## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## you can define additional policies with custom supported actions and resources
policies: []
## writeexamplepolicy policy grants creation or deletion of buckets with name
## starting with example. In addition, grants objects write permissions on buckets starting with
## example.
# - name: writeexamplepolicy
# statements:
# - resources:
# - 'arn:aws:s3:::example*/*'
# actions:
# - "s3:AbortMultipartUpload"
# - "s3:GetObject"
# - "s3:DeleteObject"
# - "s3:PutObject"
# - "s3:ListMultipartUploadParts"
# - resources:
# - 'arn:aws:s3:::example*'
# actions:
# - "s3:CreateBucket"
# - "s3:DeleteBucket"
# - "s3:GetBucketLocation"
# - "s3:ListBucket"
# - "s3:ListBucketMultipartUploads"
## readonlyexamplepolicy policy grants access to buckets with name starting with example.
## In addition, grants objects read permissions on buckets starting with example.
# - name: readonlyexamplepolicy
# statements:
# - resources:
# - 'arn:aws:s3:::example*/*'
# actions:
# - "s3:GetObject"
# - resources:
# - 'arn:aws:s3:::example*'
# actions:
# - "s3:GetBucketLocation"
# - "s3:ListBucket"
# - "s3:ListBucketMultipartUploads"
## Additional Annotations for the Kubernetes Job makePolicyJob
makePolicyJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## List of users to be created after minio install
##
users:
## Username, password and policy to be assigned to the user
## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## Add new policies as explained here https://docs.min.io/docs/minio-multi-user-quickstart-guide.html
## NOTE: this will fail if LDAP is enabled in your MinIO deployment
## make sure to disable this if you are using LDAP.
- accessKey: cloudmoa
secretKey: admin1234
policy: consoleAdmin
# Or you can refer to specific secret
#- accessKey: externalSecret
# existingSecret: my-secret
# existingSecretKey: password
# policy: readonly
## Additional Annotations for the Kubernetes Job makeUserJob
makeUserJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## List of buckets to be created after minio install
##
buckets:
- name: cortex-bucket
policy: none
purge: false
versioning: false
# # Name of the bucket
# - name: bucket1
# # Policy to be set on the
# # bucket [none|download|upload|public]
# policy: none
# # Purge if bucket exists already
# purge: false
# # set versioning for
# # bucket [true|false]
# versioning: false
# - name: bucket2
# policy: none
# purge: false
# versioning: true
## Additional Annotations for the Kubernetes Job makeBucketJob
makeBucketJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## List of command to run after minio install
## NOTE: the mc command TARGET is always "myminio"
customCommands:
# - command: "admin policy set myminio consoleAdmin group='cn=ops,cn=groups,dc=example,dc=com'"
## Additional Annotations for the Kubernetes Job customCommandJob
customCommandJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
## when Chart is deployed
environment:
## Please refer for comprehensive list https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
## MINIO_BROWSER: "off"
## The name of a secret in the same kubernetes namespace which contain secret values
## This can be useful for LDAP password, etc
## The key in the secret must be 'config.env'
##
# extraSecret: minio-extraenv
networkPolicy:
enabled: false
allowExternal: true
## PodDisruptionBudget settings
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
##
podDisruptionBudget:
enabled: false
maxUnavailable: 1
## Specify the service account to use for the MinIO pods. If 'create' is set to 'false'
## and 'name' is left unspecified, the account 'default' will be used.
serviceAccount:
create: true
## The name of the service account to use. If 'create' is 'true', a service account with that name
## will be created.
name: "minio-sa"
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
relabelConfigs: {}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md
## Define endpoints to enable this section.
etcd:
endpoints: []
pathPrefix: ""
corednsPathPrefix: ""
clientCert: ""
clientCertKey: ""

161
ansible/01_old/roles/cmoa_demo_install/files/02-base/00-kafka-broker-config.yaml Normal file
View File

@@ -0,0 +1,161 @@
kind: ConfigMap
metadata:
name: broker-config
namespace: imxc
apiVersion: v1
data:
init.sh: |-
#!/bin/bash
set -e
set -x
cp /etc/kafka-configmap/log4j.properties /etc/kafka/
KAFKA_BROKER_ID=${HOSTNAME##*-}
SEDS=("s/#init#broker.id=#init#/broker.id=$KAFKA_BROKER_ID/")
LABELS="kafka-broker-id=$KAFKA_BROKER_ID"
ANNOTATIONS=""
hash kubectl 2>/dev/null || {
SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# kubectl not found in path/")
} && {
ZONE=$(kubectl get node "$NODE_NAME" -o=go-template='{{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}')
if [ $? -ne 0 ]; then
SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# zone lookup failed, see -c init-config logs/")
elif [ "x$ZONE" == "x<no value>" ]; then
SEDS+=("s/#init#broker.rack=#init#/#init#broker.rack=# zone label not found for node $NODE_NAME/")
else
SEDS+=("s/#init#broker.rack=#init#/broker.rack=$ZONE/")
LABELS="$LABELS kafka-broker-rack=$ZONE"
fi
# Node Port 설정 주석처리
# OUTSIDE_HOST=$(kubectl get node "$NODE_NAME" -o jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}')
OUTSIDE_HOST=kafka-outside-${KAFKA_BROKER_ID}
GLOBAL_HOST=kafka-global-${KAFKA_BROKER_ID}
if [ $? -ne 0 ]; then
echo "Outside (i.e. cluster-external access) host lookup command failed"
else
OUTSIDE_PORT=3240${KAFKA_BROKER_ID}
GLOBAL_PORT=3250${KAFKA_BROKER_ID}
# datagate 도입했으므로 Kube DNS 기반 통신
SEDS+=("s|#init#advertised.listeners=OUTSIDE://#init#|advertised.listeners=OUTSIDE://${OUTSIDE_HOST}:${OUTSIDE_PORT},GLOBAL://${GLOBAL_HOST}:${GLOBAL_PORT}|")
ANNOTATIONS="$ANNOTATIONS kafka-listener-outside-host=$OUTSIDE_HOST kafka-listener-outside-port=$OUTSIDE_PORT"
fi
if [ ! -z "$LABELS" ]; then
kubectl -n $POD_NAMESPACE label pod $POD_NAME $LABELS || echo "Failed to label $POD_NAMESPACE.$POD_NAME - RBAC issue?"
fi
if [ ! -z "$ANNOTATIONS" ]; then
kubectl -n $POD_NAMESPACE annotate pod $POD_NAME $ANNOTATIONS || echo "Failed to annotate $POD_NAMESPACE.$POD_NAME - RBAC issue?"
fi
}
printf '%s\n' "${SEDS[@]}" | sed -f - /etc/kafka-configmap/server.properties > /etc/kafka/server.properties.tmp
[ $? -eq 0 ] && mv /etc/kafka/server.properties.tmp /etc/kafka/server.properties
server.properties: |-
log.dirs=/var/lib/kafka/data/topics
############################# Zookeeper #############################
zookeeper.connect=zookeeper:2181
#zookeeper.connection.timeout.ms=6000
############################# Group Coordinator Settings #############################
#group.initial.rebalance.delay.ms=0
############################# Thread #############################
#background.threads=10
#num.recovery.threads.per.data.dir=1
############################# Topic #############################
auto.create.topics.enable=true
delete.topic.enable=true
default.replication.factor=2
############################# Msg Replication #############################
min.insync.replicas=1
num.io.threads=10
num.network.threads=4
num.replica.fetchers=4
replica.fetch.min.bytes=1
socket.receive.buffer.bytes=1048576
socket.send.buffer.bytes=1048576
replica.socket.receive.buffer.bytes=1048576
socket.request.max.bytes=204857600
############################# Partition #############################
#auto.leader.rebalance.enable=true
num.partitions=12
############################# Log size #############################
message.max.bytes=204857600
max.message.bytes=204857600
############################# Log Flush Policy #############################
#log.flush.interval.messages=10000
#log.flush.interval.ms=1000
############################# Log Retention Policy #############################
log.retention.minutes=1
offsets.retention.minutes=1440
#log.retention.bytes=1073741824
#log.segment.bytes=1073741824
log.retention.check.interval.ms=10000
############################# Internal Topic Settings #############################
offsets.topic.replication.factor=1
#transaction.state.log.replication.factor=1
#transaction.state.log.min.isr=1
############################# ETC #############################
listeners=OUTSIDE://:9094,PLAINTEXT://:9092,GLOBAL://:9095
listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL,OUTSIDE:PLAINTEXT,GLOBAL:PLAINTEXT
#listeners=PLAINTEXT://:9092
inter.broker.listener.name=PLAINTEXT
#init#broker.id=#init#
#init#broker.rack=#init#
log4j.properties: |-
# Unspecified loggers and loggers with additivity=true output to server.log and stdout
# Note that INFO only applies to unspecified loggers, the log level of the child logger is used otherwise
log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log
log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log
log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log
log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log
log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log
log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender
log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH
log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log
log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
# Change the two lines below to adjust ZK client logging
log4j.logger.org.I0Itec.zkclient.ZkClient=INFO
log4j.logger.org.apache.zookeeper=INFO
# Change the two lines below to adjust the general broker logging level (output to server.log and stdout)
log4j.logger.kafka=INFO
log4j.logger.org.apache.kafka=INFO
# Change to DEBUG or TRACE to enable request logging
log4j.logger.kafka.request.logger=WARN, requestAppender
log4j.additivity.kafka.request.logger=false
# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output
# related to the handling of requests
#log4j.logger.kafka.network.Processor=TRACE, requestAppender
#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender
#log4j.additivity.kafka.server.KafkaApis=false
log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender
log4j.additivity.kafka.network.RequestChannel$=false
log4j.logger.kafka.controller=TRACE, controllerAppender
log4j.additivity.kafka.controller=false
log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender
log4j.additivity.kafka.log.LogCleaner=false
log4j.logger.state.change.logger=TRACE, stateChangeAppender
log4j.additivity.state.change.logger=false
# Change to DEBUG to enable audit log for the authorizer
log4j.logger.kafka.authorizer.logger=WARN, authorizerAppender
log4j.additivity.kafka.authorizer.logger=false

35
ansible/01_old/roles/cmoa_demo_install/files/02-base/01-coredns.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "9153"
prometheus.io/scrape: "true"
labels:
addonmanager.kubernetes.io/mode: Reconcile
k8s-app: kube-dns
kubernetes.io/name: coredns
name: coredns
namespace: kube-system
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: dns
port: 53
protocol: UDP
targetPort: 53
- name: dns-tcp
port: 53
protocol: TCP
targetPort: 53
- name: metrics
port: 9153
protocol: TCP
targetPort: 9153
selector:
k8s-app: kube-dns
sessionAffinity: None
type: ClusterIP

22
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/Chart.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: base
version: 0.1.0

22
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/analysis/.helmignore Normal file
View File

@@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/analysis/Chart.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: analysis
version: 0.1.0

87
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/analysis/templates/imxc-metric-analyzer-master.yaml Normal file
View File

@@ -0,0 +1,87 @@
#docker run -d --hostname my-rabbit --name some-rabbit -p 8080:15672 -p 5672:5672 rabbitmq:3-management
---
kind: Service
apiVersion: v1
metadata:
name: metric-analyzer-master
namespace: imxc
spec:
# clusterIP: None # We need a headless service to allow the pods to discover each
ports: # other during autodiscover phase for cluster creation.
- name: http # A ClusterIP will prevent resolving dns requests for other pods
protocol: TCP # under the same service.
port: 15672
targetPort: 15672
# nodePort: 30001
- name: amqp
protocol: TCP
port: 5672
targetPort: 5672
# nodePort: 30002
selector:
app: metric-analyzer-master
# type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metric-analyzer-master
name: metric-analyzer-master
namespace: imxc
spec:
replicas: 1
selector:
matchLabels:
app: metric-analyzer-master
template:
metadata:
labels:
app: metric-analyzer-master
spec:
containers:
- image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric_analyzer:{{ .Values.global.METRIC_ANALYZER_MASTER_VERSION }}
imagePullPolicy: IfNotPresent
name: master
# volumeMounts:
# - mountPath: /etc/localtime
# name: timezone-config
env:
- name: BROKER
value: base-rabbitmq
- name: IMXC_RABBITMQ_CLIENT_ID
value: "user"
- name: IMXC_RABBITMQ_CLIENT_PASSWORD
value: "eorbahrhkswp"
- name: POSTGRES_SERVER
value: postgres
- name: POSTGRES_USER
value: admin
- name: POSTGRES_PW
value: eorbahrhkswp
- name: POSTGRES_DB
value: postgresdb
- name: PROMETHEUS_URL
value: http://base-cortex-nginx/prometheus
- name: POSTGRES_PORT
value: "5432"
- name: ES_SERVER
value: elasticsearch
- name: ES_PORT
value: "9200"
- name: ES_ID
value: "elastic"
- name: ES_PWD
value: "elastic"
- name: LOG_LEVEL
value: INFO
- name: AI_TYPE
value: BASELINE
- name: BASELINE_SIZE
value: "3"
- name: CHECK_DAY
value: "2"
resources:
requests:
memory: "100Mi"

38
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/analysis/templates/imxc-metric-analyzer-worker.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metric-analyzer-worker
name: metric-analyzer-worker
namespace: imxc
spec:
replicas: 10
selector:
matchLabels:
app: metric-analyzer-worker
template:
metadata:
labels:
app: metric-analyzer-worker
spec:
containers:
- image: {{ .Values.global.IMXC_IN_REGISTRY }}/metric_analyzer_worker:{{ .Values.global.METRIC_ANALYZER_WORKER_VERSION }}
imagePullPolicy: IfNotPresent
name: worker
# volumeMounts:
# - mountPath: /etc/localtime
# name: timezone-config
env:
- name: BROKER
value: base-rabbitmq
- name: IMXC_RABBITMQ_CLIENT_ID
value: "user"
- name: IMXC_RABBITMQ_CLIENT_PASSWORD
value: "eorbahrhkswp"
# volumes:
# - hostPath:
# path: /usr/share/zoneinfo/Asia/Seoul
# name: timezone-config
resources:
requests:
memory: "100Mi"

68
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/analysis/values.yaml Normal file
View File

@@ -0,0 +1,68 @@
# Default values for analysis.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: 10.10.31.243:5000/cmoa3/nginx
tag: stable
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths: []
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

29
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/.helmignore Normal file
View File

@@ -0,0 +1,29 @@
# Git
.git/
.gitignore
.github/
# IDE
.project
.idea/
*.tmproj
# Common backup files
*.swp
*.bak
*.tmp
*~
# Cortex ignore
docs/
tools/
ct.yaml
ci/
README.md.gotmpl
.prettierignore
CHANGELOG.md
MAINTAINERS.md
LICENSE
Makefile
renovate.json

24
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/Chart.lock Normal file
View File

@@ -0,0 +1,24 @@
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
digest: sha256:a6b7c1239f9cabc85dd647798a6f92ae8a9486756ab1e87fc11af2180ab03ee4
generated: "2021-12-25T19:21:57.666697218Z"

56
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/Chart.yaml Normal file
View File

@@ -0,0 +1,56 @@
apiVersion: v2
appVersion: v1.11.0
dependencies:
- alias: memcached
condition: memcached.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-index-read
condition: memcached-index-read.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-index-write
condition: memcached-index-write.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-frontend
condition: memcached-frontend.enabled
name: memcached
repository: https://charts.bitnami.com/bitnami
version: 5.15.12
- alias: memcached-blocks-index
name: memcached
repository: https://charts.bitnami.com/bitnami
tags:
- blocks-storage-memcached
version: 5.15.12
- alias: memcached-blocks
name: memcached
repository: https://charts.bitnami.com/bitnami
tags:
- blocks-storage-memcached
version: 5.15.12
- alias: memcached-blocks-metadata
name: memcached
repository: https://charts.bitnami.com/bitnami
tags:
- blocks-storage-memcached
version: 5.15.12
description: Horizontally scalable, highly available, multi-tenant, long term Prometheus.
home: https://cortexmetrics.io/
icon: https://avatars2.githubusercontent.com/u/43045022?s=200&v=4
kubeVersion: ^1.19.0-0
maintainers:
- email: thayward@infoblox.com
name: Tom Hayward
url: https://github.com/kd7lxl
- email: Niclas.Schad@plusserver.com
name: Niclas Schad
url: https://github.com/ShuzZzle
name: cortex
sources:
- https://github.com/cortexproject/cortex-helm-chart
version: 1.2.0

754
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/README.md Normal file
View File

@@ -0,0 +1,754 @@
<!-- README.md is a generated file. Make any changes in README.md.gotmpl or values.yaml. -->
# cortex
![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: v1.11.0](https://img.shields.io/badge/AppVersion-v1.11.0-informational?style=flat-square)
Horizontally scalable, highly available, multi-tenant, long term Prometheus.
**Homepage:** <https://cortexmetrics.io/>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| Tom Hayward | thayward@infoblox.com | https://github.com/kd7lxl |
| Niclas Schad | Niclas.Schad@plusserver.com | https://github.com/ShuzZzle |
## Documentation
Checkout our documentation for the cortex-helm-chart [here](https://cortexproject.github.io/cortex-helm-chart/)
## Dependencies
### Key-Value store
Cortex requires a Key-Value (KV) store to store the ring. It can use traditional KV stores like [Consul](https://www.consul.io/) or [etcd](https://etcd.io/), but it can also build its own KV store on top of memberlist library using a gossip algorithm.
The recommended approach is to use the built-in memberlist as a KV store, where supported.
External KV stores can be installed alongside Cortex using their respective helm charts https://github.com/bitnami/charts/tree/master/bitnami/etcd and https://github.com/helm/charts/tree/master/stable/consul.
### Storage
Cortex requires a storage backend to store metrics and indexes.
See [cortex documentation](https://cortexmetrics.io/docs/) for details on storage types and documentation
## Installation
[Helm](https://helm.sh) must be installed to use the charts.
Please refer to Helm's [documentation](https://helm.sh/docs/) to get started.
Once Helm is set up properly, add the repo as follows:
```bash
helm repo add cortex-helm https://cortexproject.github.io/cortex-helm-chart
```
Cortex can now be installed with the following command:
```bash
helm install cortex --namespace cortex cortex-helm/cortex
```
If you have custom options or values you want to override:
```bash
helm install cortex --namespace cortex -f my-cortex-values.yaml cortex-helm/cortex
```
Specific versions of the chart can be installed using the `--version` option, with the default being the latest release.
What versions are available for installation can be listed with the following command:
```bash
helm search repo cortex-helm
```
As part of this chart many different pods and services are installed which all
have varying resource requirements. Please make sure that you have sufficient
resources (CPU/memory) available in your cluster before installing Cortex Helm
chart.
## Upgrades
To upgrade Cortex use the following command:
```bash
helm upgrade cortex -f my-cortex-values.yaml cortex-helm/cortex
```
Note that it might be necessary to use `--reset-values` since some default values in the values.yaml might have changed or were removed.
Source code can be found [here](https://cortexmetrics.io/)
## Requirements
Kubernetes: `^1.19.0-0`
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | memcached(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-index-read(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-index-write(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-frontend(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-blocks-index(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-blocks(memcached) | 5.15.12 |
| https://charts.bitnami.com/bitnami | memcached-blocks-metadata(memcached) | 5.15.12 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| alertmanager.&ZeroWidthSpace;affinity | object | `{}` | |
| alertmanager.&ZeroWidthSpace;annotations | object | `{}` | |
| alertmanager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| alertmanager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| alertmanager.&ZeroWidthSpace;enabled | bool | `true` | |
| alertmanager.&ZeroWidthSpace;env | list | `[]` | Extra env variables to pass to the cortex container |
| alertmanager.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log level (debug, info, warn, error) |
| alertmanager.&ZeroWidthSpace;extraContainers | list | `[]` | Additional containers to be added to the cortex pod. |
| alertmanager.&ZeroWidthSpace;extraPorts | list | `[]` | Additional ports to the cortex services. Useful to expose extra container ports. |
| alertmanager.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | Extra volume mounts that will be added to the cortex container |
| alertmanager.&ZeroWidthSpace;extraVolumes | list | `[]` | Additional volumes to the cortex pod. |
| alertmanager.&ZeroWidthSpace;initContainers | list | `[]` | Init containers to be added to the cortex pod. |
| alertmanager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| alertmanager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| alertmanager.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | Alertmanager data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | Alertmanager data Persistent Volume Claim annotations |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true and alertmanager.statefulSet.enabled is true, Alertmanager will create/use a Persistent Volume Claim If false, use emptyDir |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | Alertmanager data Persistent Volume size |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | Alertmanager data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| alertmanager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of Alertmanager data Persistent Volume to mount Useful if the volume's root directory is not empty |
| alertmanager.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| alertmanager.&ZeroWidthSpace;podDisruptionBudget | object | `{"maxUnavailable":1}` | If not set then a PodDisruptionBudget will not be created |
| alertmanager.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| alertmanager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| alertmanager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| alertmanager.&ZeroWidthSpace;replicas | int | `1` | |
| alertmanager.&ZeroWidthSpace;resources | object | `{}` | |
| alertmanager.&ZeroWidthSpace;securityContext | object | `{}` | |
| alertmanager.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| alertmanager.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| alertmanager.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| alertmanager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| alertmanager.&ZeroWidthSpace;sidecar | object | `{"containerSecurityContext":{"enabled":true,"readOnlyRootFilesystem":true},"defaultFolderName":null,"enableUniqueFilenames":false,"enabled":false,"folder":"/data","folderAnnotation":null,"image":{"repository":"quay.io/kiwigrid/k8s-sidecar","sha":"","tag":"1.10.7"},"imagePullPolicy":"IfNotPresent","label":"cortex_alertmanager","labelValue":null,"resources":{},"searchNamespace":null,"skipTlsVerify":false,"watchMethod":null}` | Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders |
| alertmanager.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;skipTlsVerify | bool | `false` | skipTlsVerify Set to true to skip tls verification for kube api calls |
| alertmanager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| alertmanager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| alertmanager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| alertmanager.&ZeroWidthSpace;statefulSet.&ZeroWidthSpace;enabled | bool | `false` | If true, use a statefulset instead of a deployment for pod management. This is useful for using a persistent volume for storing silences between restarts. |
| alertmanager.&ZeroWidthSpace;statefulStrategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| alertmanager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| alertmanager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| alertmanager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| alertmanager.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `60` | |
| alertmanager.&ZeroWidthSpace;tolerations | list | `[]` | Tolerations for pod assignment ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| clusterDomain | string | `"cluster.local"` | Kubernetes cluster DNS domain |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"compactor"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| compactor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| compactor.&ZeroWidthSpace;annotations | object | `{}` | |
| compactor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| compactor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| compactor.&ZeroWidthSpace;enabled | bool | `true` | |
| compactor.&ZeroWidthSpace;env | list | `[]` | |
| compactor.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| compactor.&ZeroWidthSpace;extraContainers | list | `[]` | |
| compactor.&ZeroWidthSpace;extraPorts | list | `[]` | |
| compactor.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| compactor.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| compactor.&ZeroWidthSpace;initContainers | list | `[]` | |
| compactor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| compactor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| compactor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| compactor.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | compactor data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | compactor data Persistent Volume Claim annotations |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true compactor will create/use a Persistent Volume Claim If false, use emptyDir |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | compactor data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| compactor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of compactor data Persistent Volume to mount Useful if the volume's root directory is not empty |
| compactor.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| compactor.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| compactor.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| compactor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| compactor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| compactor.&ZeroWidthSpace;replicas | int | `1` | |
| compactor.&ZeroWidthSpace;resources | object | `{}` | |
| compactor.&ZeroWidthSpace;securityContext | object | `{}` | |
| compactor.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| compactor.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| compactor.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| compactor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `60` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;initialDelaySeconds | int | `120` | |
| compactor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;periodSeconds | int | `30` | |
| compactor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| compactor.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `240` | |
| compactor.&ZeroWidthSpace;tolerations | list | `[]` | |
| config.&ZeroWidthSpace;alertmanager.&ZeroWidthSpace;enable_api | bool | `false` | Enable the experimental alertmanager config api. |
| config.&ZeroWidthSpace;alertmanager.&ZeroWidthSpace;external_url | string | `"/api/prom/alertmanager"` | |
| config.&ZeroWidthSpace;alertmanager.&ZeroWidthSpace;storage | object | `{}` | Type of backend to use to store alertmanager configs. Supported values are: "configdb", "gcs", "s3", "local". refer to: https://cortexmetrics.io/docs/configuration/configuration-file/#alertmanager_config |
| config.&ZeroWidthSpace;api.&ZeroWidthSpace;prometheus_http_prefix | string | `"/prometheus"` | |
| config.&ZeroWidthSpace;api.&ZeroWidthSpace;response_compression_enabled | bool | `true` | Use GZIP compression for API responses. Some endpoints serve large YAML or JSON blobs which can benefit from compression. |
| config.&ZeroWidthSpace;auth_enabled | bool | `false` | |
| config.&ZeroWidthSpace;blocks_storage.&ZeroWidthSpace;bucket_store.&ZeroWidthSpace;bucket_index.&ZeroWidthSpace;enabled | bool | `true` | |
| config.&ZeroWidthSpace;blocks_storage.&ZeroWidthSpace;bucket_store.&ZeroWidthSpace;sync_dir | string | `"/data/tsdb-sync"` | |
| config.&ZeroWidthSpace;blocks_storage.&ZeroWidthSpace;tsdb.&ZeroWidthSpace;dir | string | `"/data/tsdb"` | |
| config.&ZeroWidthSpace;distributor.&ZeroWidthSpace;pool.&ZeroWidthSpace;health_check_ingesters | bool | `true` | |
| config.&ZeroWidthSpace;distributor.&ZeroWidthSpace;shard_by_all_labels | bool | `true` | Distribute samples based on all labels, as opposed to solely by user and metric name. |
| config.&ZeroWidthSpace;frontend.&ZeroWidthSpace;log_queries_longer_than | string | `"10s"` | |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;final_sleep | string | `"30s"` | Duration to sleep for before exiting, to ensure metrics are scraped. |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;join_after | string | `"10s"` | We don't want to join immediately, but wait a bit to see other ingesters and their tokens first. It can take a while to have the full picture when using gossip |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;num_tokens | int | `512` | |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;observe_period | string | `"10s"` | To avoid generating same tokens by multiple ingesters, they can "observe" the ring for a while, after putting their own tokens into it. This is only useful when using gossip, since multiple ingesters joining at the same time can have conflicting tokens if they don't see each other yet. |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;ring.&ZeroWidthSpace;kvstore.&ZeroWidthSpace;store | string | `"memberlist"` | |
| config.&ZeroWidthSpace;ingester.&ZeroWidthSpace;lifecycler.&ZeroWidthSpace;ring.&ZeroWidthSpace;replication_factor | int | `3` | Ingester replication factor per default is 3 |
| config.&ZeroWidthSpace;ingester_client.&ZeroWidthSpace;grpc_client_config.&ZeroWidthSpace;max_recv_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;ingester_client.&ZeroWidthSpace;grpc_client_config.&ZeroWidthSpace;max_send_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;enforce_metric_name | bool | `true` | Enforce that every sample has a metric name |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;max_query_lookback | string | `"0s"` | |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;reject_old_samples | bool | `true` | |
| config.&ZeroWidthSpace;limits.&ZeroWidthSpace;reject_old_samples_max_age | string | `"168h"` | |
| config.&ZeroWidthSpace;memberlist.&ZeroWidthSpace;bind_port | int | `7946` | |
| config.&ZeroWidthSpace;memberlist.&ZeroWidthSpace;join_members | list | `["{{ include \"cortex.fullname\" $ }}-memberlist"]` | the service name of the memberlist if using memberlist discovery |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;active_query_tracker_dir | string | `"/data/active-query-tracker"` | |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;query_ingesters_within | string | `"13h"` | Maximum lookback beyond which queries are not sent to ingester. 0 means all queries are sent to ingester. Ingesters by default have no data older than 12 hours, so we can safely set this 13 hours |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;query_store_after | string | `"12h"` | The time after which a metric should be queried from storage and not just ingesters. |
| config.&ZeroWidthSpace;querier.&ZeroWidthSpace;store_gateway_addresses | string | automatic | Comma separated list of store-gateway addresses in DNS Service Discovery format. This option should is set automatically when using the blocks storage and the store-gateway sharding is disabled (when enabled, the store-gateway instances form a ring and addresses are picked from the ring). |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;align_queries_with_step | bool | `true` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;cache_results | bool | `true` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;results_cache.&ZeroWidthSpace;cache.&ZeroWidthSpace;memcached.&ZeroWidthSpace;expiration | string | `"1h"` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;results_cache.&ZeroWidthSpace;cache.&ZeroWidthSpace;memcached_client.&ZeroWidthSpace;timeout | string | `"1s"` | |
| config.&ZeroWidthSpace;query_range.&ZeroWidthSpace;split_queries_by_interval | string | `"24h"` | |
| config.&ZeroWidthSpace;ruler.&ZeroWidthSpace;enable_alertmanager_discovery | bool | `false` | |
| config.&ZeroWidthSpace;ruler.&ZeroWidthSpace;enable_api | bool | `true` | Enable the experimental ruler config api. |
| config.&ZeroWidthSpace;ruler.&ZeroWidthSpace;storage | object | `{}` | Method to use for backend rule storage (configdb, azure, gcs, s3, swift, local) refer to https://cortexmetrics.io/docs/configuration/configuration-file/#ruler_config |
| config.&ZeroWidthSpace;runtime_config.&ZeroWidthSpace;file | string | `"/etc/cortex-runtime-config/runtime_config.yaml"` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_listen_port | int | `9095` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_server_max_concurrent_streams | int | `10000` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_server_max_recv_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;grpc_server_max_send_msg_size | int | `10485760` | |
| config.&ZeroWidthSpace;server.&ZeroWidthSpace;http_listen_port | int | `8080` | |
| config.&ZeroWidthSpace;storage | object | `{"engine":"blocks","index_queries_cache_config":{"memcached":{"expiration":"1h"},"memcached_client":{"timeout":"1s"}}}` | See https://github.com/cortexproject/cortex/blob/master/docs/configuration/config-file-reference.md#storage_config |
| config.&ZeroWidthSpace;storage.&ZeroWidthSpace;index_queries_cache_config.&ZeroWidthSpace;memcached.&ZeroWidthSpace;expiration | string | `"1h"` | How long keys stay in the memcache |
| config.&ZeroWidthSpace;storage.&ZeroWidthSpace;index_queries_cache_config.&ZeroWidthSpace;memcached_client.&ZeroWidthSpace;timeout | string | `"1s"` | Maximum time to wait before giving up on memcached requests. |
| config.&ZeroWidthSpace;store_gateway | object | `{"sharding_enabled":false}` | https://cortexmetrics.io/docs/configuration/configuration-file/#store_gateway_config |
| configs.&ZeroWidthSpace;affinity | object | `{}` | |
| configs.&ZeroWidthSpace;annotations | object | `{}` | |
| configs.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| configs.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| configs.&ZeroWidthSpace;enabled | bool | `false` | |
| configs.&ZeroWidthSpace;env | list | `[]` | |
| configs.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| configs.&ZeroWidthSpace;extraContainers | list | `[]` | |
| configs.&ZeroWidthSpace;extraPorts | list | `[]` | |
| configs.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| configs.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| configs.&ZeroWidthSpace;initContainers | list | `[]` | |
| configs.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| configs.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| configs.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| configs.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| configs.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| configs.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| configs.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| configs.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| configs.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| configs.&ZeroWidthSpace;replicas | int | `1` | |
| configs.&ZeroWidthSpace;resources | object | `{}` | |
| configs.&ZeroWidthSpace;securityContext | object | `{}` | |
| configs.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| configs.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| configs.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| configs.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| configs.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| configs.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| configs.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| configs.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| configs.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| configs.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| configs.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| configs.&ZeroWidthSpace;tolerations | list | `[]` | |
| configsdb_postgresql.&ZeroWidthSpace;auth.&ZeroWidthSpace;existing_secret.&ZeroWidthSpace;key | string | `nil` | |
| configsdb_postgresql.&ZeroWidthSpace;auth.&ZeroWidthSpace;existing_secret.&ZeroWidthSpace;name | string | `nil` | |
| configsdb_postgresql.&ZeroWidthSpace;auth.&ZeroWidthSpace;password | string | `nil` | |
| configsdb_postgresql.&ZeroWidthSpace;enabled | bool | `false` | |
| configsdb_postgresql.&ZeroWidthSpace;uri | string | `nil` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"distributor"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| distributor.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| distributor.&ZeroWidthSpace;annotations | object | `{}` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior | object | `{}` | Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | Creates a HorizontalPodAutoscaler for the distributor pods. |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `2` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetCPUUtilizationPercentage | int | `80` | |
| distributor.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `0` | |
| distributor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| distributor.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| distributor.&ZeroWidthSpace;env | list | `[]` | |
| distributor.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| distributor.&ZeroWidthSpace;extraContainers | list | `[]` | |
| distributor.&ZeroWidthSpace;extraPorts | list | `[]` | |
| distributor.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| distributor.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| distributor.&ZeroWidthSpace;initContainers | list | `[]` | |
| distributor.&ZeroWidthSpace;lifecycle | object | `{}` | |
| distributor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| distributor.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| distributor.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| distributor.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| distributor.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| distributor.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| distributor.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| distributor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| distributor.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| distributor.&ZeroWidthSpace;replicas | int | `2` | |
| distributor.&ZeroWidthSpace;resources | object | `{}` | |
| distributor.&ZeroWidthSpace;securityContext | object | `{}` | |
| distributor.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| distributor.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| distributor.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| distributor.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| distributor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| distributor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| distributor.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| distributor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| distributor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| distributor.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| distributor.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `60` | |
| distributor.&ZeroWidthSpace;tolerations | list | `[]` | |
| externalConfigSecretName | string | `"secret-with-config.yaml"` | |
| externalConfigVersion | string | `"0"` | |
| image.&ZeroWidthSpace;pullPolicy | string | `"IfNotPresent"` | |
| image.&ZeroWidthSpace;pullSecrets | list | `[]` | Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| image.&ZeroWidthSpace;repository | string | `"quay.io/cortexproject/cortex"` | |
| image.&ZeroWidthSpace;tag | string | `""` | Allows you to override the cortex version in this chart. Use at your own risk. |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"ingester"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| ingester.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| ingester.&ZeroWidthSpace;annotations | object | `{}` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior.&ZeroWidthSpace;scaleDown.&ZeroWidthSpace;policies | list | `[{"periodSeconds":1800,"type":"Pods","value":1}]` | see https://cortexmetrics.io/docs/guides/ingesters-scaling-up-and-down/#scaling-down for scaledown details |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior.&ZeroWidthSpace;scaleDown.&ZeroWidthSpace;stabilizationWindowSeconds | int | `3600` | uses metrics from the past 1h to make scaleDown decisions |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior.&ZeroWidthSpace;scaleUp.&ZeroWidthSpace;policies | list | `[{"periodSeconds":1800,"type":"Pods","value":1}]` | This default scaleup policy allows adding 1 pod every 30 minutes. Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `3` | |
| ingester.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `80` | |
| ingester.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| ingester.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| ingester.&ZeroWidthSpace;env | list | `[]` | |
| ingester.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| ingester.&ZeroWidthSpace;extraContainers | list | `[]` | |
| ingester.&ZeroWidthSpace;extraPorts | list | `[]` | |
| ingester.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| ingester.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| ingester.&ZeroWidthSpace;initContainers | list | `[]` | |
| ingester.&ZeroWidthSpace;lifecycle.&ZeroWidthSpace;preStop | object | `{"httpGet":{"path":"/ingester/shutdown","port":"http-metrics"}}` | The /shutdown preStop hook is recommended as part of the ingester scaledown process, but can be removed to optimize rolling restarts in instances that will never be scaled down or when using chunks storage with WAL disabled. https://cortexmetrics.io/docs/guides/ingesters-scaling-up-and-down/#scaling-down |
| ingester.&ZeroWidthSpace;livenessProbe | object | `{}` | Startup/liveness probes for ingesters are not recommended. Ref: https://cortexmetrics.io/docs/guides/running-cortex-on-kubernetes/#take-extra-care-with-ingesters |
| ingester.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | Ingester data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | Ingester data Persistent Volume Claim annotations |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true and ingester.statefulSet.enabled is true, Ingester will create/use a Persistent Volume Claim If false, use emptyDir |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | Ingester data Persistent Volume size |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | Ingester data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| ingester.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of Ingester data Persistent Volume to mount Useful if the volume's root directory is not empty |
| ingester.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| ingester.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ingester.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| ingester.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ingester.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ingester.&ZeroWidthSpace;replicas | int | `3` | |
| ingester.&ZeroWidthSpace;resources | object | `{}` | |
| ingester.&ZeroWidthSpace;securityContext | object | `{}` | |
| ingester.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| ingester.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| ingester.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `nil` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| ingester.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| ingester.&ZeroWidthSpace;startupProbe | object | `{}` | Startup/liveness probes for ingesters are not recommended. Ref: https://cortexmetrics.io/docs/guides/running-cortex-on-kubernetes/#take-extra-care-with-ingesters |
| ingester.&ZeroWidthSpace;statefulSet.&ZeroWidthSpace;enabled | bool | `false` | If true, use a statefulset instead of a deployment for pod management. This is useful when using WAL |
| ingester.&ZeroWidthSpace;statefulSet.&ZeroWidthSpace;podManagementPolicy | string | `"OrderedReady"` | ref: https://cortexmetrics.io/docs/guides/ingesters-scaling-up-and-down/#scaling-down and https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies for scaledown details |
| ingester.&ZeroWidthSpace;statefulStrategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| ingester.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| ingester.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ingester.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| ingester.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `240` | |
| ingester.&ZeroWidthSpace;tolerations | list | `[]` | |
| ingress.&ZeroWidthSpace;annotations | object | `{}` | |
| ingress.&ZeroWidthSpace;enabled | bool | `false` | |
| ingress.&ZeroWidthSpace;hosts[0].&ZeroWidthSpace;host | string | `"chart-example.local"` | |
| ingress.&ZeroWidthSpace;hosts[0].&ZeroWidthSpace;paths[0] | string | `"/"` | |
| ingress.&ZeroWidthSpace;ingressClass.&ZeroWidthSpace;enabled | bool | `false` | |
| ingress.&ZeroWidthSpace;ingressClass.&ZeroWidthSpace;name | string | `"nginx"` | |
| ingress.&ZeroWidthSpace;tls | list | `[]` | |
| memcached | object | `{"architecture":"high-availability","enabled":false,"extraEnv":[{"name":"MEMCACHED_CACHE_SIZE","value":"1024"},{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"},{"name":"MEMCACHED_THREADS","value":"4"}],"metrics":{"enabled":true,"serviceMonitor":{"enabled":false}},"replicaCount":2,"resources":{}}` | chunk caching for legacy chunk storage engine |
| memcached-blocks-index.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-blocks-index.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-blocks-index.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-blocks-index.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-blocks-index.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-blocks-index.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-blocks-index.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-blocks-index.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-blocks-metadata.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-blocks-metadata.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-blocks-metadata.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-blocks-metadata.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-blocks-metadata.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-blocks-metadata.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-blocks-metadata.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-blocks-metadata.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-blocks.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-blocks.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-blocks.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-blocks.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-blocks.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-blocks.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-blocks.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-blocks.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-frontend.&ZeroWidthSpace;architecture | string | `"high-availability"` | |
| memcached-frontend.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-frontend.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-frontend.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-frontend.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-frontend.&ZeroWidthSpace;metrics.&ZeroWidthSpace;enabled | bool | `true` | |
| memcached-frontend.&ZeroWidthSpace;metrics.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| memcached-frontend.&ZeroWidthSpace;replicaCount | int | `2` | |
| memcached-frontend.&ZeroWidthSpace;resources | object | `{}` | |
| memcached-index-read | object | `{"architecture":"high-availability","enabled":false,"extraEnv":[{"name":"MEMCACHED_CACHE_SIZE","value":"1024"},{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"},{"name":"MEMCACHED_THREADS","value":"4"}],"metrics":{"enabled":true,"serviceMonitor":{"enabled":false}},"replicaCount":2,"resources":{}}` | index read caching for legacy chunk storage engine |
| memcached-index-read.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-index-read.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-index-read.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached-index-write | object | `{"architecture":"high-availability","enabled":false,"extraEnv":[{"name":"MEMCACHED_CACHE_SIZE","value":"1024"},{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"},{"name":"MEMCACHED_THREADS","value":"4"}],"metrics":{"enabled":true,"serviceMonitor":{"enabled":false}},"replicaCount":2,"resources":{}}` | index write caching for legacy chunk storage engine |
| memcached-index-write.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached-index-write.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached-index-write.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| memcached.&ZeroWidthSpace;extraEnv[0] | object | `{"name":"MEMCACHED_CACHE_SIZE","value":"1024"}` | MEMCACHED_CACHE_SIZE is the amount of memory allocated to memcached for object storage |
| memcached.&ZeroWidthSpace;extraEnv[1] | object | `{"name":"MEMCACHED_MAX_CONNECTIONS","value":"1024"}` | MEMCACHED_MAX_CONNECTIONS is the maximum number of simultaneous connections to the memcached service |
| memcached.&ZeroWidthSpace;extraEnv[2] | object | `{"name":"MEMCACHED_THREADS","value":"4"}` | MEMCACHED_THREADS is the number of threads to use when processing incoming requests. By default, memcached is configured to use 4 concurrent threads. The threading improves the performance of storing and retrieving data in the cache, using a locking system to prevent different threads overwriting or updating the same values. |
| nginx.&ZeroWidthSpace;affinity | object | `{}` | |
| nginx.&ZeroWidthSpace;annotations | object | `{}` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior | object | `{}` | Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | Creates a HorizontalPodAutoscaler for the nginx pods. |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `2` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetCPUUtilizationPercentage | int | `80` | |
| nginx.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `0` | |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;auth_orgs | list | `[]` | (optional) List of [auth tenants](https://cortexmetrics.io/docs/guides/auth/) to set in the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;basicAuthSecretName | string | `""` | (optional) Name of basic auth secret. In order to use this option, a secret with htpasswd formatted contents at the key ".htpasswd" must exist. For example: apiVersion: v1 kind: Secret metadata: name: my-secret namespace: <same as cortex installation> stringData: .htpasswd: | user1:$apr1$/woC1jnP$KAh0SsVn5qeSMjTtn0E9Q0 user2:$apr1$QdR8fNLT$vbCEEzDj7LyqCMyNpSoBh/ Please note that the use of basic auth will not identify organizations the way X-Scope-OrgID does. Thus, the use of basic auth alone will not prevent one tenant from viewing the metrics of another. To ensure tenants are scoped appropriately, explicitly set the `X-Scope-OrgID` header in the nginx config. Example setHeaders: X-Scope-OrgID: $remote_user |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;client_max_body_size | string | `"1M"` | ref: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;dnsResolver | string | `"coredns.kube-system.svc.cluster.local"` | |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;httpSnippet | string | `""` | arbitrary snippet to inject in the http { } section of the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;mainSnippet | string | `""` | arbitrary snippet to inject in the top section of the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;serverSnippet | string | `""` | arbitrary snippet to inject in the server { } section of the nginx config |
| nginx.&ZeroWidthSpace;config.&ZeroWidthSpace;setHeaders | object | `{}` | |
| nginx.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| nginx.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `false` | |
| nginx.&ZeroWidthSpace;enabled | bool | `true` | |
| nginx.&ZeroWidthSpace;env | list | `[]` | |
| nginx.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| nginx.&ZeroWidthSpace;extraContainers | list | `[]` | |
| nginx.&ZeroWidthSpace;extraPorts | list | `[]` | |
| nginx.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| nginx.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| nginx.&ZeroWidthSpace;http_listen_port | int | `80` | |
| nginx.&ZeroWidthSpace;image.&ZeroWidthSpace;pullPolicy | string | `"IfNotPresent"` | |
| nginx.&ZeroWidthSpace;image.&ZeroWidthSpace;repository | string | `"nginx"` | |
| nginx.&ZeroWidthSpace;image.&ZeroWidthSpace;tag | float | `1.21` | |
| nginx.&ZeroWidthSpace;initContainers | list | `[]` | |
| nginx.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/healthz"` | |
| nginx.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| nginx.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| nginx.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| nginx.&ZeroWidthSpace;podAnnotations | object | `{}` | Pod Annotations |
| nginx.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| nginx.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| nginx.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/healthz"` | |
| nginx.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| nginx.&ZeroWidthSpace;replicas | int | `2` | |
| nginx.&ZeroWidthSpace;resources | object | `{}` | |
| nginx.&ZeroWidthSpace;securityContext | object | `{}` | |
| nginx.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| nginx.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| nginx.&ZeroWidthSpace;service.&ZeroWidthSpace;type | string | `"ClusterIP"` | |
| nginx.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| nginx.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| nginx.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/healthz"` | |
| nginx.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| nginx.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| nginx.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| nginx.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| nginx.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `10` | |
| nginx.&ZeroWidthSpace;tolerations | list | `[]` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"querier"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| querier.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| querier.&ZeroWidthSpace;annotations | object | `{}` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;behavior | object | `{}` | Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-configurable-scaling-behavior |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;enabled | bool | `false` | Creates a HorizontalPodAutoscaler for the querier pods. |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;maxReplicas | int | `30` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;minReplicas | int | `2` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetCPUUtilizationPercentage | int | `80` | |
| querier.&ZeroWidthSpace;autoscaling.&ZeroWidthSpace;targetMemoryUtilizationPercentage | int | `0` | |
| querier.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| querier.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| querier.&ZeroWidthSpace;env | list | `[]` | |
| querier.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| querier.&ZeroWidthSpace;extraContainers | list | `[]` | |
| querier.&ZeroWidthSpace;extraPorts | list | `[]` | |
| querier.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| querier.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| querier.&ZeroWidthSpace;initContainers | list | `[]` | |
| querier.&ZeroWidthSpace;lifecycle | object | `{}` | |
| querier.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| querier.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| querier.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| querier.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| querier.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| querier.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| querier.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| querier.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| querier.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| querier.&ZeroWidthSpace;replicas | int | `2` | |
| querier.&ZeroWidthSpace;resources | object | `{}` | |
| querier.&ZeroWidthSpace;securityContext | object | `{}` | |
| querier.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| querier.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| querier.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| querier.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| querier.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| querier.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| querier.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| querier.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| querier.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| querier.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| querier.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| querier.&ZeroWidthSpace;tolerations | list | `[]` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"query-frontend"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| query_frontend.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| query_frontend.&ZeroWidthSpace;annotations | object | `{}` | |
| query_frontend.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| query_frontend.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| query_frontend.&ZeroWidthSpace;env | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| query_frontend.&ZeroWidthSpace;extraContainers | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraPorts | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| query_frontend.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| query_frontend.&ZeroWidthSpace;initContainers | list | `[]` | |
| query_frontend.&ZeroWidthSpace;lifecycle | object | `{}` | |
| query_frontend.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| query_frontend.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| query_frontend.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| query_frontend.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| query_frontend.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| query_frontend.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| query_frontend.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| query_frontend.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| query_frontend.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| query_frontend.&ZeroWidthSpace;replicas | int | `2` | |
| query_frontend.&ZeroWidthSpace;resources | object | `{}` | |
| query_frontend.&ZeroWidthSpace;securityContext | object | `{}` | |
| query_frontend.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| query_frontend.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| query_frontend.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| query_frontend.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| query_frontend.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| query_frontend.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| query_frontend.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| query_frontend.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| query_frontend.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| query_frontend.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| query_frontend.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| query_frontend.&ZeroWidthSpace;tolerations | list | `[]` | |
| ruler.&ZeroWidthSpace;affinity | object | `{}` | |
| ruler.&ZeroWidthSpace;annotations | object | `{}` | |
| ruler.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| ruler.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| ruler.&ZeroWidthSpace;directories | object | `{}` | allow configuring rules via configmap. ref: https://cortexproject.github.io/cortex-helm-chart/guides/configure_rules_via_configmap.html |
| ruler.&ZeroWidthSpace;enabled | bool | `true` | |
| ruler.&ZeroWidthSpace;env | list | `[]` | |
| ruler.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| ruler.&ZeroWidthSpace;extraContainers | list | `[]` | |
| ruler.&ZeroWidthSpace;extraPorts | list | `[]` | |
| ruler.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| ruler.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| ruler.&ZeroWidthSpace;initContainers | list | `[]` | |
| ruler.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ruler.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ruler.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| ruler.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| ruler.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| ruler.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ruler.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| ruler.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ruler.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ruler.&ZeroWidthSpace;replicas | int | `1` | |
| ruler.&ZeroWidthSpace;resources | object | `{}` | |
| ruler.&ZeroWidthSpace;securityContext | object | `{}` | |
| ruler.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| ruler.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| ruler.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| ruler.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| ruler.&ZeroWidthSpace;sidecar | object | `{"containerSecurityContext":{"enabled":true,"readOnlyRootFilesystem":true},"defaultFolderName":null,"enableUniqueFilenames":false,"enabled":false,"folder":"/tmp/rules","folderAnnotation":null,"image":{"repository":"quay.io/kiwigrid/k8s-sidecar","sha":"","tag":"1.10.7"},"imagePullPolicy":"IfNotPresent","label":"cortex_rules","labelValue":null,"resources":{},"searchNamespace":null,"watchMethod":null}` | Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;defaultFolderName | string | `nil` | The default folder name, it will create a subfolder under the `folder` and put rules in there instead |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;folder | string | `"/tmp/rules"` | folder in the pod that should hold the collected rules (unless `defaultFolderName` is set) |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;folderAnnotation | string | `nil` | If specified, the sidecar will look for annotation with this name to create folder and put graph here. You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;label | string | `"cortex_rules"` | label that the configmaps with rules are marked with |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;labelValue | string | `nil` | value of label that the configmaps with rules are set to |
| ruler.&ZeroWidthSpace;sidecar.&ZeroWidthSpace;searchNamespace | string | `nil` | If specified, the sidecar will search for rules config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces |
| ruler.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| ruler.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| ruler.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| ruler.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| ruler.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| ruler.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| ruler.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| ruler.&ZeroWidthSpace;tolerations | list | `[]` | |
| runtimeconfigmap.&ZeroWidthSpace;annotations | object | `{}` | |
| runtimeconfigmap.&ZeroWidthSpace;create | bool | `true` | If true, a configmap for the `runtime_config` will be created. If false, the configmap _must_ exist already on the cluster or pods will fail to create. |
| runtimeconfigmap.&ZeroWidthSpace;runtime_config | object | `{}` | https://cortexmetrics.io/docs/configuration/arguments/#runtime-configuration-file |
| serviceAccount.&ZeroWidthSpace;annotations | object | `{}` | |
| serviceAccount.&ZeroWidthSpace;automountServiceAccountToken | bool | `true` | |
| serviceAccount.&ZeroWidthSpace;create | bool | `true` | |
| serviceAccount.&ZeroWidthSpace;name | string | `nil` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;key | string | `"app.kubernetes.io/component"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;operator | string | `"In"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;labelSelector.&ZeroWidthSpace;matchExpressions[0].&ZeroWidthSpace;values[0] | string | `"store-gateway"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;podAffinityTerm.&ZeroWidthSpace;topologyKey | string | `"kubernetes.io/hostname"` | |
| store_gateway.&ZeroWidthSpace;affinity.&ZeroWidthSpace;podAntiAffinity.&ZeroWidthSpace;preferredDuringSchedulingIgnoredDuringExecution[0].&ZeroWidthSpace;weight | int | `100` | |
| store_gateway.&ZeroWidthSpace;annotations | object | `{}` | |
| store_gateway.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| store_gateway.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| store_gateway.&ZeroWidthSpace;env | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| store_gateway.&ZeroWidthSpace;extraContainers | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraPorts | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| store_gateway.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| store_gateway.&ZeroWidthSpace;initContainers | list | `[]` | |
| store_gateway.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| store_gateway.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| store_gateway.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| store_gateway.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;accessModes | list | `["ReadWriteOnce"]` | Store-gateway data Persistent Volume access modes Must match those of existing PV or dynamic provisioner Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;annotations | object | `{}` | Store-gateway data Persistent Volume Claim annotations |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;enabled | bool | `true` | If true Store-gateway will create/use a Persistent Volume Claim If false, use emptyDir |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;size | string | `"2Gi"` | Store-gateway data Persistent Volume size |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;storageClass | string | `nil` | Store-gateway data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. |
| store_gateway.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `""` | Subdirectory of Store-gateway data Persistent Volume to mount Useful if the volume's root directory is not empty |
| store_gateway.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| store_gateway.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| store_gateway.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| store_gateway.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| store_gateway.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| store_gateway.&ZeroWidthSpace;replicas | int | `1` | |
| store_gateway.&ZeroWidthSpace;resources | object | `{}` | |
| store_gateway.&ZeroWidthSpace;securityContext | object | `{}` | |
| store_gateway.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| store_gateway.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| store_gateway.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| store_gateway.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `60` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;scheme | string | `"HTTP"` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;initialDelaySeconds | int | `120` | |
| store_gateway.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;periodSeconds | int | `30` | |
| store_gateway.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| store_gateway.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `240` | |
| store_gateway.&ZeroWidthSpace;tolerations | list | `[]` | |
| table_manager.&ZeroWidthSpace;affinity | object | `{}` | |
| table_manager.&ZeroWidthSpace;annotations | object | `{}` | |
| table_manager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;enabled | bool | `true` | |
| table_manager.&ZeroWidthSpace;containerSecurityContext.&ZeroWidthSpace;readOnlyRootFilesystem | bool | `true` | |
| table_manager.&ZeroWidthSpace;env | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraArgs | object | `{}` | Additional Cortex container arguments, e.g. log.level (debug, info, warn, error) |
| table_manager.&ZeroWidthSpace;extraContainers | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraPorts | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraVolumeMounts | list | `[]` | |
| table_manager.&ZeroWidthSpace;extraVolumes | list | `[]` | |
| table_manager.&ZeroWidthSpace;initContainers | list | `[]` | |
| table_manager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| table_manager.&ZeroWidthSpace;livenessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| table_manager.&ZeroWidthSpace;nodeSelector | object | `{}` | |
| table_manager.&ZeroWidthSpace;persistentVolume.&ZeroWidthSpace;subPath | string | `nil` | |
| table_manager.&ZeroWidthSpace;podAnnotations | object | `{"prometheus.io/port":"8080","prometheus.io/scrape":"true"}` | Pod Annotations |
| table_manager.&ZeroWidthSpace;podDisruptionBudget.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| table_manager.&ZeroWidthSpace;podLabels | object | `{}` | Pod Labels |
| table_manager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| table_manager.&ZeroWidthSpace;readinessProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| table_manager.&ZeroWidthSpace;replicas | int | `1` | |
| table_manager.&ZeroWidthSpace;resources | object | `{}` | |
| table_manager.&ZeroWidthSpace;securityContext | object | `{}` | |
| table_manager.&ZeroWidthSpace;service.&ZeroWidthSpace;annotations | object | `{}` | |
| table_manager.&ZeroWidthSpace;service.&ZeroWidthSpace;labels | object | `{}` | |
| table_manager.&ZeroWidthSpace;serviceAccount.&ZeroWidthSpace;name | string | `""` | "" disables the individual serviceAccount and uses the global serviceAccount for that component |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;additionalLabels | object | `{}` | |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;enabled | bool | `false` | |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;extraEndpointSpec | object | `{}` | Additional endpoint configuration https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;metricRelabelings | list | `[]` | |
| table_manager.&ZeroWidthSpace;serviceMonitor.&ZeroWidthSpace;relabelings | list | `[]` | |
| table_manager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;failureThreshold | int | `10` | |
| table_manager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;path | string | `"/ready"` | |
| table_manager.&ZeroWidthSpace;startupProbe.&ZeroWidthSpace;httpGet.&ZeroWidthSpace;port | string | `"http-metrics"` | |
| table_manager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxSurge | int | `0` | |
| table_manager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;rollingUpdate.&ZeroWidthSpace;maxUnavailable | int | `1` | |
| table_manager.&ZeroWidthSpace;strategy.&ZeroWidthSpace;type | string | `"RollingUpdate"` | |
| table_manager.&ZeroWidthSpace;terminationGracePeriodSeconds | int | `180` | |
| table_manager.&ZeroWidthSpace;tolerations | list | `[]` | |
| tags.&ZeroWidthSpace;blocks-storage-memcached | bool | `false` | Set to true to enable block storage memcached caching |
| useConfigMap | bool | `false` | |
| useExternalConfig | bool | `false` | |

9
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,9 @@
{{- if eq .Values.config.storage.engine "chunks" }}
Cortex chunks storage has been deprecated, and it's now in maintenance mode: all Cortex users are encouraged to migrate to the blocks storage.
No new features will be added to the chunks storage.
Unlike the official cortex default configuration this helm-chart does not run the chunk engine by default.
{{- end }}
Verify the application is working by running these commands:
kubectl --namespace {{ .Release.Namespace }} port-forward service/{{ include "cortex.querierFullname" . }} {{ .Values.config.server.http_listen_port }}
curl http://127.0.0.1:{{ .Values.config.server.http_listen_port }}/services

155
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,155 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "cortex.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cortex.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cortex.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account
*/}}
{{- define "cortex.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "cortex.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the app name of cortex clients. Defaults to the same logic as "cortex.fullname", and default client expects "prometheus".
*/}}
{{- define "client.name" -}}
{{- if .Values.client.name -}}
{{- .Values.client.name -}}
{{- else if .Values.client.fullnameOverride -}}
{{- .Values.client.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default "prometheus" .Values.client.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "cortex.labels" -}}
helm.sh/chart: {{ include "cortex.chart" . }}
{{ include "cortex.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cortex.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cortex.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create configuration parameters for memcached configuration
*/}}
{{- define "cortex.memcached" -}}
{{- if and (eq .Values.config.storage.engine "blocks") (index .Values "tags" "blocks-storage-memcached") }}
- "-blocks-storage.bucket-store.index-cache.backend=memcached"
- "-blocks-storage.bucket-store.index-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached-blocks-index.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
- "-blocks-storage.bucket-store.chunks-cache.backend=memcached"
- "-blocks-storage.bucket-store.chunks-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached-blocks.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
- "-blocks-storage.bucket-store.metadata-cache.backend=memcached"
- "-blocks-storage.bucket-store.metadata-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached-blocks-metadata.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- if and (ne .Values.config.storage.engine "blocks") .Values.memcached.enabled }}
- "-store.chunks-cache.memcached.addresses=dns+{{ .Release.Name }}-memcached.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- if and (ne .Values.config.storage.engine "blocks") (index .Values "memcached-index-read" "enabled") }}
- "-store.index-cache-read.memcached.addresses=dns+{{ .Release.Name }}-memcached-index-read.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- if and (ne .Values.config.storage.engine "blocks") (index .Values "memcached-index-write" "enabled") }}
- "-store.index-cache-write.memcached.addresses=dns+{{ .Release.Name }}-memcached-index-write.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- end -}}
{{/*
Create configuration for frontend memcached configuration
*/}}
{{- define "cortex.frontend-memcached" -}}
{{- if index .Values "memcached-frontend" "enabled" }}
- "-frontend.memcached.addresses=dns+{{ template "cortex.fullname" . }}-memcached-frontend.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:11211"
{{- end -}}
{{- end -}}
{{/*
Determine the policy api version
*/}}
{{- define "cortex.pdbVersion" -}}
{{- if or (.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget") (semverCompare ">=1.21" .Capabilities.KubeVersion.Version) -}}
policy/v1
{{- else -}}
policy/v1beta1
{{- end -}}
{{- end -}}
{{/*
Get checksum of config secret or configMap
*/}}
{{- define "cortex.configChecksum" -}}
{{- if .Values.useExternalConfig -}}
{{- .Values.externalConfigVersion -}}
{{- else if .Values.useConfigMap -}}
{{- include (print $.Template.BasePath "/configmap.yaml") . | sha256sum -}}
{{- else -}}
{{- include (print $.Template.BasePath "/secret.yaml") . | sha256sum -}}
{{- end -}}
{{- end -}}
{{/*
Get volume of config secret of configMap
*/}}
{{- define "cortex.configVolume" -}}
- name: config
{{- if .Values.useExternalConfig }}
secret:
secretName: {{ .Values.externalConfigSecretName }}
{{- else if .Values.useConfigMap }}
configMap:
name: {{ template "cortex.fullname" . }}-config
{{- else }}
secret:
secretName: {{ template "cortex.fullname" . }}
{{- end }}
{{- end -}}

30
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/alertmanager/alertmanager-dep.yaml Normal file
View File

@@ -0,0 +1,30 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: alertmanager
namespace: imxc
spec:
replicas: 1
selector:
matchLabels:
name: alertmanager
template:
metadata:
labels:
name: alertmanager
spec:
containers:
- name: alertmanager
# image: quay.io/cortexproject/cortex:v1.9.0
# image: registry.cloud.intermax:5000/library/cortex:v1.11.0
image: {{ .Values.global.IMXC_IN_REGISTRY }}/cortex:v1.11.0
imagePullPolicy: IfNotPresent
args:
- -target=alertmanager
# - -log.level=debug
- -server.http-listen-port=80
- -alertmanager.configs.url=http://{{ template "cortex.fullname" . }}-configs:8080
- -alertmanager.web.external-url=/alertmanager
ports:
- containerPort: 80

10
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/alertmanager/alertmanager-svc.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: v1
kind: Service
metadata:
name: alertmanager
spec:
ports:
- port: 80
selector:
name: alertmanager

12
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/clusterrole.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if or .Values.ruler.sidecar.enabled .Values.alertmanager.sidecar.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "cortex.fullname" . }}-clusterrole
labels:
{{- include "cortex.labels" . | nindent 4 }}
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end }}

16
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if or .Values.ruler.sidecar.enabled .Values.alertmanager.sidecar.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "cortex.fullname" . }}-clusterrolebinding
labels:
{{- include "cortex.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "cortex.fullname" . }}-clusterrole
subjects:
- kind: ServiceAccount
name: {{ template "cortex.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/_helpers-compactor.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/*
compactor fullname
*/}}
{{- define "cortex.compactorFullname" -}}
{{ include "cortex.fullname" . }}-compactor
{{- end }}
{{/*
compactor common labels
*/}}
{{- define "cortex.compactorLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: compactor
{{- end }}
{{/*
compactor selector labels
*/}}
{{- define "cortex.compactorSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: compactor
{{- end }}

14
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if and (gt (int .Values.compactor.replicas) 1) (.Values.compactor.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.compactorSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.compactor.podDisruptionBudget | nindent 2 }}
{{- end }}

42
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.compactor.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
{{- if .Values.compactor.serviceMonitor.additionalLabels }}
{{ toYaml .Values.compactor.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.compactor.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.compactorSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.compactor.serviceMonitor.interval }}
interval: {{ .Values.compactor.serviceMonitor.interval }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.compactor.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.compactor.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.compactor.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.compactor.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.compactor.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

141
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-statefulset.yaml Normal file
View File

@@ -0,0 +1,141 @@
{{- if eq .Values.config.storage.engine "blocks" -}}
{{- if .Values.compactor.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- toYaml .Values.compactor.annotations | nindent 4 }}
spec:
replicas: {{ .Values.compactor.replicas }}
selector:
matchLabels:
{{- include "cortex.compactorSelectorLabels" . | nindent 6 }}
updateStrategy:
{{- toYaml .Values.compactor.strategy | nindent 4 }}
serviceName: {{ template "cortex.fullname" . }}-compactor
{{- if .Values.compactor.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage
{{- if .Values.compactor.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.compactor.persistentVolume.annotations | nindent 10 }}
{{- end }}
spec:
{{- if .Values.compactor.persistentVolume.storageClass }}
{{- if (eq "-" .Values.compactor.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.compactor.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
accessModes:
{{ toYaml .Values.compactor.persistentVolume.accessModes | nindent 10 }}
resources:
requests:
storage: "{{ .Values.compactor.persistentVolume.size }}"
{{- end }}
template:
metadata:
labels:
{{- include "cortex.compactorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.compactor.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.compactor.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.compactor.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.compactor.priorityClassName }}
priorityClassName: {{ .Values.compactor.priorityClassName }}
{{- end }}
{{- if .Values.compactor.securityContext.enabled }}
securityContext: {{- omit .Values.compactor.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.compactor.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
nodeSelector:
{{- toYaml .Values.compactor.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.compactor.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.compactor.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.compactor.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
{{- if not .Values.compactor.persistentVolume.enabled }}
- name: storage
emptyDir: {}
{{- end }}
{{- if .Values.compactor.extraVolumes }}
{{- toYaml .Values.compactor.extraVolumes | nindent 8 }}
{{- end }}
containers:
{{- if .Values.compactor.extraContainers }}
{{ toYaml .Values.compactor.extraContainers | nindent 8 }}
{{- end }}
- name: compactor
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=compactor"
- "-config.file=/etc/cortex/cortex.yaml"
{{- include "cortex.memcached" . | nindent 12}}
{{- range $key, $value := .Values.compactor.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.compactor.extraVolumeMounts }}
{{- toYaml .Values.compactor.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
- name: storage
mountPath: "/data"
{{- if .Values.compactor.persistentVolume.subPath }}
subPath: {{ .Values.compactor.persistentVolume.subPath }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.compactor.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.compactor.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.compactor.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.compactor.resources | nindent 12 }}
{{- if .Values.compactor.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.compactor.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.compactor.env }}
env:
{{- toYaml .Values.compactor.env | nindent 12 }}
{{- end }}
{{- end -}}
{{- end -}}

25
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/compactor/compactor-svc.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if eq .Values.config.storage.engine "blocks" -}}
{{- if .Values.compactor.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.compactorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.compactorLabels" . | nindent 4 }}
{{- with .Values.compactor.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.compactor.service.annotations | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.config.server.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.compactorSelectorLabels" . | nindent 4 }}
{{- end -}}
{{- end -}}

12
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if (and (not .Values.useExternalConfig) (.Values.useConfigMap)) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "cortex.fullname" . }}-config
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.labels" . | nindent 4 }}
data:
cortex.yaml: |
{{- tpl (toYaml .Values.config) . | nindent 4 }}
{{- end }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/_helpers-configs.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/*
configs fullname
*/}}
{{- define "cortex.configsFullname" -}}
{{ include "cortex.fullname" . }}-configs
{{- end }}
{{/*
configs common labels
*/}}
{{- define "cortex.configsLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: configs
{{- end }}
{{/*
configs selector labels
*/}}
{{- define "cortex.configsSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: configs
{{- end }}

124
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-dep.yaml Normal file
View File

@@ -0,0 +1,124 @@
{{- if .Values.configs.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
annotations:
{{- toYaml .Values.configs.annotations | nindent 4 }}
spec:
replicas: {{ .Values.configs.replicas }}
selector:
matchLabels:
{{- include "cortex.configsSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.configs.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.configsLabels" . | nindent 8 }}
{{- with .Values.configs.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.configs.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.configs.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.configs.priorityClassName }}
priorityClassName: {{ .Values.configs.priorityClassName }}
{{- end }}
{{- if .Values.configs.securityContext.enabled }}
securityContext: {{- omit .Values.configs.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.configs.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: configs
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=configs"
- "-config.file=/etc/cortex/cortex.yaml"
{{- if .Values.configsdb_postgresql.enabled }}
- "-configs.database.uri={{ .Values.configsdb_postgresql.uri }}"
- "-configs.database.password-file=/etc/postgresql/password"
- "-configs.database.migrations-dir=/migrations"
{{- else }}
- "-configs.database.uri=memory://"
{{- end }}
{{- range $key, $value := .Values.configs.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/cortex
subPath: {{ .Values.configs.persistentVolume.subPath }}
- name: runtime-config
mountPath: /etc/cortex-runtime-config
{{- if .Values.configsdb_postgresql.enabled }}
- name: postgres-password
mountPath: /etc/postgresql
{{- end }}
{{- if .Values.configs.extraVolumeMounts }}
{{- toYaml .Values.configs.extraVolumeMounts | nindent 12}}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.configs.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.configs.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.configs.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.configs.resources | nindent 12 }}
{{- if .Values.configs.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.configs.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.configs.env }}
env:
{{- toYaml .Values.configs.env | nindent 12 }}
{{- end }}
{{- if .Values.configs.extraContainers }}
{{- toYaml .Values.configs.extraContainers | nindent 8}}
{{- end }}
nodeSelector:
{{- toYaml .Values.configs.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.configs.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.configs.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.configs.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
{{- if .Values.configsdb_postgresql.enabled }}
- name: postgres-password
secret:
secretName: {{ if .Values.configsdb_postgresql.auth.existing_secret.name }}{{ .Values.configsdb_postgresql.auth.existing_secret.name }}{{ else }}{{ template "cortex.fullname" . }}-postgresql{{ end }}
items:
- key: {{ if .Values.configsdb_postgresql.auth.existing_secret.name }}{{ .Values.configsdb_postgresql.auth.existing_secret.key }}{{ else }}postgresql-password{{ end }}
path: password
{{- end }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
{{- if .Values.configs.extraVolumes }}
{{- toYaml .Values.configs.extraVolumes | nindent 8}}
{{- end }}
{{- end }}

14
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if and (gt (int .Values.configs.replicas) 1) (.Values.configs.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.configsSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.configs.podDisruptionBudget | nindent 2 }}
{{- end }}

42
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.configs.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
{{- if .Values.configs.serviceMonitor.additionalLabels }}
{{ toYaml .Values.configs.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.configs.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.configs.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.configsSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.configs.serviceMonitor.interval }}
interval: {{ .Values.configs.serviceMonitor.interval }}
{{- end }}
{{- if .Values.configs.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.configs.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.configs.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.configs.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.configs.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.configs.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.configs.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/configs/configs-svc.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.configs.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.configsFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.configsLabels" . | nindent 4 }}
{{- with .Values.configs.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.configs.service.annotations | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.config.server.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.configsSelectorLabels" . | nindent 4 }}
{{- end }}

68
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/cortex-pv.yaml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: ingester-pv-0
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.global.DEFAULT_STORAGE_CLASS }}
local:
path: {{ .Values.global.IMXC_INGESTER_PV_PATH1 }}
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .Values.global.affinity_key }}
operator: In
values:
- {{ .Values.global.affinity_value1 }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: ingester-pv-1
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.global.DEFAULT_STORAGE_CLASS }}
local:
path: {{ .Values.global.IMXC_INGESTER_PV_PATH2 }}
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .Values.global.affinity_key }}
operator: In
values:
- {{ .Values.global.affinity_value2 }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: ingester-pv-2
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.global.DEFAULT_STORAGE_CLASS }}
local:
path: {{ .Values.global.IMXC_INGESTER_PV_PATH3 }}
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .Values.global.affinity_key }}
operator: In
values:
- {{ .Values.global.affinity_value3 }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/_helpers-distributor.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/*
distributor fullname
*/}}
{{- define "cortex.distributorFullname" -}}
{{ include "cortex.fullname" . }}-distributor
{{- end }}
{{/*
distributor common labels
*/}}
{{- define "cortex.distributorLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: distributor
{{- end }}
{{/*
distributor selector labels
*/}}
{{- define "cortex.distributorSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: distributor
{{- end }}

121
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-dep.yaml Normal file
View File

@@ -0,0 +1,121 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- toYaml .Values.distributor.annotations | nindent 4 }}
spec:
{{- if not .Values.distributor.autoscaling.enabled }}
replicas: {{ .Values.distributor.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "cortex.distributorSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.distributor.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.distributorLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.distributor.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.distributor.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.distributor.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.distributor.priorityClassName }}
priorityClassName: {{ .Values.distributor.priorityClassName }}
{{- end }}
{{- if .Values.distributor.securityContext.enabled }}
securityContext: {{- omit .Values.distributor.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.distributor.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: distributor
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=distributor"
- "-config.file=/etc/cortex/cortex.yaml"
{{- range $key, $value := .Values.distributor.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.distributor.extraVolumeMounts }}
{{- toYaml .Values.distributor.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
- name: storage
mountPath: "/data"
subPath: {{ .Values.distributor.persistentVolume.subPath }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.config.server.grpc_listen_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.distributor.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.distributor.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.distributor.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.distributor.resources | nindent 12 }}
{{- if .Values.distributor.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.distributor.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.distributor.env }}
env:
{{- toYaml .Values.distributor.env | nindent 12 }}
{{- end }}
{{- with .Values.distributor.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
requests:
cpu: "100m"
{{- if .Values.distributor.extraContainers }}
{{- toYaml .Values.distributor.extraContainers | nindent 8}}
{{- end }}
nodeSelector:
{{- toYaml .Values.distributor.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.distributor.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.distributor.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.distributor.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
- name: storage
emptyDir: {}
{{- if .Values.distributor.extraVolumes }}
{{- toYaml .Values.distributor.extraVolumes | nindent 8}}
{{- end }}

39
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-hpa.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- with .Values.distributor.autoscaling -}}
{{- if .enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "cortex.distributorFullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" $ | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "cortex.distributorFullname" $ }}
minReplicas: {{ .minReplicas }}
maxReplicas: {{ .maxReplicas }}
metrics:
{{- with .targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

14
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if and (gt (int .Values.distributor.replicas) 1) (.Values.distributor.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.distributorSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.distributor.podDisruptionBudget | nindent 2 }}
{{- end }}

42
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.distributor.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
{{- if .Values.distributor.serviceMonitor.additionalLabels }}
{{ toYaml .Values.distributor.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.distributor.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.distributorSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.distributor.serviceMonitor.interval }}
interval: {{ .Values.distributor.serviceMonitor.interval }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.distributor.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.distributor.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.distributor.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.distributor.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.distributor.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-svc-headless.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.distributorFullname" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
{{- with .Values.distributor.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.distributor.service.annotations | nindent 4 }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- port: {{ .Values.config.server.grpc_listen_port }}
protocol: TCP
name: grpc
targetPort: grpc
selector:
{{- include "cortex.distributorSelectorLabels" . | nindent 4 }}

21
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/distributor/distributor-svc.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.distributorFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.distributorLabels" . | nindent 4 }}
{{- with .Values.distributor.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.distributor.service.annotations | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.config.server.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.distributorSelectorLabels" . | nindent 4 }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/_helpers-ingester.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/*
ingester fullname
*/}}
{{- define "cortex.ingesterFullname" -}}
{{ include "cortex.fullname" . }}-ingester
{{- end }}
{{/*
ingester common labels
*/}}
{{- define "cortex.ingesterLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: ingester
{{- end }}
{{/*
ingester selector labels
*/}}
{{- define "cortex.ingesterSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: ingester
{{- end }}

130
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/ingester-dep.yaml Normal file
View File

@@ -0,0 +1,130 @@
{{- if not .Values.ingester.statefulSet.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.ingesterLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- toYaml .Values.ingester.annotations | nindent 4 }}
spec:
{{- if not .Values.ingester.autoscaling.enabled }}
replicas: {{ .Values.ingester.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "cortex.ingesterSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.ingester.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.ingesterLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.ingester.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.ingester.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.ingester.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.ingester.priorityClassName }}
priorityClassName: {{ .Values.ingester.priorityClassName }}
{{- end }}
{{- if .Values.ingester.securityContext.enabled }}
securityContext: {{- omit .Values.ingester.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.ingester.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: ingester
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=ingester"
- "-config.file=/etc/cortex/cortex.yaml"
{{- include "cortex.memcached" . | nindent 12}}
{{- range $key, $value := .Values.ingester.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.ingester.extraVolumeMounts }}
{{- toYaml .Values.ingester.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
- name: storage
mountPath: "/data"
{{- with .Values.ingester.persistentVolume.subPath }}
subPath: {{ . }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.config.server.grpc_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
{{- if .Values.ingester.startupProbe }}
startupProbe:
{{- toYaml .Values.ingester.startupProbe | nindent 12 }}
{{- end }}
{{- if .Values.ingester.livenessProbe }}
livenessProbe:
{{- toYaml .Values.ingester.livenessProbe | nindent 12 }}
{{- end }}
readinessProbe:
{{- toYaml .Values.ingester.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.ingester.resources | nindent 12 }}
{{- if .Values.ingester.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.ingester.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
{{- if .Values.ingester.env }}
{{ toYaml .Values.ingester.env | nindent 12 }}
{{- end }}
{{- with .Values.ingester.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
requests:
cpu: "100m"
{{- with .Values.ingester.extraContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- toYaml .Values.ingester.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.ingester.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.ingester.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.ingester.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
- name: storage
emptyDir: {}
{{- if .Values.ingester.extraVolumes }}
{{- toYaml .Values.ingester.extraVolumes | nindent 8}}
{{- end }}
{{- end -}}

29
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/ingester-hpa.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- with .Values.ingester.autoscaling -}}
{{- if .enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "cortex.ingesterFullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "cortex.ingesterLabels" $ | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: {{ if $.Values.ingester.statefulSet.enabled }}StatefulSet{{ else }}Deployment{{ end }}
name: {{ include "cortex.ingesterFullname" $ }}
minReplicas: {{ .minReplicas }}
maxReplicas: {{ .maxReplicas }}
metrics:
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .targetMemoryUtilizationPercentage }}
{{- with .behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

14
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/ingester-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if and (gt (int .Values.ingester.replicas) 1) (.Values.ingester.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.ingesterLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.ingesterSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.ingester.podDisruptionBudget | nindent 2 }}
{{- end }}

42
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/ingester-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.ingester.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.ingesterLabels" . | nindent 4 }}
{{- if .Values.ingester.serviceMonitor.additionalLabels }}
{{ toYaml .Values.ingester.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.ingester.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.ingester.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.ingesterSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.ingester.serviceMonitor.interval }}
interval: {{ .Values.ingester.serviceMonitor.interval }}
{{- end }}
{{- if .Values.ingester.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.ingester.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.ingester.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.ingester.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.ingester.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.ingester.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.ingester.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

153
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/ingester-statefulset.yaml Normal file
View File

@@ -0,0 +1,153 @@
{{- if .Values.ingester.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "cortex.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.ingesterLabels" . | nindent 4 }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- toYaml .Values.ingester.annotations | nindent 4 }}
spec:
{{- if not .Values.ingester.autoscaling.enabled }}
replicas: {{ .Values.ingester.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "cortex.ingesterSelectorLabels" . | nindent 6 }}
updateStrategy:
{{- toYaml .Values.ingester.statefulStrategy | nindent 4 }}
podManagementPolicy: "{{ .Values.ingester.statefulSet.podManagementPolicy }}"
serviceName: {{ template "cortex.fullname" . }}-ingester-headless
{{- if .Values.ingester.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage
{{- if .Values.ingester.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.ingester.persistentVolume.annotations | nindent 10 }}
{{- end }}
spec:
{{- if .Values.ingester.persistentVolume.storageClass }}
{{- if (eq "-" .Values.ingester.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.ingester.persistentVolume.storageClass }}"
{{- end }}
{{- end }}
accessModes:
{{ toYaml .Values.ingester.persistentVolume.accessModes | nindent 10 }}
resources:
requests:
storage: "{{ .Values.ingester.persistentVolume.size }}"
{{- end }}
template:
metadata:
labels:
{{- include "cortex.ingesterLabels" . | nindent 8 }}
app.kubernetes.io/part-of: memberlist
{{- with .Values.ingester.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.ingester.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.ingester.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.ingester.priorityClassName }}
priorityClassName: {{ .Values.ingester.priorityClassName }}
{{- end }}
{{- if .Values.ingester.securityContext.enabled }}
securityContext: {{- omit .Values.ingester.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.ingester.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
nodeSelector:
{{- toYaml .Values.ingester.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.ingester.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.ingester.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.ingester.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
{{- if not .Values.ingester.persistentVolume.enabled }}
- name: storage
emptyDir: {}
{{- end }}
{{- if .Values.ingester.extraVolumes }}
{{- toYaml .Values.ingester.extraVolumes | nindent 8 }}
{{- end }}
containers:
{{- if .Values.ingester.extraContainers }}
{{- toYaml .Values.ingester.extraContainers | nindent 8 }}
{{- end }}
- name: ingester
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=ingester"
- "-config.file=/etc/cortex/cortex.yaml"
{{- include "cortex.memcached" . | nindent 12}}
{{- range $key, $value := .Values.ingester.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.ingester.extraVolumeMounts }}
{{- toYaml .Values.ingester.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
- name: storage
mountPath: "/data"
{{- with .Values.ingester.persistentVolume.subPath }}
subPath: {{ . }}
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.config.server.grpc_listen_port }}
protocol: TCP
- name: gossip
containerPort: {{ .Values.config.memberlist.bind_port }}
protocol: TCP
{{- if .Values.ingester.startupProbe }}
startupProbe:
{{- toYaml .Values.ingester.startupProbe | nindent 12 }}
{{- end }}
{{- if .Values.ingester.livenessProbe }}
livenessProbe:
{{- toYaml .Values.ingester.livenessProbe | nindent 12 }}
{{- end }}
readinessProbe:
{{- toYaml .Values.ingester.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.ingester.resources | nindent 12 }}
{{- if .Values.ingester.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.ingester.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.ingester.env }}
env:
{{- toYaml .Values.ingester.env | nindent 12 }}
{{- end }}
{{- with .Values.ingester.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end -}}

22
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/ingester-svc-headless.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.ingesterFullname" . }}-headless
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.ingesterLabels" . | nindent 4 }}
{{- with .Values.ingester.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.ingester.service.annotations | nindent 4 }}
spec:
type: ClusterIP
clusterIP: None
ports:
- port: {{ .Values.config.server.grpc_listen_port }}
protocol: TCP
name: grpc
targetPort: grpc
selector:
{{- include "cortex.ingesterSelectorLabels" . | nindent 4 }}

21
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/ingester/ingester-svc.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.ingesterFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.ingesterLabels" . | nindent 4 }}
{{- with .Values.ingester.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.ingester.service.annotations | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.config.server.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.ingesterSelectorLabels" . | nindent 4 }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/nginx/_helpers-nginx.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/*
nginx fullname
*/}}
{{- define "cortex.nginxFullname" -}}
{{ include "cortex.fullname" . }}-nginx
{{- end }}
{{/*
nginx common labels
*/}}
{{- define "cortex.nginxLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: nginx
{{- end }}
{{/*
nginx selector labels
*/}}
{{- define "cortex.nginxSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: nginx
{{- end }}

140
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/nginx/nginx-config.yaml Normal file
View File

@@ -0,0 +1,140 @@
{{- if .Values.nginx.enabled }}
{{- $rootDomain := printf "%s.svc.%s:%d" .Release.Namespace .Values.clusterDomain (.Values.config.server.http_listen_port | int) }}
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "cortex.nginxFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.nginxLabels" . | nindent 4 }}
data:
nginx.conf: |-
worker_processes 5; ## Default: 1
error_log /dev/stderr;
pid /tmp/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
{{- with .Values.nginx.config.mainSnippet }}
{{ tpl . $ | nindent 4 }}
{{- end }}
http {
default_type application/octet-stream;
client_max_body_size {{.Values.nginx.config.client_max_body_size}};
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $http_x_scope_orgid';
access_log /dev/stderr main;
sendfile on;
tcp_nopush on;
resolver {{ default (printf "coredns.kube-system.svc.%s" .Values.clusterDomain ) .Values.nginx.config.dnsResolver }};
{{- with .Values.nginx.config.httpSnippet }}
{{ tpl . $ | nindent 6 }}
{{- end }}
server { # simple reverse-proxy
listen {{ .Values.nginx.http_listen_port }};
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_http_version 1.1;
proxy_set_header X-Scope-OrgID 0;
{{- range $key, $value := .Values.nginx.config.setHeaders }}
proxy_set_header {{ $key }} {{ $value }};
{{- end }}
{{ if .Values.nginx.config.basicAuthSecretName -}}
auth_basic "Restricted Content";
auth_basic_user_file /etc/apache2/.htpasswd;
{{- end }}
{{- with .Values.nginx.config.serverSnippet }}
{{ tpl . $ | nindent 8 }}
{{- end }}
location = /healthz {
# auth_basic off is not set here, even when a basic auth directive is
# included in the server block, as Nginx's NGX_HTTP_REWRITE_PHASE
# (point when this return statement is evaluated) comes before the
# NGX_HTTP_ACCESS_PHASE (point when basic auth is evaluated). Thus,
# this return statement returns a response before basic auth is
# evaluated.
return 200 'alive';
}
# Distributor Config
location = /ring {
proxy_pass http://{{ template "cortex.fullname" . }}-distributor.{{ $rootDomain }}$request_uri;
}
location = /all_user_stats {
proxy_pass http://{{ template "cortex.fullname" . }}-distributor.{{ $rootDomain }}$request_uri;
}
location = /api/prom/push {
proxy_pass http://{{ template "cortex.fullname" . }}-distributor.{{ $rootDomain }}$request_uri;
}
## New Remote write API. Ref: https://cortexmetrics.io/docs/api/#remote-write
location = /api/v1/push {
proxy_pass http://{{ template "cortex.fullname" . }}-distributor.{{ $rootDomain }}$request_uri;
}
# Alertmanager Config
location ~ /api/prom/alertmanager/.* {
proxy_pass http://{{ template "cortex.fullname" . }}-alertmanager.{{ $rootDomain }}$request_uri;
}
location ~ /api/v1/alerts {
proxy_pass http://{{ template "cortex.fullname" . }}-alertmanager.{{ $rootDomain }}$request_uri;
}
location ~ /multitenant_alertmanager/status {
proxy_pass http://{{ template "cortex.fullname" . }}-alertmanager.{{ $rootDomain }}$request_uri;
}
# Ruler Config
location ~ /api/v1/rules {
proxy_pass http://{{ template "cortex.fullname" . }}-ruler.{{ $rootDomain }}$request_uri;
}
location ~ /ruler/ring {
proxy_pass http://{{ template "cortex.fullname" . }}-ruler.{{ $rootDomain }}$request_uri;
}
# Config Config
location ~ /api/prom/configs/.* {
proxy_pass http://{{ template "cortex.fullname" . }}-configs.{{ $rootDomain }}$request_uri;
}
# Query Config
location ~ /api/prom/.* {
proxy_pass http://{{ template "cortex.fullname" . }}-query-frontend.{{ $rootDomain }}$request_uri;
}
## New Query frontend APIs as per https://cortexmetrics.io/docs/api/#querier--query-frontend
location ~ ^{{.Values.config.api.prometheus_http_prefix}}/api/v1/(read|metadata|labels|series|query_range|query) {
proxy_pass http://{{ template "cortex.fullname" . }}-query-frontend.{{ $rootDomain }}$request_uri;
}
location ~ {{.Values.config.api.prometheus_http_prefix}}/api/v1/label/.* {
proxy_pass http://{{ template "cortex.fullname" . }}-query-frontend.{{ $rootDomain }}$request_uri;
}
{{- if and (.Values.config.auth_enabled) (.Values.nginx.config.auth_orgs) }}
# Auth orgs
{{- range $org := compact .Values.nginx.config.auth_orgs | uniq }}
location = /api/v1/push/{{ $org }} {
proxy_set_header X-Scope-OrgID {{ $org }};
proxy_pass http://{{ template "cortex.fullname" $ }}-distributor.{{ $rootDomain }}/api/v1/push;
}
{{- end }}
{{- end }}
}
}
{{- end }}

111
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/nginx/nginx-dep.yaml Normal file
View File

@@ -0,0 +1,111 @@
{{- if .Values.nginx.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.nginxFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.nginxLabels" . | nindent 4 }}
annotations:
{{- toYaml .Values.nginx.annotations | nindent 4 }}
spec:
{{- if not .Values.nginx.autoscaling.enabled }}
replicas: {{ .Values.nginx.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "cortex.nginxSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.nginx.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.nginxLabels" . | nindent 8 }}
{{- with .Values.nginx.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/nginx/nginx-config.yaml") . | sha256sum }}
{{- with .Values.nginx.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.nginx.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.nginx.priorityClassName }}
priorityClassName: {{ .Values.nginx.priorityClassName }}
{{- end }}
{{- if .Values.nginx.securityContext.enabled }}
securityContext: {{- omit .Values.nginx.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.nginx.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: nginx
image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
{{- if .Values.nginx.extraArgs }}
args:
{{- range $key, $value := .Values.nginx.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.nginx.extraVolumeMounts }}
{{- toYaml .Values.nginx.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/nginx
{{- if .Values.nginx.config.basicAuthSecretName }}
- name: htpasswd
mountPath: /etc/apache2
readOnly: true
{{- end }}
ports:
- name: http-metrics
containerPort: {{ .Values.nginx.http_listen_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.nginx.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.nginx.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.nginx.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.nginx.resources | nindent 12 }}
{{- if .Values.nginx.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.nginx.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.nginx.env }}
env:
{{- toYaml .Values.nginx.env | nindent 12 }}
{{- end }}
{{- if .Values.nginx.extraContainers }}
{{ toYaml .Values.nginx.extraContainers | indent 8}}
{{- end }}
nodeSelector:
{{- toYaml .Values.nginx.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.nginx.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.nginx.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.nginx.terminationGracePeriodSeconds }}
volumes:
- name: config
configMap:
name: {{ template "cortex.fullname" . }}-nginx
{{- if .Values.nginx.config.basicAuthSecretName }}
- name: htpasswd
secret:
defaultMode: 420
secretName: {{ .Values.nginx.config.basicAuthSecretName }}
{{- end }}
{{- if .Values.nginx.extraVolumes }}
{{- toYaml .Values.nginx.extraVolumes | nindent 8}}
{{- end }}
{{- end }}

39
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/nginx/nginx-hpa.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if and .Values.nginx.enabled .Values.nginx.autoscaling.enabled }}
{{- with .Values.nginx.autoscaling -}}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "cortex.nginxFullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "cortex.nginxLabels" $ | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "cortex.nginxFullname" $ }}
minReplicas: {{ .minReplicas }}
maxReplicas: {{ .maxReplicas }}
metrics:
{{- with .targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

40
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/nginx/nginx-ingress.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if and .Values.ingress.enabled .Values.nginx.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "cortex.nginxFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.nginxLabels" . | nindent 4 }}
annotations:
{{- toYaml .Values.ingress.annotations | nindent 4 }}
spec:
{{- if .Values.ingress.ingressClass.enabled }}
ingressClassName: {{ .Values.ingress.ingressClass.name }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
pathType: "Prefix"
backend:
service:
name: {{ include "cortex.nginxFullname" $ }}
port:
number: {{ $.Values.nginx.http_listen_port }}
{{- end }}
{{- end }}
{{- end }}

14
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/nginx/nginx-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if and (.Values.nginx.enabled) (gt (int .Values.nginx.replicas) 1) (.Values.nginx.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.nginxFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.nginxLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.nginxSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.nginx.podDisruptionBudget | nindent 2 }}
{{- end }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/nginx/nginx-svc.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.nginx.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.nginxFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.nginxLabels" . | nindent 4 }}
{{- with .Values.nginx.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.nginx.service.annotations | nindent 4 }}
spec:
type: {{ .Values.nginx.service.type }}
ports:
- port: {{ .Values.nginx.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.nginxSelectorLabels" . | nindent 4 }}
{{- end }}

96
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/node-exporter.yaml Normal file
View File

@@ -0,0 +1,96 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/scrape: 'true'
labels:
app: node-exporter
name: node-exporter
name: node-exporter
namespace: imxc
spec:
clusterIP: None
ports:
- name: scrape
port: 9100
protocol: TCP
selector:
app: node-exporter
type: ClusterIP
---
{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: apps/v1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: DaemonSet
metadata:
name: node-exporter
namespace: imxc
spec:
{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }}
selector:
matchLabels:
app: node-exporter
{{- end }}
template:
metadata:
labels:
app: node-exporter
name: node-exporter
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
containers:
- image: {{ .Values.global.IMXC_IN_REGISTRY }}/node-exporter
name: node-exporter
resources:
limits:
cpu: 250m
memory: 180Mi
requests:
cpu: 102m
memory: 180Mi
ports:
- containerPort: 9100
hostPort: 9100
name: scrape
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|run|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
- --collector.tcpstat
# --log.level=debug
env:
- name: GOMAXPROCS
value: "1"
volumeMounts:
- mountPath: /host/proc
name: proc
readOnly: false
- mountPath: /host/sys
name: sys
readOnly: false
- mountPath: /host/root
mountPropagation: HostToContainer
name: root
readOnly: true
hostNetwork: true
hostPID: true
securityContext:
runAsNonRoot: true
runAsUser: 65534
volumes:
- hostPath:
path: /proc
name: proc
- hostPath:
path: /sys
name: sys
- hostPath:
path: /
name: root

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/querier/_helpers-querier.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/*
querier fullname
*/}}
{{- define "cortex.querierFullname" -}}
{{ include "cortex.fullname" . }}-querier
{{- end }}
{{/*
querier common labels
*/}}
{{- define "cortex.querierLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: querier
{{- end }}
{{/*
querier selector labels
*/}}
{{- define "cortex.querierSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: querier
{{- end }}

115
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/querier/querier-dep.yaml Normal file
View File

@@ -0,0 +1,115 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.querierFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.querierLabels" . | nindent 4 }}
annotations:
{{- toYaml .Values.querier.annotations | nindent 4 }}
spec:
{{- if not .Values.querier.autoscaling.enabled }}
replicas: {{ .Values.querier.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "cortex.querierSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.querier.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.querierLabels" . | nindent 8 }}
{{- with .Values.querier.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.querier.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.querier.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.querier.priorityClassName }}
priorityClassName: {{ .Values.querier.priorityClassName }}
{{- end }}
{{- if .Values.querier.securityContext.enabled }}
securityContext: {{- omit .Values.querier.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.querier.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: querier
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=querier"
- "-config.file=/etc/cortex/cortex.yaml"
- "-querier.frontend-address={{ template "cortex.fullname" . }}-query-frontend-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.config.server.grpc_listen_port }}"
{{- include "cortex.memcached" . | nindent 12}}
{{- range $key, $value := .Values.querier.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.querier.extraVolumeMounts }}
{{- toYaml .Values.querier.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
- name: storage
mountPath: "/data"
subPath: {{ .Values.querier.persistentVolume.subPath }}
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.querier.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.querier.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.querier.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.querier.resources | nindent 12 }}
{{- if .Values.querier.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.querier.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
{{- if .Values.querier.env }}
{{- toYaml .Values.querier.env | nindent 12 }}
{{- end }}
{{- with .Values.querier.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
requests:
cpu: "100m"
{{- if .Values.querier.extraContainers }}
{{- toYaml .Values.querier.extraContainers | nindent 8}}
{{- end }}
nodeSelector:
{{- toYaml .Values.querier.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.querier.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.querier.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.querier.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
- name: storage
emptyDir: {}
{{- if .Values.querier.extraVolumes }}
{{- toYaml .Values.querier.extraVolumes | nindent 8}}
{{- end }}

39
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/querier/querier-hpa.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- with .Values.querier.autoscaling -}}
{{- if .enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "cortex.querierFullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{- include "cortex.querierLabels" $ | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "cortex.querierFullname" $ }}
minReplicas: {{ .minReplicas }}
maxReplicas: {{ .maxReplicas }}
metrics:
{{- with .targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ . }}
{{- end }}
{{- with .behavior }}
behavior:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

14
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/querier/querier-poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if and (gt (int .Values.querier.replicas) 1) (.Values.querier.podDisruptionBudget) }}
apiVersion: {{ include "cortex.pdbVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "cortex.querierFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.querierLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "cortex.querierSelectorLabels" . | nindent 6 }}
{{- toYaml .Values.querier.podDisruptionBudget | nindent 2 }}
{{- end }}

42
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/querier/querier-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.querier.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.querierFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.querierLabels" . | nindent 4 }}
{{- if .Values.querier.serviceMonitor.additionalLabels }}
{{ toYaml .Values.querier.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.querier.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.querier.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.querierSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.querier.serviceMonitor.interval }}
interval: {{ .Values.querier.serviceMonitor.interval }}
{{- end }}
{{- if .Values.querier.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.querier.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.querier.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.querier.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.querier.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.querier.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.querier.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

21
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/querier/querier-svc.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "cortex.querierFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.querierLabels" . | nindent 4 }}
{{- with .Values.querier.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- toYaml .Values.querier.service.annotations | nindent 4 }}
spec:
type: ClusterIP
ports:
- port: {{ .Values.config.server.http_listen_port }}
protocol: TCP
name: http-metrics
targetPort: http-metrics
selector:
{{- include "cortex.querierSelectorLabels" . | nindent 4 }}

23
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/query-frontend/_helpers-query-frontend.tpl Normal file
View File

@@ -0,0 +1,23 @@
{{/*
query-frontend fullname
*/}}
{{- define "cortex.queryFrontendFullname" -}}
{{ include "cortex.fullname" . }}-query-frontend
{{- end }}
{{/*
query-frontend common labels
*/}}
{{- define "cortex.queryFrontendLabels" -}}
{{ include "cortex.labels" . }}
app.kubernetes.io/component: query-frontend
{{- end }}
{{/*
query-frontend selector labels
*/}}
{{- define "cortex.queryFrontendSelectorLabels" -}}
{{ include "cortex.selectorLabels" . }}
app.kubernetes.io/component: query-frontend
{{- end }}

107
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/query-frontend/query-frontend-dep.yaml Normal file
View File

@@ -0,0 +1,107 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cortex.queryFrontendFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.queryFrontendLabels" . | nindent 4 }}
annotations:
{{- toYaml .Values.query_frontend.annotations | nindent 4 }}
spec:
replicas: {{ .Values.query_frontend.replicas }}
selector:
matchLabels:
{{- include "cortex.queryFrontendSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.query_frontend.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "cortex.queryFrontendLabels" . | nindent 8 }}
{{- with .Values.query_frontend.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
checksum/config: {{ include "cortex.configChecksum" . }}
{{- with .Values.query_frontend.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.query_frontend.serviceAccount.name | default (include "cortex.serviceAccountName" . ) }}
{{- if .Values.query_frontend.priorityClassName }}
priorityClassName: {{ .Values.query_frontend.priorityClassName }}
{{- end }}
{{- if .Values.query_frontend.securityContext.enabled }}
securityContext: {{- omit .Values.query_frontend.securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
{{- toYaml .Values.query_frontend.initContainers | nindent 8 }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: query-frontend
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "-target=query-frontend"
- "-config.file=/etc/cortex/cortex.yaml"
{{- include "cortex.frontend-memcached" . | nindent 12 }}
{{- range $key, $value := .Values.query_frontend.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
{{- if .Values.query_frontend.extraVolumeMounts }}
{{- toYaml .Values.query_frontend.extraVolumeMounts | nindent 12}}
{{- end }}
- name: config
mountPath: /etc/cortex
- name: runtime-config
mountPath: /etc/cortex-runtime-config
ports:
- name: http-metrics
containerPort: {{ .Values.config.server.http_listen_port }}
protocol: TCP
- name: grpc
containerPort: {{ .Values.config.server.grpc_listen_port }}
protocol: TCP
startupProbe:
{{- toYaml .Values.query_frontend.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.query_frontend.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.query_frontend.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.query_frontend.resources | nindent 12 }}
{{- if .Values.query_frontend.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.query_frontend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.query_frontend.env }}
env:
{{- toYaml .Values.query_frontend.env | nindent 12 }}
{{- end }}
{{- with .Values.query_frontend.lifecycle }}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.query_frontend.extraContainers }}
{{- toYaml .Values.query_frontend.extraContainers | nindent 8}}
{{- end }}
nodeSelector:
{{- toYaml .Values.query_frontend.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.query_frontend.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.query_frontend.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.query_frontend.terminationGracePeriodSeconds }}
volumes:
{{- include "cortex.configVolume" . | nindent 8 }}
- name: runtime-config
configMap:
name: {{ template "cortex.fullname" . }}-runtime-config
{{- if .Values.query_frontend.extraVolumes }}
{{- toYaml .Values.query_frontend.extraVolumes | nindent 8}}
{{- end }}

42
ansible/01_old/roles/cmoa_demo_install/files/02-base/base/charts/cortex/templates/query-frontend/query-frontend-servicemonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.query_frontend.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "cortex.queryFrontendFullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "cortex.queryFrontendLabels" . | nindent 4 }}
{{- if .Values.query_frontend.serviceMonitor.additionalLabels }}
{{ toYaml .Values.query_frontend.serviceMonitor.additionalLabels | indent 4 }}
{{- end }}
{{- if .Values.query_frontend.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.query_frontend.serviceMonitor.annotations | indent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "cortex.queryFrontendSelectorLabels" . | nindent 6 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace | quote }}
endpoints:
- port: http-metrics
{{- if .Values.query_frontend.serviceMonitor.interval }}
interval: {{ .Values.query_frontend.serviceMonitor.interval }}
{{- end }}
{{- if .Values.query_frontend.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.query_frontend.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.query_frontend.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.query_frontend.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
{{- if .Values.query_frontend.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml .Values.query_frontend.serviceMonitor.metricRelabelings | nindent 4 }}
{{- end }}
{{- with .Values.query_frontend.serviceMonitor.extraEndpointSpec }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More