-
Notifications
You must be signed in to change notification settings - Fork 57
/
values.yaml
374 lines (289 loc) · 12.7 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
global:
# The OpenStack region.
region:
# The TLD as used in the URL.
tld:
# Type of the cluster to which the Thanos is deployed. Analog to Prometheus.
# Choose between: controlplane, kubernikus-controlplane, kubernikus-scaleout.
clusterType: controlplane
# TODO: check if needed
# Optional name of the cluster to which the Prometheus is deployed.
# Defaults to region if not set.
# cluster:
# Optional tier for Prometheus alerts.
# tier: k8s
linkerd_requested: false
# allows to disable Thanos for specific regions
enabled: true
# Mandatory name for this Thanos.
name:
# false means only Thanos Query is deployed. Used for regional and global Thaneis.
# If set to true everything in templates (StoreEndpoint, StoreGateway, Query) is deployed.
# Default: true
deployWholeThanos: true
# If set this will query all regions and expects a Thanos Query to be present at the end of the tunnel
useQueryRegions: false
queryRegions: []
# Thanos Query Store API's to be queried from regional and global.
# thanos-$queryStoreAPIs-grpc is the corresponding ingress to be queried
queryStoreAPIs: []
# Replaces the default thanos-operator discovery
# If true it will discover all Thaneis Query Services starting with 'thanos', containing 'query'.
# Excluded are 'maia', 'metal', 'scaleout', 'regional'
# Needs to be disabled if the added stores are cluster external like in regional, global.
queryDiscovery: true
# Refresh interval to re-read file SD files
# querySDInterval:
# set name only, region and domain will be generated like clusterDomain.region.cloud.sap
# defaults to cluster.local
clusterDomain:
# optional
# namespace:
# used for cross cluster TLS
authentication:
enabled: false
GRPCClientCA:
GRPCClientCertificate:
certificate:
privateKey:
logLevel: info
# Configuration for OpenStack Swift Thanos storage backend.
swiftStorageConfig:
authURL:
userName:
userDomainName:
password:
domainName:
projectName:
projectDomainName:
regionName:
containerName:
# Specification for Thanos image
spec:
baseImage: keppel.eu-de-1.cloud.sap/ccloud-quay-mirror/thanos/thanos
# Create RBAC resources.
rbac:
create: true
# ServiceAccount to use for the Thanos.
# Note that a ServiceAccount with name `default` cannot be created.
# Instead the generated name will be used.
serviceAccount:
create: true
# Optional name of the service account.
# If not provided one will be generated in the format: thanos-<name>.
name: ""
# Specification for Thanos components.
compactor:
# Always check if customArgs are set. If so, everything thing else is neglected.
# How long to retain raw samples in bucket. 0d - disables this retention.
# ONLY SPECIFY DAYS as an int
retentionResolutionRaw: 90
# How long to retain samples of resolution 1 (5 minutes) in bucket. 0d - disables this retention.
# ONLY SPECIFY DAYS as an int
retentionResolution5m: 90
# How long to retain samples of resolution 2 (1 hour) in bucket. 0d - disables this retention.
# ONLY SPECIFY YEARS as an int
retentionResolution1h: 5
# Minimum age of fresh (non-compacted) blocks before they are being processed. Malformed blocks older than the maximum of consistency-delay and 30m0s will be removed.
consistencyDelay: 30m
# Specifying custom arguments means that all compactor related settings will be overwritten. It is NOT adding the options, these are all options at glance. This is usually used, when the operator is not supporting a certain option
customArgs: #[]
- compact
- --log.level=info
- --http-address=0.0.0.0:10902
- --http-grace-period=120s
- --data-dir=/data
- --objstore.config-file=/etc/config/thanos.yaml
- --consistency-delay=1800s
- --retention.resolution-raw=7776000s
- --retention.resolution-5m=7776000s
- --retention.resolution-1h=157680000s
- --compact.concurrency=1
- --compact.cleanup-interval=1800s
- --wait
- --wait-interval=900s
# In case the root fs of the node is not providing sufficient space this will add a data volume (pvc) and mounting it to /data in the compactor.
# Pay attention to use the correct storageClass.
# If this isn't set, it will request a 25Gi ephemeral storage by default, unless specified different
dataVolume:
enabled: false
size: 100Gi
storageClassName: cinder-default
# If dataVolume is not set and node can provide more than 25Gi ephemeral storage you can overwrite it to use more
resources:
requests:
ephemeralStorage: "25Gi"
store:
# Maximum size of items held in the index cache.
indexCacheSize: 1GB
# Maximum size of concurrently allocatable bytes for chunks.
chunkPoolSize: 4GB
# Limit the amount of samples that might be retrieved on a single Series() call.
# 0 = unlimited.
seriesSampleLimit: 0
# Limit number of concurrent Series() calls in Thanos store.
seriesMaxConcurrency: 20
# Persistent volume for Thanos store.
persistence:
enabled: true
size: 2Gi
# not relevant when deployWholeTHanos set to false
query:
replicas: 1
# logLevel:
webRouteprefix: /thanos
# statically specify stores, if deployWholeThanos is set and this is not present, it will default to query the single Prometheus sidecar container prometheus-<thanos-name>:10901
# stores from the following list will be build as an cluster internal dns fqdn. Like store1.default.svc.cluster.local:10901
# stores:
# - name: store1
# namespace: default
# port: 10901
# - name: storeN
# namespace: default
# port: 10901
extraArgs: []
ruler:
enabled: false
# When a ThanosRuler deployment is paused, no actions except for deletion
# will be performed on the underlying objects.
paused: false
loglevel: info
# Time duration ThanosRuler shall retain data for. Default is '24h', and must
# match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds
# minutes hours days weeks years).
# retention: <string>
# Interval between consecutive evaluations. Defaults to 15s
# evaluationInterval: <string>
# The external URL the Thanos Ruler instances will be available under. This
# is necessary to generate correct URLs to serve Thanos Ruler from a subpath of Thanos Query.
externalPrefix: /ruler
# disabled if no cluster information should be added as external labels (cross cluster evaluation)
externalClusterLabels:
enabled: true
# Define URLs to send alerts to Alertmanager.
alertmanagers:
# Configuration if the Alertmanager has client certificate authentication enabled.
authentication:
enabled: false
# The certificate used for authentication with the Alertmanager..
ssoCert:
# The key used for authentication with the Alertmanager.
ssoKey:
hosts: []
# QueryEndpoints defines Thanos querier endpoints from which to query
# metrics. Maps to the --query flag of thanos ruler.
# Defaults to <name>-query.<namespace>.svc.<clusterDomain>
queryEndpoints: []
# Resources defines the resource requirements for single Pods. If not
# provided, no requests/limits will be set
# resources:
service:
annotations: {}
# Optional ingress for this Thanos. Only needed when net deployed alongside Prometheus. So to say, if deployWholeThanos is set, this shouldn't be needed
ingress:
enabled: false
# List of hostnames for this Thanos Query. If empty, the FQDN will be generated using the pattern thanos-<name>.<region>.<domain> otherwise <host>.<region>.<domain>.
# The first host is used to generate the external URL for the Thanos. Remaining hosts will be used as SANs.
# If the ingress is enabled, it's also used for the ingress host.
hosts: []
# List of fully qualified host names to be used for this Thanos server. Mutually exclusive with hosts.
# The first host is used to generate the external URL for the Thanos. Remaining hosts will be used as SANs.
# If the ingress is enabled, it's also used for the ingress host.
hostsFQDN: []
# Client certificate authentication on ingress level.
authentication:
oauth:
enabled: false
# The URL to the authentication service.
authURL:
# Optional URL to specify the location of the error page.
authSignInURL:
sso:
enabled: true
# The key (<namespace>/<name>) of the secret containing the CA certificate (`ca.crt`) that is enabled to authenticate against this Ingress.
authTLSSecret: kube-system/ingress-cacrt
# The validation depth between the provided client certificate and the certification authority chain.
authTLSVerifyDepth: 3
# Enables verification of client certificates.
authTLSVerifyClient: on
# Additional annotations for the ingress.
annotations:
cloud.sap/no-http-keep-alive-monitor: "true"
# Optional ingress for this Thanos. Only needed when net deployed alongside Prometheus. So to say, if deployWholeThanos is set, this shouldn't be needed
internalIngress:
enabled: false
# List of hostnames for this Thanos Query. If empty, the FQDN will be generated using the pattern thanos-<name>.<region>.<domain> otherwise <host>.<region>.<domain>.
# The first host is used to generate the external URL for the Thanos. Remaining hosts will be used as SANs.
# If the ingress is enabled, it's also used for the ingress host.
hosts: []
# List of fully qualified host names to be used for this Thanos server. Mutually exclusive with hosts.
# The first host is used to generate the external URL for the Thanos. Remaining hosts will be used as SANs.
# If the ingress is enabled, it's also used for the ingress host.
hostsFQDN: []
# Client certificate authentication on ingress level.
authentication:
oauth:
enabled: false
# The URL to the authentication service.
authURL:
# Optional URL to specify the location of the error page.
authSignInURL:
sso:
enabled: true
# The key (<namespace>/<name>) of the secret containing the CA certificate (`ca.crt`) that is enabled to authenticate against this Ingress.
authTLSSecret: kube-system/ingress-cacrt
# The validation depth between the provided client certificate and the certification authority chain.
authTLSVerifyDepth: 3
# Enables verification of client certificates.
authTLSVerifyClient: on
# Additional annotations for the ingress.
annotations:
cloud.sap/no-http-keep-alive-monitor: "true"
grpcIngress:
enabled: false
# List of hostnames for this Thanos Query. If empty, the FQDN will be generated using the pattern thanos-<name>-grpc.<region>.<domain> otherwise <host>.<region>.<domain>.
# The first host is used to generate the external URL for the Thanos. Remaining hosts will be used as SANs.
# If the ingress is enabled, it's also used for the ingress host.
hosts: []
# List of fully qualified host names to be used for this Thanos server. Mutually exclusive with hosts.
# The first host is used to generate the external URL for the Thanos. Remaining hosts will be used as SANs.
# If the ingress is enabled, it's also used for the ingress host.
hostsFQDN: []
# Client certificate authentication on ingress level.
authentication:
sso:
enabled: true
# The key (<namespace>/<name>) of the secret containing the CA certificate (`ca.crt`) that is enabled to authenticate against this Ingress.
authTLSSecret: kube-system/ingress-cacrt
# The validation depth between the provided client certificate and the certification authority chain.
authTLSVerifyDepth: 3
# Enables verification of client certificates.
authTLSVerifyClient: on
grpc:
backendProtocol: GRPC
sslRedirect: true
# Additional annotations for the gRPC ingress.
annotations:
cloud.sap/no-http-keep-alive-monitor: "true"
alerts:
# prometheus name picking up the Thanos metrics
prometheus:
# service name routing the alerts, defaults to `metrics`
service:
# support_group routing the alerts, defaults to `observability`
support_group:
# If true, a custom Prometheus naming will take place. Only needed for vmware-monitoring.
vmware: false
traefik:
# there are two scenarios when this is needed
# 1 Should be enabled only if no ingressClass is present in the cluster. Please set grpcIngress.enabled to false and set route.enabled to true.
#
# 2 if k8s.io/ingress-nginx and traefik.io/ingress-controller are present, set traefik.enabled: false and route.enabled: true
# General information: it will spawn a dummy ingress resource to annotate the hostname for dns record creation. However, this dummy will not do anything because the grpc service is not exposing on 80.
enabled: false
# List of hostnames to match, typically the same which are configured in grpcIngress.hosts
hosts: []
route:
enabled: false
# service the route should point to. Needs to match Thanos Query.
serviceName: thanos-kubernetes-query