github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/helm/values.yaml

## @section Common parameters
##

versionOverride:

## KubeBlocks container image settings
##
## @param image.registry KubeBlocks image registry
## @param image.repository KubeBlocks image repository
## @param image.pullPolicy KubeBlocks image pull policy
## @param image.tag KubeBlocks image tag (immutable tags are recommended)
## @param image.imagePullSecrets KubeBlocks image pull secrets
## @param image.tools.repository KubeBlocks tools image repository
image:
  registry: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com
  repository: apecloud/kubeblocks
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
  imagePullSecrets: []
  tools:
    repository: apecloud/kubeblocks-tools
  datascript:
    repository: apecloud/kubeblocks-datascript

## @param replicaCount
##
replicaCount: 1

## @param nameOverride
##
nameOverride: ""

## @param fullnameOverride
##
fullnameOverride: ""


## KubeBlocks RBAC access priority setting
##
## @param rbac.enabled is used to enable or disable KubeBlocks RBAC access priority.
## By enabling this feature, KubeBlocks can ensure resource accessibility for the
## cluster's pods, which are required to efficiently manage the cluster. By default,
## it is set to true. When RBAC access priority is enabled, KubeBlocks will have
## the following permissions:
##   groups=core,resources=serviceaccounts,verbs=get;list;watch;create;update;patch;delete
##   groups=core,resources=serviceaccounts/status,verbs=get;update;patch
##   groups=core,resources=serviceaccounts/finalizers,verbs=update
##
##   groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch;create;update;patch;delete
##   groups=rbac.authorization.k8s.io,resources=rolebindings/status,verbs=get;update;patch
##   groups=rbac.authorization.k8s.io,resources=rolebindings/finalizers,verbs=update
##
##   groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
##   groups=rbac.authorization.k8s.io,resources=clusterrolebindings/status,verbs=get;update;patch
##   groups=rbac.authorization.k8s.io,resources=clusterrolebindings/finalizers,verbs=update
##
## If it is set to false, then you will need to create the service account
## named `cluster.ComponentSpec.ServiceAccountName` and the corresponding (cluster) role binding
## manually or through the cluster's Helm template, as shown in the example:
##   helm install mysql apecloud-mysql-cluster
rbac:
  enabled: true

## Deployment update strategy.
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
##
## @param updateStrategy.rollingUpdate
## @param updateStrategy.type
updateStrategy:
  rollingUpdate:
    maxSurge: 1
    maxUnavailable: 40%
  type: RollingUpdate

## Change `hostNetwork` to `true` when you want the KubeBlocks's pod to share its host's network namespace.
## Useful for situations like when you end up dealing with a custom CNI over Amazon EKS.
## Update the `dnsPolicy` accordingly as well to suit the host network mode.
##
## @param hostNetwork
##
hostNetwork: false

## `dnsPolicy` determines the manner in which DNS resolution happens in the cluster.
## In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`.
## For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy.
##
## @param dnsPolicy
##
dnsPolicy: ClusterFirst

## Configure podDisruptionBudget spec settings
##
## @param podDisruptionBudget.minAvailable
## @param podDisruptionBudget.maxUnavailable
podDisruptionBudget:
  # Configures the minimum available pods for KubeBlocks disruptions.
  # Cannot be used if `maxUnavailable` is set.
  minAvailable: 1
  # Configures the maximum unavailable pods for KubeBlocks disruptions.
  # Cannot be used if `minAvailable` is set.
  maxUnavailable:


## Logger settings
##
## @param loggerSettings.developmentMode
## @param loggerSettings.encoder
## @param loggerSettings.level
## @param loggerSettings.timeEncoding
loggerSettings:
  # Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn).
  # Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default false)
  developmentMode: false
  # log encoding (one of 'json' or 'console')
  encoder: console
  # log level, can be one of 'debug', 'info', 'error', or any integer value > 0
  # which corresponds to custom debug levels of increasing verbosity.
  level:
  # Zap time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or
  # 'rfc3339nano'). Defaults to 'iso8601'.
  timeEncoding: 'iso8601'

## ServiceAccount settings
##
## @param serviceAccount.create
## @param serviceAccount.annotations
## @param serviceAccount.name
serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

## @param podAnnotations
##
podAnnotations: {}

## Security context settings
##
## @param securityContext.allowPrivilegeEscalation
## @param securityContext.capabilities
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL

## Pod security context settings
##
## @param podSecurityContext.runAsNonRoot
## @param podSecurityContext.readOnlyRootFilesystem
## @param podSecurityContext.runAsUser
## @param podSecurityContext.fsGroup
## @param podSecurityContext.seccompProfile
podSecurityContext:
  runAsNonRoot: true
  # readOnlyRootFilesystem: true
  # runAsUser: 1000
  # fsGroup: 2000
  # TODO(user): For common cases that do not require escalating privileges
  # it is recommended to ensure that all your Pods/Containers are restrictive.
  # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
  # Please uncomment the following code if your project does NOT have to work on old Kubernetes
  # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
  # seccompProfile:
  #   type: RuntimeDefault

## Service settings
##
## @param service.type
## @param service.port
## @param service.nodePort
service:
  type: ClusterIP
  port: 9443
  # -- Service node port.
  # Only used if `service.type` is `NodePort`.
  nodePort:


## Metrics serviceMonitor parameters
## Enable this if you're using Prometheus Operator
##
## @param serviceMonitor.enabled
## @param serviceMonitor.port
## @param serviceMonitor.nodePort
serviceMonitor:
  enabled: false
  # metrics server will be exposed at this port.
  port: 8080
  # Only used if `service.type` is `NodePort`.
  nodePort:

## KubeBlocks pods deployment topologySpreadConstraints settings
##
## @param topologySpreadConstraints
topologySpreadConstraints: []


## Resource settings
##
## @param resources.limits
## @param resources.requests
resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # TODO(user): Configure the resources accordingly based on the project requirements.
  # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
  # limits:
  #   cpu: 500m
  #   memory: 128Mi
  # requests:
  #   cpu: 10m
#   memory: 64Mi

## @param priorityClassName
##
priorityClassName:

## Autoscaling settings
##
## @param autoscaling.enabled
## @param autoscaling.minReplicas
## @param autoscaling.maxReplicas
## @param autoscaling.targetCPUUtilizationPercentage
## @param autoscaling.targetMemoryUtilizationPercentage
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80



## @param nodeSelector
##
nodeSelector: {}

## @param tolerations
##
tolerations:
- key: kb-controller
  operator: Equal
  value: "true"
  effect: NoSchedule


## @param affinity
##
affinity:
  nodeAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
    - weight: 100
      preference:
        matchExpressions:
        - key: kb-controller
          operator: In
          values:
          - "true"

## @param data plane settings
##
dataPlane:
  tolerations:
  - key: kb-data
    operator: Equal
    value: "true"
    effect: NoSchedule

  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        preference:
          matchExpressions:
          - key: kb-data
            operator: In
            values:
            - "true"

## AdmissionWebhooks settings
##
## @param admissionWebhooks.enabled
## @param admissionWebhooks.createSelfSignedCert
## @param admissionWebhooks.ignoreReplicasCheck
admissionWebhooks:
  enabled: false
  createSelfSignedCert: true
  ignoreReplicasCheck: false

## Data protection settings
##
## @param dataProtection.enabled - set the dataProtection controllers for backup functions
## @param dataProtection.gcFrequencySeconds - the frequency of garbage collection
dataProtection:
  enabled: true
  # customizing the encryption key is strongly recommended.
  # if you do not specify a custom key, the default key will be used.
  # using the default key can potentially lead to the exposure of database passwords
  # if 'get/list' role of the backup CR are compromised.
  encryptionKey: ""
  gcFrequencySeconds: 3600

  image:
    registry: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com
    repository: apecloud/kubeblocks-dataprotection
    pullPolicy: IfNotPresent
    # Overrides the image tag whose default is the chart appVersion.
    tag: ""
    imagePullSecrets: []
    datasafed:
      repository: apecloud/datasafed
      tag: "0.0.3"

## BackupRepo settings
##
## @param backupRepo.create - creates a backup repo during installation
## @param backupRepo.default - set the created repo as the default
## @param backupRepo.accessMethod - the access method for the backup repo, options: [Mount, Tool]
## @param backupRepo.storageProvider - the storage provider used by the repo, options: [s3, oss, minio]
## @param backupRepo.pvReclaimPolicy - the PV reclaim policy, options: [Retain, Delete]
## @param backupRepo.volumeCapacity - the capacity for creating PVC
## @param backupRepo.config - a key-value map containing the settings required by the storage provider
## @param backupRepo.secrets - a key-value map containing the secret values required by the storage provider
backupRepo:
  create: false
  default: true
  accessMethod: Tool
  storageProvider: ""
  pvReclaimPolicy: "Retain"
  volumeCapacity: ""
  config:
    bucket: ""
    endpoint: ""
    region: ""
  secrets:
    accessKeyId: ""
    secretAccessKey: ""

  ## Addon controller settings, this will require cluster-admin clusterrole.
  ##
  ## @param addonController.enabled
  ## @param addonController.jobTTL - is addon job time-to-live period, this value is time.Duration-parseable string.
  ## default value is "5m" if not provided.
## @param addonController.jobImagePullPolicy - addon install job image pull policy.
addonController:
  enabled: true
  jobTTL: "5m"
  jobImagePullPolicy: IfNotPresent


## @param keepAddons - keep Addon CR objects when delete this chart.
keepAddons: false

## @param addonChartLocationBase - KubeBlocks official addon's chart location base, to be released in an air-gapped environment.
## if url has prefix "file://", KubeBlocks will use the helm charts copied from the addonChartsImage.
##
addonChartLocationBase: file://

## @param addonChartsImage - addon charts image, used to copy Helm charts to the addon job container.
## @param addonChartsImage.chartsPath - the helm charts path in the addon charts image.
addonChartsImage:
  registry: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com
  repository: apecloud/kubeblocks-charts
  pullPolicy: IfNotPresent
  tag: ""
  chartsPath: /charts

## @param addonHelmInstallOptions - addon helm install options.
addonHelmInstallOptions:
- "--atomic"
- "--cleanup-on-fail"
- "--wait"
- "--insecure-skip-tls-verify"

## Prometheus Addon
##
prometheus:
  ## If false, prometheus sub-chart will not be installed
  ##
  enabled: false

  alertmanager:
    ## If false, alertmanager will not be installed
    ##
    enabled: true

    ## alertmanager container image
    ##
    image:
      repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/alertmanager
      tag: v0.24.0

    ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.alertmanager.configMapOverrideName}}
    ## Defining configMapOverrideName will cause templates/alertmanager-configmap.yaml
    ## to NOT generate a ConfigMap resource
    ##
    configMapOverrideName: "alertmanager-config"

    ## Node tolerations for alertmanager scheduling to nodes with taints
    ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
    ##
    tolerations:
    - key: kb-controller
      operator: Equal
      value: "true"
      effect: NoSchedule

    affinity:
      nodeAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          preference:
            matchExpressions:
            - key: kb-controller
              operator: In
              values:
              - "true"

    persistentVolume:
      ## If true, alertmanager will create/use a Persistent Volume Claim
      ## If false, use emptyDir
      ##
      enabled: false

      ## alertmanager data Persistent Volume size
      ##
      size: 1Gi

      ## alertmanager data Persistent Volume Storage Class
      ## If defined, storageClassName: <storageClass>
      ## If set to "-", storageClassName: "", which disables dynamic provisioning
      ## If undefined (the default) or set to null, no storageClassName spec is
      ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
      ##   GKE, AWS & OpenStack)
      ##
      # storageClass: "-"

    ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
    ##
    replicaCount: 1

    statefulSet:
      ## If true, use a statefulset instead of a deployment for pod management.
      ## This allows to scale replicas to more than 1 pod
      ##
      enabled: true

      ## Alertmanager headless service to use for the statefulset
      ##
      headless:
        ## Enabling peer mesh service end points for enabling the HA alert manager
        ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
        enableMeshPeer: true

    ## alertmanager resource requests and limits
    ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
    ##
    resources: {}
      # limits:
      #   cpu: 10m
      #   memory: 32Mi
      # requests:
      #   cpu: 10m
    #   memory: 32Mi

    ## Security context to be added to alertmanager pods
    ##
    securityContext:
      runAsUser: 0
      runAsNonRoot: false
      runAsGroup: 65534
      fsGroup: 65534

    containerSecurityContext:
      allowPrivilegeEscalation: false

    ingress:
      ## If true, alertmanager Ingress will be created
      ##
      enabled: false

      # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
      # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
      # ingressClassName: nginx

      ## alertmanager Ingress annotations
      ##
      annotations: {}
      #   kubernetes.io/ingress.class: nginx
      #   kubernetes.io/tls-acme: 'true'

      ## alertmanager Ingress additional labels
      ##
      extraLabels: {}

      ## alertmanager Ingress hostnames with optional path
      ## Must be provided if Ingress is enabled
      ##
      hosts: []
      #   - alertmanager.domain.com
      #   - domain.com/alertmanager

      path: /

      # pathType is only for k8s >= 1.18
      pathType: Prefix

      ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
      extraPaths: []
      # - path: /*
      #   backend:
      #     serviceName: ssl-redirect
      #     servicePort: use-annotation

      ## alertmanager Ingress TLS configuration
      ## Secrets must be manually created in the namespace
      ##
      tls: []
      #   - secretName: prometheus-alerts-tls
      #     hosts:
      #       - alertmanager.domain.com

    service:
      annotations: {}
      labels: {}
      clusterIP: ""

      ## Enabling peer mesh service end points for enabling the HA alert manager
      ## Ref: https://github.com/prometheus/alertmanager/blob/master/README.md
      # enableMeshPeer : true

      ## List of IP addresses at which the alertmanager service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []

      loadBalancerIP: ""
      loadBalancerSourceRanges: []
      servicePort: 80
      # nodePort: 30000
      sessionAffinity: None
      type: ClusterIP


  kubeStateMetrics:
    ## If false, kube-state-metrics sub-chart will not be installed
    ##
    enabled: false

  nodeExporter:
    ## If false, node-exporter will not be installed
    ##
    enabled: false

    ## node-exporter container image
    ##
    image:
      repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/node-exporter
      tag: v1.3.1

  configmapReload:
    prometheus:
      ## configmap-reload container image
      ##
      image:
        repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/configmap-reload
        tag: v0.5.0
    alertmanager:
      ## configmap-reload container image
      ##
      image:
        repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/configmap-reload
        tag: v0.5.0

  server:
    ## Prometheus server container name
    ##
    enabled: true

    ## Prometheus server container image
    ##
    image:
      repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/prometheus
      tag: v2.44.0

    global:
      ## How frequently to scrape targets by default
      ##
      scrape_interval: 15s
      ## How long until a scrape request times out
      ##
      scrape_timeout: 10s
      ## How frequently to evaluate rules
      ##
      evaluation_interval: 15s

    ## Additional Prometheus server container flags
    ##
    extraFlags:
    - web.enable-lifecycle
    - web.enable-remote-write-receiver

    ## Additional Prometheus server container arguments
    ##
    extraArgs:
      log.level: info
      storage.tsdb.min-block-duration: 30m
      enable-feature: memory-snapshot-on-shutdown
      storage.tsdb.retention.size: 10GB

    ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write
    ##
    remoteWrite: []

    ## Prefix used to register routes, overriding externalUrl route.
    ## Useful for proxies that rewrite URLs.
    ##
    routePrefix: /

    ## Node tolerations for server scheduling to nodes with taints
    ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
    ##
    tolerations:
    - key: kb-controller
      operator: Equal
      value: "true"
      effect: NoSchedule

    affinity:
      nodeAffinity:
        preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          preference:
            matchExpressions:
            - key: kb-controller
              operator: In
              values:
              - "true"

    persistentVolume:
      ## If true, Prometheus server will create/use a Persistent Volume Claim
      ## If false, use emptyDir
      ##
      enabled: false

      ## Prometheus server data Persistent Volume size
      ##
      size: 20Gi

      ## Prometheus server data Persistent Volume Storage Class
      ## If defined, storageClassName: <storageClass>
      ## If set to "-", storageClassName: "", which disables dynamic provisioning
      ## If undefined (the default) or set to null, no storageClassName spec is
      ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
      ##   GKE, AWS & OpenStack)
      ##
      # storageClass: "-"

    ## Use a StatefulSet if replicaCount needs to be greater than 1 (see below)
    ##
    replicaCount: 1

    statefulSet:
      ## If true, use a statefulset instead of a deployment for pod management.
      ## This allows to scale replicas to more than 1 pod
      ##
      enabled: true

    ## Prometheus server resource requests and limits
    ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
    ##
    resources: {}
      # limits:
      #   cpu: 500m
      #   memory: 512Mi
      # requests:
      #   cpu: 500m
    #   memory: 512Mi

    ## Prometheus' data retention period (default if not specified is 15 days)
    ##
    retention: "2d"

    ## Security context to be added to server pods
    ##
    securityContext:
      runAsUser: 0
      runAsNonRoot: false
      runAsGroup: 65534
      fsGroup: 65534

    containerSecurityContext:
      allowPrivilegeEscalation: false

    service:
      ## If false, no Service will be created for the Prometheus server
      ##
      enabled: true

      annotations: {}
      labels: {}
      clusterIP: ""

      ## List of IP addresses at which the Prometheus server service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []

      loadBalancerIP: ""
      loadBalancerSourceRanges: []
      servicePort: 80
      sessionAffinity: None
      type: ClusterIP

      ## Enable gRPC port on service to allow auto discovery with thanos-querier
      gRPC:
        enabled: false
        servicePort: 10901
        # nodePort: 10901

      ## If using a statefulSet (statefulSet.enabled=true), configure the
      ## service to connect to a specific replica to have a consistent view
      ## of the data.
      statefulsetReplica:
        enabled: false
        replica: 0

    ingress:
      ## If true, Prometheus server Ingress will be created
      ##
      enabled: false

      # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
      # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
      # ingressClassName: nginx

      ## Prometheus server Ingress annotations
      ##
      annotations: {}
      #   kubernetes.io/ingress.class: nginx
      #   kubernetes.io/tls-acme: 'true'

      ## Prometheus server Ingress additional labels
      ##
      extraLabels: {}

      ## Prometheus server Ingress hostnames with optional path
      ## Must be provided if Ingress is enabled
      ##
      hosts: []
      #   - prometheus.domain.com
      #   - domain.com/prometheus

      path: /

      # pathType is only for k8s >= 1.18
      pathType: Prefix

      ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
      extraPaths: []
      # - path: /*
      #   backend:
      #     serviceName: ssl-redirect
      #     servicePort: use-annotation

      ## Prometheus server Ingress TLS configuration
      ## Secrets must be manually created in the namespace
      ##
      tls: []
      #   - secretName: prometheus-server-tls
      #     hosts:
      #       - prometheus.domain.com




  ## AlertManager ConfigMap Entries
  ## NOTE: Please review these carefully as thresholds and behavior may not meet
  ##       your SLOs or labels.
  ##
  alertmanagerFiles:
    alertmanager.yml:
      global: {}

      receivers:
      - name: default-receiver

      route:
        receiver: default-receiver
        group_wait: 5s
        group_interval: 30s
        repeat_interval: 10m

  ## Sample prometheus rules/alerts
  ## NOTE: Please review these carefully as thresholds and behavior may not meet
  ##       your SLOs or labels.
  ##
  ruleFiles:
    kubelet_alert_rules.yml: |
      groups:
        - name: KubeletSummary
          rules:
            - alert: ContainerCpuUsageWarning
              expr: 'rate(container_cpu_time_seconds_total[2m]) / container_cpu_limit * 100 > 70'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'Container CPU usage is high (> 70%)'
                description: 'Container CPU usage is {{ $value | printf "%.2f" }} percent. (pod: {{ $labels.k8s_pod_name }}, container: {{ $labels.k8s_container_name }})'

            - alert: ContainerCpuUsageCritical
              expr: 'rate(container_cpu_time_seconds_total[2m]) / container_cpu_limit * 100 > 90'
              for: 1m
              labels:
                severity: critical
              annotations:
                summary: 'Container CPU usage is very high (> 90%)'
                description: 'Container CPU usage is {{ $value | printf "%.2f" }} percent. (pod: {{ $labels.k8s_pod_name }}, container: {{ $labels.k8s_container_name }})'

            - alert: ContainerMemoryUsage
              expr: 'container_memory_working_set_bytes / container_memory_limit_bytes * 100 > 90'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'Container Memory usage is high (> 90%)'
                description: 'Container Memory usage is {{ $value | printf "%.2f" }} percent. (pod: {{ $labels.k8s_pod_name }}, container: {{ $labels.k8s_container_name }})'

            - alert: ContainerMemoryUsagePredict
              expr: 'predict_linear(container_memory_working_set_bytes[15m], 30*60) - container_memory_limit_bytes > 0'
              for: 5m
              labels:
                severity: critical
              annotations:
                summary: 'Container Memory predict usage may exceed the limit 30 minutes later'
                description: 'Container Memory predict usage may exceed the limit 30 minutes later, the predict value is {{ $value | humanize1024 }}. (pod: {{ $labels.k8s_pod_name }}, container: {{ $labels.k8s_container_name }})'

            - alert: ContainerVolumeUsage
              expr: '(k8s_volume_capacity_bytes - k8s_volume_available_bytes) / k8s_volume_capacity_bytes * 100 > 90'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'Volume usage is high (> 90%)'
                description: 'Volume usage is {{ $value | printf "%.2f" }} percent. (pod: {{ $labels.k8s_pod_name }}, volume: {{ $labels.k8s_volume_name }})'

    mysql_alert_rules.yml: |
      groups:
        - name: MysqldExporter
          rules:
            - alert: MysqlDown
              expr: 'max_over_time(mysql_up[1m]) == 0'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'MySQL is down'
                description: 'MySQL is down. (instance: {{ $labels.pod }})'

            - alert: MysqlRestarted
              expr: 'mysql_global_status_uptime < 60'
              for: 0m
              labels:
                severity: info
              annotations:
                summary: 'MySQL has just been restarted (< 60s)'
                description: 'MySQL has just been restarted {{ $value | printf "%.1f" }} seconds ago. (instance: {{ $labels.pod }})'

            - alert: MysqlTooManyConnections
              expr: 'sum(max_over_time(mysql_global_status_threads_connected[1m]) / mysql_global_variables_max_connections) BY (namespace,app_kubernetes_io_instance,pod) * 100 > 80'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MySQL has too many connections (> 80%)'
                description: '{{ $value | printf "%.2f" }} percent of MySQL connections are in use. (instance: {{ $labels.pod }})'

            - alert: MysqlConnectionErrors
              expr: 'sum(increase(mysql_global_status_connection_errors_total[1m])) BY (namespace,app_kubernetes_io_instance,pod) > 0'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MySQL connection errors'
                description: 'MySQL has connection errors and the value is {{ $value | printf "%.2f" }}. (instance: {{ $labels.pod }})'

            - alert: MysqlHighThreadsRunning
              expr: 'sum(max_over_time(mysql_global_status_threads_running[1m]) / mysql_global_variables_max_connections) BY (namespace,app_kubernetes_io_instance,pod) * 100 > 60'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MySQL high threads running (> 60%)'
                description: '{{ $value | printf "%.2f" }} percent of MySQL connections are in running state. (instance: {{ $labels.pod }})'

            - alert: MysqlSlowQueries
              expr: 'sum(increase(mysql_global_status_slow_queries[1m])) BY (namespace,app_kubernetes_io_instance,pod) > 0'
              for: 2m
              labels:
                severity: info
              annotations:
                summary: 'MySQL slow queries'
                description: 'MySQL server has {{ $value | printf "%.2f" }} slow query. (instance: {{ $labels.pod }})'

            - alert: MysqlInnodbLogWaits
              expr: 'sum(rate(mysql_global_status_innodb_log_waits[5m])) BY (namespace,app_kubernetes_io_instance,pod) > 10'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MySQL InnoDB log waits (> 10)'
                description: 'MySQL innodb log writes stalling and the value is {{ $value | printf "%.2f" }}. (instance: {{ $labels.pod }})'

            - alert: MysqlInnodbBufferPoolHits
              expr: 'sum(rate(mysql_global_status_innodb_buffer_pool_reads[5m]) / rate(mysql_global_status_innodb_buffer_pool_read_requests[5m])) BY (namespace,app_kubernetes_io_instance,pod) * 100 > 5'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MySQL InnoDB high read requests rate hitting disk (> 5%)'
                description: 'High number of logical reads that InnoDB could not satisfy from the buffer pool, and had to read directly from disk. The value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }})'

    postgresql_alert_rules.yml: |
      groups:
        - name: PostgreSQLExporter
          rules:
            - alert: PostgreSQLDown
              expr: 'max_over_time(pg_up[1m]) == 0'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'PostgreSQL is down'
                description: 'PostgreSQL is down. (instance: {{ $labels.pod }})'

            - alert: PostgreSQLRestarted
              expr: 'time() - pg_postmaster_start_time_seconds < 60'
              for: 0m
              labels:
                severity: info
              annotations:
                summary: 'PostgreSQL has just been restarted (< 60s)'
                description: 'PostgreSQL has just been restarted {{ $value | printf "%.1f" }} seconds ago. (instance: {{ $labels.pod }})'

            - alert: PostgreSQLExporterError
              expr: 'pg_exporter_last_scrape_error > 0'
              for: 0m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL exporter scrape error'
                description: 'PostgreSQL exporter has {{ $value | printf "%.2f" }} scrape errors. A query may be buggy in query.yaml. (instance: {{ $labels.pod }})'

            - alert: PostgreSQLTooManySlowQueries
              expr: |
                max by(namespace,app_kubernetes_io_instance,pod,datname) (
                  max_over_time(pg_stat_activity_max_tx_duration{datname!~"template.*"}[2m])
                ) > 60
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL database has high number of slow queries'
                description: 'PostgreSQL database has slow queries and the value is {{ $value | printf "%.2f" }}. (instance: {{ $labels.pod }}, database: {{ $labels.datname }})'

            - alert: PostgreSQLTooManyConnections
              expr: |
                sum by (namespace,app_kubernetes_io_instance,pod) (pg_stat_activity_count{datname!~"template.*"})
                > on(namespace,app_kubernetes_io_instance,pod)
                (pg_settings_max_connections - pg_settings_superuser_reserved_connections) * 0.8
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL too many connections (> 80%)'
                description: 'PostgreSQL has too many connections and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }})'

            - alert: PostgreSQLDeadLocks
              expr: 'increase(pg_stat_database_deadlocks_total{datname!~"template.*", datname!=""}[2m]) > 5'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL database has dead locks (> 5)'
                description: 'PostgreSQL database has {{ $value | printf "%.2f"}} dead locks. (instance: {{ $labels.pod }}, database: {{ $labels.datname }})'

            - alert: PostgreSQLHighRollbackRate
              expr: |
                rate(pg_stat_database_xact_rollback_total{datname!~"template.*", datname!=""}[2m])
                /
                rate(pg_stat_database_xact_commit_total{datname!~"template.*", datname!=""}[2m])
                > 0.1
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL database has high rollback rate (> 10%)'
                description: 'Ratio of transactions being aborted compared to committed is {{ $value | printf "%.2f"}} percent. (instance: {{ $labels.pod }}, database: {{ $labels.datname }})'

            - alert: PostgreSQLTooManyLocksAcquired
              expr: |
                sum by (namespace,app_kubernetes_io_instance,pod) (pg_locks_count)
                / on(namespace,app_kubernetes_io_instance,pod)
                (pg_settings_max_locks_per_transaction * pg_settings_max_connections)
                > 0.2
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL has too many locks acquired (> 20%)'
                description: 'Too many locks acquired on the database and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }})'

            - alert: PostgreSQLCacheHitRatio
              expr: |
                avg by (namespace,app_kubernetes_io_instance,pod,datname) (
                  rate(pg_stat_database_blks_hit_total{datname!~"template.*", datname!=""}[2m])
                  /
                  (
                    rate(
                      pg_stat_database_blks_hit_total{datname!~"template.*", datname!=""}[2m]
                    )
                    +
                    rate(
                      pg_stat_database_blks_read_total{datname!~"template.*", datname!=""}[2m]
                    )
                  )
                ) < 0.9
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL database has low cache hit rate (< 90%)'
                description: 'Low cache hit rate and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }}, database: {{ $labels.datname }})'

            - alert: PostgreSQLMaxWriteBufferReached
              expr: 'rate(pg_stat_bgwriter_maxwritten_clean_total[2m]) > 0'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL write buffers reached max'
                description: 'PostgreSQL background writer stops for max and the value is {{ $value | printf "%.2f" }}. (instance: {{ $labels.pod }})'

            - alert: PostgreSQLHighWALFilesArchiveErrorRate
              expr: |
                rate(pg_stat_archiver_failed_count_total[2m])
                / (
                  rate(pg_stat_archiver_archived_count_total[2m]) + rate(pg_stat_archiver_failed_count_total[2m])
                ) > 0.1
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL has high error rate in WAL files archiver(> 10%)'
                description: 'PostgreSQL high error rate in WAL files archiver and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }})'

            - alert: PostgreSQLTableNotAutoVacuumed
              expr: |
                (pg_stat_user_tables_last_autovacuum > 0)
                and
                (time() - pg_stat_user_tables_last_autovacuum)
                > 24 * 60 * 60 * 10
              for: 0m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL table in database has not been auto vacuumed for 10 days'
                description: 'Table {{ $labels.relname }} in database has not been auto vacuumed for 10 days. (instance: {{ $labels.pod }}, database: {{ $labels.datname }})'

            - alert: PostgreSQLTableNotAutoAnalyzed
              expr: |
                (pg_stat_user_tables_last_autoanalyze > 0)
                and
                (time() - pg_stat_user_tables_last_autoanalyze)
                > 24 * 60 * 60 * 10
              for: 0m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL table in database has not been auto analyzed for 10 days'
                description: 'Table {{ $labels.relname }} in database has not been auto analyzed for 10 days. (instance: {{ $labels.pod }}, database: {{ $labels.datname }})'

            - alert: PostgreSQLTableTooManyDeadTuples
              expr: |
                (pg_stat_user_tables_n_dead_tup > 10000)
                /
                (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)
                >= 0.1
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'PostgreSQL table in database has too many dead tuples (> 10%)'
                description: 'Table {{ $labels.relname }} in database dead tuples is too large and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }}, database: {{ $labels.datname }})'

    redis_alert_rules.yml: |
      groups:
        - name: RedisExporter
          rules:
            - alert: RedisDown
              expr: 'redis_up == 0'
              for: 5m
              labels:
                severity: critical
              annotations:
                summary: 'Redis is down'
                description: 'Redis is down. (instance: {{ $labels.pod }})'

            - alert: RedisCPUHigh
              expr: '(rate(redis_cpu_sys_seconds_total[1m]) + rate(redis_cpu_user_seconds_total[1m])) * 100 > 80'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'Out of CPU (> 80%)'
                description: 'Redis is running out of CPU and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }})'

            - alert: RedisMemoryHigh
              expr: '(redis_memory_max_bytes == 0 or redis_memory_used_bytes * 100 / redis_memory_max_bytes) > 90'
              for: 5m
              labels:
                severity: warning
              annotations:
                summary: 'Out of memory (> 90%)'
                description: 'Redis is running out of memory and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }})'

            - alert: RedisTooManyConnections
              expr: 'redis_connected_clients * 100 / redis_config_maxclients > 80'
              for: 1m
              labels:
                severity: warning
              annotations:
                summary: 'Redis has too many connections (> 80%)'
                description: 'Redis has too many connections and the value is {{ $value | printf "%.2f" }} percent. (instance: {{ $labels.pod }})'

            - alert: RedisRejectedConnections
              expr: 'increase(redis_rejected_connections_total[1m]) > 0'
              for: 5m
              labels:
                severity: error
              annotations:
                summary: 'Redis has rejected connections'
                description: '{{ $value | printf "%.2f" }} connections to Redis has been rejected. (instance: {{ $labels.pod }})'

            - alert: RedisKeyEviction
              expr: 'increase(redis_evicted_keys_total[5m]) > 0'
              for: 1s
              labels:
                severity: error
              annotations:
                summary: 'Redis has evicted keys'
                description: 'Redis has evicted keys in the last 5 minutes and the value is {{ $value | printf "%.2f" }}. (instance: {{ $labels.pod }})'

            - alert: RedisMissingMaster
              expr: 'count by (app_kubernetes_io_instance) (redis_instance_info{role="master"}) < 1'
              for: 30s
              labels:
                severity: critical
              annotations:
                summary: 'Redis missing master'
                description: 'Redis cluster has no node marked as master.'

            - alert: RedisDisconnectedSlaves
              expr: 'count without (instance, job) (redis_connected_slaves) - sum without (instance, job) (redis_connected_slaves) - 1 > 1'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'Redis disconnected slaves'
                description: 'Redis not replicating for all slaves. Consider reviewing the redis replication status. (instance: {{ $labels.pod }})'

            - alert: RedisReplicationBroken
              expr: 'delta(redis_connected_slaves[1m]) < 0'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'Redis replication broken'
                description: 'Redis instance lost a slave. (instance: {{ $labels.pod }})'

    mongodb_alert_rules.yml: |-
      groups:
        - name: MongodbExporter
          rules:
            - alert: MongodbDown
              expr: 'max_over_time(mongodb_up[1m]) == 0'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'MongoDB is Down'
                description: 'MongoDB instance is down\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
      
            - alert: MongodbRestarted
              expr: 'mongodb_instance_uptime_seconds < 60'
              for: 0m
              labels:
                severity: info
              annotations:
                summary: 'Mongodb has just been restarted (< 60s)'
                description: 'Mongodb has just been restarted {{ $value | printf "%.1f" }} seconds ago\n LABELS = {{ $labels }}'
      
            - alert: MongodbReplicaMemberUnhealthy
              expr: 'max_over_time(mongodb_rs_members_health[1m]) == 0'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'Mongodb replica member is unhealthy'
                description: 'MongoDB replica member is not healthy\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
      
            - alert: MongodbReplicationLag
              expr: '(mongodb_rs_members_optimeDate{member_state="PRIMARY"} - on (pod) group_right mongodb_rs_members_optimeDate{member_state="SECONDARY"}) / 1000 > 10'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'MongoDB replication lag (> 10s)'
                description: 'Mongodb replication lag is more than 10s\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
      
            - alert: MongodbReplicationHeadroom
              expr: 'sum(avg(mongodb_mongod_replset_oplog_head_timestamp - mongodb_mongod_replset_oplog_tail_timestamp)) - sum(avg(mongodb_rs_members_optimeDate{member_state="PRIMARY"} - on (pod) group_right mongodb_rs_members_optimeDate{member_state="SECONDARY"})) <= 0'
              for: 0m
              labels:
                severity: critical
              annotations:
                summary: 'MongoDB replication headroom (< 0)'
                description: 'MongoDB replication headroom is <= 0\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
      
            - alert: MongodbNumberCursorsOpen
              expr: 'mongodb_ss_metrics_cursor_open{csr_type="total"} > 10 * 1000'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MongoDB opened cursors num (> 10k)'
                description: 'Too many cursors opened by MongoDB for clients (> 10k)\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
      
            - alert: MongodbCursorsTimeouts
              expr: 'increase(mongodb_ss_metrics_cursor_timedOut[1m]) > 100'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MongoDB cursors timeouts (>100/minute)' 
                description: 'Too many cursors are timing out (> 100/minute)\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
      
            - alert: MongodbTooManyConnections
              expr: 'avg by(pod) (rate(mongodb_ss_connections{conn_type="current"}[1m])) / avg by(pod) (sum (mongodb_ss_connections) by(pod)) * 100 > 80'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: 'MongoDB too many connections (> 80%)'
                description: 'Too many connections (> 80%)\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
      
            - alert: MongodbVirtualMemoryUsage
              expr: '(sum(mongodb_ss_mem_virtual) BY (pod) / sum(mongodb_ss_mem_resident) BY (pod)) > 100'
              for: 2m
              labels:
                severity: warning
              annotations:
                summary: MongoDB virtual memory usage high
                description: "High memory usage: the quotient of (mem_virtual / mem_resident) is more than 100\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"

    kafka_alert_rules.yaml: |-
      group:
        - name: KafkaExporter
          rules:
            - alert: KafkaTopicsReplicas
                expr: 'sum(kafka_topic_partition_in_sync_replica) by (topic) < 3'
                for: 0m
                labels:
                  severity: critical
                annotations:
                  summary: 'Kafka topics replicas (instance {{ $labels.app_kubernetes_io_instance }})'
                  description: 'Kafka topic in-sync partition\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
            - alert: KafkaConsumersGroup
                expr: 'sum(kafka_consumergroup_lag) by (consumergroup) > 50'
                for: 1m
                labels:
                  severity: critical
                annotations:
                  summary: 'Kafka consumers group (instance {{ $labels.app_kubernetes_io_instance }})'
                  description: 'Kafka consumers group\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}'
            - alert: KafkaBrokerDown
                expr: 'kafka_brokers < 3'
                for: 0m
                labels:
                  severity: critical
                annotations:
                  Summary: 'Kafka broker *{{ $labels.app_kubernetes_io_instance }}* alert status'
                  description: 'One of the Kafka broker *{{ $labels.app_kubernetes_io_instance }}* is down.'

  serverFiles:
    prometheus.yml:
      rule_files:
      - /etc/config/recording_rules.yml
      - /etc/config/alerting_rules.yml
      - /etc/config/kubelet_alert_rules.yml
      - /etc/config/mysql_alert_rules.yml
      - /etc/config/postgresql_alert_rules.yml
      - /etc/config/redis_alert_rules.yml
      - /etc/config/kafka_alert_rules.yml
      - /etc/config/mongodb_alert_rules.yml

      scrape_configs:
      - job_name: prometheus
        static_configs:
        - targets:
          - localhost:9090

      # Scrape config for kubeblocks managed service endpoints.
      #
      # The relabeling allows the actual service scrape endpoint to be configured
      # via the following annotations:
      #
      # * `monitor.kubeblocks.io/scrape`: Only scrape services that have a value of
      # `true`.
      # * `monitor.kubeblocks.io/scheme`: If the metrics endpoint is secured then you will need
      # to set this to `https` & most likely set the `tls_config` of the scrape config.
      # * `monitor.kubeblocks.io/path`: If the metrics path is not `/metrics` override this.
      # * `monitor.kubeblocks.io/port`: If the metrics are exposed on a different port to the
      # service then set this appropriately.
      # * `monitor.kubeblocks.io/param_<parameter>`: If the metrics endpoint uses parameters
      # then you can set any parameter
      - job_name: 'kubeblocks-service'
        honor_labels: true

        kubernetes_sd_configs:
        - role: endpoints

        relabel_configs:
        - source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_managed_by]
          action: keep
          regex: kubeblocks
        - source_labels: [__meta_kubernetes_service_label_monitor_kubeblocks_io_managed_by]
          action: drop
          regex: agamotto
        - source_labels: [__meta_kubernetes_service_annotation_monitor_kubeblocks_io_scrape]
          action: keep
          regex: true
        - source_labels: [__meta_kubernetes_service_annotation_monitor_kubeblocks_io_scheme]
          action: replace
          target_label: __scheme__
          regex: (https?)
        - source_labels: [__meta_kubernetes_service_annotation_monitor_kubeblocks_io_path]
          action: replace
          target_label: __metrics_path__
          regex: (.+)
        - source_labels: [__address__, __meta_kubernetes_service_annotation_monitor_kubeblocks_io_port]
          action: replace
          target_label: __address__
          regex: (.+?)(?::\d+)?;(\d+)
          replacement: $1:$2
        - action: labelmap
          regex: __meta_kubernetes_service_annotation_monitor_kubeblocks_io_param_(.+)
          replacement: __param_$1
        - action: labelmap
          regex: __meta_kubernetes_service_label_(.+)
        - source_labels: [__meta_kubernetes_namespace]
          action: replace
          target_label: namespace
        - source_labels: [__meta_kubernetes_service_name]
          action: replace
          target_label: service
        - source_labels: [__meta_kubernetes_pod_node_name]
          action: replace
          target_label: node
        - source_labels: [__meta_kubernetes_pod_name]
          action: replace
          target_label: pod
        - source_labels: [__meta_kubernetes_pod_phase]
          regex: Pending|Succeeded|Failed|Completed
          action: drop

      - job_name: 'kubeblocks-agamotto'
        honor_labels: true

        kubernetes_sd_configs:
        - role: endpoints

        relabel_configs:
        - source_labels: [__meta_kubernetes_service_label_monitor_kubeblocks_io_managed_by]
          action: keep
          regex: agamotto
        - source_labels: [__meta_kubernetes_service_annotation_monitor_kubeblocks_io_scrape]
          action: keep
          regex: true
        - source_labels: [__meta_kubernetes_service_annotation_monitor_kubeblocks_io_scheme]
          action: replace
          target_label: __scheme__
          regex: (https?)
        - source_labels: [__meta_kubernetes_service_annotation_monitor_kubeblocks_io_path]
          action: replace
          target_label: __metrics_path__
          regex: (.+)
        - source_labels: [__address__, __meta_kubernetes_service_annotation_monitor_kubeblocks_io_port]
          action: replace
          target_label: __address__
          regex: (.+?)(?::\d+)?;(\d+)
          replacement: $1:$2
        - action: labelmap
          regex: __meta_kubernetes_service_annotation_monitor_kubeblocks_io_param_(.+)
          replacement: __param_$1
        - source_labels: [__meta_kubernetes_pod_phase]
          regex: Pending|Succeeded|Failed|Completed
          action: drop

  pushgateway:
    ## If false, pushgateway will not be installed
    ##
    enabled: false

## loki settings for kubeblocks
loki:
  enabled: false
  singleBinary:
    replicas: 1
  monitoring:
    lokiCanary:
      enabled: false
    selfMonitoring:
      enabled: false
      grafanaAgent:
        installOperator: false
    dashboards:
      enabled: false
    rules:
      enabled: false
    serviceMonitor:
      enabled: false
  test:
    enabled: false
  loki:
    auth_enabled: false
    commonConfig:
      replication_factor: 1
    storage:
      type: filesystem
    podSecurityContext:
      runAsNonRoot: false
      runAsUser: 0
    limits_config:
      max_query_lookback: 72h
      retention_period: 72h
    compactor:
      working_directory: /var/loki/retention
      shared_store: filesystem
      compaction_interval: 10m
      retention_enabled: true
      retention_delete_delay: 2h
      retention_delete_worker_count: 150
      delete_request_cancel_period: 2h


grafana:
  ## If false, grafana sub-chart will not be installed
  ##
  enabled: false

  rbac:
    pspEnabled: false

  replicas: 1

  image:
    repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/grafana
    # Overrides the Grafana image tag whose default is the chart appVersion
    tag: 9.2.4

  ## Grafana server resource requests and limits
  ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources: {}
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
  #   memory: 128Mi

  ## Node tolerations for grafana scheduling to nodes with taints
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
  ##
  tolerations:
  - key: kb-controller
    operator: Equal
    value: "true"
    effect: NoSchedule

  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        preference:
          matchExpressions:
          - key: kb-controller
            operator: In
            values:
            - "true"

  ## Timezone for the default dashboards
  ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg
  ##
  defaultDashboardsTimezone:

  adminUser: admin
  adminPassword: kubeblocks

  sidecar:
    image:
      repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/k8s-sidecar
      tag: 1.19.2

    dashboards:
      enabled: true
      label: grafana_dashboard
      labelValue: "1"
      searchNamespace: ALL
      resource: configmap

    datasources:
      enabled: true
      label: grafana_datasource
      labelValue: "1"
      searchNamespace: ALL
      resource: configmap

      defaultDatasourceEnabled: true
      uid: prometheus

      skipReload: false
      initDatasources: true

  testFramework:
    enabled: false

  grafana.ini:
    # Basic auth is enabled by default and works with the builtin Grafana user password authentication system and LDAP authentication integration.
    auth.basic:
      enabled: false

    auth.anonymous:
      enabled: true
      # Hide the Grafana version text from the footer and help tooltip for unauthenticated users (default: false)
      hide_version: true

  ingress:
    enabled: false
    # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
    # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
    # ingressClassName: nginx
    # Values can be templated
    annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    labels: {}
    path: /

    # pathType is only for k8s >= 1.1=
    pathType: Prefix

    hosts:
    - chart-example.local
    ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
    extraPaths: []
    # - path: /*
    #   backend:
    #     serviceName: ssl-redirect
    #     servicePort: use-annotation
    ## Or for k8s > 1.19
    # - path: /*
    #   pathType: Prefix
    #   backend:
    #     service:
    #       name: ssl-redirect
    #       port:
    #         name: use-annotation


    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local

  ## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service).
  ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
  ## ref: http://kubernetes.io/docs/user-guide/services/
  ##
  service:
    enabled: true
    type: ClusterIP
    port: 80
    targetPort: 3000
    # targetPort: 4181 To be used with a proxy extraContainer
    ## Service annotations. Can be templated.
    annotations: {}
    labels: {}
    portName: service
    # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp"
    appProtocol: ""


### snapshot-controller settings
### ref: https://artifacthub.io/packages/helm/piraeus-charts/snapshot-controller#configuration
###
snapshot-controller:
  ## @param snapshot-controller.enabled -- Enable snapshot-controller chart.
  ##
  enabled: true
  ## @param snapshot-controller.replicaCount -- Number of replicas to deploy.
  ##
  replicaCount: 1
  ## snapshot-controller image setting, easy access for CN users.
  ## @param snapshot-controller.image.repository -- Repository to pull the image from.
  ##
  image:
    repository: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com/apecloud/snapshot-controller
    tag: v6.2.1

  tolerations:
  - key: kb-controller
    operator: Equal
    value: "true"
    effect: NoSchedule

  volumeSnapshotClasses:
  - name: default-vsc
    driver: hostpath.csi.k8s.io
    deletionPolicy: Delete

  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        preference:
          matchExpressions:
          - key: kb-controller
            operator: In
            values:
            - "true"

kubeblocks-csi-driver:
  enabled: false


cloudProvider:
  ## cloudProvider secret settings
  ## @param cloudProvider.accessKey -- S3 Access Key.
  ## @param cloudProvider.secretKey -- S3 Secret Key.
  ## @param cloudProvider.region -- S3 region.
  ## @param cloudProvider.cloud -- cloud name: [aws,aliyun].
  ## @param cloudProvider.bucket -- S3 Bucket.
  accessKey: ""
  secretKey: ""
  region: ""
  name: ""
  bucket: ""

## csi-s3 settings
## ref: https://artifacthub.io/packages/helm/cloudve/csi-s3#configuration
##
csi-s3:
  ## @param csi-s3.enabled -- Enable csi-s3 chart.
  ##
  enabled: false

alertmanager-webhook-adaptor:
  ## Linkage with prometheus.enabled
  ##
  # enabled: false

  ## Webhook-Adaptor container image
  ##
  image:
    registry: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com

  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        preference:
          matchExpressions:
          - key: kb-controller
            operator: In
            values:
            - "true"

  ## ConfigMap override where fullname is {{.Release.Name}}-{{.Values.configMapOverrideName}}
  ##
  configMapOverrideName: "config"

  ## Webhook-Adaptor ConfigMap Entries
  configFiles:
    config.yaml: {}

csi-hostpath-driver:
  ## @param csi-hostpath-driver.enabled -- Enable csi-hostpath-driver chart.
  ##
  enabled: false
  ## csi-hostpath-driver storageClass setting
  ## @param csi-hostpath-driver.storageClass.create -- Specifies whether the storage class should be created.
  ## @param csi-hostpath-driver.storageClass.default -- Specifies whether the storage class should be default after created.
  ##
  storageClass:
    create: true
    default: true

aws-load-balancer-controller:
  clusterName: ""
  enabled: false
  replicaCount: 1
  tolerations:
  - key: kb-controller
    operator: Equal
    value: "true"
    effect: NoSchedule
  serviceAccount:
    create: true
    name: kubeblocks-service-account-aws-load-balancer-controller
  affinity:
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        preference:
          matchExpressions:
          - key: kb-controller
            operator: In
            values:
            - "true"

## k8s cluster feature gates, ref: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
enabledAlphaFeatureGates:
  ## @param enabledAlphaFeatureGates.recoverVolumeExpansionFailure -- Specifies whether feature gates RecoverVolumeExpansionFailure is enabled in k8s cluster.
  ##
  recoverVolumeExpansionFailure: false


agamotto:
  enabled: false
  image:
    registry: infracreate-registry.cn-zhangjiakou.cr.aliyuncs.com


provider: "" # cloud be "aws","gcp","aliyun","tencentCloud", "huaweiCloud", "azure"
validProviders:
 - "aws"
 - "gcp"
 - "aliyun"
 - "tencentCloud"
 - "huaweiCloud"
 - "azure"
 - ""
## @section KubeBlocks default storageClass Parameters for cloud provider.
storageClass:
  ## @param storageClass.name -- Specifies the name of the default storage class.
  ## If name is not specified and KubeBlocks deployed in a cloud, a default name will be generated.
  ##
  name: ""
  ## @param storageClass.create -- Specifies whether the storage class should be created. If storageClass.name is not
  ## specified or generated, this value will be ignored.
  ##
  create: true
  mountOptions:
  - noatime
  - nobarrier
  provider:
    aws:
      volumeType: gp3
      fsType: xfs
    gcp:
      volumeType: pd-balanced
      fsType: xfs
    aliyun:
      volumeType: cloud_essd
      fsType: xfs
    azure:
      volumeType: managed
      fsType: xfs
    tencentCloud:
      volumeType: CLOUD_SSD
    huaweiCloud: # Huawei Cloud
      volumeType: SSD
      fsType: ext4

external-dns:
  enabled: false
  domain: kubeblocks.io
  tolerations:
  - key: kb-controller
    operator: Equal
    value: "true"
    effect: NoSchedule

developMode: false