github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/overrides/thanos-values.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/overrides/thanos-values.yaml (about)

     1  # Copyright (c) 2023, Oracle and/or its affiliates.
     2  # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
     3  
     4  query:
     5    podSecurityContext:
     6      seccompProfile:
     7        type: RuntimeDefault
     8    containerSecurityContext:
     9      privileged: false
    10      capabilities:
    11        drop:
    12          - ALL
    13    ingress:
    14      grpc:
    15        enabled: true
    16        annotations:
    17          kubernetes.io/tls-acme: "true"
    18          nginx.ingress.kubernetes.io/ssl-redirect: "true"
    19          nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
    20        # Turn off hostname to disable auto-generated backend
    21        hostname: ""
    22    extraEnvVars:
    23      - name: CLIENT_BASIC_AUTH_USER
    24        valueFrom:
    25          secretKeyRef:
    26            name: verrazzano-thanos-internal
    27            key: username
    28      - name: CLIENT_BASIC_AUTH_PASS
    29        valueFrom:
    30          secretKeyRef:
    31            name: verrazzano-thanos-internal
    32            key: password
    33    # Adds the Prometheus Thanos sidecar as a Store API endpoint to Query
    34    stores:
    35      - dnssrv+_grpc._tcp.prometheus-operator-kube-p-prometheus
    36    replicaLabel: prometheus_replica
    37  
    38    # ConfigMap containing Verrazzano managed cluster Thanos endpoints that the admin cluster Thanos Query should use
    39    # This configmap is managed by the VMC controller
    40    existingSDConfigmap: "verrazzano-thanos-endpoints"
    41  queryFrontend:
    42    podSecurityContext:
    43      seccompProfile:
    44        type: RuntimeDefault
    45    containerSecurityContext:
    46      privileged: false
    47      capabilities:
    48        drop:
    49          - ALL
    50    ingress:
    51      enabled: true
    52      annotations:
    53        kubernetes.io/tls-acme: "true"
    54        nginx.ingress.kubernetes.io/proxy-body-size: "6M"
    55        nginx.ingress.kubernetes.io/rewrite-target: "/$2"
    56        nginx.ingress.kubernetes.io/service-upstream: "true"
    57        nginx.ingress.kubernetes.io/upstream-vhost: "${service_name}.${namespace}.svc.cluster.local"
    58        nginx.ingress.kubernetes.io/affinity: "cookie"
    59        nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"
    60        nginx.ingress.kubernetes.io/session-cookie-expires: "86400"
    61        nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
    62        nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict"
    63      # Turn off hostname to disable auto-generated backend
    64      hostname: ""
    65  
    66  compactor:
    67    podSecurityContext:
    68      seccompProfile:
    69        type: RuntimeDefault
    70    containerSecurityContext:
    71      privileged: false
    72      capabilities:
    73        drop:
    74          - ALL
    75  
    76  storegateway:
    77    podSecurityContext:
    78      seccompProfile:
    79        type: RuntimeDefault
    80    containerSecurityContext:
    81      privileged: false
    82      capabilities:
    83        drop:
    84          - ALL
    85  
    86  ruler:
    87    podSecurityContext:
    88      seccompProfile:
    89        type: RuntimeDefault
    90    containerSecurityContext:
    91      privileged: false
    92      capabilities:
    93        drop:
    94          - ALL
    95    ingress:
    96      enabled: true
    97      annotations:
    98        kubernetes.io/tls-acme: "true"
    99        nginx.ingress.kubernetes.io/proxy-body-size: "6M"
   100        nginx.ingress.kubernetes.io/rewrite-target: "/$2"
   101        nginx.ingress.kubernetes.io/service-upstream: "true"
   102        nginx.ingress.kubernetes.io/upstream-vhost: "${service_name}.${namespace}.svc.cluster.local"
   103        nginx.ingress.kubernetes.io/affinity: "cookie"
   104        nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none: "true"
   105        nginx.ingress.kubernetes.io/session-cookie-expires: "86400"
   106        nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
   107        nginx.ingress.kubernetes.io/session-cookie-samesite: "Strict"
   108      # Turn off hostname to disable auto-generated backend
   109      hostname: ""
   110    alertmanagers:
   111      - http://prometheus-operator-kube-p-alertmanager:9093
   112  
   113  receive:
   114    podSecurityContext:
   115      seccompProfile:
   116        type: RuntimeDefault
   117    containerSecurityContext:
   118      privileged: false
   119      capabilities:
   120        drop:
   121          - ALL
   122  
   123  metrics:
   124    enabled: true
   125    prometheusRule:
   126      enabled: true
   127      default:
   128        # Enable all rules except for the absent rules
   129        create: false
   130        absent_rules: false
   131        compaction: true
   132        query: true
   133        receive: true
   134        replicate: true
   135        ruler: true
   136        sidecar: true
   137        store_gateway: true
   138      additionalLabels:
   139        release: prometheus-operator
   140    serviceMonitor:
   141      enabled: true
   142      labels:
   143        release: prometheus-operator
   144      relabelings:
   145        - action: replace
   146          targetLabel: verrazzano_cluster
   147          replacement: local