kube-prometheus-stack: fullnameOverride: prometheus defaultRules: create: true rules: alertmanager: true etcd: true configReloaders: true general: true k8s: true kubeApiserverAvailability: true kubeApiserverBurnrate: true kubeApiserverHistogram: true kubeApiserverSlos: true kubelet: true kubeProxy: true kubePrometheusGeneral: true kubePrometheusNodeRecording: true kubernetesApps: true kubernetesResources: true kubernetesStorage: true kubernetesSystem: true kubeScheduler: true kubeStateMetrics: true network: true node: true nodeExporterAlerting: true nodeExporterRecording: true prometheus: true prometheusOperator: true alertmanager: fullnameOverride: alertmanager enabled: true ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/auth-response-headers: Authorization hosts: - alertmanager.durp.info paths: - / tls: - secretName: alertmanager-tls hosts: - alertmanager.durp.info grafana: enabled: true fullnameOverride: grafana forceDeployDatasources: false forceDeployDashboards: false defaultDashboardsEnabled: true defaultDashboardsTimezone: utc plugins: - grafana-polystat-panel serviceMonitor: enabled: true admin: existingSecret: grafana-admin-credentials userKey: admin-user passwordKey: admin-password ingress: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-production kubernetes.io/ingress.class: nginx hosts: - grafana.durp.info paths: - / tls: - secretName: grafana-tls hosts: - grafana.durp.info env: GF_AUTH_GENERIC_OAUTH_ENABLED: "true" GF_AUTH_GENERIC_OAUTH_NAME: "authentik" GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "6a7eadea9bc68f7a59712a0365bd0822de9a6946" GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "c8105547137367e4fe0ba6b5c022ff322569a0b2ea93c9652b77762eb4a094558f9edf98f81aa7329ad724d569b126ff2e281989ebe289bbd7b855f5e80bad5d" GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email" GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://authentik.durp.info/application/o/authorize/" GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://authentik.durp.info/application/o/token/" GF_AUTH_GENERIC_OAUTH_API_URL: "https://authentik.durp.info/application/o/userinfo/" GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.durp.info/application/o/grafana/end-session/" # Optionally enable auto-login (bypasses Grafana login screen) #GF_AUTH_OAUTH_AUTO_LOGIN: "true" # Optionally map user groups to Grafana roles #GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'" kubeApiServer: enabled: true kubelet: enabled: true serviceMonitor: metricRelabelings: - action: replace sourceLabels: - node targetLabel: instance kubeControllerManager: enabled: true endpoints: # ips of servers - 192.168.20.121 - 192.168.20.122 - 192.168.20.123 coreDns: enabled: false kubeDns: enabled: false kubeEtcd: enabled: true endpoints: # ips of servers - 192.168.20.121 - 192.168.20.122 - 192.168.20.123 service: enabled: true port: 2381 targetPort: 2381 kubeScheduler: enabled: true endpoints: # ips of servers - 192.168.20.121 - 192.168.20.122 - 192.168.20.123 kubeProxy: enabled: true endpoints: # ips of servers - 192.168.20.121 - 192.168.20.122 - 192.168.20.123 kubeStateMetrics: enabled: true kube-state-metrics: fullnameOverride: kube-state-metrics selfMonitor: enabled: true prometheus: monitor: enabled: true relabelings: - action: replace regex: (.*) replacement: $1 sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: kubernetes_node nodeExporter: enabled: true serviceMonitor: relabelings: - action: replace regex: (.*) replacement: $1 sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: kubernetes_node prometheus-node-exporter: fullnameOverride: node-exporter podLabels: jobLabel: node-exporter extraArgs: - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ service: portName: http-metrics prometheus: monitor: enabled: true relabelings: - action: replace regex: (.*) replacement: $1 sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: kubernetes_node resources: requests: memory: 512Mi cpu: 250m limits: memory: 2048Mi prometheusOperator: enabled: true prometheusConfigReloader: resources: requests: cpu: 200m memory: 50Mi limits: memory: 100Mi prometheus: enabled: true prometheusSpec: replicas: 1 replicaExternalLabelName: "replica" ruleSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false podMonitorSelectorNilUsesHelmValues: false probeSelectorNilUsesHelmValues: false retention: 6h enableAdminAPI: true walCompression: true storageSpec: volumeClaimTemplate: spec: storageClassName: nfs-storage accessModes: ["ReadWriteMany"] resources: requests: storage: 50Gi thanosRuler: enabled: false