Repository: kstone-io/kstone
Branch: master
Commit: 0175be48f20f
Files: 680
Total size: 4.8 MB
Directory structure:
gitextract__utsxwcs/
├── .commitlintrc.yml
├── .dockerignore
├── .github/
│ └── workflows/
│ ├── build.yml
│ ├── commitlint.yml
│ ├── e2e.yml
│ └── golangci-lint.yml
├── .gitignore
├── .golangci.yml
├── CHANGELOG/
│ └── CHANGELOG.md
├── LICENSE
├── Makefile
├── README.md
├── README_CN.md
├── build/
│ ├── docker/
│ │ ├── kstone-api/
│ │ │ └── Dockerfile
│ │ ├── kstone-controller/
│ │ │ └── Dockerfile
│ │ └── tools/
│ │ └── code-generator/
│ │ ├── Dockerfile
│ │ ├── Makefile
│ │ ├── boilerplate.go.txt
│ │ ├── code.sh
│ │ └── openapi.sh
│ ├── lib/
│ │ ├── common.mk
│ │ ├── create-manifest.sh
│ │ ├── docker-buildx.mk
│ │ ├── gen.mk
│ │ ├── golang.mk
│ │ └── image.mk
│ └── script/
│ └── openapi.sh
├── charts/
│ ├── .gitignore
│ ├── .helmignore
│ ├── Chart.yaml
│ ├── README.md
│ ├── README_CN.md
│ ├── charts/
│ │ ├── backup-operator/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── templates/
│ │ │ │ ├── _helpers.tpl
│ │ │ │ └── deployment.yaml
│ │ │ └── values.yaml
│ │ ├── dashboard/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── templates/
│ │ │ │ ├── _helpers.tpl
│ │ │ │ ├── deployment.yaml
│ │ │ │ └── service.yaml
│ │ │ └── values.yaml
│ │ ├── dashboard-api/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── templates/
│ │ │ │ ├── _helpers.tpl
│ │ │ │ ├── configmap.yaml
│ │ │ │ ├── deployment.yaml
│ │ │ │ ├── secret.yaml
│ │ │ │ └── service.yaml
│ │ │ └── values.yaml
│ │ ├── etcd-controller/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── templates/
│ │ │ │ ├── _helpers.tpl
│ │ │ │ └── deployment.yaml
│ │ │ └── values.yaml
│ │ ├── etcd-operator/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── templates/
│ │ │ │ ├── _helpers.tpl
│ │ │ │ ├── configmap.yaml
│ │ │ │ ├── crd.yaml
│ │ │ │ ├── deployment.yaml
│ │ │ │ ├── service.yaml
│ │ │ │ └── webhook.yaml
│ │ │ └── values.yaml
│ │ ├── grafana/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── dashboards/
│ │ │ │ └── 0.json
│ │ │ ├── templates/
│ │ │ │ ├── _helpers.tpl
│ │ │ │ ├── configmap.yaml
│ │ │ │ ├── deployment.yaml
│ │ │ │ ├── secret.yaml
│ │ │ │ └── service.yaml
│ │ │ └── values.yaml
│ │ ├── inspection-controller/
│ │ │ ├── .helmignore
│ │ │ ├── Chart.yaml
│ │ │ ├── templates/
│ │ │ │ ├── _helpers.tpl
│ │ │ │ ├── deployment.yaml
│ │ │ │ ├── service.yaml
│ │ │ │ └── servicemonitor.yaml
│ │ │ └── values.yaml
│ │ ├── kube-prometheus-stack/
│ │ │ ├── .helmignore
│ │ │ ├── CONTRIBUTING.md
│ │ │ ├── Chart.yaml
│ │ │ ├── README.md
│ │ │ ├── ci/
│ │ │ │ ├── 01-provision-crds-values.yaml
│ │ │ │ └── 02-test-without-crds-values.yaml
│ │ │ ├── crds/
│ │ │ │ ├── crd-alertmanagerconfigs.yaml
│ │ │ │ ├── crd-alertmanagers.yaml
│ │ │ │ ├── crd-podmonitors.yaml
│ │ │ │ ├── crd-probes.yaml
│ │ │ │ ├── crd-prometheuses.yaml
│ │ │ │ ├── crd-prometheusrules.yaml
│ │ │ │ ├── crd-servicemonitors.yaml
│ │ │ │ └── crd-thanosrulers.yaml
│ │ │ ├── hack/
│ │ │ │ ├── README.md
│ │ │ │ ├── minikube/
│ │ │ │ │ ├── README.md
│ │ │ │ │ ├── cmd.sh
│ │ │ │ │ └── values.yaml
│ │ │ │ ├── requirements.txt
│ │ │ │ ├── sync_grafana_dashboards.py
│ │ │ │ ├── sync_prometheus_rules.py
│ │ │ │ └── update_crds.sh
│ │ │ ├── templates/
│ │ │ │ ├── NOTES.txt
│ │ │ │ ├── _helpers.tpl
│ │ │ │ ├── alertmanager/
│ │ │ │ │ ├── alertmanager.yaml
│ │ │ │ │ ├── ingress.yaml
│ │ │ │ │ ├── ingressperreplica.yaml
│ │ │ │ │ ├── podDisruptionBudget.yaml
│ │ │ │ │ ├── psp-role.yaml
│ │ │ │ │ ├── psp-rolebinding.yaml
│ │ │ │ │ ├── psp.yaml
│ │ │ │ │ ├── secret.yaml
│ │ │ │ │ ├── service.yaml
│ │ │ │ │ ├── serviceaccount.yaml
│ │ │ │ │ ├── servicemonitor.yaml
│ │ │ │ │ └── serviceperreplica.yaml
│ │ │ │ ├── exporters/
│ │ │ │ │ ├── core-dns/
│ │ │ │ │ │ ├── service.yaml
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ ├── kube-api-server/
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ ├── kube-controller-manager/
│ │ │ │ │ │ ├── endpoints.yaml
│ │ │ │ │ │ ├── service.yaml
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ ├── kube-dns/
│ │ │ │ │ │ ├── service.yaml
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ ├── kube-etcd/
│ │ │ │ │ │ ├── endpoints.yaml
│ │ │ │ │ │ ├── service.yaml
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ ├── kube-proxy/
│ │ │ │ │ │ ├── endpoints.yaml
│ │ │ │ │ │ ├── service.yaml
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ ├── kube-scheduler/
│ │ │ │ │ │ ├── endpoints.yaml
│ │ │ │ │ │ ├── service.yaml
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ ├── kube-state-metrics/
│ │ │ │ │ │ └── serviceMonitor.yaml
│ │ │ │ │ ├── kubelet/
│ │ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ │ └── node-exporter/
│ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ ├── grafana/
│ │ │ │ │ ├── configmap-dashboards.yaml
│ │ │ │ │ ├── configmaps-datasources.yaml
│ │ │ │ │ ├── dashboards-1.14/
│ │ │ │ │ │ ├── alertmanager-overview.yaml
│ │ │ │ │ │ ├── apiserver.yaml
│ │ │ │ │ │ ├── cluster-total.yaml
│ │ │ │ │ │ ├── controller-manager.yaml
│ │ │ │ │ │ ├── etcd.yaml
│ │ │ │ │ │ ├── k8s-coredns.yaml
│ │ │ │ │ │ ├── k8s-resources-cluster.yaml
│ │ │ │ │ │ ├── k8s-resources-namespace.yaml
│ │ │ │ │ │ ├── k8s-resources-node.yaml
│ │ │ │ │ │ ├── k8s-resources-pod.yaml
│ │ │ │ │ │ ├── k8s-resources-workload.yaml
│ │ │ │ │ │ ├── k8s-resources-workloads-namespace.yaml
│ │ │ │ │ │ ├── kubelet.yaml
│ │ │ │ │ │ ├── namespace-by-pod.yaml
│ │ │ │ │ │ ├── namespace-by-workload.yaml
│ │ │ │ │ │ ├── node-cluster-rsrc-use.yaml
│ │ │ │ │ │ ├── node-rsrc-use.yaml
│ │ │ │ │ │ ├── nodes.yaml
│ │ │ │ │ │ ├── persistentvolumesusage.yaml
│ │ │ │ │ │ ├── pod-total.yaml
│ │ │ │ │ │ ├── prometheus-remote-write.yaml
│ │ │ │ │ │ ├── prometheus.yaml
│ │ │ │ │ │ ├── proxy.yaml
│ │ │ │ │ │ ├── scheduler.yaml
│ │ │ │ │ │ ├── statefulset.yaml
│ │ │ │ │ │ └── workload-total.yaml
│ │ │ │ │ └── servicemonitor.yaml
│ │ │ │ ├── prometheus/
│ │ │ │ │ ├── _rules.tpl
│ │ │ │ │ ├── additionalAlertRelabelConfigs.yaml
│ │ │ │ │ ├── additionalAlertmanagerConfigs.yaml
│ │ │ │ │ ├── additionalPrometheusRules.yaml
│ │ │ │ │ ├── additionalScrapeConfigs.yaml
│ │ │ │ │ ├── clusterrole.yaml
│ │ │ │ │ ├── clusterrolebinding.yaml
│ │ │ │ │ ├── ingress.yaml
│ │ │ │ │ ├── ingressThanosSidecar.yaml
│ │ │ │ │ ├── ingressperreplica.yaml
│ │ │ │ │ ├── podDisruptionBudget.yaml
│ │ │ │ │ ├── podmonitors.yaml
│ │ │ │ │ ├── prometheus.yaml
│ │ │ │ │ ├── psp-clusterrole.yaml
│ │ │ │ │ ├── psp-clusterrolebinding.yaml
│ │ │ │ │ ├── psp.yaml
│ │ │ │ │ ├── rules-1.14/
│ │ │ │ │ │ ├── alertmanager.rules.yaml
│ │ │ │ │ │ ├── etcd.yaml
│ │ │ │ │ │ ├── general.rules.yaml
│ │ │ │ │ │ ├── k8s.rules.yaml
│ │ │ │ │ │ ├── kube-apiserver-availability.rules.yaml
│ │ │ │ │ │ ├── kube-apiserver-burnrate.rules.yaml
│ │ │ │ │ │ ├── kube-apiserver-histogram.rules.yaml
│ │ │ │ │ │ ├── kube-apiserver-slos.yaml
│ │ │ │ │ │ ├── kube-apiserver.rules.yaml
│ │ │ │ │ │ ├── kube-prometheus-general.rules.yaml
│ │ │ │ │ │ ├── kube-prometheus-node-recording.rules.yaml
│ │ │ │ │ │ ├── kube-scheduler.rules.yaml
│ │ │ │ │ │ ├── kube-state-metrics.yaml
│ │ │ │ │ │ ├── kubelet.rules.yaml
│ │ │ │ │ │ ├── kubernetes-apps.yaml
│ │ │ │ │ │ ├── kubernetes-resources.yaml
│ │ │ │ │ │ ├── kubernetes-storage.yaml
│ │ │ │ │ │ ├── kubernetes-system-apiserver.yaml
│ │ │ │ │ │ ├── kubernetes-system-controller-manager.yaml
│ │ │ │ │ │ ├── kubernetes-system-kubelet.yaml
│ │ │ │ │ │ ├── kubernetes-system-scheduler.yaml
│ │ │ │ │ │ ├── kubernetes-system.yaml
│ │ │ │ │ │ ├── node-exporter.rules.yaml
│ │ │ │ │ │ ├── node-exporter.yaml
│ │ │ │ │ │ ├── node-network.yaml
│ │ │ │ │ │ ├── node.rules.yaml
│ │ │ │ │ │ ├── prometheus-operator.yaml
│ │ │ │ │ │ └── prometheus.yaml
│ │ │ │ │ ├── service.yaml
│ │ │ │ │ ├── serviceThanosSidecar.yaml
│ │ │ │ │ ├── serviceThanosSidecarExternal.yaml
│ │ │ │ │ ├── serviceaccount.yaml
│ │ │ │ │ ├── servicemonitor.yaml
│ │ │ │ │ ├── servicemonitors.yaml
│ │ │ │ │ └── serviceperreplica.yaml
│ │ │ │ └── prometheus-operator/
│ │ │ │ ├── admission-webhooks/
│ │ │ │ │ ├── job-patch/
│ │ │ │ │ │ ├── clusterrole.yaml
│ │ │ │ │ │ ├── clusterrolebinding.yaml
│ │ │ │ │ │ ├── job-createSecret.yaml
│ │ │ │ │ │ ├── job-patchWebhook.yaml
│ │ │ │ │ │ ├── psp.yaml
│ │ │ │ │ │ ├── role.yaml
│ │ │ │ │ │ ├── rolebinding.yaml
│ │ │ │ │ │ └── serviceaccount.yaml
│ │ │ │ │ ├── mutatingWebhookConfiguration.yaml
│ │ │ │ │ └── validatingWebhookConfiguration.yaml
│ │ │ │ ├── certmanager.yaml
│ │ │ │ ├── clusterrole.yaml
│ │ │ │ ├── clusterrolebinding.yaml
│ │ │ │ ├── deployment.yaml
│ │ │ │ ├── psp-clusterrole.yaml
│ │ │ │ ├── psp-clusterrolebinding.yaml
│ │ │ │ ├── psp.yaml
│ │ │ │ ├── service.yaml
│ │ │ │ ├── serviceaccount.yaml
│ │ │ │ └── servicemonitor.yaml
│ │ │ └── values.yaml
│ │ └── tapp/
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates/
│ │ │ ├── _helpers.tpl
│ │ │ ├── configmap.yaml
│ │ │ ├── deployment.yaml
│ │ │ ├── hpa.yaml
│ │ │ ├── service.yaml
│ │ │ ├── serviceaccount.yaml
│ │ │ └── tests/
│ │ │ └── test-connection.yaml
│ │ └── values.yaml
│ ├── templates/
│ │ ├── _helpers.tpl
│ │ ├── crd.yaml
│ │ ├── ingress.yaml
│ │ └── serviceaccount.yaml
│ ├── values.test.yaml
│ └── values.yaml
├── cmd/
│ ├── kstone-api/
│ │ ├── apiserver.go
│ │ ├── app/
│ │ │ └── server.go
│ │ └── config/
│ │ └── config.go
│ └── kstone-controller/
│ ├── etcdcluster-controller/
│ │ └── controller.go
│ ├── etcdinspection-controller/
│ │ └── controller.go
│ └── main.go
├── deploy/
│ ├── crds/
│ │ ├── kstone.tkestack.io_etcdclusters.yaml
│ │ └── kstone.tkestack.io_etcdinspections.yaml
│ ├── etcd-backup-operator.yaml
│ └── kstone-controller.yaml
├── docs/
│ ├── README.md
│ ├── README_CN.md
│ ├── backup/
│ │ └── cos/
│ │ ├── cos_en.md
│ │ └── cos_zh.md
│ ├── installation/
│ │ ├── kubeadm_en.md
│ │ ├── minikube-amd64.md
│ │ ├── minikube-macos.md
│ │ └── tke.md
│ ├── migration/
│ │ └── README.md
│ └── proposal/
│ └── authentication-support/
│ ├── README.md
│ └── proposal.yaml
├── go.mod
├── go.sum
├── hack/
│ ├── boilerplate.go.txt
│ ├── custom-boilerplate.go.txt
│ ├── migratev1.sh
│ ├── tools.go
│ ├── update-codegen.sh
│ └── verify-codegen.sh
├── pkg/
│ ├── apis/
│ │ └── kstone/
│ │ ├── register.go
│ │ ├── v1alpha1/
│ │ │ ├── doc.go
│ │ │ ├── register.go
│ │ │ ├── types.go
│ │ │ ├── zz_generated.deepcopy.go
│ │ │ └── zz_generated.defaults.go
│ │ └── v1alpha2/
│ │ ├── doc.go
│ │ ├── register.go
│ │ ├── types.go
│ │ ├── zz_generated.deepcopy.go
│ │ └── zz_generated.defaults.go
│ ├── authentication/
│ │ ├── authenticator/
│ │ │ ├── authenticator.go
│ │ │ └── bearertoken/
│ │ │ └── bearertoken.go
│ │ ├── helper.go
│ │ ├── interfaces.go
│ │ ├── plugins.go
│ │ ├── providers/
│ │ │ └── providers.go
│ │ ├── request/
│ │ │ └── request.go
│ │ ├── store.go
│ │ └── token/
│ │ └── jwt/
│ │ ├── generator.go
│ │ └── jwt.go
│ ├── backup/
│ │ ├── backup.go
│ │ ├── plugins.go
│ │ ├── providers/
│ │ │ ├── cos/
│ │ │ │ └── cos.go
│ │ │ ├── providers.go
│ │ │ └── s3/
│ │ │ ├── clientwrapper.go
│ │ │ └── s3.go
│ │ ├── storage.go
│ │ └── util.go
│ ├── clusterprovider/
│ │ ├── etcdcluster.go
│ │ ├── helper.go
│ │ ├── plugins.go
│ │ └── providers/
│ │ ├── imported/
│ │ │ └── cluster.go
│ │ ├── kstone/
│ │ │ └── kstone.go
│ │ └── providers.go
│ ├── controllers/
│ │ ├── etcdcluster/
│ │ │ └── etcdclusters_controller.go
│ │ ├── etcdinspection/
│ │ │ └── etcdinspection_controller.go
│ │ └── util/
│ │ └── util.go
│ ├── etcd/
│ │ ├── client/
│ │ │ ├── cleint.go
│ │ │ ├── version.go
│ │ │ └── versions/
│ │ │ ├── providers.go
│ │ │ ├── v2/
│ │ │ │ └── client.go
│ │ │ └── v3/
│ │ │ └── client.go
│ │ ├── client.go
│ │ ├── encoding.go
│ │ ├── health.go
│ │ ├── helper.go
│ │ └── stats.go
│ ├── featureprovider/
│ │ ├── feature.go
│ │ ├── plugins.go
│ │ ├── providers/
│ │ │ ├── alarm/
│ │ │ │ └── alarm.go
│ │ │ ├── backup/
│ │ │ │ └── backup.go
│ │ │ ├── backupcheck/
│ │ │ │ └── backupcheck.go
│ │ │ ├── consistency/
│ │ │ │ └── consistency.go
│ │ │ ├── healthy/
│ │ │ │ └── healthy.go
│ │ │ ├── monitor/
│ │ │ │ └── monitor.go
│ │ │ ├── providers.go
│ │ │ └── request/
│ │ │ └── request.go
│ │ └── util/
│ │ └── util.go
│ ├── generated/
│ │ ├── clientset/
│ │ │ └── versioned/
│ │ │ ├── clientset.go
│ │ │ ├── doc.go
│ │ │ ├── fake/
│ │ │ │ ├── clientset_generated.go
│ │ │ │ ├── doc.go
│ │ │ │ └── register.go
│ │ │ ├── scheme/
│ │ │ │ ├── doc.go
│ │ │ │ └── register.go
│ │ │ └── typed/
│ │ │ └── kstone/
│ │ │ ├── v1alpha1/
│ │ │ │ ├── doc.go
│ │ │ │ ├── etcdcluster.go
│ │ │ │ ├── etcdinspection.go
│ │ │ │ ├── fake/
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── fake_etcdcluster.go
│ │ │ │ │ ├── fake_etcdinspection.go
│ │ │ │ │ └── fake_kstone_client.go
│ │ │ │ ├── generated_expansion.go
│ │ │ │ └── kstone_client.go
│ │ │ └── v1alpha2/
│ │ │ ├── doc.go
│ │ │ ├── etcdcluster.go
│ │ │ ├── etcdinspection.go
│ │ │ ├── fake/
│ │ │ │ ├── doc.go
│ │ │ │ ├── fake_etcdcluster.go
│ │ │ │ ├── fake_etcdinspection.go
│ │ │ │ └── fake_kstone_client.go
│ │ │ ├── generated_expansion.go
│ │ │ └── kstone_client.go
│ │ ├── informers/
│ │ │ └── externalversions/
│ │ │ ├── factory.go
│ │ │ ├── generic.go
│ │ │ ├── internalinterfaces/
│ │ │ │ └── factory_interfaces.go
│ │ │ └── kstone/
│ │ │ ├── interface.go
│ │ │ ├── v1alpha1/
│ │ │ │ ├── etcdcluster.go
│ │ │ │ ├── etcdinspection.go
│ │ │ │ └── interface.go
│ │ │ └── v1alpha2/
│ │ │ ├── etcdcluster.go
│ │ │ ├── etcdinspection.go
│ │ │ └── interface.go
│ │ └── listers/
│ │ └── kstone/
│ │ ├── v1alpha1/
│ │ │ ├── etcdcluster.go
│ │ │ ├── etcdinspection.go
│ │ │ └── expansion_generated.go
│ │ └── v1alpha2/
│ │ ├── etcdcluster.go
│ │ ├── etcdinspection.go
│ │ └── expansion_generated.go
│ ├── inspection/
│ │ ├── alarm.go
│ │ ├── backupcheck.go
│ │ ├── consistency.go
│ │ ├── healthy.go
│ │ ├── inspection.go
│ │ ├── metrics/
│ │ │ └── metrics.go
│ │ └── request.go
│ ├── k8s/
│ │ └── client.go
│ ├── middlewares/
│ │ ├── auth.go
│ │ └── cors.go
│ ├── monitor/
│ │ └── prometheus.go
│ ├── router/
│ │ └── router.go
│ └── signals/
│ ├── signal.go
│ ├── signal_posix.go
│ └── signal_windows.go
├── test/
│ ├── e2e/
│ │ ├── e2e_test.go
│ │ └── etcdcluster_test.go
│ ├── fixtures/
│ │ ├── fixtures.go
│ │ └── manifests/
│ │ ├── etcd_service.yaml
│ │ ├── etcd_statefulset.yaml
│ │ └── etcdcluster_imported.yaml
│ ├── scripts/
│ │ ├── kstone.sh
│ │ ├── minikube.sh
│ │ └── pre.sh
│ └── testfiles/
│ └── testfiles.go
└── third_party/
└── etcd-operator/
├── .github/
│ └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── CHANGELOG.md
├── CONTRIBUTING.md
├── DCO
├── Dockerfile
├── Gopkg.toml
├── LICENSE
├── MAINTAINERS
├── Makefile
├── NOTICE
├── README.md
├── ROADMAP.md
├── cmd/
│ ├── backup-operator/
│ │ ├── doc.go
│ │ └── main.go
│ ├── operator/
│ │ └── main.go
│ └── restore-operator/
│ ├── doc.go
│ ├── main.go
│ └── service.go
├── code-of-conduct.md
├── codecov.yaml
├── doc/
│ ├── alpha-features.md
│ ├── best_practices.md
│ ├── design/
│ │ ├── abs_backup.md
│ │ ├── backup_operator.md
│ │ ├── cluster_creation.md
│ │ ├── cluster_lifecycle.md
│ │ ├── cluster_restore.md
│ │ ├── cluster_status.md
│ │ ├── cluster_tls.md
│ │ ├── cluster_upgrade.md
│ │ ├── disaster_recovery.md
│ │ ├── dynamic_tls.md
│ │ ├── gcs_backup.md
│ │ ├── operator_recovery.md
│ │ ├── oss_backup.md
│ │ ├── persistent_volumes_etcd_data.md
│ │ ├── reconciliation.md
│ │ ├── resource_ownership_and_GC.md
│ │ ├── restore_operator.md
│ │ └── s3_backup.md
│ ├── dev/
│ │ ├── debug_e2e_flake.md
│ │ ├── developer_guide.md
│ │ └── release.md
│ └── user/
│ ├── abs_backup.md
│ ├── backup_cronjob/
│ │ ├── README.md
│ │ ├── configmap.yaml
│ │ └── cronjob.yaml
│ ├── client_service.md
│ ├── cluster_tls.md
│ ├── clusterwide.md
│ ├── conditions_and_events.md
│ ├── gcs_backup.md
│ ├── install_guide.md
│ ├── oss_backup.md
│ ├── rbac.md
│ ├── resource_labels.md
│ ├── spec_examples.md
│ ├── upgrade/
│ │ ├── migrate_cr_070.md
│ │ └── upgrade_guide.md
│ └── walkthrough/
│ ├── backup-operator.md
│ └── restore-operator.md
├── example/
│ ├── deployment.yaml
│ ├── deployment_psp.yaml
│ ├── etcd-backup-operator/
│ │ ├── backu_cr_qcloud.yaml
│ │ ├── backup.sh
│ │ ├── backup_cr.yaml
│ │ ├── deployment.yaml
│ │ ├── deployment_qcloud.yaml
│ │ ├── periodic_backup_cr.yaml
│ │ └── secrets.yaml
│ ├── etcd-restore-operator/
│ │ ├── deployment.yaml
│ │ ├── deployment_qcloud.yaml
│ │ ├── restore_cr.yaml
│ │ └── restore_cr_qcloud.yaml
│ ├── example-etcd-cluster-nodeport-service.json
│ ├── example-etcd-cluster.yaml
│ ├── rbac/
│ │ ├── cluster-role-binding-template.yaml
│ │ ├── cluster-role-template.yaml
│ │ ├── create_role.sh
│ │ ├── role-binding-template.yaml
│ │ └── role-template.yaml
│ └── tls/
│ ├── certs/
│ │ ├── ca-config.json
│ │ ├── ca-csr.json
│ │ ├── etcd-client-ca.crt
│ │ ├── etcd-client.crt
│ │ ├── etcd-client.json
│ │ ├── etcd-client.key
│ │ ├── gen-cert.sh
│ │ ├── peer-ca.crt
│ │ ├── peer.crt
│ │ ├── peer.json
│ │ ├── peer.key
│ │ ├── server-ca.crt
│ │ ├── server.crt
│ │ ├── server.json
│ │ └── server.key
│ └── example-tls-cluster.yaml
├── go.mod
├── go.sum
├── hack/
│ ├── build/
│ │ ├── Dockerfile
│ │ ├── backup-operator/
│ │ │ └── build
│ │ ├── build
│ │ ├── docker_push
│ │ ├── e2e/
│ │ │ ├── builder/
│ │ │ │ ├── Dockerfile
│ │ │ │ └── build
│ │ │ └── docker_push
│ │ ├── logcollector/
│ │ │ └── Dockerfile
│ │ ├── operator/
│ │ │ └── build
│ │ └── restore-operator/
│ │ └── build
│ ├── ci/
│ │ ├── get_dep
│ │ ├── get_kube.sh
│ │ ├── rbac_utils.sh
│ │ ├── run_e2e
│ │ └── run_unit
│ ├── fmt_pass
│ ├── k8s/
│ │ └── codegen/
│ │ ├── README.md
│ │ ├── boilerplate.go.txt
│ │ ├── update-generated.sh
│ │ └── verify-generated.sh
│ ├── lib/
│ │ ├── build.sh
│ │ └── test_lib.sh
│ ├── release/
│ │ └── bump_version.sh
│ ├── test
│ ├── unit_test
│ └── update_vendor.sh
├── pkg/
│ ├── apis/
│ │ └── etcd/
│ │ └── v1beta2/
│ │ ├── backup_types.go
│ │ ├── cluster.go
│ │ ├── cluster_tls.go
│ │ ├── doc.go
│ │ ├── register.go
│ │ ├── restore_types.go
│ │ ├── status.go
│ │ └── zz_generated.deepcopy.go
│ ├── backup/
│ │ ├── backup_manager.go
│ │ ├── backupapi/
│ │ │ └── http.go
│ │ ├── reader/
│ │ │ ├── abs_reader.go
│ │ │ ├── cos_reader.go
│ │ │ ├── gcs_reader.go
│ │ │ ├── hostPath_reader.go
│ │ │ ├── oss_reader.go
│ │ │ ├── reader.go
│ │ │ └── s3_reader.go
│ │ ├── util/
│ │ │ ├── constants.go
│ │ │ └── util.go
│ │ └── writer/
│ │ ├── abs_writer.go
│ │ ├── cos_writer.go
│ │ ├── gcs_writer.go
│ │ ├── hostPath_writer.go
│ │ ├── oss_writer.go
│ │ ├── s3_writer.go
│ │ └── writer.go
│ ├── chaos/
│ │ └── chaos.go
│ ├── client/
│ │ └── client.go
│ ├── cluster/
│ │ ├── cluster.go
│ │ ├── cluster_test.go
│ │ ├── error.go
│ │ ├── error_test.go
│ │ ├── member.go
│ │ ├── metrics.go
│ │ ├── reconcile.go
│ │ └── upgrade.go
│ ├── controller/
│ │ ├── backup-operator/
│ │ │ ├── abs_backup.go
│ │ │ ├── controller.go
│ │ │ ├── cos_backup.go
│ │ │ ├── gcs_backup.go
│ │ │ ├── hostPath_backup.go
│ │ │ ├── operator.go
│ │ │ ├── oss_backup.go
│ │ │ ├── s3_backup.go
│ │ │ ├── sync.go
│ │ │ ├── sync_test.go
│ │ │ └── util.go
│ │ ├── controller.go
│ │ ├── controller_test.go
│ │ ├── informer.go
│ │ ├── metrics.go
│ │ ├── restore-operator/
│ │ │ ├── controller.go
│ │ │ ├── http.go
│ │ │ ├── operator.go
│ │ │ └── sync.go
│ │ └── util.go
│ ├── generated/
│ │ ├── clientset/
│ │ │ └── versioned/
│ │ │ ├── clientset.go
│ │ │ ├── doc.go
│ │ │ ├── fake/
│ │ │ │ ├── clientset_generated.go
│ │ │ │ ├── doc.go
│ │ │ │ └── register.go
│ │ │ ├── scheme/
│ │ │ │ ├── doc.go
│ │ │ │ └── register.go
│ │ │ └── typed/
│ │ │ └── etcd/
│ │ │ └── v1beta2/
│ │ │ ├── doc.go
│ │ │ ├── etcd_client.go
│ │ │ ├── etcdbackup.go
│ │ │ ├── etcdcluster.go
│ │ │ ├── etcdrestore.go
│ │ │ ├── fake/
│ │ │ │ ├── doc.go
│ │ │ │ ├── fake_etcd_client.go
│ │ │ │ ├── fake_etcdbackup.go
│ │ │ │ ├── fake_etcdcluster.go
│ │ │ │ └── fake_etcdrestore.go
│ │ │ └── generated_expansion.go
│ │ ├── informers/
│ │ │ └── externalversions/
│ │ │ ├── etcd/
│ │ │ │ ├── interface.go
│ │ │ │ └── v1beta2/
│ │ │ │ ├── etcdbackup.go
│ │ │ │ ├── etcdcluster.go
│ │ │ │ ├── etcdrestore.go
│ │ │ │ └── interface.go
│ │ │ ├── factory.go
│ │ │ ├── generic.go
│ │ │ └── internalinterfaces/
│ │ │ └── factory_interfaces.go
│ │ └── listers/
│ │ └── etcd/
│ │ └── v1beta2/
│ │ ├── etcdbackup.go
│ │ ├── etcdcluster.go
│ │ ├── etcdrestore.go
│ │ └── expansion_generated.go
│ └── util/
│ ├── alibabacloudutil/
│ │ └── ossfactory/
│ │ └── client.go
│ ├── awsutil/
│ │ └── s3factory/
│ │ ├── client.go
│ │ └── client_test.go
│ ├── azureutil/
│ │ └── absfactory/
│ │ └── client.go
│ ├── constants/
│ │ └── constants.go
│ ├── etcdutil/
│ │ ├── etcdutil.go
│ │ ├── etcdutil_test.go
│ │ ├── member.go
│ │ ├── member_test.go
│ │ └── tls.go
│ ├── gcputil/
│ │ └── gcsfactory/
│ │ └── client.go
│ ├── k8sutil/
│ │ ├── crd.go
│ │ ├── events_util.go
│ │ ├── k8sutil.go
│ │ ├── k8sutils_test.go
│ │ ├── node_util.go
│ │ ├── pod_util.go
│ │ └── tls.go
│ ├── probe/
│ │ └── readyz.go
│ ├── retryutil/
│ │ └── retry_util.go
│ ├── tencentcloudutil/
│ │ ├── cosfactory/
│ │ │ └── client.go
│ │ └── metadata/
│ │ └── credential/
│ │ └── secret.go
│ └── util.go
├── test/
│ ├── container/
│ │ ├── Dockerfile
│ │ ├── docker_push
│ │ └── run
│ ├── e2e/
│ │ ├── README.md
│ │ ├── basic_test.go
│ │ ├── cluster_status_test.go
│ │ ├── e2eslow/
│ │ │ ├── backup_restore_test.go
│ │ │ ├── disruptive_test.go
│ │ │ └── main_test.go
│ │ ├── e2eutil/
│ │ │ ├── crd_util.go
│ │ │ ├── etcd_util.go
│ │ │ ├── spec_util.go
│ │ │ ├── tls.go
│ │ │ ├── util.go
│ │ │ └── wait_util.go
│ │ ├── framework/
│ │ │ ├── framework.go
│ │ │ └── main_entry.go
│ │ ├── main_test.go
│ │ ├── pv_test.go
│ │ ├── recovery_test.go
│ │ ├── resize_test.go
│ │ ├── tls_test.go
│ │ ├── upgradetest/
│ │ │ ├── README.md
│ │ │ ├── framework/
│ │ │ │ └── framework.go
│ │ │ ├── main_test.go
│ │ │ └── upgrade_test.go
│ │ └── util.go
│ ├── logcollector/
│ │ └── main.go
│ └── pod/
│ ├── Dockerfile
│ ├── README.md
│ ├── docker_push
│ ├── run-test-pod
│ ├── simple/
│ │ ├── Dockerfile
│ │ ├── run-e2e
│ │ └── simple-pod-templ.yaml
│ └── test-pod-templ.yaml
└── version/
└── version.go
================================================
FILE CONTENTS
================================================
================================================
FILE: .commitlintrc.yml
================================================
---
extends:
- '@commitlint/config-angular'
================================================
FILE: .dockerignore
================================================
# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
# Ignore all files which are not go type
!**/*.go
!**/*.mod
!**/*.sum
================================================
FILE: .github/workflows/build.yml
================================================
name: Go
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16.5
- name: Build
run: make build
================================================
FILE: .github/workflows/commitlint.yml
================================================
name: Commitlint
on: [pull_request]
jobs:
lint:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: wagoid/commitlint-github-action@v1
with:
configFile: './.commitlintrc.yml'
================================================
FILE: .github/workflows/e2e.yml
================================================
name: e2e
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
env:
VERSION: ${{ github.sha }}
SCRIPTS_DIR: test/scripts
E2E_KUBECONFIG_PATH: test/fixtures/config
FIXTURES_DIR: test/fixtures/manifests
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16.5
- name: Build Image
run: make image
- name: Prepare envrionment
run: bash ${SCRIPTS_DIR}/pre.sh
- name: Install Minikube
run: bash ${SCRIPTS_DIR}/minikube.sh start
- name: Install kstone
run: bash ${SCRIPTS_DIR}/kstone.sh
- name: e2e test
run: make e2e
================================================
FILE: .github/workflows/golangci-lint.yml
================================================
name: golangci-lint
on:
push:
tags:
- v*
branches:
- master
- main
pull_request:
permissions:
contents: read
# Optional: allow read access to pull request. Use with `only-new-issues` option.
# pull-requests: read
jobs:
golangci:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '1.17.8'
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.38.0
# Optional: working directory, useful for monorepos
# working-directory: somedir
# Optional: golangci-lint command line arguments.
# args: --issues-exit-code=0
# Optional: show only new issues if it's a pull request. The default value is `false`.
# only-new-issues: true
# Optional: if set to true then the action will use pre-installed Go.
# skip-go-installation: true
# Optional: if set to true then the action don't cache or restore ~/go/pkg.
# skip-pkg-cache: true
# Optional: if set to true then the act
================================================
FILE: .gitignore
================================================
# OSX leaves these everywhere on SMB shares
._*
# OSX trash
.DS_Store
# Eclipse files
.classpath
.project
.settings/**
# Files generated by JetBrains IDEs, e.g. IntelliJ IDEA
.idea/
*.iml
# Vscode files
.vscode
# This is where the result of the go build goes
/output*/
/_output*/
/_output
# Emacs save files
*~
\#*\#
.\#*
# Vim-related files
[._]*.s[a-w][a-z]
[._]s[a-w][a-z]
*.un~
Session.vim
.netrwhist
# cscope-related files
cscope.*
# Go test binaries
*.test
/hack/.test-cmd-auth
# JUnit test output from ginkgo e2e tests
/junit*.xml
# Mercurial files
**/.hg
**/.hg*
# Vagrant
.vagrant
network_closure.sh
# Local cluster env variables
/cluster/env.sh
# Compiled binaries in third_party
/third_party/pkg
# Also ignore etcd installed by hack/install-etcd.sh
/default.etcd
# User cluster configs
.kubeconfig
.tags*
# Version file for dockerized build
.dockerized-kube-version-defs
# Web UI
/www/master/node_modules/
/www/master/npm-debug.log
/www/master/shared/config/development.json
# Karma output
/www/test_out
# precommit temporary directories created by ./hack/verify-generated-docs.sh and ./hack/lib/util.sh
/_tmp/
/doc_tmp/
# Test artifacts produced by Jenkins jobs
/_artifacts/
# Go dependencies installed on Jenkins
/_gopath/
# Config directories created by gcloud and gsutil on Jenkins
/.config/gcloud*/
/.gsutil/
# CoreOS stuff
/cluster/libvirt-coreos/coreos_*.img
# Downloaded kstone binary release
/kstone/
*.exe
*.exe~
*.dll
*.so
*.dylib
bin
testbin/*
# Output of the go coverage tool, specifically when used with LiteIDE
*.out
# direnv .envrc files
.envrc
# Downloaded kstone binary release tar ball
kstone.tar.gz
# generated files in any directory
# TODO(thockin): uncomment this when we stop committing the generated files.
#zz_generated.*
zz_generated.openapi.go
zz_generated_*_test.go
# make-related metadata
/.make/
# Just in time generated data in the source, should never be committed
/test/e2e/generated/bindata.go
# This file used by some vendor repos (e.g. github.com/go-openapi/...) to store secret variables and should not be ignored
!\.drone\.sec
/bazel-*
*.pyc
# generated by verify-vendor.sh
vendor
vendordiff.patch
/bin
/127.0.0.1.etcd
/docker/build
================================================
FILE: .golangci.yml
================================================
run:
# timeout for analysis, e.g. 30s, 5m
deadline: 10m
# include test files or not
tests: true
# disallowed from the implicit automatic updating of go.mod described above
modules-download-mode: readonly
# which dirs to skip: they won't be analyzed;
skip-dirs:
- third_party
- api
- web
- pkg/gateway/apis/config
- pkg/gateway/apis/config/v1
- pkg/registry/apis/config
- pkg/registry/apis/config/v1
- pkg/registry/harbor/client
- pkg/registry/harbor/helmClient
- pkg/monitor/apis/config
- pkg/monitor/apis/config/v1
linters:
disable-all: true
enable:
- unused
- gofmt
- ineffassign
- govet
- deadcode
- structcheck
- varcheck
- typecheck
- golint
- unconvert
- staticcheck
- gosimple
issues:
exclude-rules:
- linters:
- staticcheck
text: "SA1019:"
service:
golangci-lint-version: 1.20.x
================================================
FILE: CHANGELOG/CHANGELOG.md
================================================
## v0.2.0-beta.2 (2022-06-08)
...\n\nTargets:"
@sed -n 's/^##//p' $< | column -t -s ':' | sed -e 's/^/ /'
@echo "$$USAGE_OPTIONS"
================================================
FILE: README.md
================================================
# Kstone
## Community
* You are encouraged to communicate most things via GitHub [issues](https://github.com/tkestack/kstone/issues/new/choose) or [pull requests](https://github.com/tkestack/kstone/pulls).
## Licensing
Kstone is licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for the full license text.
================================================
FILE: README_CN.md
================================================
# Kstone
## 社区
欢迎大家提交issue和pull request来一起完善、提升Kstone。
## License
Kstone is licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for the full license text.
================================================
FILE: build/docker/kstone-api/Dockerfile
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
FROM BASE_IMAGE
RUN echo "hosts: files dns" >> /etc/nsswitch.conf
WORKDIR /app
ADD kstone-api /app/bin/
ENTRYPOINT ["/app/bin/kstone-api"]
================================================
FILE: build/docker/kstone-controller/Dockerfile
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
FROM BASE_IMAGE
RUN echo "hosts: files dns" >> /etc/nsswitch.conf
WORKDIR /app
ADD kstone-controller /app/bin/
ENTRYPOINT ["/app/bin/kstone-controller"]
================================================
FILE: build/docker/tools/code-generator/Dockerfile
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
FROM golang:1.16-alpine
RUN apk add --update --no-cache autoconf automake libtool zlib-dev build-base curl git
# Install the protobuf
ENV PROTOBUF_VERSION 3.17.3
ENV PROTOBUF_URL=https://github.com/protocolbuffers/protobuf/archive/v${PROTOBUF_VERSION}.tar.gz
RUN curl -L ${PROTOBUF_URL} -o - | tar -xz -C /tmp
RUN cd /tmp/protobuf-* && \
./autogen.sh && \
./configure --disable-shared --enable-static && \
make --silent -j `nproc` install-strip
RUN cd /tmp && rm -rf protobuf-$PROTOBUF_VERSION \
&& protoc --version
ENV GOPATH=/go
ENV GO111MODULE=off
# Clone the kubernetes
ENV KUBERNETES_VERSION 1.21.3
RUN mkdir -p $GOPATH/src/k8s.io \
&& git clone -b v$KUBERNETES_VERSION --single-branch https://github.com/kubernetes/kubernetes.git $GOPATH/src/k8s.io/kubernetes
RUN apk add --update --no-cache rsync file patch
RUN cd $GOPATH/src/k8s.io/kubernetes \
&& make WHAT="cmd/genswaggertypedocs vendor/k8s.io/code-generator/cmd/defaulter-gen vendor/k8s.io/code-generator/cmd/client-gen vendor/k8s.io/code-generator/cmd/lister-gen vendor/k8s.io/code-generator/cmd/informer-gen vendor/k8s.io/code-generator/cmd/deepcopy-gen vendor/k8s.io/code-generator/cmd/conversion-gen vendor/k8s.io/code-generator/cmd/go-to-protobuf vendor/k8s.io/code-generator/cmd/go-to-protobuf/protoc-gen-gogo"
RUN ln -s $GOPATH/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery $GOPATH/src/k8s.io/apimachinery \
&& ln -s $GOPATH/src/k8s.io/kubernetes/vendor/k8s.io/api $GOPATH/src/k8s.io/api
# work around 64MB tmpfs size in Docker 1.6
ENV TMPDIR /tmp.k8s
RUN mkdir $TMPDIR \
&& chmod a+rwx $TMPDIR \
&& chmod o+t $TMPDIR
# Get the code coverage tool and goimports
RUN go get golang.org/x/tools/cmd/cover \
golang.org/x/tools/cmd/goimports \
&& go clean -cache
WORKDIR "$GOPATH/src/k8s.io/kubernetes"
ADD code.sh /root/
ADD openapi.sh /root/
ADD boilerplate.go.txt /root/
RUN chmod +x /root/code.sh
RUN chmod +x /root/openapi.sh
================================================
FILE: build/docker/tools/code-generator/Makefile
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
VERSION = v1.21.3
REGISTRY_PREFIX ?= tkestack
IMAGE_NAME ?= code-generator
.PHONY: all
all: build push
.PHONY: build
build:
@echo "===========> Building $(IMAGE_NAME) $(VERSION) docker image"
docker build --pull -t $(REGISTRY_PREFIX)/$(IMAGE_NAME):$(VERSION) -f ./Dockerfile .
.PHONY: push
push:
@echo "===========> Pushing $(IMAGE_NAME) $(VERSION) image to $(REGISTRY_PREFIX)"
docker push $(REGISTRY_PREFIX)/$(IMAGE_NAME):$(VERSION)
================================================
FILE: build/docker/tools/code-generator/boilerplate.go.txt
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
================================================
FILE: build/docker/tools/code-generator/code.sh
================================================
#!/usr/bin/env bash
#
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
set -o errexit
set -o nounset
set -o pipefail
# generate-groups generates everything for a project with external types only, e.g. a project based
# on CustomResourceDefinitions.
if [[ "$#" -lt 4 ]] || [[ "${1}" == "--help" ]]; then
cat < ...
the generators comma separated to run (e.g. deepcopy-external,defaulter-external,client-external,
lister-external,informer-external,deepcopy-internal,defaulter-internal,client-internal,
lister-internal,informer-internal or all-external,all-internal,all).
the output package name (e.g. github.com/example/project/pkg/generated).
the internal types dir (e.g. github.com/example/project/pkg/apis).
the external types dir (e.g. github.com/example/project/pkg/apis or githubcom/example/apis).
the groups and their versions in the format "groupA:v1,v2 groupB:v1 groupC:v2", relative
to .
... arbitrary flags passed to all generator binaries.
Examples:
$(basename "$0") all-external github.com/example/project/pkg/client github.com/example/project/pkg/apis github.com/example/project/apis "foo:v1 bar:v1alpha1,v1beta1"
$(basename "$0") deepcopy-external,client-external github.com/example/project/pkg/client github.com/example/project/pkg/apis github.com/example/project/apis "foo:v1 bar:v1alpha1,v1beta1"
$(basename "$0") all-internal github.com/example/project/pkg/client github.com/example/project/pkg/apis github.com/example/project/apis "foo:v1 bar:v1alpha1,v1beta1"
$(basename "$0") deepcopy-internal,defaulter-internal,conversion-internal github.com/example/project/pkg/client github.com/example/project/pkg/apis github.com/example/project/apis "foo:v1 bar:v1alpha1,v1beta1"
EOF
exit 0
fi
GENS="$1"
OUTPUT_PKG="$2"
INT_APIS_PKG="$3"
EXT_APIS_PKG="$4"
GROUPS_WITH_VERSIONS="$5"
shift 5
GOPATH=${GOPATH:-/go}
K8S_ROOT=${K8S_ROOT:-/go/src/k8s.io/kubernetes}
K8S_BIN=${K8S_ROOT}/_output/bin
PATH=${K8S_BIN}:${PATH}
function codegen_join() { local IFS="$1"; shift; echo "$*"; }
# enumerate group versions
ALL_FQ_APIS=(${ALL_FQ_APIS:-}) # e.g. k8s.io/kubernetes/pkg/apis/apps k8s.io/api/apps/v1
INT_FQ_APIS=(${INT_FQ_APIS:-}) # e.g. k8s.io/kubernetes/pkg/apis/apps
EXT_FQ_APIS=(${EXT_FQ_APIS:-}) # e.g. k8s.io/api/apps/v1
EXT_PB_APIS=(${EXT_PB_APIS:-}) # e.g. k8s.io/api/apps/v1
for GVs in ${GROUPS_WITH_VERSIONS}; do
IFS=: read -r G Vs <<<"${GVs}"
if [[ -n "${INT_APIS_PKG}" ]]; then
ALL_FQ_APIS+=("${INT_APIS_PKG}/${G}")
INT_FQ_APIS+=("${INT_APIS_PKG}/${G}")
fi
# enumerate versions
for V in ${Vs//,/ }; do
ALL_FQ_APIS+=("${EXT_APIS_PKG}/${G}/${V}")
EXT_FQ_APIS+=("${EXT_APIS_PKG}/${G}/${V}")
done
done
if [[ "${GENS}" = "all" ]] || [[ "${GENS}" = "all-external" ]] || grep -qw "deepcopy-external" <<<"${GENS}"; then
echo "===========> Generating external deepcopy funcs"
"${K8S_BIN}"/deepcopy-gen \
--go-header-file /root/boilerplate.go.txt \
--input-dirs "$(codegen_join , "${EXT_FQ_APIS[@]}")" \
-O zz_generated.deepcopy \
--bounding-dirs "${EXT_APIS_PKG}" \
"$@"
fi
if [[ "${GENS}" = "all" ]] || [[ "${GENS}" = "all-external" ]] || grep -qw "client-external" <<<"${GENS}"; then
echo "===========> Generating external clientset for ${GROUPS_WITH_VERSIONS} at ${OUTPUT_PKG}/clientset"
"${K8S_BIN}"/client-gen \
--go-header-file /root/boilerplate.go.txt \
--clientset-name versioned \
--input-base "" \
--input "$(codegen_join , "${EXT_FQ_APIS[@]}")" \
--output-package "${OUTPUT_PKG}"/clientset \
"$@"
fi
if [[ "${GENS}" = "all" ]] || [[ "${GENS}" = "all-external" ]] || grep -qw "lister-external" <<<"${GENS}"; then
echo "===========> Generating external listers for ${GROUPS_WITH_VERSIONS} at ${OUTPUT_PKG}/listers"
"${K8S_BIN}"/lister-gen \
--go-header-file /root/boilerplate.go.txt \
--input-dirs "$(codegen_join , "${EXT_FQ_APIS[@]}")" \
--output-package "${OUTPUT_PKG}"/listers \
"$@"
fi
if [[ "${GENS}" = "all" ]] || [[ "${GENS}" = "all-external" ]] || grep -qw "informer-external" <<<"${GENS}"; then
echo "===========> Generating external informers for ${GROUPS_WITH_VERSIONS} at ${OUTPUT_PKG}/informers"
"${K8S_BIN}"/informer-gen \
--go-header-file /root/boilerplate.go.txt \
--input-dirs "$(codegen_join , "${EXT_FQ_APIS[@]}")" \
--versioned-clientset-package "${OUTPUT_PKG}"/clientset/versioned \
--listers-package "${OUTPUT_PKG}"/listers \
--output-package "${OUTPUT_PKG}"/informers \
"$@"
fi
if [[ "${GENS}" = "all" ]] || [[ "${GENS}" = "all-external" ]] || grep -qw "defaulter-external" <<<"${GENS}"; then
echo "===========> Generating external defaulters"
"${K8S_BIN}"/defaulter-gen \
--go-header-file /root/boilerplate.go.txt \
--input-dirs "$(codegen_join , "${EXT_FQ_APIS[@]}")" \
-O zz_generated.defaults \
"$@"
fi
if [[ "${GENS}" = "all" ]] || [[ "${GENS}" = "all-external" ]] || grep -qw "conversion-external" <<<"${GENS}"; then
echo "===========> Generating external conversions"
"${K8S_BIN}"/conversion-gen \
--go-header-file /root/boilerplate.go.txt \
--input-dirs "$(codegen_join , "${ALL_FQ_APIS[@]}")" \
-O zz_generated.conversion \
"$@"
fi
================================================
FILE: build/docker/tools/code-generator/openapi.sh
================================================
#!/usr/bin/env bash
#
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
set -o errexit
set -o nounset
set -o pipefail
# generate-groups generates openapi for a project with external types only.
if [[ "$#" -lt 2 ]]; then
cat <
the output package name (e.g. github.com/example/project/pkg/openapi).
the types dir (e.g. github.com/example/project/pkg/apis).
Examples:
$(basename "$0") openapi github.com/example/project/pkg github.com/example/project/pkg/apis
EOF
exit 0
fi
OUTPUT_PKG="$1"
APIS_PKG="$2"
GOPATH=${GOPATH:-/go}
K8S_ROOT=${K8S_ROOT:-/go/src/k8s.io/kubernetes}
K8S_BIN=${K8S_ROOT}/_output/bin
PATH=${K8S_BIN}:${PATH}
echo "===========> Generating external openapi codes"
"${K8S_BIN}"/openapi-gen \
-O zz_generated.openapi \
--go-header-file "/root/boilerplate.go.txt" \
--input-dirs "${APIS_PKG}" \
--output-package "${OUTPUT_PKG}"
================================================
FILE: build/lib/common.mk
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
SHELL := /bin/bash
# include the common make file
COMMON_SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
ifeq ($(origin ROOT_DIR),undefined)
ROOT_DIR := $(abspath $(shell cd $(COMMON_SELF_DIR)/../.. && pwd -P))
endif
ifeq ($(origin OUTPUT_DIR),undefined)
OUTPUT_DIR := $(ROOT_DIR)/_output
$(shell mkdir -p $(OUTPUT_DIR))
endif
ifeq ($(origin TOOLS_DIR),undefined)
TOOLS_DIR := $(OUTPUT_DIR)/tools
$(shell mkdir -p $(TOOLS_DIR))
endif
ifeq ($(origin TMP_DIR),undefined)
TMP_DIR := $(OUTPUT_DIR)/tmp
$(shell mkdir -p $(TMP_DIR))
endif
# set the version number. you should not need to do this
# for the majority of scenarios.
ifeq ($(origin VERSION), undefined)
VERSION := $(shell git describe --dirty --always --tags | sed 's/-/./g')
endif
# Check if the tree is dirty. default to dirty
GIT_TREE_STATE:="dirty"
ifeq (, $(shell git status --porcelain 2>/dev/null))
GIT_TREE_STATE="clean"
endif
GIT_COMMIT:=$(shell git rev-parse HEAD)
# The OS must be linux when building docker images
PLATFORMS ?= linux_amd64 linux_arm64
# The OS can be linux/windows/darwin when building binaries
# PLATFORMS ?= darwin_amd64 windows_amd64 linux_amd64 linux_arm64
# Set a specific PLATFORM
ifeq ($(origin PLATFORM), undefined)
ifeq ($(origin GOOS), undefined)
GOOS := $(shell go env GOOS)
endif
ifeq ($(origin GOARCH), undefined)
GOARCH := $(shell go env GOARCH)
endif
PLATFORM := $(GOOS)_$(GOARCH)
# Use linux as the default OS when building images
IMAGE_PLAT := linux_$(GOARCH)
else
GOOS := $(word 1, $(subst _, ,$(PLATFORM)))
GOARCH := $(word 2, $(subst _, ,$(PLATFORM)))
IMAGE_PLAT := $(PLATFORM)
endif
COMMA := ,
SPACE :=
SPACE +=
================================================
FILE: build/lib/create-manifest.sh
================================================
#!/usr/bin/env bash
#
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
set -o errexit
set -o nounset
set -o pipefail
REGISTRY_PREFIX=${REGISTRY_PREFIX:-"tkestack"}
PLATFORMS=${PLATFORMS:-"linux_amd64 linux_arm64"}
if [ -z ${IMAGE} ]; then
echo "Please provide IMAGE."
exit 1
fi
if [ -z ${VERSION} ]; then
echo "Please provide VERSION."
exit 1
fi
rm -rf ${HOME}/.docker/manifests/docker.io_${REGISTRY_PREFIX}_${IMAGE}-${VERSION}
DES_REGISTRY=${REGISTRY_PREFIX}/${IMAGE}
for platform in ${PLATFORMS}; do
os=${platform%_*}
arch=${platform#*_}
variant=""
if [ ${arch} == "arm64" ]; then
variant="--variant v8"
fi
docker manifest create --amend ${DES_REGISTRY}:${VERSION} \
${DES_REGISTRY}-${arch}:${VERSION}
docker manifest annotate ${DES_REGISTRY}:${VERSION} \
${DES_REGISTRY}-${arch}:${VERSION} \
--os ${os} --arch ${arch} ${variant}
done
docker manifest push --purge ${DES_REGISTRY}:${VERSION}
================================================
FILE: build/lib/docker-buildx.mk
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
# ==============================================================================
################################################
## Makefile helper functions for docker buildx
## Please set VERSION and WORK_DIR before use
## Example: VERSION=$(VERSION) WORK_DIR=$(Dockerfile_DIR) make docker.buildx.linux_amd64.keepalived
################################################
DOCKER := docker
DOCKER_SUPPORTED_API_VERSION ?= 1.40
DOCKER_VERSION ?= 19.03
REGISTRY_PREFIX ?= tkestack
EXTRA_ARGS ?=
_DOCKER_BUILD_EXTRA_ARGS :=
ifdef HTTP_PROXY
_DOCKER_BUILD_EXTRA_ARGS += --build-arg HTTP_PROXY=${HTTP_PROXY}
endif
ifneq ($(EXTRA_ARGS), )
_DOCKER_BUILD_EXTRA_ARGS += $(EXTRA_ARGS)
endif
.PHONY: docker.verify
docker.verify:
$(eval API_VERSION := $(shell $(DOCKER) version | grep -E 'API version: {6}[0-9]' | awk '{print $$3} END { if (NR==0) print 0}' ))
$(eval PASS := $(shell echo "$(API_VERSION) >= $(DOCKER_SUPPORTED_API_VERSION)" | bc))
@if [ $(PASS) -ne 1 ]; then \
$(DOCKER) -v ;\
echo "Unsupported docker version. Docker API version should be greater than $(DOCKER_SUPPORTED_API_VERSION) (Or docker version: $(DOCKER_VERSION))"; \
exit 1; \
fi
.PHONY: docker.buildx.%
docker.buildx.%: docker.verify
$(eval IMAGE := $(word 2,$(subst ., ,$*)))
$(eval PLATFORM := $(word 1,$(subst ., ,$*)))
$(eval OS := $(word 1,$(subst _, ,$(PLATFORM))))
$(eval ARCH := $(word 2,$(subst _, ,$(PLATFORM))))
$(eval IMAGE_PLAT := $(subst _,/,$(PLATFORM)))
$(eval IMAGE_NAME := $(REGISTRY_PREFIX)/$(IMAGE)-$(ARCH):$(VERSION))
@echo "===========> Building docker image $(IMAGE) $(VERSION) for $(IMAGE_PLAT)"
DOCKER_CLI_EXPERIMENTAL=enabled $(DOCKER) buildx build --pull --platform $(IMAGE_PLAT) --load \
-t $(IMAGE_NAME) $(_DOCKER_BUILD_EXTRA_ARGS) $(WORK_DIR)
.PHONY: docker.build.%
docker.build.%: docker.verify
$(eval IMAGE := $(word 2,$(subst ., ,$*)))
$(eval PLATFORM := $(word 1,$(subst ., ,$*)))
$(eval OS := $(word 1,$(subst _, ,$(PLATFORM))))
$(eval ARCH := $(word 2,$(subst _, ,$(PLATFORM))))
$(eval IMAGE_PLAT := $(subst _,/,$(PLATFORM)))
$(eval IMAGE_NAME := $(REGISTRY_PREFIX)/$(IMAGE)-$(ARCH):$(VERSION))
@echo "===========> Building docker image $(IMAGE) $(VERSION) for $(IMAGE_PLAT)"
$(eval BUILD_SUFFIX := $(_DOCKER_BUILD_EXTRA_ARGS) --pull -t $(REGISTRY_PREFIX)/$(IMAGE)-$(ARCH):$(VERSION) $(WORK_DIR))
$(DOCKER) build --platform $(IMAGE_PLAT) $(BUILD_SUFFIX)
.PHONY: docker.push.%
docker.push.%: docker.build.%
@echo "===========> Pushing image $(IMAGE_NAME)"
$(DOCKER) push $(IMAGE_NAME)
.PHONY: docker.manifest.%
docker.manifest.%: export DOCKER_CLI_EXPERIMENTAL := enabled
docker.manifest.%: docker.push.% docker.manifest.remove.%
$(eval MANIFEST_NAME := $(REGISTRY_PREFIX)/$(IMAGE):$(VERSION))
@echo "===========> Pushing manifest $(MANIFEST_NAME) and then remove the local manifest list"
@$(DOCKER) manifest create $(MANIFEST_NAME) \
$(IMAGE_NAME)
@$(DOCKER) manifest annotate $(MANIFEST_NAME) \
$(IMAGE_NAME) \
--os $(OS) --arch ${ARCH}
@$(DOCKER) manifest push --purge $(MANIFEST_NAME)
# Docker cli has a bug: https://github.com/docker/cli/issues/954
# If you find your manifests were not updated,
# Please manually delete them in $HOME/.docker/manifests/
# and re-run.
.PHONY: docker.manifest.remove.%
docker.manifest.remove.%:
@rm -rf ${HOME}/.docker/manifests/docker.io_$(REGISTRY_PREFIX)_$(IMAGE)-$(VERSION)
================================================
FILE: build/lib/gen.mk
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
# set the kubernetes apimachinery package dir
K8S_APIMACHINERY_DIR = $(shell go list -f '{{ .Dir }}' -m k8s.io/apimachinery)
# set the kubernetes api package dir
K8S_API_DIR = $(shell go list -f '{{ .Dir }}' -m k8s.io/api)
# set the gogo protobuf package dir
GOGO_PROTOBUF_DIR = $(shell go list -f '{{ .Dir }}' -m github.com/gogo/protobuf)
EXT_PB_APIS = "k8s.io/api/core/v1 k8s.io/api/apps/v1"
# set the code generator image version
CODE_GENERATOR_VERSION := v1.21.3
CONTROLLER_GEN_VERSION := v0.6.2
.PHONY: gen.run
gen.run: gen.api gen.crd
# ==============================================================================
# Generator
.PHONY: gen.api
gen.api:
@$(DOCKER) run -it --rm \
-v $(ROOT_DIR):/go/src/$(ROOT_PACKAGE) \
-e EXT_PB_APIS=$(EXT_PB_APIS)\
$(REGISTRY_PREFIX)/code-generator:$(CODE_GENERATOR_VERSION) \
/root/code.sh \
all \
$(ROOT_PACKAGE)/pkg/generated \
$(ROOT_PACKAGE)/pkg/apis \
$(ROOT_PACKAGE)/pkg/apis \
"kstone:v1alpha1 kstone:v1alpha2"
gen.crd:
@$(DOCKER) run -it --rm \
-v $(ROOT_DIR):/go/src/$(ROOT_PACKAGE) \
-w /go/src/$(ROOT_PACKAGE) \
$(REGISTRY_PREFIX)/controller-gen:$(CONTROLLER_GEN_VERSION) \
controller-gen \
crd paths=/go/src/$(ROOT_PACKAGE)/pkg/apis/kstone/v1alpha2/... output:crd:dir=/go/src/$(ROOT_PACKAGE)/deploy/crds output:stdout
================================================
FILE: build/lib/golang.mk
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
# ==============================================================================
# Makefile helper functions for golang
#
GO := go
GO_SUPPORTED_VERSIONS ?= 1.13|1.14|1.15|1.16|1.17|1.18
GO_LDFLAGS += -X $(VERSION_PACKAGE).GitVersion=$(VERSION) \
-X $(VERSION_PACKAGE).GitCommit=$(GIT_COMMIT) \
-X $(VERSION_PACKAGE).GitTreeState=$(GIT_TREE_STATE) \
-X $(VERSION_PACKAGE).BuildDate=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
ifeq ($(GOOS),windows)
GO_OUT_EXT := .exe
endif
ifeq ($(ROOT_PACKAGE),)
$(error the variable ROOT_PACKAGE must be set prior to including golang.mk)
endif
GOPATH := $(shell go env GOPATH)
ifeq ($(origin GOBIN), undefined)
GOBIN := $(GOPATH)/bin
endif
COMMANDS ?= $(filter-out %.md, $(wildcard ${ROOT_DIR}/cmd/*))
BINS ?= $(foreach cmd,${COMMANDS},$(notdir ${cmd}))
ifeq (${COMMANDS},)
$(error Could not determine COMMANDS, set ROOT_DIR or run in source dir)
endif
ifeq (${BINS},)
$(error Could not determine BINS, set ROOT_DIR or run in source dir)
endif
.PHONY: go.build.verify
go.build.verify:
ifneq ($(shell $(GO) version | grep -q -E '\bgo($(GO_SUPPORTED_VERSIONS))\b' && echo 0 || echo 1), 0)
$(error unsupported go version. Please make install one of the following supported version: '$(GO_SUPPORTED_VERSIONS)')
endif
.PHONY: go.build.%
go.build.%:
$(eval COMMAND := $(word 2,$(subst ., ,$*)))
$(eval PLATFORM := $(word 1,$(subst ., ,$*)))
$(eval OS := $(word 1,$(subst _, ,$(PLATFORM))))
$(eval ARCH := $(word 2,$(subst _, ,$(PLATFORM))))
@echo "===========> Building binary $(COMMAND) $(VERSION) for $(OS) $(ARCH)"
@mkdir -p $(OUTPUT_DIR)/$(OS)/$(ARCH)
@CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) $(GO) build -o $(OUTPUT_DIR)/$(OS)/$(ARCH)/$(COMMAND)$(GO_OUT_EXT) -ldflags "$(GO_LDFLAGS)" $(ROOT_PACKAGE)/cmd/$(COMMAND)
.PHONY: go.build
go.build: go.build.verify $(addprefix go.build., $(addprefix $(PLATFORM)., $(BINS)))
.PHONY: go.build.multiarch
go.build.multiarch: go.build.verify $(foreach p,$(PLATFORMS),$(addprefix go.build., $(addprefix $(p)., $(BINS))))
.PHONY: go.clean
go.clean:
@echo "===========> Cleaning all build output"
@rm -rf $(OUTPUT_DIR)
.PHONY: go.lint.verify
go.lint.verify: go.build.verify
ifeq (,$(shell which golangci-lint))
@echo "===========> Installing golangci lint"
@GO111MODULE=off $(GO) get -u github.com/golangci/golangci-lint/cmd/golangci-lint
endif
.PHONY: go.lint
go.lint: go.lint.verify
@echo "===========> Run golangci to lint source codes"
@golangci-lint run $(ROOT_DIR)/...
.PHONY: go.test.verify
go.test.verify: go.build.verify
ifeq ($(shell which go-junit-report), )
@echo "===========> Installing go-junit-report"
@GO111MODULE=off $(GO) get -u github.com/jstemmer/go-junit-report
endif
.PHONY: go.test
go.test: go.test.verify
@echo "===========> Run unit test"
$(GO) test -count=1 -timeout=10m -short -v `go list ./...|grep -v tkestack.io/kstone/test` 2>&1 | tee >(go-junit-report --set-exit-code >$(OUTPUT_DIR)/report.xml)
.PHONY: go.e2e
go.e2e:
@echo "===========> Run e2e test"
$(GO) test -v tkestack.io/kstone/test/e2e/...
================================================
FILE: build/lib/image.mk
================================================
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
# ==============================================================================
# Makefile helper functions for docker image
#
DOCKER := docker
DOCKER_SUPPORTED_API_VERSION ?= 1.32
REGISTRY_PREFIX ?= tkestack
BASE_IMAGE = alpine:3.14
EXTRA_ARGS ?=
_DOCKER_BUILD_EXTRA_ARGS :=
ifdef HTTP_PROXY
_DOCKER_BUILD_EXTRA_ARGS += --build-arg HTTP_PROXY=${HTTP_PROXY}
endif
ifneq ($(EXTRA_ARGS), )
_DOCKER_BUILD_EXTRA_ARGS += $(EXTRA_ARGS)
endif
# Determine image files by looking into build/docker/*/Dockerfile
IMAGES_DIR ?= $(wildcard ${ROOT_DIR}/build/docker/*)
# Determine images names by stripping out the dir names
IMAGES ?= $(filter-out tools,$(foreach image,${IMAGES_DIR},$(notdir ${image})))
ifeq (${IMAGES},)
$(error Could not determine IMAGES, set ROOT_DIR or run in source dir)
endif
.PHONY: image.verify
image.verify:
$(eval API_VERSION := $(shell $(DOCKER) version | grep -E 'API version: {1,6}[0-9]' | head -n1 | awk '{print $$3} END { if (NR==0) print 0}' ))
$(eval PASS := $(shell echo "$(API_VERSION) > $(DOCKER_SUPPORTED_API_VERSION)" | bc))
@if [ $(PASS) -ne 1 ]; then \
$(DOCKER) -v ;\
echo "Unsupported docker version. Docker API version should be greater than $(DOCKER_SUPPORTED_API_VERSION)"; \
exit 1; \
fi
.PHONY: image.daemon.verify
image.daemon.verify:
$(eval PASS := $(shell $(DOCKER) version | grep -q -E 'Experimental: {1,5}true' && echo 1 || echo 0))
@if [ $(PASS) -ne 1 ]; then \
echo "Experimental features of Docker daemon is not enabled. Please add \"experimental\": true in '/etc/docker/daemon.json' and then restart Docker daemon."; \
exit 1; \
fi
.PHONY: image.build
image.build: image.verify go.build.verify $(addprefix image.build., $(addprefix $(IMAGE_PLAT)., $(IMAGES)))
.PHONY: image.build.multiarch
image.build.multiarch: image.verify go.build.verify $(foreach p,$(PLATFORMS),$(addprefix image.build., $(addprefix $(p)., $(IMAGES))))
.PHONY: image.build.%
image.build.%: go.build.%
$(eval IMAGE := $(COMMAND))
$(eval IMAGE_PLAT := $(subst _,/,$(PLATFORM)))
@echo "===========> Building docker image $(IMAGE) $(VERSION) for $(IMAGE_PLAT)"
@mkdir -p $(TMP_DIR)/$(IMAGE)
@cat $(ROOT_DIR)/build/docker/$(IMAGE)/Dockerfile\
| sed "s#BASE_IMAGE#$(BASE_IMAGE)#g" >$(TMP_DIR)/$(IMAGE)/Dockerfile
@cp $(OUTPUT_DIR)/$(IMAGE_PLAT)/$(IMAGE) $(TMP_DIR)/$(IMAGE)/
@DST_DIR=$(TMP_DIR)/$(IMAGE) $(ROOT_DIR)/build/docker/$(IMAGE)/build.sh 2>/dev/null || true
$(eval BUILD_SUFFIX := $(_DOCKER_BUILD_EXTRA_ARGS) --pull -t $(REGISTRY_PREFIX)/$(IMAGE)-$(ARCH):$(VERSION) $(TMP_DIR)/$(IMAGE))
#$(MAKE) image.daemon.verify
$(DOCKER) build --platform $(IMAGE_PLAT) $(BUILD_SUFFIX)
@rm -rf $(TMP_DIR)/$(IMAGE)
.PHONY: image.push
image.push: image.verify go.build.verify $(addprefix image.push., $(addprefix $(IMAGE_PLAT)., $(IMAGES)))
.PHONY: image.push.multiarch
image.push.multiarch: image.verify go.build.verify $(foreach p,$(PLATFORMS),$(addprefix image.push., $(addprefix $(p)., $(IMAGES))))
.PHONY: image.push.%
image.push.%: image.build.%
@echo "===========> Pushing image $(IMAGE) $(VERSION) to $(REGISTRY_PREFIX)"
$(DOCKER) push $(REGISTRY_PREFIX)/$(IMAGE)-$(ARCH):$(VERSION)
.PHONY: image.manifest.push
image.manifest.push: export DOCKER_CLI_EXPERIMENTAL := enabled
image.manifest.push: image.verify go.build.verify \
$(addprefix image.manifest.push., $(addprefix $(IMAGE_PLAT)., $(IMAGES)))
.PHONY: image.manifest.push.%
image.manifest.push.%: image.push.% image.manifest.remove.%
@echo "===========> Pushing manifest $(IMAGE) $(VERSION) to $(REGISTRY_PREFIX) and then remove the local manifest list"
@$(DOCKER) manifest create $(REGISTRY_PREFIX)/$(IMAGE):$(VERSION) \
$(REGISTRY_PREFIX)/$(IMAGE)-$(ARCH):$(VERSION)
@$(DOCKER) manifest annotate $(REGISTRY_PREFIX)/$(IMAGE):$(VERSION) \
$(REGISTRY_PREFIX)/$(IMAGE)-$(ARCH):$(VERSION) \
--os $(OS) --arch ${ARCH}
@$(DOCKER) manifest push --purge $(REGISTRY_PREFIX)/$(IMAGE):$(VERSION)
# Docker cli has a bug: https://github.com/docker/cli/issues/954
# If you find your manifests were not updated,
# Please manually delete them in $HOME/.docker/manifests/
# and re-run.
.PHONY: image.manifest.remove.%
image.manifest.remove.%:
@rm -rf ${HOME}/.docker/manifests/docker.io_$(REGISTRY_PREFIX)_$(IMAGE)-$(VERSION)
.PHONY: image.manifest.push.multiarch
image.manifest.push.multiarch: image.push.multiarch $(addprefix image.manifest.push.multiarch., $(IMAGES))
.PHONY: image.manifest.push.multiarch.%
image.manifest.push.multiarch.%:
@echo "===========> Pushing manifest $* $(VERSION) to $(REGISTRY_PREFIX) and then remove the local manifest list"
REGISTRY_PREFIX=$(REGISTRY_PREFIX) PLATFROMS="$(PLATFORMS)" IMAGE=$* VERSION=$(VERSION) DOCKER_CLI_EXPERIMENTAL=enabled \
$(ROOT_DIR)/build/lib/create-manifest.sh
================================================
FILE: build/script/openapi.sh
================================================
#!/usr/bin/env bash
#
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
set -o errexit
set -o nounset
set -o pipefail
API_PACKAGE="tkestack.io/kstone/pkg/apis"
API_MACHINERY_DIR=$(go list -f '{{ .Dir }}' -m k8s.io/apimachinery)
API_DIR=$(go list -f '{{ .Dir }}' -m k8s.io/api)
# kubernetes api machinery
api_machinery=$(
grep --color=never -rl '+k8s:openapi-gen=' "${API_MACHINERY_DIR}" | \
xargs -n1 dirname | \
sed "s,^${API_MACHINERY_DIR}/,k8s.io/apimachinery/," | \
sort -u
)
# kubernetes api
api=$(
grep --color=never --exclude-dir=origin -rl '+k8s:openapi-gen=' "${API_DIR}" | \
xargs -n1 dirname | \
sed "s,^${API_DIR}/,k8s.io/api/," | \
sort -u
)
input_dirs=(
${api_machinery}
${api}
"${API_PACKAGE}"/kstone/v1alpha2
)
echo "$(IFS=,; echo "${input_dirs[*]}")"
================================================
FILE: charts/.gitignore
================================================
# File created using '.gitignore Generator' for Visual Studio Code: https://bit.ly/vscode-gig
# Created by https://www.toptal.com/developers/gitignore/api/visualstudiocode,macos,intellij+all
# Edit at https://www.toptal.com/developers/gitignore?templates=visualstudiocode,macos,intellij+all
### Intellij+all ###
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
### Intellij+all Patch ###
# Ignores the whole .idea folder and all .iml files
# See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360
.idea/
# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
*.iml
modules.xml
.idea/misc.xml
*.ipr
# Sonarlint plugin
.idea/sonarlint
### macOS ###
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### VisualStudioCode ###
.vscode/*
!.vscode/settings.json
!.vscode/tasks.json
!.vscode/launch.json
!.vscode/extensions.json
*.code-workspace
### VisualStudioCode Patch ###
# Ignore all local history of files
.history
.ionide
# End of https://www.toptal.com/developers/gitignore/api/visualstudiocode,macos,intellij+all
# Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option)
helmfile/config
================================================
FILE: charts/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/Chart.yaml
================================================
apiVersion: v2
name: kstone
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
================================================
FILE: charts/README.md
================================================
# Kstone Installation
[中文](README_CN.md)
## 1 Preparation
- Prerequisites
- Kubernetes version is between 1.14 and 1.20.
- The version of Prometheus Operator is v0.49.0.
- Apply for a cluster from [TKE](https://cloud.tencent.com/product/tke) or install [Minikube](https://minikube.sigs.k8s.io/docs/start/).
- Kstone supports deploy in various cloud vendors and bare k8s cluster environments
- In the environments mentioned above, only the corresponding ingress rules need to be configured.
- Requirements:
- For production environment (recommended): Worker >= 4 vCPU 8 GB of Memory.
- For test environment (minimum): Worker >= 2 vCPU 2 GB of Memory.
- Can access the managed etcd.
## 2 Install on TKE
[Kstone installation on TKE](../docs/installation/tke.md)
## 3 Install on Minikube
[Kstone installation on Minikube(Mac OS X)](../docs/installation/minikube-macos.md)
[Kstone installation on Minikube(Linux amd64)](../docs/installation/minikube-amd64.md)
## 4 Install on the cluster created by kubeadm
[Kstone installation on the cluster created by kubeadm](../docs/installation/kubeadm_en.md)
================================================
FILE: charts/README_CN.md
================================================
# 安装Kstone
[英文](./)
## 1 资源准备
- 前置条件
- Kubernetes集群版本在1.14和1.20之间。
- Prometheus-Operator版本为v0.49.0。
- 申请 [TKE](https://cloud.tencent.com/product/tke) 集群或搭建 [minikube](https://minikube.sigs.k8s.io/docs/start/) 集群。
- Kstone 支持部署在多云或原生 K8s 集群中
- 只需要安装并配置相对应的 Ingress 转发规则即可
- 环境要求:
- 生产环境配置要求(推荐):Worker 4C8G以上配置。
- 体验环境配置要求(最低):Worker 2C2G以上配置。
- 可访问待管理的目标etcd。
## 2 在 TKE 集群安装 Kstone
[Kstone installation on TKE](../docs/installation/tke.md)
## 3 在 Minikube 集群安装 Kstone
[Kstone installation on Minikube(Mac OS X)](../docs/installation/minikube-macos.md)
[Kstone installation on Minikube(Linux amd64)](../docs/installation/minikube-amd64.md)
## 4 在 kubeadm 集群安装 Kstone
[Kstone installation on the cluster created by kubeadm](../docs/installation/kubeadm_en.md)
================================================
FILE: charts/charts/backup-operator/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/backup-operator/Chart.yaml
================================================
apiVersion: v2
name: backup-operator
description: A Helm chart for etcd backup operator of kstone
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0.4
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v1.0.4"
================================================
FILE: charts/charts/backup-operator/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "backup-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "backup-operator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "backup-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "backup-operator.labels" -}}
helm.sh/chart: {{ include "backup-operator.chart" . }}
{{ include "backup-operator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "backup-operator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "backup-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
================================================
FILE: charts/charts/backup-operator/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "backup-operator.fullname" . }}
labels:
{{- include "backup-operator.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "backup-operator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "backup-operator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccountName }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- etcd-backup-operator
args:
- --etcd-client-cert-file=client.pem
- --etcd-client-key-file=client-key.pem
- --etcd-client-ca-file=ca.pem
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: charts/charts/backup-operator/values.yaml
================================================
# Default values for backup-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: tkestack/etcd-backup-operator
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v1.0.6-infra.2"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
prodResources:
limits:
cpu: 2
memory: 4G
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 100m
memory: 50Mi
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccountName: kstone
================================================
FILE: charts/charts/dashboard/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/dashboard/Chart.yaml
================================================
apiVersion: v2
name: dashboard
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
================================================
FILE: charts/charts/dashboard/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "dashboard.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dashboard.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dashboard.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dashboard.labels" -}}
helm.sh/chart: {{ include "dashboard.chart" . }}
{{ include "dashboard.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dashboard.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dashboard.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
================================================
FILE: charts/charts/dashboard/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dashboard.fullname" . }}
labels:
{{- include "dashboard.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "dashboard.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "dashboard.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: charts/charts/dashboard/templates/service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: {{ include "dashboard.fullname" . }}
labels:
{{- include "dashboard.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "dashboard.selectorLabels" . | nindent 4 }}
================================================
FILE: charts/charts/dashboard/values.yaml
================================================
# Default values for dashboard.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: tkestack/kstone-dashboard
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.2.0-beta.1"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: NodePort
port: 80
prodResources:
limits:
cpu: 2
memory: 4G
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 100m
memory: 50Mi
nodeSelector: {}
tolerations: []
affinity: {}
================================================
FILE: charts/charts/dashboard-api/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/dashboard-api/Chart.yaml
================================================
apiVersion: v2
name: dashboard-api
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
================================================
FILE: charts/charts/dashboard-api/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "dashboard-api.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dashboard-api.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dashboard-api.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dashboard-api.labels" -}}
helm.sh/chart: {{ include "dashboard-api.chart" . }}
{{ include "dashboard-api.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dashboard-api.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dashboard-api.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
================================================
FILE: charts/charts/dashboard-api/templates/configmap.yaml
================================================
apiVersion: v1
data:
admin: $2y$10$dgolimSP5PywT3yMaRqppeA5GflVmyf/cWaL6bfmXVk6Rsjlmp0ui
kind: ConfigMap
metadata:
name: kstone-api-user
================================================
FILE: charts/charts/dashboard-api/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dashboard-api.fullname" . }}
labels:
{{- include "dashboard-api.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "dashboard-api.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "dashboard-api.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccountName }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- env:
- name: KUBE_TARGET
value: {{ .Values.kube.target }}
- name: KUBE_TOKEN
value: {{ .Values.kube.token }}
name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.kstone.tag }}
image: "{{ .Values.image.repository }}:{{ .Values.global.kstone.tag }}"
{{- else }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
protocol: TCP
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /app/certs/
name: certs
readOnly: true
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: certs
secret:
defaultMode: 420
secretName: {{ include "dashboard-api.fullname" . }}-key
================================================
FILE: charts/charts/dashboard-api/templates/secret.yaml
================================================
apiVersion: v1
data:
private.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeURuTHlyS0t4d1lhQVF1VDhSRVZ0bWR1VDYyV0xYTGIvUEs4bStJZG8yd3U1L1oxCmpCTVBIcWFzMjdabGlaeXF5bFVWZ3FsSUxNZUxPYlFtY0JvTUdGNkxuemVreHdEYVdmNTBRYW5JeTNSdFR4UVYKaEdIMnc0ZS8yQnI2NXlucUh6N0NZSy9VUHhWSWRTYWZaZ08vM0VGTWZVZVZRV0RWRWJCaTZWSW5hZzdsQjlRUQo2Q2tPTFM2ZFl5YXJnWWcrWWJZUkliVkVCNmNRTzNvcXJVTzR4OTlpZ3l3Z0Q3dlRReHdOMXB5eHVNbmlRYW5HCkREakludndTdUMxYTlUREdWc0ZXMzU5OUVoeGFuc3FUaUhvMm04YjJwNzdsWFFGYy9Qc1UwNTB6dDgxN1czTVEKbGlQRU5ycUhQTUpTNXhFQkhjdEdzb3Rtc3J6NmNIUklrclFLblFJREFRQUJBb0lCQVFDSDg0NW5aRkdNajUwSwpocVQrTXo2TjZxN2hGUmw2Wkpud3A1VGZOMm91YzU5cHkxUEhONDIxbnpDUndzZ3c1eHFrWlo5RVo5TGs3TnlnCjRxeVN3MnpoQXhsRWs1Q2p1dldIMDVsMm1HVUptRlU4TTRQa3JtdlNHaE51RmV1MUdDV3E3MzhtRFYxTk5CTk4KMEZxODl1RElHZUpvMGprSytrZlNTZlR2UGVRYlF5d3BPdVg3Wmp1RCtLOE9qRzlhWnpNOTYyUERoREJ2VlBCZQpKeXNqV0VqU0d5YWc3NjMza3Y0dWtPeDhycVBRLzJUdStIcElyQTljVXBnVDh6V0UycThxcHdVZzBHY0NuZ21mCnFsZjU1a1lzL1RhMW9iUjNxYVg2bWpKL2dFNlZyUzFpSTc1em5lbkh3Tmp6WExpaE5JL3ZkMXh1QnREV2JLTVUKK0M3bnpPZlZBb0dCQU9vaTNZM2luOGgrTjczYVdyWnIxQ29FNzBFWHg2dFZwdnBTUHJyMmZhUG5UVDBOR1RpUgpsTFJlOEp3WU9nNlgzQjU4SEwxVUtnZ05pT285TS9FSUlMblU0RzdHbDZSTG52NUNBODVtYWJ4Q3JkMTJXeWlpCmVnMy80ODRselFpdDliQ0lFV3VaekcySnBYb2Jzc3FjT0szNjNKKzBtUk1JUDhLTWVVbFlwYVo3QW9HQkFOcnMKU1R6aXhwWm0yYUYrUzNYV0l0TmRjakhMRW1BU1orcVZ6TXRRcHFLUjRlSXlodDNtczRGWmdCSFpxTVMzWTlDLwppdUFQNWJMMTA4NGdtWWJmMjhpRjNyakdhbGdHUkRpaDh6REgyR2pMVitrbE1PUm1GaFRPeDF5SHhTVWVaOEpjCmZ3aG42Y3RxcVRQaE5mQmw0SUV1eklEalZueDdUL09IMkhybDFaUEhBb0dCQU5aeW5LNnFGV05UaDhhU1NtZXYKRjZKczVwNmVJem1ndDlHcXB0NGppaXduWEsxQVpBdFYrL2ZBeFd5VEhBbmx1YTBLVEdCMHlCS2NJdjA0bFd4OAozMHlWMkFKZVR1SWlpVHVrUjB3eXJVSExhT2ZnMGRuRUJ6cnZWejJuamNZWFgyTVRIYkdLS3AxaFoza1NDWTVkCnkrUStVdmpNTnpBaGJCVExDUVBPOTlvbEFvR0FQanhrQ2FvU2VKbGVqemwvTEUybTh0Mmk1Q0x0NDEvNEtNbFQKUWcxNGdjamxKVS9sNVZsN2VHOUFLRkx2VnBVb0RDVVh6dURXRlEwcm5ITEtFbnk3VjRNdk1Pby9PeXowNGdDdwpTUkxYSTl1QzcyWENRM3YrRlFZL3lMOVVQVndxZFNla2VYaEpENm9QMWc3VkxiVllvSUQwWkVPOHg0Q3Exdm1zCmdpdXFqdXNDZ1lFQXI0WVhUWWZQUk9YQXRmN01ETUs5bmVRcHZNUytiMit5RGNhdFM0YitNT0kxY3ViNFFsdDEKMDdWV2RnWnNybTc2bkZ2TDF4SWptREhPZnJPbU1Zd2Y3VGRhYWVIbG1Qa1BvOHc2ZG1lbkdGaHV2Q1lZa3YyagpsS3o2VWhtYzlCNkc4VVlQNzdvWTR5RkhoQU9mVXpTQVF4bEpEV0hzeVA0SmRtZTlYZnNURUU0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
name: {{ include "dashboard-api.fullname" . }}-key
type: Opaque
================================================
FILE: charts/charts/dashboard-api/templates/service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: {{ include "dashboard-api.fullname" . }}
labels:
{{- include "dashboard-api.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "dashboard-api.selectorLabels" . | nindent 4 }}
================================================
FILE: charts/charts/dashboard-api/values.yaml
================================================
# Default values for dashboard-api.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: tkestack/kstone-api-amd64
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: NodePort
port: 80
prodResources:
limits:
cpu: 2
memory: 4G
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 100m
memory: 50Mi
nodeSelector: {}
tolerations: []
affinity: {}
kube:
# need to fill
token: ${token}
target: kubernetes.default.svc.cluster.local:443
serviceAccountName: kstone
================================================
FILE: charts/charts/etcd-controller/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/etcd-controller/Chart.yaml
================================================
apiVersion: v2
name: etcd-controller
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
================================================
FILE: charts/charts/etcd-controller/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "etcd-controller.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "etcd-controller.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "etcd-controller.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "etcd-controller.labels" -}}
helm.sh/chart: {{ include "etcd-controller.chart" . }}
{{ include "etcd-controller.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "etcd-controller.selectorLabels" -}}
app.kubernetes.io/name: {{ include "etcd-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
================================================
FILE: charts/charts/etcd-controller/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "etcd-controller.fullname" . }}
labels:
{{- include "etcd-controller.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "etcd-controller.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "etcd-controller.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccountName }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- args:
- etcdcluster
command:
- /app/bin/kstone-controller
env:
- name: PROM_NAMESPACE
value: {{ .Values.promNamespace }}
name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.kstone.tag }}
image: "{{ .Values.image.repository }}:{{ .Values.global.kstone.tag }}"
{{- else }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: charts/charts/etcd-controller/values.yaml
================================================
# Default values for etcd-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: tkestack/kstone-controller-amd64
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
prodResources:
limits:
cpu: 2
memory: 4G
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 100m
memory: 50Mi
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccountName: kstone
promNamespace: kstone
================================================
FILE: charts/charts/etcd-operator/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/etcd-operator/Chart.yaml
================================================
apiVersion: v2
name: etcd-operator
description: A Helm chart for etcd backup operator of kstone
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0.4
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v1.0.4"
================================================
FILE: charts/charts/etcd-operator/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "etcd-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "etcd-operator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "etcd-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "etcd-operator.labels" -}}
helm.sh/chart: {{ include "etcd-operator.chart" . }}
{{ include "etcd-operator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "etcd-operator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "etcd-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
================================================
FILE: charts/charts/etcd-operator/templates/configmap.yaml
================================================
apiVersion: v1
data:
3.4.9: |
image: ccr.ccs.tencentyun.com/ccs-dev/etcd:v3.4.9
3.4.13: |
image: ccr.ccs.tencentyun.com/ccs-dev/etcd:v3.4.13
kind: ConfigMap
metadata:
labels:
cloud.tencent.com/kstone-config-name: etcd-version-global-config
cloud.tencent.com/kstone-config-version: 0.0.1
name: etcd-version-global-config
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
data:
tls.crt: |
-----BEGIN CERTIFICATE-----
MIIDSTCCAjGgAwIBAgIUQxapCztxSiDvusPIrujEiA+k4q0wDQYJKoZIhvcNAQEL
BQAwUTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEPMA0G
A1UECgwGS3N0b25lMRcwFQYDVQQDDA5Lc3RvbmUgUm9vdCBDQTAeFw0yMjA0MTUx
MDIwMjBaFw0zMjA0MTIxMDIwMjBaME8xCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJH
RDELMAkGA1UEBwwCU1oxDzANBgNVBAoMBktzdG9uZTEVMBMGA1UEAwwMKi5rc3Rv
bmUuc3ZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zOVN79sFHPh
Uu9E1g4h212pujyAcVEKsJ59mUSsj54CTrCZJBgP4U2w9DxAYPwB8sE4SY7mCNJ4
MLwGJwUW9rmHovLDQHIqhD1uhT7HEwY64l5AuLgOtGtiwB2ybaOsPtJyPbYLz4kY
UG1CAvwziPfn+TntcFzbRsJ2YE3BooHIzjSB3tnbZGyCPHjfw9YpnFV0jdnapY2M
yhhIfHtqiM9XjvE8A+bkJ1mukBtPbQUGPqz5k3/pZkIFjeGJaGp1Hj+Gun8A8ubt
vi4ZDjXrjVSZKRkQL/M9n2WyF8IJ5aqvXgcy5xAyFL5BXxF4lpvNJZ00pyblb5/d
m3t61G8KYQIDAQABoxswGTAXBgNVHREEEDAOggwqLmtzdG9uZS5zdmMwDQYJKoZI
hvcNAQELBQADggEBAE1KRq6fSEHoYUvbuL0UffGEdi00l5+f6auYB+57YImAnibS
/J2I+Kjg5yzjpDXrNivXHiKv8ei83Me0dOcsrfR8k3VeQCMd9ucqa0Z88lDTnrGe
srjClYS0eGfsQslFEyESVolgLpf6RQJhMk9PIp+60KqUhiC9RjsHyWRwMMGHmGuC
Z/hJ/ljI+G2Kr8Z+OrE3gJxXqXyjRoaqhW+dZESiqiuzx0Yzqze88zX4ftelqTH5
uJNVmhWC2kFr/FKjfP6GCfEeI/lnbTCOMfueiISZbRK2J2tWWOhgc37uPcX8N+XB
eWJO40lJb/TDtIqsOWW04hqJx4m5tLQK+YRnf0k=
-----END CERTIFICATE-----
tls.key: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbM5U3v2wUc+FS
70TWDiHbXam6PIBxUQqwnn2ZRKyPngJOsJkkGA/hTbD0PEBg/AHywThJjuYI0ngw
vAYnBRb2uYei8sNAciqEPW6FPscTBjriXkC4uA60a2LAHbJto6w+0nI9tgvPiRhQ
bUIC/DOI9+f5Oe1wXNtGwnZgTcGigcjONIHe2dtkbII8eN/D1imcVXSN2dqljYzK
GEh8e2qIz1eO8TwD5uQnWa6QG09tBQY+rPmTf+lmQgWN4YloanUeP4a6fwDy5u2+
LhkONeuNVJkpGRAv8z2fZbIXwgnlqq9eBzLnEDIUvkFfEXiWm80lnTSnJuVvn92b
e3rUbwphAgMBAAECggEBAL/MYsRkui0rN/1ZXuHte7J2Qgyy47BDORdRlpSFgngn
yd0QqO7sHvkFAdCy56H037+JUbcLUjxl7MS3wKpjybQYopXx1OaO/qS3G/168LW0
vdFUp0z5v+QeEkoHshg9HnnZqhxVLgBp9NxqvVffVTiDsnZgOWIX3cYMYYfigYuu
ZUuN6VdtnIB+zZC84qy8zHBgre5DokFbUmzV4l/qyZYaURinkiBr6FSBvVPoieSl
fKIEFyVqpY6GaG7zQQ+hdnc+sfBStdLaF03WDvDnEgBU/z8/6vI36EPF5gSMd+Dv
m0tcKeIqw7xPVHfrh/AJTkBGY/Vq+zZL2LdOj3fJAAECgYEA8+Ke3Gp5XVwLjPNq
HEODJu1yiurYD/jZ2etpMPzz8Xyz1jMAXRgSa7fC1xbsVauo4ISIZndf8Gb48PU4
m7tqbUvfnRoCB/OLPlTeNXedL6ygPgzb6TLrd3LMg+snkUSuJQxKWYmIdcAf2Jfo
ww5AyQLlcM1kRL+fduSTWH4uDP0CgYEA5hcR+0mz+YqK5TdL9nVTnMRmNLaAAPAk
Low34YsvSZ1gL/0d0pmNkwFmwxdM17JKkfq2CKOLo1A7aBKJSRdq3EhsTNh3qNRu
EYTS50V/k/zQ7eCHP+hNp+hkbCCp6m0YjqCiCjrd2if2VZpNR/sivPMydd6M+2Vm
DGoo9gXb4jUCgYBnXST3Rikp6Fj85C2UzQhI91oUhnQMUOwD8EIlARBiyPdvUS5W
Rl2ISdnKT2za4mYwwfsNcoq22O2pMkVLu6Lfr8iWTO+PbykUweNrxcZY7lD7+3c4
3tvtRDpprsCWUQV9rjfUuvWa8lKM+dUs1l2e1BtqM6LLgGuVeEr6tn/OAQKBgFGj
O+ESHIZczr1Xal9u75S+5pirbC1pBx1w6N7guI2BBkDgqTUxAFd5dtGfsccSXnz/
HJliFciDTiC1+vnxEhxIogx9/a7seIVEwGQId6S1XhgYw0Q8k1kRDpiC2mbwAHeS
rQu+KTsfVLq4vdTdWUz7aRsDNLh6GMQs4o2wNH1FAoGALN8PNIR/Sl+XoCEyGFmj
vhZONbogmL8e4V66bJhs6gRb4df/Fb64HWJnrr+TLoMIFyueR+OcUzD0bcIhaHem
5fztFZw2tHDASXvvFBX8q8plRD8pm+0BQfw3Rb088xdounD0TpkRFX8dIWLjpFVx
YHRIG5x6bCuy2MPLoeASJzc=
-----END PRIVATE KEY-----
kind: ConfigMap
metadata:
name: kstone-etcd-operator-cert
namespace: {{ .Release.Namespace }}
================================================
FILE: charts/charts/etcd-operator/templates/crd.yaml
================================================
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.6.2
creationTimestamp: null
name: etcdclusters.etcd.tkestack.io
spec:
group: etcd.tkestack.io
names:
kind: EtcdCluster
listKind: EtcdClusterList
plural: etcdclusters
shortNames:
- etcd
singular: etcdcluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.size
name: SIZE
type: string
- jsonPath: .status.phase
name: STATUS
type: string
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: EtcdCluster is a specification for a EtcdCluster resource
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of the desired behavior of the EtcdCluster.
properties:
clientPort:
description: ClientPort is the client port which using to access an
etcd cluster
format: int32
type: integer
learners:
description: Learners contains the sequence number of the etcd node
which will be created as a learner node. You can remove the corresponding
sequence number when you want to promote learner to member
items:
type: string
type: array
provider:
description: You can choose different Provider as the carrier for
etcd to run
type: string
repository:
description: Repository is the name of the repository that hosts etcd
container images. By default, it is `quay.io/coreos/etcd`.
type: string
secure:
description: Secure contains the etcd cluster's tls and authentication
configuration
properties:
auth:
description: etcd authorization configuration
properties:
credentialSecret:
description: CredentialSecretRef is a secret reference which
contains username and password
properties:
name:
description: Name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: Namespace defines the space within which
the secret name must be unique.
type: string
type: object
type: object
tls:
description: TLS represents the etcd whether to use https protocol
to serve
properties:
autoTLSCert:
description: AutoTLSCert contains the cert generating option
of etcd operator
properties:
autoGenerateClientCert:
type: boolean
autoGeneratePeerCert:
type: boolean
autoGenerateServerCert:
type: boolean
externalCASecret:
description: you can use ExternalCASecret to signing the
cert which etcd use, if empty, etcd operator will generate
a self-signed certificate
type: string
extraServerCertSANs:
description: ExtraServerCertSANs sets extra Subject Alternative
Names for the etcd server signing cert.
items:
type: string
type: array
type: object
externalCerts:
description: ExternalCerts means using an extra cert
properties:
clientSecret:
description: ClientSecret contains the certificate and
key which etcd use, including ca.pem, client.crt, client.key
type: string
peerSecret:
description: PeerSecret contains the certificate and key
which etcd use, including ca.pem, peer.crt, peer.key
type: string
serverSecret:
description: ServerSecret contains the certificate and
key which etcd use, including ca.pem, server.crt, server.key
type: string
required:
- clientSecret
- peerSecret
- serverSecret
type: object
type: object
type: object
size:
description: Size is the etcd cluster's node count, contains voter
member and learner
format: int32
type: integer
template:
description: Template is the etcd cluster's deployment template
properties:
affinity:
description: If specified, the etcd node scheduling constraints
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods
to nodes that satisfy the affinity expressions specified
by this field, but it may choose a node that violates
one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights,
i.e. for each node that meets all of the scheduling
requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating
through the elements of this field and adding "weight"
to the sum if the node matches the corresponding matchExpressions;
the node(s) with the highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects
(i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
the corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is
a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn, the
values array must be non-empty. If the
operator is Exists or DoesNotExist,
the values array must be empty. If the
operator is Gt or Lt, the values array
must have a single element, which will
be interpreted as an integer. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is
a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn, the
values array must be non-empty. If the
operator is Exists or DoesNotExist,
the values array must be empty. If the
operator is Gt or Lt, the values array
must have a single element, which will
be interpreted as an integer. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the
corresponding nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the affinity requirements
specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system
may or may not try to eventually evict the pod from
its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term
matches no objects. The requirements of them are
ANDed. The TopologySelectorTerm type implements
a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is
a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn, the
values array must be non-empty. If the
operator is Exists or DoesNotExist,
the values array must be empty. If the
operator is Gt or Lt, the values array
must have a single element, which will
be interpreted as an integer. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is
a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn, the
values array must be non-empty. If the
operator is Exists or DoesNotExist,
the values array must be empty. If the
operator is Gt or Lt, the values array
must have a single element, which will
be interpreted as an integer. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
co-locate this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods
to nodes that satisfy the affinity expressions specified
by this field, but it may choose a node that violates
one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights,
i.e. for each node that meets all of the scheduling
requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating
through the elements of this field and adding "weight"
to the sum if the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum are
the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by
this field and the ones listed in the namespaces
field. null selector and null or empty namespaces
list means "this pod's namespace". An empty
selector ({}) matches all namespaces. This
field is alpha-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to.
The term is applied to the union of the namespaces
listed in this field and the ones selected
by namespaceSelector. null or empty namespaces
list and null namespaceSelector means "this
pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching the labelSelector in the specified
namespaces, where co-located is defined as
running on a node whose value of the label
with key topologyKey matches that of any node
on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the
corresponding podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the affinity requirements
specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update),
the system may or may not try to eventually evict the
pod from its node. When there are multiple elements,
the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not
co-located (anti-affinity) with, where co-located
is defined as running on a node whose value of the
label with key matches that of any node
on which a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces. This field is alpha-level
and is only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules
(e.g. avoid putting this pod in the same node, zone, etc.
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods
to nodes that satisfy the anti-affinity expressions
specified by this field, but it may choose a node that
violates one or more of the expressions. The node that
is most preferred is the one with the greatest sum of
weights, i.e. for each node that meets all of the scheduling
requirements (resource request, requiredDuringScheduling
anti-affinity expressions, etc.), compute a sum by iterating
through the elements of this field and adding "weight"
to the sum if the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum are
the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by
this field and the ones listed in the namespaces
field. null selector and null or empty namespaces
list means "this pod's namespace". An empty
selector ({}) matches all namespaces. This
field is alpha-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to.
The term is applied to the union of the namespaces
listed in this field and the ones selected
by namespaceSelector. null or empty namespaces
list and null namespaceSelector means "this
pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching the labelSelector in the specified
namespaces, where co-located is defined as
running on a node whose value of the label
with key topologyKey matches that of any node
on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the
corresponding podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified
by this field are not met at scheduling time, the pod
will not be scheduled onto the node. If the anti-affinity
requirements specified by this field cease to be met
at some point during pod execution (e.g. due to a pod
label update), the system may or may not try to eventually
evict the pod from its node. When there are multiple
elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not
co-located (anti-affinity) with, where co-located
is defined as running on a node whose value of the
label with key matches that of any node
on which a pod of the set of pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces. This field is alpha-level
and is only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
env:
description: List of environment variables to set in the container.
Cannot be updated.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in the
container and any service environment variables. If a
variable cannot be resolved, the reference in the input
string will be unchanged. The $(VAR_NAME) syntax can be
escaped with a double $$, ie: $$(VAR_NAME). Escaped references
will never be expanded, regardless of whether the variable
exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels['''']`,
`metadata.annotations['''']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
extraArgs:
description: ExtraArgs will be directly used as extra parameters
to start etcd
items:
type: string
type: array
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used to
organize and categorize (scope and select) objects. May match
selectors of replication controllers and services. More info:
http://kubernetes.io/docs/user-guide/labels'
type: object
persistentVolumeClaimSpec:
description: PersistentVolumeClaimSpec is a list of claims that
pods are allowed to reference.
properties:
accessModes:
description: 'AccessModes contains the desired access modes
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'This field can be used to specify either: *
An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
* An existing PVC (PersistentVolumeClaim) * An existing
custom resource that implements data population (Alpha)
In order to use custom resource types that implement data
population, the AnyVolumeDataSource feature gate must be
enabled. If the provisioner or an external controller can
support the specified data source, it will create a new
volume based on the contents of the specified data source.'
properties:
apiGroup:
description: APIGroup is the group for the resource being
referenced. If APIGroup is not specified, the specified
Kind must be in the core API group. For any other third-party
types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
resources:
description: 'Resources represents the minimum resources the
volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of
compute resources required. If Requests is omitted for
a container, it defaults to Limits if that is explicitly
specified, otherwise to an implementation-defined value.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
selector:
description: A label query over volumes to consider for binding.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
storageClassName:
description: 'Name of the StorageClass required by the claim.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume is required
by the claim. Value of Filesystem is implied when not included
in claim spec.
type: string
volumeName:
description: VolumeName is the binding reference to the PersistentVolume
backing this claim.
type: string
type: object
resources:
description: Compute Resources required by each etcd node.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple using
the matching operator .
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
topologySpreadConstraints:
description: TopologySpreadConstraints describes how a group of
pods ought to spread across topology domains. Scheduler will
schedule pods in a way which abides by the constraints. This
field is only honored by clusters that enable the EvenPodsSpread
feature. All topologySpreadConstraints are ANDed.
items:
description: TopologySpreadConstraint specifies how to spread
matching pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching pods.
Pods that match this label selector are counted to determine
the number of pods in their corresponding topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
maxSkew:
description: 'MaxSkew describes the degree to which pods
may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the number
of matching pods in the target topology and the global
minimum. For example, in a 3-zone cluster, MaxSkew is
set to 1, and pods with the same labelSelector spread
as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- if MaxSkew is 1, incoming pod can only be scheduled
to zone3 to become 1/1/1; scheduling it onto zone1(zone2)
would make the ActualSkew(2-0) on zone1(zone2) violate
MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled
onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies that
satisfy it. It''s a required field. Default value is 1
and 0 is not allowed.'
format: int32
type: integer
topologyKey:
description: TopologyKey is the key of node labels. Nodes
that have a label with this key and identical values are
considered to be in the same topology. We consider each
as a "bucket", and try to put balanced number
of pods into each bucket. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal with
a pod if it doesn''t satisfy the spread constraint. -
DoNotSchedule (default) tells the scheduler not to schedule
it. - ScheduleAnyway tells the scheduler to schedule the
pod in any location, but giving higher precedence to
topologies that would help reduce the skew. A constraint
is considered "Unsatisfiable" for an incoming pod if and
only if every possible node assigment for that pod would
violate "MaxSkew" on some topology. For example, in a
3-zone cluster, MaxSkew is set to 1, and pods with the
same labelSelector spread as 3/1/1: | zone1 | zone2 |
zone3 | | P P P | P | P | If WhenUnsatisfiable
is set to DoNotSchedule, incoming pod can only be scheduled
to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1)
on zone2(zone3) satisfies MaxSkew(1). In other words,
the cluster can still be imbalanced, but scheduler won''t
make it *more* imbalanced. It''s a required field.'
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
x-kubernetes-list-map-keys:
- topologyKey
- whenUnsatisfiable
x-kubernetes-list-type: map
type: object
version:
description: Version is the etcd cluster version, which follow the
semantic versioning specification, like v3.4.13
type: string
required:
- size
- version
type: object
status:
description: Most recently observed status of the EtcdCluster.
properties:
clientCertSecretName:
type: string
conditions:
items:
description: EtcdClusterCondition contains details for the current
condition of this etcdcluster.
properties:
lastHeartbeatTime:
description: Last time we got an update on a given condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transit from one status
to another.
format: date-time
type: string
message:
description: Human readable message indicating details about
last transition.
type: string
reason:
description: (brief) reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of etcdcluster condition.
type: string
required:
- status
- type
type: object
type: array
controlPaused:
type: boolean
loadBalancer:
description: LoadBalancerStatus represents the status of a load-balancer.
properties:
ingress:
description: Ingress is a list containing ingress points for the
load-balancer. Traffic intended for the service should be sent
to these ingress points.
items:
description: 'LoadBalancerIngress represents the status of a
load-balancer ingress point: traffic intended for the service
should be sent to an ingress point.'
properties:
hostname:
description: Hostname is set for load-balancer ingress points
that are DNS based (typically AWS load-balancers)
type: string
ip:
description: IP is set for load-balancer ingress points
that are IP based (typically GCE or OpenStack load-balancers)
type: string
ports:
description: Ports is a list of records of service ports
If used, every port defined in the service should have
an entry in it
items:
properties:
error:
description: 'Error is to record the problem with
the service port The format of the error shall comply
with the following rules: - built-in error values
shall be specified in this file and those shall
use CamelCase names - cloud provider specific
error values must have names that comply with the format
foo.example.com/CamelCase. --- The regex it matches
is (dns1123SubdomainFmt/)?(qualifiedNameFmt)'
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
port:
description: Port is the port number of the service
port of which status is recorded here
format: int32
type: integer
protocol:
default: TCP
description: 'Protocol is the protocol of the service
port of which status is recorded here The supported
values are: "TCP", "UDP", "SCTP"'
type: string
required:
- port
- protocol
type: object
type: array
x-kubernetes-list-type: atomic
type: object
type: array
type: object
members:
items:
description: EtcdMember describe the status of an etcd cluster member
node
properties:
clientURLs:
items:
type: string
type: array
endpoint:
type: string
id:
format: uint64
type: number
name:
type: string
role:
description: EtcdMemberRole define the role type of etcd node
type: string
status:
description: EtcdMemberStatus define the status of an etcd cluster
member
type: string
version:
type: string
required:
- id
type: object
type: array
phase:
description: EtcdClusterPhase is a label for the condition of an etcd
cluster at the current time.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/etcd-operator/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "etcd-operator.fullname" . }}
labels:
{{- include "etcd-operator.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "etcd-operator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "etcd-operator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccountName }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
command:
- /app/bin/kstone-etcd-operator
args:
- --leader-elect-resource-namespace
- {{ .Release.Namespace }}
- --tls-cert-file
- "/etc/certs/tls.crt"
- --tls-private-key-file
- "/etc/certs/tls.key"
- --v
- "3"
env:
- name: WATCH_NAMESPACE
value: {{ .Release.Namespace }}
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: OPERATOR_NAME
value: {{ include "etcd-operator.fullname" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- mountPath: /etc/certs
name: kstone-etcd-operator-cert
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
volumes:
- configMap:
defaultMode: 420
name: kstone-etcd-operator-cert
name: kstone-etcd-operator-cert
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: charts/charts/etcd-operator/templates/service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: {{ include "etcd-operator.fullname" . }}
labels:
{{- include "etcd-operator.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
protocol: TCP
name: tcp
selector:
{{- include "etcd-operator.selectorLabels" . | nindent 4 }}
================================================
FILE: charts/charts/etcd-operator/templates/webhook.yaml
================================================
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: kstone-etcd-operator-mutating-admission
webhooks:
- clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnekNDQW11Z0F3SUJBZ0lVRTFRcmYwYmZvZU9pdnFSL2w4ZldsTVI1cmdBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWtkRU1Rc3dDUVlEVlFRSERBSlRXakVQTUEwRwpBMVVFQ2d3R1MzTjBiMjVsTVJjd0ZRWURWUVFEREE1TGMzUnZibVVnVW05dmRDQkRRVEFlRncweU1qQTBNVFV4Ck1ESXdNRFphRncwek1qQTBNVEl4TURJd01EWmFNRkV4Q3pBSkJnTlZCQVlUQWtOT01Rc3dDUVlEVlFRSURBSkgKUkRFTE1Ba0dBMVVFQnd3Q1Uxb3hEekFOQmdOVkJBb01Ca3R6ZEc5dVpURVhNQlVHQTFVRUF3d09TM04wYjI1bApJRkp2YjNRZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNEpMTzhDaGxvClMwMWpudGNrenJhR1NYZTlVSE1FR3M3SEJPU0xvT3VQd3FsRmFoUGRiR1ZTU0t5a2pLUFJRLzQ4UHVUUHp1VmkKNi9GNytSY2VWMHdUUUdNdkxBdE90TUQrclhZRTlsNGtEN041aWxvMTJFRTdnNDhpZDFqbHFIUWY0RWh4QkhqUwp5TWFaSHltZEp0N0t6NWhFQW5IY3o4RWhMZ3RpNWxqY1ROak9Sd2h4M1MwWU9FTjdWSExKeUUwRGdpYWdhZnh3CjhBakE4MWM1MGdUYmxDeWszUEdCQm5FNHg0Y2JqNmt3SVlwNXY2RE9GUHE0RGd2Tm5jR1FVS3NHWWE5aFp0MDYKSHA1TDgyUUhZRlM2UjlEVGR0QzJtM0x4dzZ0V3hBSmIxOEV2QkVrMXducHdWdEc2WVBFOHFBMnI1ZmV5UDZlegoyakpWc095MSs5L2hBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlRVUy9nbWRKcnNYeVZRQ1NwTTk5QU05Rm9oCmtUQWZCZ05WSFNNRUdEQVdnQlRVUy9nbWRKcnNYeVZRQ1NwTTk5QU05Rm9oa1RBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTEybVkzMTdSSnZ0R3FrcC9zUHdvdjZzYVNVbThSRndNWQpHdTk1VUsyMkRCOHIrNC9zcWtteERKTHNDbHB0ZUZBY3Y1QkszdzhRcXpKQlR1cDVWMUdnMWZkZk04bkFlUDZWCllXa0tJZGk1RXF0bWJsTlZSNkYzWEFxODUvcnltaW5MdlV0VEhpcUdhbTZ0dk1sWHZPOHc0Z3hwNS9Kdmt5bkYKZFVGMloyaEVmSGw3T3gzWGhrOVBoNEI3MEIrTUVBU0dHd1RBaXduQThVN3RBZEgzeHc0NGlTZGt2NXBMbGtZQgoxTDZCVzNWbVg2RjJiNkRlSWoyVmVGT0FEVndLa2hPVkRFVTVSQm9zTVYrem0vMTRabnVIOVprR0dtSXBDVTFXCmZWdFZxbnVXUE1hSWJ3UlY3ZVg1WlFaaVBFRFJPZzg2cVJQdit6Z1g3WExITHp0VEpCQWYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
service:
name: kstone-etcd-operator
namespace: {{ .Release.Namespace }}
path: "/mutating-etcd"
failurePolicy: Fail
name: {{ include "etcd-operator.fullname" . }}.{{ .Release.Namespace }}.svc
admissionReviewVersions: ["v1"]
sideEffects: NoneOnDryRun
rules:
- apiGroups: [ "etcd.tkestack.io" ]
apiVersions: [ "v1alpha1" ]
operations: [ "CREATE", "UPDATE" ]
resources: [ "etcdclusters" ]
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: kstone-etcd-operator-validating-admission
webhooks:
- clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURnekNDQW11Z0F3SUJBZ0lVRTFRcmYwYmZvZU9pdnFSL2w4ZldsTVI1cmdBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWtkRU1Rc3dDUVlEVlFRSERBSlRXakVQTUEwRwpBMVVFQ2d3R1MzTjBiMjVsTVJjd0ZRWURWUVFEREE1TGMzUnZibVVnVW05dmRDQkRRVEFlRncweU1qQTBNVFV4Ck1ESXdNRFphRncwek1qQTBNVEl4TURJd01EWmFNRkV4Q3pBSkJnTlZCQVlUQWtOT01Rc3dDUVlEVlFRSURBSkgKUkRFTE1Ba0dBMVVFQnd3Q1Uxb3hEekFOQmdOVkJBb01Ca3R6ZEc5dVpURVhNQlVHQTFVRUF3d09TM04wYjI1bApJRkp2YjNRZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDNEpMTzhDaGxvClMwMWpudGNrenJhR1NYZTlVSE1FR3M3SEJPU0xvT3VQd3FsRmFoUGRiR1ZTU0t5a2pLUFJRLzQ4UHVUUHp1VmkKNi9GNytSY2VWMHdUUUdNdkxBdE90TUQrclhZRTlsNGtEN041aWxvMTJFRTdnNDhpZDFqbHFIUWY0RWh4QkhqUwp5TWFaSHltZEp0N0t6NWhFQW5IY3o4RWhMZ3RpNWxqY1ROak9Sd2h4M1MwWU9FTjdWSExKeUUwRGdpYWdhZnh3CjhBakE4MWM1MGdUYmxDeWszUEdCQm5FNHg0Y2JqNmt3SVlwNXY2RE9GUHE0RGd2Tm5jR1FVS3NHWWE5aFp0MDYKSHA1TDgyUUhZRlM2UjlEVGR0QzJtM0x4dzZ0V3hBSmIxOEV2QkVrMXducHdWdEc2WVBFOHFBMnI1ZmV5UDZlegoyakpWc095MSs5L2hBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlRVUy9nbWRKcnNYeVZRQ1NwTTk5QU05Rm9oCmtUQWZCZ05WSFNNRUdEQVdnQlRVUy9nbWRKcnNYeVZRQ1NwTTk5QU05Rm9oa1RBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTEybVkzMTdSSnZ0R3FrcC9zUHdvdjZzYVNVbThSRndNWQpHdTk1VUsyMkRCOHIrNC9zcWtteERKTHNDbHB0ZUZBY3Y1QkszdzhRcXpKQlR1cDVWMUdnMWZkZk04bkFlUDZWCllXa0tJZGk1RXF0bWJsTlZSNkYzWEFxODUvcnltaW5MdlV0VEhpcUdhbTZ0dk1sWHZPOHc0Z3hwNS9Kdmt5bkYKZFVGMloyaEVmSGw3T3gzWGhrOVBoNEI3MEIrTUVBU0dHd1RBaXduQThVN3RBZEgzeHc0NGlTZGt2NXBMbGtZQgoxTDZCVzNWbVg2RjJiNkRlSWoyVmVGT0FEVndLa2hPVkRFVTVSQm9zTVYrem0vMTRabnVIOVprR0dtSXBDVTFXCmZWdFZxbnVXUE1hSWJ3UlY3ZVg1WlFaaVBFRFJPZzg2cVJQdit6Z1g3WExITHp0VEpCQWYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
service:
name: kstone-etcd-operator
namespace: {{ .Release.Namespace }}
path: "/validating-etcd"
failurePolicy: Fail
name: {{ include "etcd-operator.fullname" . }}.{{ .Release.Namespace }}.svc
admissionReviewVersions: ["v1"]
sideEffects: NoneOnDryRun
rules:
- apiGroups: [ "etcd.tkestack.io" ]
apiVersions: [ "v1alpha1" ]
operations: [ "CREATE", "UPDATE" ]
resources: [ "etcdclusters" ]
================================================
FILE: charts/charts/etcd-operator/values.yaml
================================================
# Default values for etcd-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: tkestack/kstone-etcd-operator-amd64
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.0.1-alpha.3"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
prodResources:
limits:
cpu: 2
memory: 4G
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 100m
memory: 50Mi
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccountName: kstone
service:
type: ClusterIP
port: 443
================================================
FILE: charts/charts/grafana/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/grafana/Chart.yaml
================================================
apiVersion: v2
name: grafana
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
================================================
FILE: charts/charts/grafana/dashboards/0.json
================================================
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "Etcd Dashboard for Prometheus metrics scraper",
"editable": true,
"gnetId": 3070,
"graphTooltip": 0,
"id": 1,
"iteration": 1652444252935,
"links": [],
"panels": [
{
"collapsed": false,
"datasource": null,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 80,
"panels": [],
"title": "etcd",
"type": "row"
},
{
"cacheTimeout": null,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"mappings": [
{
"options": {
"0": {
"text": "NO"
},
"1": {
"text": "YES"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "rgba(245, 54, 54, 0.9)",
"value": null
},
{
"color": "rgba(237, 129, 40, 0.89)",
"value": 1
},
{
"color": "rgba(50, 172, 45, 0.97)",
"value": 0
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 1
},
"id": 44,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"mean"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.3",
"targets": [
{
"expr": "max(etcd_server_has_leader{job=\"$job\"})",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 600
}
],
"title": "Etcd has a leader?",
"type": "stat"
},
{
"cacheTimeout": null,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 1
},
"id": 42,
"interval": null,
"links": [],
"maxDataPoints": 100,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"reduceOptions": {
"calcs": [
"mean"
],
"fields": "",
"values": false
},
"text": {},
"textMode": "auto"
},
"pluginVersion": "8.0.3",
"targets": [
{
"expr": "max(etcd_server_leader_changes_seen_total{job=\"$job\"})",
"format": "time_series",
"intervalFactor": 2,
"refId": "A",
"step": 600
}
],
"title": "The number of leader changes seen",
"type": "stat"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 8
},
"hiddenSeries": false,
"id": 23,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(grpc_server_handled_total{job=\"$job\"}[5m])) by (job, endpoint, grpc_method, instance) > 0",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}_{{grpc_method}} ",
"metric": "grpc_server_started_total",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "RPC Rate",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 8
},
"hiddenSeries": false,
"id": 72,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(increase(grpc_server_handled_total{job=\"$job\"}[2m])) by (job, endpoint, grpc_method, instance) ",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}_{{grpc_method}} ",
"metric": "grpc_server_started_total",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "RPC Increase",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "cpm",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": null,
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 17
},
"hiddenSeries": false,
"id": 1,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "etcd_debugging_mvcc_db_total_size_in_bytes{job=\"$job\"}",
"format": "time_series",
"hide": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"metric": "",
"refId": "A",
"step": 120
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "DB Size",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": null,
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 17
},
"hiddenSeries": false,
"id": 82,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "etcd_debugging_mvcc_db_total_size_in_bytes{job=\"$job\"}/etcd_server_quota_backend_bytes{job=\"$job\"}",
"format": "time_series",
"hide": false,
"instant": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"metric": "",
"refId": "A",
"step": 120
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "DB Usage Rate",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:192",
"format": "percentunit",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:193",
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 26
},
"hiddenSeries": false,
"id": 3,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": null,
"sortDesc": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 1,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": true,
"targets": [
{
"exemplar": true,
"expr": "histogram_quantile(1, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$job\"}[5m])) by (job,instance,endpoint,le))",
"format": "time_series",
"hide": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} WAL fsync",
"metric": "etcd_disk_wal_fsync_duration_seconds_bucket",
"refId": "A",
"step": 120
},
{
"expr": "histogram_quantile(1, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$job\"}[5m])) by (job, instance,endpoint,le))",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} DB fsync",
"metric": "etcd_disk_backend_commit_duration_seconds_bucket",
"refId": "B",
"step": 120
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Disk Sync Duration",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 26
},
"hiddenSeries": false,
"id": 41,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "etcd_debugging_mvcc_watcher_total{job=\"$job\"}",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}_mvcc_watcher_total",
"metric": "grpc_server_handled_total",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The total number of wathcher",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 35
},
"hiddenSeries": false,
"id": 76,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"rightSide": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(etcd_debugging_disk_backend_commit_spill_duration_seconds_bucket{job=\"$job\"}[5m]) > 0) by (remark,instance,le,grpc_method,endpoint))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "commit_spil_{{remark}}_{{instance}}_{{endpoint}}_{{grpc_method}}",
"refId": "A"
},
{
"expr": "histogram_quantile(0.99, sum(rate(etcd_debugging_disk_backend_commit_rebalance_duration_seconds_bucket{job=\"$job\"}[5m]) > 0) by (remark,instance,le,grpc_method,endpoint))",
"interval": "",
"legendFormat": "commit_rebalance_{{remark}}_{{instance}}_{{endpoint}}_{{grpc_method}}",
"refId": "B"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Disk Commit Latency",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 35
},
"hiddenSeries": false,
"id": 67,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "etcd_debugging_mvcc_pending_events_total{job=\"$job\"}",
"interval": "",
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The total number of pending events",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 5,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 6,
"x": 0,
"y": 43
},
"hiddenSeries": false,
"id": 22,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$job\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"metric": "etcd_network_client_grpc_received_bytes_total",
"refId": "A",
"step": 120
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Client Traffic In",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 5,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 6,
"x": 6,
"y": 43
},
"hiddenSeries": false,
"id": 21,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$job\"}[1m])",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"metric": "etcd_network_client_grpc_sent_bytes_total",
"refId": "A",
"step": 120
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Client Traffic Out",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 43
},
"hiddenSeries": false,
"id": 29,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_resident_memory_bytes{job=\"$job\"}",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Memory",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "etcd_debugging_mvcc_keys_total",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 51
},
"hiddenSeries": false,
"id": 61,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "etcd_debugging_mvcc_keys_total{job=\"$job\"}",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The total number of key",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 6,
"x": 12,
"y": 51
},
"hiddenSeries": false,
"id": 20,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$job\"}[5m])) by (job,instance)",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"metric": "etcd_network_peer_received_bytes_total",
"refId": "A",
"step": 120
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Peer Traffic In",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": null,
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 8,
"w": 6,
"x": 18,
"y": 51
},
"hiddenSeries": false,
"id": 16,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$job\"}[5m])) by (job,instance)",
"format": "time_series",
"hide": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"metric": "etcd_network_peer_sent_bytes_total",
"refId": "A",
"step": 120
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Peer Traffic Out",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 59
},
"hiddenSeries": false,
"id": 40,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$job\"}[5m])) by (job,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} Proposal Failed Total",
"metric": "etcd_server_proposals_failed_total",
"refId": "A",
"step": 60
},
{
"expr": "sum(etcd_server_proposals_pending{job=\"$job\"}) by (job,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} Proposal Pending Total",
"metric": "etcd_server_proposals_pending",
"refId": "B",
"step": 60
},
{
"expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$job\"}[5m])) by (job,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} Proposal Commit Rate",
"metric": "etcd_server_proposals_committed_total",
"refId": "C",
"step": 60
},
{
"expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$job\"}[5m])) by (job,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} Proposal Apply Rate",
"refId": "D",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Raft Proposals",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": 0,
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 0,
"fillGradient": 0,
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 59
},
"hiddenSeries": false,
"id": 19,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"rightSide": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "changes(etcd_server_leader_changes_seen_total{job=\"$job\"}[6h]) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"metric": "etcd_server_leader_changes_seen_total",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Total Leader Elections Per Day",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 67
},
"hiddenSeries": false,
"id": 46,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=\"$job\", grpc_method=~\"Range|Txn\"}[5m]) > 0) by (remark,instance,le,grpc_method,endpoint))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{remark}}_{{instance}}_{{endpoint}}_{{grpc_method}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "etcd GRPC Latency",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "indicates how many proposals are queued to commit. Rising pending proposals suggests there is a high client load or the member cannot commit proposals.",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 67
},
"hiddenSeries": false,
"id": 5,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "max",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(etcd_server_proposals_pending{job=\"$job\"}) by (job,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} Proposals pending",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Proposals Pending",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "proposals_committed_total records the total number of consensus proposals committed. This gauge should increase over time if the cluster is healthy. Several healthy members of an etcd cluster may have different total committed proposals at once. This discrepancy may be due to recovering from peers after starting, lagging behind the leader, or being the leader and therefore having the most commits. It is important to monitor this metric across all the members in the cluster; a consistently large lag between a single member and its leader indicates that member is slow or unhealthy.\n\nproposals_applied_total records the total number of consensus proposals applied. The etcd server applies every committed proposal asynchronously. The difference between proposals_committed_total and proposals_applied_total should usually be small (within a few thousands even under high load). If the difference between them continues to rise, it indicates that the etcd server is overloaded. This might happen when applying expensive queries like heavy range queries or large txn operations.",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 76
},
"hiddenSeries": false,
"id": 2,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"max": true,
"min": false,
"rightSide": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$job\"}[5m])) by (job,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} total number of consensus proposals committed",
"metric": "",
"refId": "A",
"step": 60
},
{
"expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$job\"}[5m])) by (job,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}} total number of consensus proposals applied",
"metric": "",
"refId": "B",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The total number of consensus proposals committed",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 76
},
"hiddenSeries": false,
"id": 71,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "etcd_server_slow_apply_total{job=\"$job\"}",
"interval": "",
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The total number of slow apply",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 85
},
"hiddenSeries": false,
"id": 65,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "go_goroutines{job=\"$job\"}",
"interval": "",
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 85
},
"hiddenSeries": false,
"id": 69,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "etcd_debugging_mvcc_slow_watcher_total{job=\"$job\"}",
"interval": "",
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The total number of slow watcher",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 94
},
"hiddenSeries": false,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_disk_wal_fsync_duration_seconds_sum{job=\"$job\"}[1m])) by (job) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}}\tThe latency distributions of fsync called by wal",
"refId": "A",
"step": 30
},
{
"expr": "sum(rate(etcd_disk_backend_commit_duration_seconds_sum{job=\"$job\"}[1m])) by (job) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}} The latency distributions of commit called by backend",
"refId": "B",
"step": 30
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Disks Operations",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "auth revision increase",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 94
},
"hiddenSeries": false,
"id": 75,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "increase(etcd_debugging_auth_revision{job=\"$job\"}[5m])",
"interval": "",
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Auth Revison Increase",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "count/5m",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "Auth Revision",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 103
},
"hiddenSeries": false,
"id": 74,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"rightSide": false,
"show": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "etcd_debugging_auth_revision{job=\"$job\"}",
"interval": "",
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Auth Revison",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "Abnormally high snapshot duration (snapshot_save_total_duration_seconds) indicates disk issues and might cause the cluster to be unstable.",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 103
},
"hiddenSeries": false,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_debugging_snap_save_total_duration_seconds_sum{job=\"$job\"}[1m])) by (job)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}} The total latency distributions of save called by snapshot",
"refId": "A",
"step": 30
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Snapshot Duration",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 112
},
"hiddenSeries": false,
"id": 86,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "etcd_debugging_lease_granted_total{job=\"$job\"} - etcd_debugging_lease_revoked_total{job=\"$job\"}",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A",
"step": 30
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "current lease count",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:231",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:232",
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 112
},
"hiddenSeries": false,
"id": 87,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "histogram_quantile(0.99, sum(rate(etcd_debugging_mvcc_db_compaction_pause_duration_milliseconds_bucket{job=\"$job\"}[5m])) by (job,instance,endpoint,le))",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A",
"step": 30
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "compaction_pause_duration P99",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:231",
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:232",
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 121
},
"hiddenSeries": false,
"id": 88,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "histogram_quantile(0.99, sum(rate(etcd_debugging_mvcc_index_compaction_pause_duration_milliseconds_bucket{job=\"$job\"}[5m])) by (job,instance,endpoint,le))",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}",
"refId": "A",
"step": 30
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "mvcc_index_compaction_pause_duration P99",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"$$hashKey": "object:231",
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"$$hashKey": "object:232",
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 121
},
"hiddenSeries": false,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"$job\"}[1m])) by (job) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}} The total number of bytes received by grpc clients",
"refId": "A",
"step": 30
},
{
"expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"$job\"}[1m])) by (job) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{job}} The total number of bytes sent to grpc clients",
"refId": "B",
"step": 30
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Network",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 130
},
"hiddenSeries": false,
"id": 50,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_http_received_total{job=\"$job\"}[5m])) by (method,instance,job)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}_{{method}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "ETCD V2 HTTP QPS",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 130
},
"hiddenSeries": false,
"id": 52,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(etcd_http_successful_duration_seconds_bucket{job=\"$job\"}[5m]) ) by (job,instance,method,le))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{job}}_{{instance}}_{{endpoint}}_{{method}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "ETCD V2 HTTP Latency",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"collapsed": false,
"datasource": null,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 139
},
"id": 78,
"panels": [],
"title": "Kstone Inspection",
"type": "row"
},
{
"cacheTimeout": null,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"mappings": [],
"noValue": "0"
},
"overrides": [
{
"__systemRef": "hideSeriesFrom",
"matcher": {
"id": "byNames",
"options": {
"mode": "exclude",
"names": [
"Healthy",
"Unhealthy_demo-etcd.kstone.svc.cluster.local",
"Unhealthy"
],
"prefix": "All except:",
"readOnly": true
}
},
"properties": [
{
"id": "custom.hideFrom",
"value": {
"legend": false,
"tooltip": false,
"viz": true
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Healthy"
},
"properties": [
{
"id": "mappings",
"value": [
{
"options": {
"from": 0,
"result": {
"color": "green",
"index": 0
},
"to": 100
},
"type": "range"
}
]
}
]
},
{
"matcher": {
"id": "byRegexp",
"options": "Unhealthy.*"
},
"properties": [
{
"id": "mappings",
"value": [
{
"options": {
"from": 0,
"result": {
"color": "red",
"index": 0
},
"to": 100
},
"type": "range"
}
]
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 140
},
"id": 63,
"interval": null,
"links": [],
"maxDataPoints": 1,
"options": {
"displayLabels": [],
"legend": {
"displayMode": "table",
"placement": "right",
"values": [
"value"
]
},
"pieType": "pie",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "7.0.3",
"targets": [
{
"expr": "sum(kstone_inspection_etcd_endpoint_healthy{clusterName=\"$job\"})",
"interval": "",
"legendFormat": "Healthy",
"refId": "A"
},
{
"exemplar": true,
"expr": "count(kstone_inspection_etcd_endpoint_healthy{clusterName=\"$job\"} == 0)",
"interval": "",
"legendFormat": "Unhealthy",
"refId": "B"
}
],
"timeFrom": null,
"timeShift": null,
"title": "The number of healthy/unhealthy endpoint",
"type": "piechart"
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 140
},
"hiddenSeries": false,
"id": 56,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "topk(15, sum by (clusterName,etcdPrefix,resourceName) (kstone_inspection_etcd_key_total{clusterName=\"$job\"}))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{etcdPrefix}}_{{resourceName}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The total number of resource key",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 149
},
"hiddenSeries": false,
"id": 58,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "kstone_inspection_etcd_endpoint_alarm{clusterName=\"$job\"}",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{clusterName}}-{{alarmType}}-{{exported_endpoint}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Alarm",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 149
},
"hiddenSeries": false,
"id": 54,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"rightSide": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "topk(15, sum(rate(kstone_inspection_etcd_request_total{clusterName=\"$job\"}[5m])) by (clusterName,etcdPrefix,grpcMethod,resourceName))",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{etcdPrefix}}_{{grpcMethod}}_{{resourceName}}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Hot Write QPS",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 158
},
"hiddenSeries": false,
"id": 81,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"options": {
"alertThreshold": true
},
"paceLength": 10,
"percentage": false,
"pluginVersion": "8.0.3",
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"exemplar": true,
"expr": "kstone_inspection_etcd_node_diff_total{clusterName=\"$job\"}",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "key_{{clusterName}}",
"refId": "A"
},
{
"exemplar": true,
"expr": "kstone_inspection_etcd_node_revision_diff_total{clusterName=\"$job\"}",
"hide": false,
"interval": "",
"legendFormat": "revision_{{clusterName}}",
"refId": "B"
},
{
"exemplar": true,
"expr": "kstone_inspection_etcd_node_index_diff_total{clusterName=\"$job\"}",
"hide": false,
"interval": "",
"legendFormat": "index_{{clusterName}}",
"refId": "C"
},
{
"exemplar": true,
"expr": "kstone_inspection_etcd_node_raft_applied_index_diff_total{clusterName=\"$job\"}",
"hide": false,
"interval": "",
"legendFormat": "raft_applied_{{clusterName}}",
"refId": "D"
},
{
"exemplar": true,
"expr": "kstone_inspection_etcd_node_raft_index_diff_total{clusterName=\"$job\"}",
"hide": false,
"interval": "",
"legendFormat": "raft_index_{{clusterName}}",
"refId": "E"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "The consistency difference between each node",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"datasource": null,
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 158
},
"id": 85,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"exemplar": true,
"expr": "kstone_inspection_etcd_backup_files",
"interval": "",
"legendFormat": "{{clusterName}}",
"refId": "A"
},
{
"exemplar": true,
"expr": "kstone_inspection_etcd_failed_backup_files",
"hide": false,
"interval": "",
"legendFormat": "{{clusterName}}_failed",
"refId": "B"
}
],
"title": "The number of backup file in the last day",
"type": "timeseries"
},
{
"datasource": null,
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 0,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "auto",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 167
},
"id": 84,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"exemplar": true,
"expr": "kstone_inspection_failed_num",
"interval": "",
"legendFormat": "{{clusterName}}_{{inspectionType}}",
"refId": "A"
}
],
"title": "The total number of failed inspection",
"type": "timeseries"
}
],
"refresh": "",
"schemaVersion": 30,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "",
"value": ""
},
"description": null,
"error": null,
"hide": 2,
"includeAll": false,
"label": "数据源",
"multi": false,
"name": "datasource",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "KSTONE-PROM",
"skipUrlSync": false,
"type": "datasource"
},
{
"allValue": null,
"current": {
"selected": false,
"text": "demo",
"value": "demo"
},
"datasource": "$datasource",
"definition": "query_result(sum by (job) (increase(etcd_server_has_leader{}[$__range])))",
"description": null,
"error": {
"message": "Datasource named was not found"
},
"hide": 0,
"includeAll": false,
"label": "etcd",
"multi": false,
"name": "job",
"options": [],
"query": {
"query": "query_result(sum by (job) (increase(etcd_server_has_leader{}[$__range])))",
"refId": "KSTONE-PROM-job-Variable-Query"
},
"refresh": 1,
"regex": "/.*job=\"(.*)\".*/",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-15m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "Kstone",
"uid": "Hw7tu7aZz123123",
"version": 12
}
================================================
FILE: charts/charts/grafana/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "grafana.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "grafana.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "grafana.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "grafana.labels" -}}
helm.sh/chart: {{ include "grafana.chart" . }}
{{ include "grafana.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "grafana.selectorLabels" -}}
app.kubernetes.io/name: {{ include "grafana.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
================================================
FILE: charts/charts/grafana/templates/configmap.yaml
================================================
apiVersion: v1
data:
grafana.ini: |
[analytics]
check_for_updates = true
[grafana_net]
url = https://grafana.net
[log]
mode = console
[paths]
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
[auth.anonymous]
enabled=true
[security]
allow_embedding = true
[server]
root_url = http://localhost/grafana/
serve_from_sub_path = true
kind: ConfigMap
metadata:
name: grafana
---
apiVersion: v1
data:
prometheus.yaml: |-
apiVersion: 1
datasources:
- name: KSTONE-PROM
type: prometheus
access: proxy
orgId: 1
url: http://{{ .Release.Name }}-prometheus-prometheus.{{ .Release.Namespace }}.svc.cluster.local:9090
isDefault: true
editable: false
kind: ConfigMap
metadata:
labels:
grafana/datasource: default
name: grafana-default-datasource
---
apiVersion: v1
data:
{{ (.Files.Glob "dashboards/*").AsConfig | indent 2 }}
kind: ConfigMap
metadata:
labels:
grafana/dashboards: default
name: grafana-etcd-dashboards
---
apiVersion: v1
data:
dashboard.yaml: |-
apiVersion: 1
providers:
- name: 'dasboard'
type: file
disableDeletion: true
editable: true
updateIntervalSeconds: 10
allowUiUpdates: true
options:
path: /etc/grafana/dashboards
foldersFromFilesStructure: false
kind: ConfigMap
metadata:
name: grafana-dashboard-import
================================================
FILE: charts/charts/grafana/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "grafana.fullname" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "grafana.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccountName }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- emptyDir: {}
name: datasources
- configMap:
defaultMode: 420
name: grafana-dashboard-import
name: dashboard-import
- emptyDir: {}
name: dashboards
- configMap:
defaultMode: 420
name: grafana
name: config
- emptyDir: {}
name: storage
containers:
- args:
- --namespace={{ .Release.Namespace }}
- --flatten
- --configmap-label=grafana/dashboards=default:/etc/grafana/dashboards
- --configmap-label=grafana/datasource=default:/etc/grafana/provisioning/datasources
image: tkestack/configmap-update:v1.0.2
imagePullPolicy: IfNotPresent
name: dashboards-update
resources: {}
securityContext:
runAsUser: 1000
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /etc/grafana/dashboards
name: dashboards
- mountPath: /etc/grafana/provisioning/datasources
name: datasources
- env:
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
key: admin-user
name: grafana
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin-password
name: grafana
- name: GF_PATHS_DATA
value: /var/lib/grafana/
- name: GF_PATHS_LOGS
value: /var/log/grafana
- name: GF_PATHS_PLUGINS
value: /var/lib/grafana/plugins
- name: GF_PATHS_PROVISIONING
value: /etc/grafana/provisioning
name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
failureThreshold: 10
httpGet:
path: /api/health
port: 3000
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
ports:
- containerPort: 80
name: service
protocol: TCP
- containerPort: 3000
name: grafana
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /api/health
port: 3000
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /etc/grafana/provisioning/datasources
name: datasources
- mountPath: /etc/grafana/provisioning/dashboards
name: dashboard-import
- mountPath: /etc/grafana/dashboards
name: dashboards
- mountPath: /etc/grafana/grafana.ini
name: config
subPath: grafana.ini
- mountPath: /var/lib/grafana
name: storage
dnsPolicy: ClusterFirst
enableServiceLinks: true
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: charts/charts/grafana/templates/secret.yaml
================================================
apiVersion: v1
data:
admin-password: NEtZamozMWpNWmsxeFRpR1BWRUhsTzRrZzVKV1QySzBUeXlpSlRGQw==
admin-user: YWRtaW4=
ldap-toml: ""
kind: Secret
metadata:
name: grafana
type: Opaque
================================================
FILE: charts/charts/grafana/templates/service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: {{ include "grafana.fullname" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- name: service
port: {{ .Values.service.port }}
protocol: TCP
targetPort: 3000
selector:
{{- include "grafana.selectorLabels" . | nindent 4 }}
================================================
FILE: charts/charts/grafana/values.yaml
================================================
# Default values for grafana.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: grafana/grafana
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "8.0.3"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext:
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# fsGroup: 472
runAsGroup: 472
runAsUser: 472
service:
type: NodePort
port: 80
prodResources:
limits:
cpu: 2
memory: 4G
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 100m
memory: 50Mi
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccountName: kstone
================================================
FILE: charts/charts/inspection-controller/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/inspection-controller/Chart.yaml
================================================
apiVersion: v2
name: inspection-controller
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
================================================
FILE: charts/charts/inspection-controller/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "inspection-controller.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "inspection-controller.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "inspection-controller.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "inspection-controller.labels" -}}
helm.sh/chart: {{ include "inspection-controller.chart" . }}
{{ include "inspection-controller.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "inspection-controller.selectorLabels" -}}
app.kubernetes.io/name: {{ include "inspection-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
================================================
FILE: charts/charts/inspection-controller/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "inspection-controller.fullname" . }}
labels:
{{- include "inspection-controller.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "inspection-controller.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "inspection-controller.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccountName }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- args:
- inspection
command:
- /app/bin/kstone-controller
name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.global.kstone.tag }}
image: "{{ .Values.image.repository }}:{{ .Values.global.kstone.tag }}"
{{- else }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 9090
protocol: TCP
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: charts/charts/inspection-controller/templates/service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: {{ include "inspection-controller.fullname" . }}
labels:
app: inspection-controller
{{- include "inspection-controller.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "inspection-controller.selectorLabels" . | nindent 4 }}
================================================
FILE: charts/charts/inspection-controller/templates/servicemonitor.yaml
================================================
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "inspection-controller.fullname" . }}
labels:
{{- include "inspection-controller.labels" . | nindent 4 }}
spec:
endpoints:
- port: http
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: inspection-controller
================================================
FILE: charts/charts/inspection-controller/values.yaml
================================================
# Default values for inspection-controller.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: tkestack/kstone-controller-amd64
pullPolicy: IfNotPresent
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: NodePort
port: 80
prodResources:
limits:
cpu: 2
memory: 4G
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 2G
requests:
cpu: 100m
memory: 50Mi
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccountName: kstone
================================================
FILE: charts/charts/kube-prometheus-stack/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# helm/charts
OWNERS
hack/
ci/
kube-prometheus-*.tgz
================================================
FILE: charts/charts/kube-prometheus-stack/CONTRIBUTING.md
================================================
# Contributing Guidelines
## How to contribute to this chart
1. Fork this repository, develop and test your Chart.
1. Bump the chart version for every change.
1. Ensure PR title has the prefix `[kube-prometheus-stack]`
1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories
1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes.
1. Check for changes of RBAC rules.
1. Check for changes in CRD specs.
1. PR must pass the linter (`helm lint`)
================================================
FILE: charts/charts/kube-prometheus-stack/Chart.yaml
================================================
apiVersion: v2
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
engine: gotpl
type: application
maintainers:
- name: vsliouniaev
- name: bismarck
- name: gianrubio
email: gianrubio@gmail.com
- name: gkarthiks
email: github.gkarthiks@gmail.com
- name: scottrigby
email: scott@r6by.com
- name: Xtigyro
email: miroslav.hadzhiev@gmail.com
name: prometheus
sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
version: 17.0.3
appVersion: 0.49.0
kubeVersion: ">=1.16.0-0"
home: https://github.com/prometheus-operator/kube-prometheus
keywords:
- operator
- prometheus
- kube-prometheus
annotations:
"artifacthub.io/operator": "true"
"artifacthub.io/links": |
- name: Chart Source
url: https://github.com/prometheus-community/helm-charts
- name: Upstream Project
url: https://github.com/prometheus-operator/kube-prometheus
dependencies:
- name: kube-state-metrics
version: "3.4.*"
repository: https://prometheus-community.github.io/helm-charts
condition: kubeStateMetrics.enabled
- name: prometheus-node-exporter
version: "2.0.*"
repository: https://prometheus-community.github.io/helm-charts
condition: nodeExporter.enabled
- name: grafana
version: "6.14.*"
repository: https://grafana.github.io/helm-charts
condition: grafana.enabled
================================================
FILE: charts/charts/kube-prometheus-stack/README.md
================================================
# kube-prometheus-stack
Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator).
See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts.
_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._
## Prerequisites
- Kubernetes 1.16+
- Helm 3+
## Get Repo Info
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Chart
```console
# Helm
$ helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Dependencies
By default this chart installs additional, dependent charts:
- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana)
To disable dependencies during installation, see [multiple releases](#multiple-releases) below.
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
## Uninstall Chart
```console
# Helm
$ helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
CRDs created by this chart are not removed by default and should be manually cleaned up:
```console
kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
kubectl delete crd alertmanagers.monitoring.coreos.com
kubectl delete crd podmonitors.monitoring.coreos.com
kubectl delete crd probes.monitoring.coreos.com
kubectl delete crd prometheuses.monitoring.coreos.com
kubectl delete crd prometheusrules.monitoring.coreos.com
kubectl delete crd servicemonitors.monitoring.coreos.com
kubectl delete crd thanosrulers.monitoring.coreos.com
```
## Upgrading Chart
```console
# Helm
$ helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack
```
With Helm v3, CRDs created by this chart are not updated by default and should be manually updated.
Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions).
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### Upgrading an existing Release to a new major version
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
### From 16.x to 17.x
Version 17 upgrades prometheus-operator from 0.48.x to 0.49.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
```
### From 15.x to 16.x
Version 16 upgrades kube-state-metrics to v2.0.0. This includes changed command-line arguments and removed metrics, see this [blog post](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). This version also removes Grafana dashboards that supported Kubernetes 1.14 or earlier.
### From 14.x to 15.x
Version 15 upgrades prometheus-operator from 0.46.x to 0.47.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
```
### From 13.x to 14.x
Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
```
### From 12.x to 13.x
Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
```
### From 11.x to 12.x
Version 12 upgrades prometheus-operator from 0.43.x to 0.44.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.44/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
```
The chart was migrated to support only helm v3 and later.
### From 10.x to 11.x
Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
```
Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0.
### From 9.x to 10.x
Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating:
```console
kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
```
### From 8.x to 9.x
Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration.
### From 7.x to 8.x
Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x
```console
helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0
```
Then upgrade to 8.x.x
```console
helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x]
```
Minimal recommended Prometheus version for this chart release is `2.12.x`
### From 6.x to 7.x
Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0.
### From 5.x to 6.x
Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified:
```console
invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable
```
If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
```console
helm show values prometheus-community/kube-prometheus-stack
```
You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.
### Multiple releases
The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`.
## Work-Arounds for Known Issues
### Running on private GKE clusters
When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod.
You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules)
Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`.
## PrometheusRules Admission Webhooks
With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster.
### How the Chart Configures the Hooks
A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits.
2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate.
3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set.
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
### Alternatives
It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested.
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true.
### Limitations
Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default.
## Developing Prometheus Rules and Grafana Dashboards
This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts.
## Further Information
For more in-depth documentation of configuration options meanings, please see
- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
- [Prometheus](https://prometheus.io/docs/introduction/overview/)
- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart)
## prometheus.io/scrape
The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options.
For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here:
- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-servicemonitors)
- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-podmonitors)
- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/running-exporters.md)
By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release.
Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications.
An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering.
To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`.
## Migrating from stable/prometheus-operator chart
## Zero downtime
Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved.
However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime).
You can override the name to achieve this:
```console
helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator
```
**Note**: It is recommended to run this first with `--dry-run --debug`.
## Redeploy with new name (downtime)
If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration:
> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace.
1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy:
```console
kubectl patch pv/ -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
```
**Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released.
```console
helm uninstall prometheus-operator -n monitoring
kubectl delete pvc/ -n monitoring
```
Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service.
```console
kubectl delete service/prometheus-operator-kubelet -n kube-system
```
You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to.
3. Remove current `spec.claimRef` values to change the PV's status from Released to Available.
```console
kubectl patch pv/ --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring
```
**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`.
The binding is done via matching a specific amount of storage requested and with certain access modes.
For example, if you had storage specified as this with **prometheus-operator**:
```yaml
volumeClaimTemplate:
spec:
storageClassName: gp2
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 50Gi
```
You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode.
Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV.
This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to:
```yaml
nodeSelector:
failure-domain.beta.kubernetes.io/zone: east-west-1a
```
or passing these values as `--set` overrides during installation.
The new release should now re-attach your previously released PV with its content.
## Migrating from coreos/prometheus-operator chart
The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster.
There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support.
The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy.
You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765).
### High-level overview of Changes
#### Added dependencies
The chart has added 3 [dependencies](#dependencies).
- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components
- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md)
#### Kubelet Service
Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice.
#### Persistent Volumes
If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created:
```yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pvc-prometheus-migration-prometheus-0
spec:
accessModes:
- ReadWriteOnce
azureDisk:
cachingMode: None
diskName: pvc-prometheus-migration-prometheus-0
diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0
fsType: ""
kind: Managed
readOnly: false
capacity:
storage: 1Gi
persistentVolumeReclaimPolicy: Delete
storageClassName: prometheus
volumeMode: Filesystem
```
```yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/name: prometheus
prometheus: prometheus-migration-prometheus
name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0
namespace: monitoring
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: prometheus
volumeMode: Filesystem
volumeName: pvc-prometheus-migration-prometheus-0
```
The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used.
#### KubeProxy
The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them.
Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example:
```console
kubectl -n kube-system edit cm kube-proxy
```
```yaml
apiVersion: v1
data:
config.conf: |-
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
# ...
# metricsBindAddress: 127.0.0.1:10249
metricsBindAddress: 0.0.0.0:10249
# ...
kubeconfig.conf: |-
# ...
kind: ConfigMap
metadata:
labels:
app: kube-proxy
name: kube-proxy
namespace: kube-system
```
================================================
FILE: charts/charts/kube-prometheus-stack/ci/01-provision-crds-values.yaml
================================================
alertmanager:
enabled: false
coreDns:
enabled: false
kubeApiServer:
enabled: false
kubeControllerManager:
enabled: false
kubeDns:
enabled: false
kubeEtcd:
enabled: false
kubeProxy:
enabled: false
kubeScheduler:
enabled: false
kubeStateMetrics:
enabled: false
kubelet:
enabled: false
nodeExporter:
enabled: false
grafana:
enabled: false
prometheus:
enabled: false
defaultRules:
create: false
# Default configuration of prometheus operator will create CRDs in the cluster idempotently
prometheusOperator:
enabled: true
serviceMonitor:
selfMonitor: false
tls:
enabled: false
admissionWebhooks:
enabled: false
namespaces:
releaseNamespace: true
additional:
- kube-system
================================================
FILE: charts/charts/kube-prometheus-stack/ci/02-test-without-crds-values.yaml
================================================
prometheusOperator:
namespaces:
releaseNamespace: true
additional:
- kube-system
prometheus-node-exporter:
service:
targetPort: 9101
port: 9101
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: alertmanagerconfigs.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: AlertmanagerConfig
listKind: AlertmanagerConfigList
plural: alertmanagerconfigs
singular: alertmanagerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to
be aggregated across multiple namespaces configuring one Alertmanager cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AlertmanagerConfigSpec is a specification of the desired
behavior of the Alertmanager configuration. By definition, the Alertmanager
configuration only applies to alerts for which the `namespace` label
is equal to the namespace of the AlertmanagerConfig resource.
properties:
inhibitRules:
description: List of inhibition rules. The rules will only apply to
alerts matching the resource’s namespace.
items:
description: InhibitRule defines an inhibition rule that allows
to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule
properties:
equal:
description: Labels that must have an equal value in the source
and target alert for the inhibition to take effect.
items:
type: string
type: array
sourceMatch:
description: Matchers for which one or more alerts have to exist
for the inhibition to take effect. The operator enforces that
the alert matches the resource’s namespace.
items:
description: Matcher defines how to match on alert's labels.
properties:
name:
description: Label to match.
minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression
(true).
type: boolean
value:
description: Label value to match.
type: string
required:
- name
type: object
type: array
targetMatch:
description: Matchers that have to be fulfilled in the alerts
to be muted. The operator enforces that the alert matches
the resource’s namespace.
items:
description: Matcher defines how to match on alert's labels.
properties:
name:
description: Label to match.
minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression
(true).
type: boolean
value:
description: Label value to match.
type: string
required:
- name
type: object
type: array
type: object
type: array
receivers:
description: List of receivers.
items:
description: Receiver defines one or more notification integrations.
properties:
emailConfigs:
description: List of Email configurations.
items:
description: EmailConfig configures notifications via Email.
properties:
authIdentity:
description: The identity to use for authentication.
type: string
authPassword:
description: The secret's key that contains the password
to use for authentication. The secret needs to be in
the same namespace as the AlertmanagerConfig object
and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
authSecret:
description: The secret's key that contains the CRAM-MD5
secret. The secret needs to be in the same namespace
as the AlertmanagerConfig object and accessible by the
Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
authUsername:
description: The username to use for authentication.
type: string
from:
description: The sender address.
type: string
headers:
description: Further headers email header key/value pairs.
Overrides any headers previously set by the notification
implementation.
items:
description: KeyValue defines a (key, value) tuple.
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
type: string
required:
- key
- value
type: object
type: array
hello:
description: The hostname to identify to the SMTP server.
type: string
html:
description: The HTML body of the email notification.
type: string
requireTLS:
description: The SMTP TLS requirement. Note that Go does
not support unencrypted connections to remote SMTP endpoints.
type: boolean
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
smarthost:
description: The SMTP host through which emails are sent.
type: string
text:
description: The text body of the email notification.
type: string
tlsConfig:
description: TLS configuration
properties:
ca:
description: Struct containing the CA cert to use
for the targets.
properties:
configMap:
description: ConfigMap containing data to use
for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for
the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert file
for the targets.
properties:
configMap:
description: ConfigMap containing data to use
for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for
the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key file
for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
to:
description: The email address to send notifications to.
type: string
type: object
type: array
name:
description: Name of the receiver. Must be unique across all
items from the list.
minLength: 1
type: string
opsgenieConfigs:
description: List of OpsGenie configurations.
items:
description: OpsGenieConfig configures notifications via OpsGenie.
See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config
properties:
apiKey:
description: The secret's key that contains the OpsGenie
API key. The secret needs to be in the same namespace
as the AlertmanagerConfig object and accessible by the
Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
apiURL:
description: The URL to send OpsGenie API requests to.
type: string
description:
description: Description of the incident.
type: string
details:
description: A set of arbitrary key/value pairs that provide
further detail about the incident.
items:
description: KeyValue defines a (key, value) tuple.
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
type: string
required:
- key
- value
type: object
type: array
httpConfig:
description: HTTP client configuration.
properties:
basicAuth:
description: BasicAuth for the client.
properties:
password:
description: The secret in the service monitor
namespace that contains the password for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor
namespace that contains the username for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: The secret's key that contains the bearer
token to be used by the client for authentication.
The secret needs to be in the same namespace as
the AlertmanagerConfig object and accessible by
the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
proxyURL:
description: Optional proxy URL.
type: string
tlsConfig:
description: TLS configuration for the client.
properties:
ca:
description: Struct containing the CA cert to
use for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert
file for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key
file for the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the
targets.
type: string
type: object
type: object
message:
description: Alert text limited to 130 characters.
type: string
note:
description: Additional alert note.
type: string
priority:
description: Priority level of alert. Possible values
are P1, P2, P3, P4, and P5.
type: string
responders:
description: List of responders responsible for notifications.
items:
description: OpsGenieConfigResponder defines a responder
to an incident. One of `id`, `name` or `username`
has to be defined.
properties:
id:
description: ID of the responder.
type: string
name:
description: Name of the responder.
type: string
type:
description: Type of responder.
minLength: 1
type: string
username:
description: Username of the responder.
type: string
required:
- type
type: object
type: array
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
source:
description: Backlink to the sender of the notification.
type: string
tags:
description: Comma separated list of tags attached to
the notifications.
type: string
type: object
type: array
pagerdutyConfigs:
description: List of PagerDuty configurations.
items:
description: PagerDutyConfig configures notifications via
PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config
properties:
class:
description: The class/type of the event.
type: string
client:
description: Client identification.
type: string
clientURL:
description: Backlink to the sender of notification.
type: string
component:
description: The part or component of the affected system
that is broken.
type: string
description:
description: Description of the incident.
type: string
details:
description: Arbitrary key/value pairs that provide further
detail about the incident.
items:
description: KeyValue defines a (key, value) tuple.
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
type: string
required:
- key
- value
type: object
type: array
group:
description: A cluster or grouping of sources.
type: string
httpConfig:
description: HTTP client configuration.
properties:
basicAuth:
description: BasicAuth for the client.
properties:
password:
description: The secret in the service monitor
namespace that contains the password for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor
namespace that contains the username for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: The secret's key that contains the bearer
token to be used by the client for authentication.
The secret needs to be in the same namespace as
the AlertmanagerConfig object and accessible by
the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
proxyURL:
description: Optional proxy URL.
type: string
tlsConfig:
description: TLS configuration for the client.
properties:
ca:
description: Struct containing the CA cert to
use for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert
file for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key
file for the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the
targets.
type: string
type: object
type: object
routingKey:
description: The secret's key that contains the PagerDuty
integration key (when using Events API v2). Either this
field or `serviceKey` needs to be defined. The secret
needs to be in the same namespace as the AlertmanagerConfig
object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
serviceKey:
description: The secret's key that contains the PagerDuty
service key (when using integration type "Prometheus").
Either this field or `routingKey` needs to be defined.
The secret needs to be in the same namespace as the
AlertmanagerConfig object and accessible by the Prometheus
Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
severity:
description: Severity of the incident.
type: string
url:
description: The URL to send requests to.
type: string
type: object
type: array
pushoverConfigs:
description: List of Pushover configurations.
items:
description: PushoverConfig configures notifications via Pushover.
See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config
properties:
expire:
description: How long your notification will continue
to be retried for, unless the user acknowledges the
notification.
type: string
html:
description: Whether notification message is HTML or plain
text.
type: boolean
httpConfig:
description: HTTP client configuration.
properties:
basicAuth:
description: BasicAuth for the client.
properties:
password:
description: The secret in the service monitor
namespace that contains the password for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor
namespace that contains the username for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: The secret's key that contains the bearer
token to be used by the client for authentication.
The secret needs to be in the same namespace as
the AlertmanagerConfig object and accessible by
the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
proxyURL:
description: Optional proxy URL.
type: string
tlsConfig:
description: TLS configuration for the client.
properties:
ca:
description: Struct containing the CA cert to
use for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert
file for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key
file for the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the
targets.
type: string
type: object
type: object
message:
description: Notification message.
type: string
priority:
description: Priority, see https://pushover.net/api#priority
type: string
retry:
description: How often the Pushover servers will send
the same notification to the user. Must be at least
30 seconds.
type: string
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
sound:
description: The name of one of the sounds supported by
device clients to override the user's default sound
choice
type: string
title:
description: Notification title.
type: string
token:
description: The secret's key that contains the registered
application’s API token, see https://pushover.net/apps.
The secret needs to be in the same namespace as the
AlertmanagerConfig object and accessible by the Prometheus
Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
url:
description: A supplementary URL shown alongside the message.
type: string
urlTitle:
description: A title for supplementary URL, otherwise
just the URL is shown
type: string
userKey:
description: The secret's key that contains the recipient
user’s user key. The secret needs to be in the same
namespace as the AlertmanagerConfig object and accessible
by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
type: array
slackConfigs:
description: List of Slack configurations.
items:
description: SlackConfig configures notifications via Slack.
See https://prometheus.io/docs/alerting/latest/configuration/#slack_config
properties:
actions:
description: A list of Slack actions that are sent with
each notification.
items:
description: SlackAction configures a single Slack action
that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields
and https://api.slack.com/docs/message-buttons for
more information.
properties:
confirm:
description: SlackConfirmationField protect users
from destructive actions or particularly distinguished
decisions by asking them to confirm their button
click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields
for more information.
properties:
dismissText:
type: string
okText:
type: string
text:
minLength: 1
type: string
title:
type: string
required:
- text
type: object
name:
type: string
style:
type: string
text:
minLength: 1
type: string
type:
minLength: 1
type: string
url:
type: string
value:
type: string
required:
- text
- type
type: object
type: array
apiURL:
description: The secret's key that contains the Slack
webhook URL. The secret needs to be in the same namespace
as the AlertmanagerConfig object and accessible by the
Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
callbackId:
type: string
channel:
description: The channel or user to send notifications
to.
type: string
color:
type: string
fallback:
type: string
fields:
description: A list of Slack fields that are sent with
each notification.
items:
description: SlackField configures a single Slack field
that is sent with each notification. Each field must
contain a title, value, and optionally, a boolean
value to indicate if the field is short enough to
be displayed next to other fields designated as short.
See https://api.slack.com/docs/message-attachments#fields
for more information.
properties:
short:
type: boolean
title:
minLength: 1
type: string
value:
minLength: 1
type: string
required:
- title
- value
type: object
type: array
footer:
type: string
httpConfig:
description: HTTP client configuration.
properties:
basicAuth:
description: BasicAuth for the client.
properties:
password:
description: The secret in the service monitor
namespace that contains the password for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor
namespace that contains the username for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: The secret's key that contains the bearer
token to be used by the client for authentication.
The secret needs to be in the same namespace as
the AlertmanagerConfig object and accessible by
the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
proxyURL:
description: Optional proxy URL.
type: string
tlsConfig:
description: TLS configuration for the client.
properties:
ca:
description: Struct containing the CA cert to
use for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert
file for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key
file for the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the
targets.
type: string
type: object
type: object
iconEmoji:
type: string
iconURL:
type: string
imageURL:
type: string
linkNames:
type: boolean
mrkdwnIn:
items:
type: string
type: array
pretext:
type: string
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
shortFields:
type: boolean
text:
type: string
thumbURL:
type: string
title:
type: string
titleLink:
type: string
username:
type: string
type: object
type: array
victoropsConfigs:
description: List of VictorOps configurations.
items:
description: VictorOpsConfig configures notifications via
VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config
properties:
apiKey:
description: The secret's key that contains the API key
to use when talking to the VictorOps API. The secret
needs to be in the same namespace as the AlertmanagerConfig
object and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
apiUrl:
description: The VictorOps API URL.
type: string
customFields:
description: Additional custom fields for notification.
items:
description: KeyValue defines a (key, value) tuple.
properties:
key:
description: Key of the tuple.
minLength: 1
type: string
value:
description: Value of the tuple.
type: string
required:
- key
- value
type: object
type: array
entityDisplayName:
description: Contains summary of the alerted problem.
type: string
httpConfig:
description: The HTTP client's configuration.
properties:
basicAuth:
description: BasicAuth for the client.
properties:
password:
description: The secret in the service monitor
namespace that contains the password for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor
namespace that contains the username for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: The secret's key that contains the bearer
token to be used by the client for authentication.
The secret needs to be in the same namespace as
the AlertmanagerConfig object and accessible by
the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
proxyURL:
description: Optional proxy URL.
type: string
tlsConfig:
description: TLS configuration for the client.
properties:
ca:
description: Struct containing the CA cert to
use for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert
file for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key
file for the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the
targets.
type: string
type: object
type: object
messageType:
description: Describes the behavior of the alert (CRITICAL,
WARNING, INFO).
type: string
monitoringTool:
description: The monitoring tool the state message is
from.
type: string
routingKey:
description: A key used to map the alert to a team.
type: string
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
stateMessage:
description: Contains long explanation of the alerted
problem.
type: string
type: object
type: array
webhookConfigs:
description: List of webhook configurations.
items:
description: WebhookConfig configures notifications via a
generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config
properties:
httpConfig:
description: HTTP client configuration.
properties:
basicAuth:
description: BasicAuth for the client.
properties:
password:
description: The secret in the service monitor
namespace that contains the password for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor
namespace that contains the username for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: The secret's key that contains the bearer
token to be used by the client for authentication.
The secret needs to be in the same namespace as
the AlertmanagerConfig object and accessible by
the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
proxyURL:
description: Optional proxy URL.
type: string
tlsConfig:
description: TLS configuration for the client.
properties:
ca:
description: Struct containing the CA cert to
use for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert
file for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key
file for the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the
targets.
type: string
type: object
type: object
maxAlerts:
description: Maximum number of alerts to be sent per webhook
message. When 0, all alerts are included.
format: int32
minimum: 0
type: integer
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
url:
description: The URL to send HTTP POST requests to. `urlSecret`
takes precedence over `url`. One of `urlSecret` and
`url` should be defined.
type: string
urlSecret:
description: The secret's key that contains the webhook
URL to send HTTP requests to. `urlSecret` takes precedence
over `url`. One of `urlSecret` and `url` should be defined.
The secret needs to be in the same namespace as the
AlertmanagerConfig object and accessible by the Prometheus
Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
type: array
wechatConfigs:
description: List of WeChat configurations.
items:
description: WeChatConfig configures notifications via WeChat.
See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config
properties:
agentID:
type: string
apiSecret:
description: The secret's key that contains the WeChat
API key. The secret needs to be in the same namespace
as the AlertmanagerConfig object and accessible by the
Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
apiURL:
description: The WeChat API URL.
type: string
corpID:
description: The corp id for authentication.
type: string
httpConfig:
description: HTTP client configuration.
properties:
basicAuth:
description: BasicAuth for the client.
properties:
password:
description: The secret in the service monitor
namespace that contains the password for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor
namespace that contains the username for authentication.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: The secret's key that contains the bearer
token to be used by the client for authentication.
The secret needs to be in the same namespace as
the AlertmanagerConfig object and accessible by
the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
proxyURL:
description: Optional proxy URL.
type: string
tlsConfig:
description: TLS configuration for the client.
properties:
ca:
description: Struct containing the CA cert to
use for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert
file for the targets.
properties:
configMap:
description: ConfigMap containing data to
use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use
for the targets.
properties:
key:
description: The key of the secret to
select from. Must be a valid secret
key.
type: string
name:
description: 'Name of the referent. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key
file for the targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or
its key must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the
targets.
type: string
type: object
type: object
message:
description: API request data as defined by the WeChat
API.
type: string
messageType:
type: string
sendResolved:
description: Whether or not to notify about resolved alerts.
type: boolean
toParty:
type: string
toTag:
type: string
toUser:
type: string
type: object
type: array
required:
- name
type: object
type: array
route:
description: The Alertmanager route definition for alerts matching
the resource’s namespace. If present, it will be added to the generated
Alertmanager configuration as a first-level route.
properties:
continue:
description: Boolean indicating whether an alert should continue
matching subsequent sibling nodes. It will always be overridden
to true for the first-level route by the Prometheus operator.
type: boolean
groupBy:
description: List of labels to group by.
items:
type: string
type: array
groupInterval:
description: How long to wait before sending an updated notification.
Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds
seconds minutes hours).
type: string
groupWait:
description: How long to wait before sending the initial notification.
Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds
seconds minutes hours).
type: string
matchers:
description: 'List of matchers that the alert’s labels should
match. For the first level route, the operator removes any existing
equality and regexp matcher on the `namespace` label and adds
a `namespace: ` matcher.'
items:
description: Matcher defines how to match on alert's labels.
properties:
name:
description: Label to match.
minLength: 1
type: string
regex:
description: Whether to match on equality (false) or regular-expression
(true).
type: boolean
value:
description: Label value to match.
type: string
required:
- name
type: object
type: array
receiver:
description: Name of the receiver for this route. If not empty,
it should be listed in the `receivers` field.
type: string
repeatInterval:
description: How long to wait before repeating the last notification.
Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds
seconds minutes hours).
type: string
routes:
description: Child routes.
items:
x-kubernetes-preserve-unknown-fields: true
type: array
type: object
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: alertmanagers.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: Alertmanager
listKind: AlertmanagerList
plural: alertmanagers
singular: alertmanager
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The version of Alertmanager
jsonPath: .spec.version
name: Version
type: string
- description: The desired replicas number of Alertmanagers
jsonPath: .spec.replicas
name: Replicas
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: Alertmanager describes an Alertmanager cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the desired behavior of the Alertmanager
cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
additionalPeers:
description: AdditionalPeers allows injecting a set of additional
Alertmanagers to peer with to form a highly available cluster.
items:
type: string
type: array
affinity:
description: If specified, the pod's scheduling constraints.
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the
highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects (i.e.
is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may
not try to eventually evict the pod from its node. When
there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms
must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the anti-affinity expressions specified
by this field, but it may choose a node that violates one
or more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its
node. When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected, i.e.
all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
alertmanagerConfigNamespaceSelector:
description: Namespaces to be selected for AlertmanagerConfig discovery.
If nil, only check own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
alertmanagerConfigSelector:
description: AlertmanagerConfigs to be selected for to merge and configure
Alertmanager with.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
baseImage:
description: 'Base image that is used to deploy pods, without tag.
Deprecated: use ''image'' instead'
type: string
clusterAdvertiseAddress:
description: 'ClusterAdvertiseAddress is the explicit address to advertise
in cluster. Needs to be provided for non RFC1918 [1] (public) addresses.
[1] RFC1918: https://tools.ietf.org/html/rfc1918'
type: string
clusterGossipInterval:
description: Interval between gossip attempts.
type: string
clusterPeerTimeout:
description: Timeout for cluster peering.
type: string
clusterPushpullInterval:
description: Interval between pushpull attempts.
type: string
configMaps:
description: ConfigMaps is a list of ConfigMaps in the same namespace
as the Alertmanager object, which shall be mounted into the Alertmanager
Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
items:
type: string
type: array
configSecret:
description: ConfigSecret is the name of a Kubernetes Secret in the
same namespace as the Alertmanager object, which contains configuration
for this Alertmanager instance. Defaults to 'alertmanager-'
The secret is mounted into /etc/alertmanager/config.
type: string
containers:
description: 'Containers allows injecting additional containers. This
is meant to allow adding an authentication proxy to an Alertmanager
pod. Containers described here modify an operator generated container
if they share the same name and modifications are done via a strategic
merge patch. The current container names are: `alertmanager` and
`config-reloader`. Overriding containers is entirely outside the
scope of what the maintainers will support and by doing so, you
accept that this behaviour may break at any time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The docker image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
be unchanged. The $(VAR_NAME) syntax can be escaped with a
double $$, ie: $$(VAR_NAME). Escaped references will never
be expanded, regardless of whether the variable exists or
not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
The docker image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
Cannot be updated.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be
a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, metadata.labels,
metadata.annotations, spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment variables
in the container. The keys defined within a source must be
a C_IDENTIFIER. All invalid keys will be reported as an event
when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key
will take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap must be
defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should take
in response to container lifecycle events. Cannot be updated.
properties:
postStart:
description: 'PostStart is called immediately after a container
is created. If the handler fails, the container is terminated
and restarted according to its restart policy. Other management
of the container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before a container
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness. Container
will be restarted if the probe fails. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container. Exposing
a port here gives the system additional information about
the network connections a container uses, but is primarily
informational. Not specifying a port here DOES NOT prevent
that port from being exposed. Any port which is listening
on the default "0.0.0.0" address inside a container will be
accessible from the network. Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
properties:
containerPort:
description: Number of port to expose on the pod's IP
address. This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port to.
type: string
hostPort:
description: Number of port to expose on the host. If
specified, this must be a valid port number, 0 < x <
65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in a pod
must have a unique name. Name for the port that can
be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
securityContext:
description: 'Security options the pod should run with. More
info: https://kubernetes.io/docs/concepts/policy/security-context/
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent process.
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a
non-root user. If true, the Kubelet will validate the
image at runtime to ensure that it does not run as UID
0 (root) and fail to start the container if it does. If
unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
windowsOptions:
description: The Windows specific settings applied to all
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named
by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the
GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has successfully
initialized. If specified, no other probes are executed until
this completes successfully. If this probe fails, the Pod
will be restarted, just as if the livenessProbe failed. This
can be used to provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time to load
data or warm a cache, than during steady-state operation.
This cannot be updated. This is a beta feature enabled by
the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate a buffer
for stdin in the container runtime. If this is not set, reads
from stdin in the container will always result in EOF. Default
is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close the
stdin channel after it has been opened by a single attach.
When stdin is true the stdin stream will remain open across
multiple attach sessions. If stdinOnce is set to true, stdin
is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data
until the client disconnects, at which time stdin is closed
and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which the
container''s termination message will be written is mounted
into the container''s filesystem. Message written is intended
to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes.
The total message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should be
populated. File will use the contents of terminationMessagePath
to populate the container status message on both success and
failure. FallbackToLogsOnError will use the last chunk of
container log output if the termination message file is empty
and the container exited with an error. The log output is
limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
to File. Cannot be updated.
type: string
tty:
description: Whether this container should allocate a TTY for
itself, also requires 'stdin' to be true. Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices to be
used by the container.
items:
description: volumeDevice describes a mapping of a raw block
device within a container.
properties:
devicePath:
description: devicePath is the path inside of the container
that the device will be mapped to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's filesystem.
Cannot be updated.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
properties:
mountPath:
description: Path within the container at which the volume
should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are
propagated from the host to container and the other
way around. When not set, MountPropagationNone is used.
This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which
the container's volume should be mounted. Behaves similarly
to SubPath but environment variable references $(VAR_NAME)
are expanded using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath are mutually
exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which might
be configured in the container image. Cannot be updated.
type: string
required:
- name
type: object
type: array
externalUrl:
description: The external URL the Alertmanager instances will be available
under. This is necessary to generate correct URLs. This is necessary
if Alertmanager is not served from root of a DNS name.
type: string
forceEnableClusterMode:
description: ForceEnableClusterMode ensures Alertmanager does not
deactivate the cluster mode when running with a single replica.
Use case is e.g. spanning an Alertmanager cluster across Kubernetes
clusters with a single replica in each.
type: boolean
image:
description: Image if specified has precedence over baseImage, tag
and sha combinations. Specifying the version is still necessary
to ensure the Prometheus Operator knows what version of Alertmanager
is being configured.
type: string
imagePullSecrets:
description: An optional list of references to secrets in the same
namespace to use for pulling prometheus and alertmanager images
from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: array
initContainers:
description: 'InitContainers allows adding initContainers to the pod
definition. Those can be used to e.g. fetch secrets for injection
into the Alertmanager configuration from external sources. Any errors
during the execution of an initContainer will lead to a restart
of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Using initContainers for any use case other then secret fetching
is entirely outside the scope of what the maintainers will support
and by doing so, you accept that this behaviour may break at any
time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The docker image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
be unchanged. The $(VAR_NAME) syntax can be escaped with a
double $$, ie: $$(VAR_NAME). Escaped references will never
be expanded, regardless of whether the variable exists or
not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
The docker image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
Cannot be updated.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be
a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, metadata.labels,
metadata.annotations, spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment variables
in the container. The keys defined within a source must be
a C_IDENTIFIER. All invalid keys will be reported as an event
when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key
will take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap must be
defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should take
in response to container lifecycle events. Cannot be updated.
properties:
postStart:
description: 'PostStart is called immediately after a container
is created. If the handler fails, the container is terminated
and restarted according to its restart policy. Other management
of the container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before a container
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness. Container
will be restarted if the probe fails. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container. Exposing
a port here gives the system additional information about
the network connections a container uses, but is primarily
informational. Not specifying a port here DOES NOT prevent
that port from being exposed. Any port which is listening
on the default "0.0.0.0" address inside a container will be
accessible from the network. Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
properties:
containerPort:
description: Number of port to expose on the pod's IP
address. This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port to.
type: string
hostPort:
description: Number of port to expose on the host. If
specified, this must be a valid port number, 0 < x <
65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in a pod
must have a unique name. Name for the port that can
be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
securityContext:
description: 'Security options the pod should run with. More
info: https://kubernetes.io/docs/concepts/policy/security-context/
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent process.
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a
non-root user. If true, the Kubelet will validate the
image at runtime to ensure that it does not run as UID
0 (root) and fail to start the container if it does. If
unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
windowsOptions:
description: The Windows specific settings applied to all
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named
by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the
GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has successfully
initialized. If specified, no other probes are executed until
this completes successfully. If this probe fails, the Pod
will be restarted, just as if the livenessProbe failed. This
can be used to provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time to load
data or warm a cache, than during steady-state operation.
This cannot be updated. This is a beta feature enabled by
the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate a buffer
for stdin in the container runtime. If this is not set, reads
from stdin in the container will always result in EOF. Default
is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close the
stdin channel after it has been opened by a single attach.
When stdin is true the stdin stream will remain open across
multiple attach sessions. If stdinOnce is set to true, stdin
is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data
until the client disconnects, at which time stdin is closed
and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which the
container''s termination message will be written is mounted
into the container''s filesystem. Message written is intended
to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes.
The total message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should be
populated. File will use the contents of terminationMessagePath
to populate the container status message on both success and
failure. FallbackToLogsOnError will use the last chunk of
container log output if the termination message file is empty
and the container exited with an error. The log output is
limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
to File. Cannot be updated.
type: string
tty:
description: Whether this container should allocate a TTY for
itself, also requires 'stdin' to be true. Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices to be
used by the container.
items:
description: volumeDevice describes a mapping of a raw block
device within a container.
properties:
devicePath:
description: devicePath is the path inside of the container
that the device will be mapped to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's filesystem.
Cannot be updated.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
properties:
mountPath:
description: Path within the container at which the volume
should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are
propagated from the host to container and the other
way around. When not set, MountPropagationNone is used.
This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which
the container's volume should be mounted. Behaves similarly
to SubPath but environment variable references $(VAR_NAME)
are expanded using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath are mutually
exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which might
be configured in the container image. Cannot be updated.
type: string
required:
- name
type: object
type: array
listenLocal:
description: ListenLocal makes the Alertmanager server listen on loopback,
so that it does not bind against the Pod IP. Note this is only for
the Alertmanager UI, not the gossip communication.
type: boolean
logFormat:
description: Log format for Alertmanager to be configured with.
type: string
logLevel:
description: Log level for Alertmanager to be configured with.
type: string
nodeSelector:
additionalProperties:
type: string
description: Define which Nodes the Pods are scheduled on.
type: object
paused:
description: If set to true all actions on the underlying managed
objects are not goint to be performed, except for delete actions.
type: boolean
podMetadata:
description: PodMetadata configures Labels and Annotations which are
propagated to the alertmanager pods.
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used to
organize and categorize (scope and select) objects. May match
selectors of replication controllers and services. More info:
http://kubernetes.io/docs/user-guide/labels'
type: object
name:
description: 'Name must be unique within a namespace. Is required
when creating resources, although some resources may allow a
client to request the generation of an appropriate name automatically.
Name is primarily intended for creation idempotence and configuration
definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
type: object
portName:
description: Port name used for the pods and governing service. This
defaults to web
type: string
priorityClassName:
description: Priority class assigned to the Pods
type: string
replicas:
description: Size is the expected size of the alertmanager cluster.
The controller will eventually make the size of the running cluster
equal to the expected size.
format: int32
type: integer
resources:
description: Define resources requests and limits for single Pods.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
retention:
description: Time duration Alertmanager shall retain data for. Default
is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)`
(milliseconds seconds minutes hours).
type: string
routePrefix:
description: The route prefix Alertmanager registers HTTP handlers
for. This is useful, if using ExternalURL and a proxy is rewriting
HTTP routes of a request, and the actual ExternalURL is still true,
but the server serves requests under a different route prefix. For
example for use with `kubectl proxy`.
type: string
secrets:
description: Secrets is a list of Secrets in the same namespace as
the Alertmanager object, which shall be mounted into the Alertmanager
Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
items:
type: string
type: array
securityContext:
description: SecurityContext holds pod-level security attributes and
common container settings. This defaults to the default PodSecurityContext.
properties:
fsGroup:
description: "A special supplemental group that applies to all
containers in a pod. Some volume types allow the Kubelet to
change the ownership of that volume to be owned by the pod:
\n 1. The owning GID will be the FSGroup 2. The setgid bit is
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
any volume."
format: int64
type: integer
fsGroupChangePolicy:
description: 'fsGroupChangePolicy defines behavior of changing
ownership and permission of the volume before being exposed
inside Pod. This field will only apply to volume types which
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
If not specified defaults to "Always".'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a non-root
user. If true, the Kubelet will validate the image at runtime
to ensure that it does not run as UID 0 (root) and fail to start
the container if it does. If unset or false, no such validation
will be performed. May also be set in SecurityContext. If set
in both SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all containers.
If unspecified, the container runtime will allocate a random
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
properties:
level:
description: Level is SELinux level label that applies to
the container.
type: string
role:
description: Role is a SELinux role label that applies to
the container.
type: string
type:
description: Type is a SELinux type label that applies to
the container.
type: string
user:
description: User is a SELinux user label that applies to
the container.
type: string
type: object
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
unspecified, no groups will be added to any container.
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
might fail to launch.
items:
description: Sysctl defines a kernel parameter to be set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named by
the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the GMSA
credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set in PodSecurityContext.
If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
type: string
type: object
type: object
serviceAccountName:
description: ServiceAccountName is the name of the ServiceAccount
to use to run the Prometheus Pods.
type: string
sha:
description: 'SHA of Alertmanager container image to be deployed.
Defaults to the value of `version`. Similar to a tag, but the SHA
explicitly deploys an immutable container image. Version and Tag
are ignored if SHA is set. Deprecated: use ''image'' instead. The
image digest can be specified as part of the image URL.'
type: string
storage:
description: Storage is the definition of how storage will be used
by the Alertmanager instances.
properties:
disableMountSubPath:
description: 'Deprecated: subPath usage will be disabled by default
in a future release, this option will become unnecessary. DisableMountSubPath
allows to remove any subPath usage in volume mounts.'
type: boolean
emptyDir:
description: 'EmptyDirVolumeSource to be used by the Prometheus
StatefulSets. If specified, used in place of any volumeClaimTemplate.
More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
properties:
medium:
description: 'What type of storage medium should back this
directory. The default is "" which means to use the node''s
default medium. Must be an empty string (default) or Memory.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'Total amount of local storage required for this
EmptyDir volume. The size limit is also applicable for memory
medium. The maximum usage on memory medium EmptyDir would
be the minimum value between the SizeLimit specified here
and the sum of memory limits of all containers in a pod.
The default is nil which means that the limit is undefined.
More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
volumeClaimTemplate:
description: A PVC spec to be used by the Prometheus StatefulSets.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST
resource this object represents. Servers may infer this
from the endpoint the client submits requests to. Cannot
be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: EmbeddedMetadata contains metadata relevant to
an EmbeddedResource.
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value
map stored with a resource that may be set by external
tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying
objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be
used to organize and categorize (scope and select) objects.
May match selectors of replication controllers and services.
More info: http://kubernetes.io/docs/user-guide/labels'
type: object
name:
description: 'Name must be unique within a namespace.
Is required when creating resources, although some resources
may allow a client to request the generation of an appropriate
name automatically. Name is primarily intended for creation
idempotence and configuration definition. Cannot be
updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
type: object
spec:
description: 'Spec defines the desired characteristics of
a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
description: 'AccessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'This field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot
- Beta) * An existing PVC (PersistentVolumeClaim) *
An existing custom resource/object that implements data
population (Alpha) In order to use VolumeSnapshot object
types, the appropriate feature gate must be enabled
(VolumeSnapshotDataSource or AnyVolumeDataSource) If
the provisioner or an external controller can support
the specified data source, it will create a new volume
based on the contents of the specified data source.
If the specified data source is not supported, the volume
will not be created and the failure will be reported
as an event. In the future, we plan to support more
data source types and the behavior of the provisioner
may change.'
properties:
apiGroup:
description: APIGroup is the group for the resource
being referenced. If APIGroup is not specified,
the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount
of compute resources required. If Requests is omitted
for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
selector:
description: A label query over volumes to consider for
binding.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
storageClassName:
description: 'Name of the StorageClass required by the
claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume is
required by the claim. Value of Filesystem is implied
when not included in claim spec.
type: string
volumeName:
description: VolumeName is the binding reference to the
PersistentVolume backing this claim.
type: string
type: object
status:
description: 'Status represents the current information/status
of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
description: 'AccessModes contains the actual access modes
the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
capacity:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Represents the actual resources of the underlying
volume.
type: object
conditions:
description: Current Condition of persistent volume claim.
If underlying persistent volume is being resized then
the Condition will be set to 'ResizeStarted'.
items:
description: PersistentVolumeClaimCondition contails
details about state of pvc
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned
from one status to another.
format: date-time
type: string
message:
description: Human-readable message indicating details
about last transition.
type: string
reason:
description: Unique, this should be a short, machine
understandable string that gives the reason for
condition's last transition. If it reports "ResizeStarted"
that means the underlying persistent volume is
being resized.
type: string
status:
type: string
type:
description: PersistentVolumeClaimConditionType
is a valid value of PersistentVolumeClaimCondition.Type
type: string
required:
- status
- type
type: object
type: array
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
type: object
type: object
type: object
tag:
description: 'Tag of Alertmanager container image to be deployed.
Defaults to the value of `version`. Version is ignored if Tag is
set. Deprecated: use ''image'' instead. The image tag can be specified
as part of the image URL.'
type: string
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple using the matching
operator .
properties:
effect:
description: Effect indicates the taint effect to match. Empty
means match all taint effects. When specified, allowed values
are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match all
values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the
value. Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod
can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time
the toleration (which must be of effect NoExecute, otherwise
this field is ignored) tolerates the taint. By default, it
is not set, which means tolerate the taint forever (do not
evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
topologySpreadConstraints:
description: If specified, the pod's topology spread constraints.
items:
description: TopologySpreadConstraint specifies how to spread matching
pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching pods. Pods
that match this label selector are counted to determine the
number of pods in their corresponding topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
maxSkew:
description: 'MaxSkew describes the degree to which pods may
be unevenly distributed. It''s the maximum permitted difference
between the number of matching pods in any two topology domains
of a given topology type. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector
spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- if MaxSkew is 1, incoming pod can only be scheduled to zone3
to become 1/1/1; scheduling it onto zone1(zone2) would make
the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). -
if MaxSkew is 2, incoming pod can be scheduled onto any zone.
It''s a required field. Default value is 1 and 0 is not allowed.'
format: int32
type: integer
topologyKey:
description: TopologyKey is the key of node labels. Nodes that
have a label with this key and identical values are considered
to be in the same topology. We consider each
as a "bucket", and try to put balanced number of pods into
each bucket. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal with a
pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
(default) tells the scheduler not to schedule it - ScheduleAnyway
tells the scheduler to still schedule it It''s considered
as "Unsatisfiable" if and only if placing incoming pod on
any topology violates "MaxSkew". For example, in a 3-zone
cluster, MaxSkew is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
If WhenUnsatisfiable is set to DoNotSchedule, incoming pod
can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler
won''t make it *more* imbalanced. It''s a required field.'
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
version:
description: Version the cluster should be on.
type: string
volumeMounts:
description: VolumeMounts allows configuration of additional VolumeMounts
on the output StatefulSet definition. VolumeMounts specified will
be appended to other VolumeMounts in the alertmanager container,
that are generated as a result of StorageSpec objects.
items:
description: VolumeMount describes a mounting of a Volume within
a container.
properties:
mountPath:
description: Path within the container at which the volume should
be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are propagated
from the host to container and the other way around. When
not set, MountPropagationNone is used. This field is beta
in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which the
container's volume should be mounted. Behaves similarly to
SubPath but environment variable references $(VAR_NAME) are
expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
volumes:
description: Volumes allows configuration of additional volumes on
the output StatefulSet definition. Volumes specified will be appended
to other volumes that are generated as a result of StorageSpec objects.
items:
description: Volume represents a named volume in a pod that may
be accessed by any container in the pod.
properties:
awsElasticBlockStore:
description: 'AWSElasticBlockStore represents an AWS Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
description: 'Specify "true" to force and set the ReadOnly
property in VolumeMounts to "true". If omitted, the default
is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
description: 'Unique ID of the persistent disk resource
in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
description: AzureDisk represents an Azure Data Disk mount on
the host and bind mount to the pod.
properties:
cachingMode:
description: 'Host Caching mode: None, Read Only, Read Write.'
type: string
diskName:
description: The Name of the data disk in the blob storage
type: string
diskURI:
description: The URI the data disk in the blob storage
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
kind:
description: 'Expected values Shared: multiple blob disks
per storage account Dedicated: single blob disk per storage
account Managed: azure managed data disk (only in managed
availability set). defaults to shared'
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
description: AzureFile represents an Azure File Service mount
on the host and bind mount to the pod.
properties:
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
description: the name of secret that contains Azure Storage
Account Name and Key
type: string
shareName:
description: Share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
description: CephFS represents a Ceph FS mount on the host that
shares a pod's lifetime
properties:
monitors:
description: 'Required: Monitors is a collection of Ceph
monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
description: 'Optional: Used as the mounted root, rather
than the full Ceph tree, default is /'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
description: 'Optional: SecretFile is the path to key ring
for User, default is /etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
description: 'Optional: SecretRef is reference to the authentication
secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
user:
description: 'Optional: User is the rados user name, default
is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
description: 'Cinder represents a cinder volume attached and
mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
description: 'Optional: points to a secret object containing
parameters used to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
volumeID:
description: 'volume id used to identify the volume in cinder.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
description: ConfigMap represents a configMap that should populate
this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced ConfigMap will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the ConfigMap, the volume setup will error unless it is
marked optional. Paths must be relative and may not contain
the '..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its keys must
be defined
type: boolean
type: object
csi:
description: CSI (Container Storage Interface) represents storage
that is handled by an external CSI driver (Alpha feature).
properties:
driver:
description: Driver is the name of the CSI driver that handles
this volume. Consult with your admin for the correct name
as registered in the cluster.
type: string
fsType:
description: Filesystem type to mount. Ex. "ext4", "xfs",
"ntfs". If not provided, the empty value is passed to
the associated CSI driver which will determine the default
filesystem to apply.
type: string
nodePublishSecretRef:
description: NodePublishSecretRef is a reference to the
secret object containing sensitive information to pass
to the CSI driver to complete the CSI NodePublishVolume
and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret
object contains more than one secret, all secret references
are passed.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
readOnly:
description: Specifies a read-only configuration for the
volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: VolumeAttributes stores driver-specific properties
that are passed to the CSI driver. Consult your driver's
documentation for supported values.
type: object
required:
- driver
type: object
downwardAPI:
description: DownwardAPI represents downward API about the pod
that should populate this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: Items is a list of downward API volume file
items:
description: DownwardAPIVolumeFile represents information
to create the file containing the pod field
properties:
fieldRef:
description: 'Required: Selects a field of the pod:
only annotations, labels, name and namespace are
supported.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative path
name of the file to be created. Must not be absolute
or contain the ''..'' path. Must be utf-8 encoded.
The first item of the relative path must not start
with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, requests.cpu and requests.memory)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
emptyDir:
description: 'EmptyDir represents a temporary directory that
shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
description: 'What type of storage medium should back this
directory. The default is "" which means to use the node''s
default medium. Must be an empty string (default) or Memory.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'Total amount of local storage required for
this EmptyDir volume. The size limit is also applicable
for memory medium. The maximum usage on memory medium
EmptyDir would be the minimum value between the SizeLimit
specified here and the sum of memory limits of all containers
in a pod. The default is nil which means that the limit
is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
fc:
description: FC represents a Fibre Channel resource that is
attached to a kubelet's host machine and then exposed to the
pod.
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
lun:
description: 'Optional: FC target lun number'
format: int32
type: integer
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
description: 'Optional: FC target worldwide names (WWNs)'
items:
type: string
type: array
wwids:
description: 'Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of targetWWNs and
lun must be set, but not both simultaneously.'
items:
type: string
type: array
type: object
flexVolume:
description: FlexVolume represents a generic volume resource
that is provisioned/attached using an exec based plugin.
properties:
driver:
description: Driver is the name of the driver to use for
this volume.
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". The default filesystem depends on FlexVolume
script.
type: string
options:
additionalProperties:
type: string
description: 'Optional: Extra command options if any.'
type: object
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
description: 'Optional: SecretRef is reference to the secret
object containing sensitive information to pass to the
plugin scripts. This may be empty if no secret object
is specified. If the secret object contains more than
one secret, all secrets are passed to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
required:
- driver
type: object
flocker:
description: Flocker represents a Flocker volume attached to
a kubelet's host machine. This depends on the Flocker control
service being running
properties:
datasetName:
description: Name of the dataset stored as metadata -> name
on the dataset for Flocker should be considered as deprecated
type: string
datasetUUID:
description: UUID of the dataset. This is unique identifier
of a Flocker dataset
type: string
type: object
gcePersistentDisk:
description: 'GCEPersistentDisk represents a GCE Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property empty).
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
description: 'Unique name of the PD resource in GCE. Used
to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- pdName
type: object
gitRepo:
description: 'GitRepo represents a git repository at a particular
revision. DEPRECATED: GitRepo is deprecated. To provision
a container with a git repo, mount an EmptyDir into an InitContainer
that clones the repo using git, then mount the EmptyDir into
the Pod''s container.'
properties:
directory:
description: Target directory name. Must not contain or
start with '..'. If '.' is supplied, the volume directory
will be the git repository. Otherwise, if specified,
the volume will contain the git repository in the subdirectory
with the given name.
type: string
repository:
description: Repository URL
type: string
revision:
description: Commit hash for the specified revision.
type: string
required:
- repository
type: object
glusterfs:
description: 'Glusterfs represents a Glusterfs mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
description: 'EndpointsName is the endpoint name that details
Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
description: 'Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
description: 'ReadOnly here will force the Glusterfs volume
to be mounted with read-only permissions. Defaults to
false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
required:
- endpoints
- path
type: object
hostPath:
description: 'HostPath represents a pre-existing file or directory
on the host machine that is directly exposed to the container.
This is generally used for system agents or other privileged
things that are allowed to see the host machine. Most containers
will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
--- TODO(jonesdl) We need to restrict who can use host directory
mounts and who can/can not mount host directories as read/write.'
properties:
path:
description: 'Path of the directory on the host. If the
path is a symlink, it will follow the link to the real
path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
description: 'Type for HostPath Volume Defaults to "" More
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
description: 'ISCSI represents an ISCSI Disk resource that is
attached to a kubelet''s host machine and then exposed to
the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
description: whether support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
description: whether support iSCSI Session CHAP authentication
type: boolean
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
initiatorName:
description: Custom iSCSI Initiator Name. If initiatorName
is specified with iscsiInterface simultaneously, new iSCSI
interface : will be created
for the connection.
type: string
iqn:
description: Target iSCSI Qualified Name.
type: string
iscsiInterface:
description: iSCSI Interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).
type: string
lun:
description: iSCSI Target Lun number.
format: int32
type: integer
portals:
description: iSCSI Target Portal List. The portal is either
an IP or ip_addr:port if the port is other than default
(typically TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
description: ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: CHAP Secret for iSCSI target and initiator
authentication
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
targetPortal:
description: iSCSI Target Portal. The Portal is either an
IP or ip_addr:port if the port is other than default (typically
TCP ports 860 and 3260).
type: string
required:
- iqn
- lun
- targetPortal
type: object
name:
description: 'Volume''s name. Must be a DNS_LABEL and unique
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
nfs:
description: 'NFS represents an NFS mount on the host that shares
a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
description: 'Path that is exported by the NFS server. More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
description: 'ReadOnly here will force the NFS export to
be mounted with read-only permissions. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
description: 'Server is the hostname or IP address of the
NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'PersistentVolumeClaimVolumeSource represents a
reference to a PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
description: 'ClaimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
description: Will force the ReadOnly setting in VolumeMounts.
Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
description: PhotonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
pdID:
description: ID that identifies Photon Controller persistent
disk
type: string
required:
- pdID
type: object
portworxVolume:
description: PortworxVolume represents a portworx volume attached
and mounted on kubelets host machine
properties:
fsType:
description: FSType represents the filesystem type to mount
Must be a filesystem type supported by the host operating
system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
if unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
description: VolumeID uniquely identifies a Portworx volume
type: string
required:
- volumeID
type: object
projected:
description: Items for all in one resources secrets, configmaps,
and downward API
properties:
defaultMode:
description: Mode bits to use on created files by default.
Must be a value between 0 and 0777. Directories within
the path are not affected by this setting. This might
be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits
set.
format: int32
type: integer
sources:
description: list of volume projections
items:
description: Projection that may be projected along with
other supported volume types
properties:
configMap:
description: information about the configMap data
to project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
If specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the ConfigMap, the volume
setup will error unless it is marked optional.
Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its keys must be defined
type: boolean
type: object
downwardAPI:
description: information about the downwardAPI data
to project
properties:
items:
description: Items is a list of DownwardAPIVolume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing
the pod field
properties:
fieldRef:
description: 'Required: Selects a field
of the pod: only annotations, labels,
name and namespace are supported.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of,
defaults to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created. Must
not be absolute or contain the ''..''
path. Must be utf-8 encoded. The first
item of the relative path must not start
with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu
and requests.memory) are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults
to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
secret:
description: information about the secret data to
project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced Secret will
be projected into the volume as a file whose
name is the key and content is the value. If
specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the Secret, the volume setup
will error unless it is marked optional. Paths
must be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
type: object
serviceAccountToken:
description: information about the serviceAccountToken
data to project
properties:
audience:
description: Audience is the intended audience
of the token. A recipient of a token must identify
itself with an identifier specified in the audience
of the token, and otherwise should reject the
token. The audience defaults to the identifier
of the apiserver.
type: string
expirationSeconds:
description: ExpirationSeconds is the requested
duration of validity of the service account
token. As the token approaches expiration, the
kubelet volume plugin will proactively rotate
the service account token. The kubelet will
start trying to rotate the token if the token
is older than 80 percent of its time to live
or if the token is older than 24 hours.Defaults
to 1 hour and must be at least 10 minutes.
format: int64
type: integer
path:
description: Path is the path relative to the
mount point of the file to project the token
into.
type: string
required:
- path
type: object
type: object
type: array
required:
- sources
type: object
quobyte:
description: Quobyte represents a Quobyte mount on the host
that shares a pod's lifetime
properties:
group:
description: Group to map volume access to Default is no
group
type: string
readOnly:
description: ReadOnly here will force the Quobyte volume
to be mounted with read-only permissions. Defaults to
false.
type: boolean
registry:
description: Registry represents a single or multiple Quobyte
Registry services specified as a string as host:port pair
(multiple entries are separated with commas) which acts
as the central registry for volumes
type: string
tenant:
description: Tenant owning the given Quobyte volume in the
Backend Used with dynamically provisioned Quobyte volumes,
value is set by the plugin
type: string
user:
description: User to map volume access to Defaults to serivceaccount
user
type: string
volume:
description: Volume is a string that references an already
created Quobyte volume by name.
type: string
required:
- registry
- volume
type: object
rbd:
description: 'RBD represents a Rados Block Device mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
image:
description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
description: 'Keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
description: 'A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
description: 'The rados pool name. Default is rbd. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
description: 'SecretRef is name of the authentication secret
for RBDUser. If provided overrides keyring. Default is
nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
user:
description: 'The rados user name. Default is admin. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
description: ScaleIO represents a ScaleIO persistent volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Default is "xfs".
type: string
gateway:
description: The host address of the ScaleIO API Gateway.
type: string
protectionDomain:
description: The name of the ScaleIO Protection Domain for
the configured storage.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef references to the secret for ScaleIO
user and other sensitive information. If this is not provided,
Login operation will fail.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
sslEnabled:
description: Flag to enable/disable SSL communication with
Gateway, default false
type: boolean
storageMode:
description: Indicates whether the storage for a volume
should be ThickProvisioned or ThinProvisioned. Default
is ThinProvisioned.
type: string
storagePool:
description: The ScaleIO Storage Pool associated with the
protection domain.
type: string
system:
description: The name of the storage system as configured
in ScaleIO.
type: string
volumeName:
description: The name of a volume already created in the
ScaleIO system that is associated with this volume source.
type: string
required:
- gateway
- secretRef
- system
type: object
secret:
description: 'Secret represents a secret that should populate
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the Secret, the volume setup will error unless it is marked
optional. Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys must
be defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
description: StorageOS represents a StorageOS volume attached
and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef specifies the secret to use for obtaining
the StorageOS API credentials. If not specified, default
values will be attempted.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
volumeName:
description: VolumeName is the human-readable name of the
StorageOS volume. Volume names are only unique within
a namespace.
type: string
volumeNamespace:
description: VolumeNamespace specifies the scope of the
volume within StorageOS. If no namespace is specified
then the Pod's namespace will be used. This allows the
Kubernetes name scoping to be mirrored within StorageOS
for tighter integration. Set VolumeName to any name to
override the default behaviour. Set to "default" if you
are not using namespaces within StorageOS. Namespaces
that do not pre-exist within StorageOS will be created.
type: string
type: object
vsphereVolume:
description: VsphereVolume represents a vSphere volume attached
and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
storagePolicyID:
description: Storage Policy Based Management (SPBM) profile
ID associated with the StoragePolicyName.
type: string
storagePolicyName:
description: Storage Policy Based Management (SPBM) profile
name.
type: string
volumePath:
description: Path that identifies vSphere volume vmdk
type: string
required:
- volumePath
type: object
required:
- name
type: object
type: array
type: object
status:
description: 'Most recent observed status of the Alertmanager cluster.
Read-only. Not included when requesting from the apiserver, only from
the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
availableReplicas:
description: Total number of available pods (ready for at least minReadySeconds)
targeted by this Alertmanager cluster.
format: int32
type: integer
paused:
description: Represents whether any actions on the underlying managed
objects are being performed. Only delete actions will be performed.
type: boolean
replicas:
description: Total number of non-terminated pods targeted by this
Alertmanager cluster (their labels match the selector).
format: int32
type: integer
unavailableReplicas:
description: Total number of unavailable pods targeted by this Alertmanager
cluster.
format: int32
type: integer
updatedReplicas:
description: Total number of non-terminated pods targeted by this
Alertmanager cluster that have the desired version spec.
format: int32
type: integer
required:
- availableReplicas
- paused
- replicas
- unavailableReplicas
- updatedReplicas
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: podmonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: PodMonitor
listKind: PodMonitorList
plural: podmonitors
singular: podmonitor
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: PodMonitor defines monitoring for a set of pods.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired Pod selection for target discovery
by Prometheus.
properties:
jobLabel:
description: The label to use to retrieve the job name from.
type: string
namespaceSelector:
description: Selector to select which namespaces the Endpoints objects
are discovered from.
properties:
any:
description: Boolean describing whether all namespaces are selected
in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
podMetricsEndpoints:
description: A list of endpoints allowed as part of this PodMonitor.
items:
description: PodMetricsEndpoint defines a scrapeable endpoint of
a Kubernetes Pod serving Prometheus metrics.
properties:
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over
basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
properties:
password:
description: The secret in the service monitor namespace
that contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping
targets. The secret needs to be in the same namespace as the
pod monitor and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
honorLabels:
description: HonorLabels chooses the metric's labels on collisions
with target labels.
type: boolean
honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects
the timestamps present in scraped data.
type: boolean
interval:
description: Interval at which metrics should be scraped
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before
ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines ``-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
params:
additionalProperties:
items:
type: string
type: array
description: Optional HTTP URL parameters
type: object
path:
description: HTTP path to scrape for metrics.
type: string
port:
description: Name of the pod port this endpoint refers to. Mutually
exclusive with targetPort.
type: string
proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
to proxy through this endpoint.
type: string
relabelings:
description: 'RelabelConfigs to apply to samples before scraping.
Prometheus Operator automatically adds relabelings for a few
standard Kubernetes fields and replaces original scrape job
name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines ``-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
scheme:
description: HTTP scheme to use for scraping.
type: string
scrapeTimeout:
description: Timeout after which the scrape is ended
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: 'Deprecated: Use ''port'' instead.'
x-kubernetes-int-or-string: true
tlsConfig:
description: TLS configuration to use when scraping the endpoint.
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert file for
the targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
type: object
type: array
podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes Pod
onto the target.
items:
type: string
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
selector:
description: Selector to select Pod objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
targetLimit:
description: TargetLimit defines a limit on the number of scraped
targets that will be accepted.
format: int64
type: integer
required:
- podMetricsEndpoints
- selector
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-probes.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: probes.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: Probe
listKind: ProbeList
plural: probes
singular: probe
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: Probe defines monitoring for a set of static targets or ingresses.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired Ingress selection for target discovery
by Prometheus.
properties:
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over basic
authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint'
properties:
password:
description: The secret in the service monitor namespace that
contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace that
contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping targets.
The secret needs to be in the same namespace as the probe and accessible
by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
interval:
description: Interval at which targets are probed using the configured
prober. If not specified Prometheus' global scrape interval is used.
type: string
jobName:
description: The job name assigned to scraped metrics by default.
type: string
module:
description: 'The module to use for probing specifying how to probe
the target. Example module configuring in the blackbox exporter:
https://github.com/prometheus/blackbox_exporter/blob/master/example.yml'
type: string
prober:
description: Specification for the prober to use for probing targets.
The prober.URL parameter is required. Targets cannot be probed if
left empty.
properties:
path:
description: Path to collect metrics from. Defaults to `/probe`.
type: string
proxyUrl:
description: Optional ProxyURL.
type: string
scheme:
description: HTTP scheme to use for scraping. Defaults to `http`.
type: string
url:
description: Mandatory URL of the prober.
type: string
required:
- url
type: object
scrapeTimeout:
description: Timeout for scraping metrics from the Prometheus exporter.
type: string
targets:
description: Targets defines a set of static and/or dynamically discovered
targets to be probed using the prober.
properties:
ingress:
description: Ingress defines the set of dynamically discovered
ingress objects which hosts are considered for probing.
properties:
namespaceSelector:
description: Select Ingress objects by namespace.
properties:
any:
description: Boolean describing whether all namespaces
are selected in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
relabelingConfigs:
description: 'RelabelConfigs to apply to samples before ingestion.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of
the label set, being applied to samples before ingestion.
It defines ``-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex
replace is performed if the regular expression matches.
Regex capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
selector:
description: Select Ingress objects by labels.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
type: object
staticConfig:
description: 'StaticConfig defines static targets which are considers
for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.'
properties:
labels:
additionalProperties:
type: string
description: Labels assigned to all metrics scraped from the
targets.
type: object
relabelingConfigs:
description: 'RelabelConfigs to apply to samples before ingestion.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of
the label set, being applied to samples before ingestion.
It defines ``-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex
replace is performed if the regular expression matches.
Regex capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
static:
description: Targets is a list of URLs to probe using the
configured prober.
items:
type: string
type: array
type: object
type: object
tlsConfig:
description: TLS configuration to use when scraping the endpoint.
properties:
ca:
description: Struct containing the CA cert to use for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
cert:
description: Struct containing the client cert file for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key file for the targets.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: prometheuses.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: Prometheus
listKind: PrometheusList
plural: prometheuses
singular: prometheus
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The version of Prometheus
jsonPath: .spec.version
name: Version
type: string
- description: The desired replicas number of Prometheuses
jsonPath: .spec.replicas
name: Replicas
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: Prometheus defines a Prometheus deployment.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the desired behavior of the Prometheus
cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
additionalAlertManagerConfigs:
description: 'AdditionalAlertManagerConfigs allows specifying a key
of a Secret containing additional Prometheus AlertManager configurations.
AlertManager configurations specified are appended to the configurations
generated by the Prometheus Operator. Job configurations specified
must have the form as specified in the official Prometheus documentation:
https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config.
As AlertManager configs are appended, the user is responsible to
make sure it is valid. Note that using this feature may expose the
possibility to break upgrades of Prometheus. It is advised to review
Prometheus release notes to ensure that no incompatible AlertManager
configs are going to break Prometheus after the upgrade.'
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
additionalAlertRelabelConfigs:
description: 'AdditionalAlertRelabelConfigs allows specifying a key
of a Secret containing additional Prometheus alert relabel configurations.
Alert relabel configurations specified are appended to the configurations
generated by the Prometheus Operator. Alert relabel configurations
specified must have the form as specified in the official Prometheus
documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
As alert relabel configs are appended, the user is responsible to
make sure it is valid. Note that using this feature may expose the
possibility to break upgrades of Prometheus. It is advised to review
Prometheus release notes to ensure that no incompatible alert relabel
configs are going to break Prometheus after the upgrade.'
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
additionalScrapeConfigs:
description: 'AdditionalScrapeConfigs allows specifying a key of a
Secret containing additional Prometheus scrape configurations. Scrape
configurations specified are appended to the configurations generated
by the Prometheus Operator. Job configurations specified must have
the form as specified in the official Prometheus documentation:
https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
As scrape configs are appended, the user is responsible to make
sure it is valid. Note that using this feature may expose the possibility
to break upgrades of Prometheus. It is advised to review Prometheus
release notes to ensure that no incompatible scrape configs are
going to break Prometheus after the upgrade.'
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
affinity:
description: If specified, the pod's scheduling constraints.
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the
highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects (i.e.
is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may
not try to eventually evict the pod from its node. When
there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms
must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the anti-affinity expressions specified
by this field, but it may choose a node that violates one
or more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its
node. When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected, i.e.
all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
alerting:
description: Define details regarding alerting.
properties:
alertmanagers:
description: AlertmanagerEndpoints Prometheus should fire alerts
against.
items:
description: AlertmanagerEndpoints defines a selection of a
single Endpoints object containing alertmanager IPs to fire
alerts against.
properties:
apiVersion:
description: Version of the Alertmanager API that Prometheus
uses to send alerts. It can be "v1" or "v2".
type: string
bearerTokenFile:
description: BearerTokenFile to read from filesystem to
use when authenticating to Alertmanager.
type: string
name:
description: Name of Endpoints object in Namespace.
type: string
namespace:
description: Namespace of Endpoints object.
type: string
pathPrefix:
description: Prefix for the HTTP path alerts are pushed
to.
type: string
port:
anyOf:
- type: integer
- type: string
description: Port the Alertmanager API is exposed on.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use when firing alerts.
type: string
timeout:
description: Timeout is a per-target Alertmanager timeout
when pushing alerts.
type: string
tlsConfig:
description: TLS Config to use for alertmanager connection.
properties:
ca:
description: Struct containing the CA cert to use for
the targets.
properties:
configMap:
description: ConfigMap containing data to use for
the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the
targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
description: Struct containing the client cert file
for the targets.
properties:
configMap:
description: ConfigMap containing data to use for
the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the
targets.
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: Secret containing the client key file for
the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
required:
- name
- namespace
- port
type: object
type: array
required:
- alertmanagers
type: object
allowOverlappingBlocks:
description: AllowOverlappingBlocks enables vertical compaction and
vertical query merge in Prometheus. This is still experimental in
Prometheus so it may change in any upcoming release.
type: boolean
apiserverConfig:
description: APIServerConfig allows specifying a host and auth methods
to access apiserver. If left empty, Prometheus is assumed to run
inside of the cluster and will discover API servers automatically
and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
properties:
basicAuth:
description: BasicAuth allow an endpoint to authenticate over
basic authentication
properties:
password:
description: The secret in the service monitor namespace that
contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace that
contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerToken:
description: Bearer token for accessing apiserver.
type: string
bearerTokenFile:
description: File to read bearer token for accessing apiserver.
type: string
host:
description: Host of apiserver. A valid string consisting of a
hostname or IP followed by an optional port number
type: string
tlsConfig:
description: TLS Config to use for accessing apiserver.
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
description: Struct containing the client cert file for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
required:
- host
type: object
arbitraryFSAccessThroughSMs:
description: ArbitraryFSAccessThroughSMs configures whether configuration
based on a service monitor can access arbitrary files on the file
system of the Prometheus container e.g. bearer token files.
properties:
deny:
type: boolean
type: object
baseImage:
description: 'Base image to use for a Prometheus deployment. Deprecated:
use ''image'' instead'
type: string
configMaps:
description: ConfigMaps is a list of ConfigMaps in the same namespace
as the Prometheus object, which shall be mounted into the Prometheus
Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/.
items:
type: string
type: array
containers:
description: 'Containers allows injecting additional containers or
modifying operator generated containers. This can be used to allow
adding an authentication proxy to a Prometheus pod or to change
the behavior of an operator generated container. Containers described
here modify an operator generated container if they share the same
name and modifications are done via a strategic merge patch. The
current container names are: `prometheus`, `config-reloader`, and
`thanos-sidecar`. Overriding containers is entirely outside the
scope of what the maintainers will support and by doing so, you
accept that this behaviour may break at any time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The docker image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
be unchanged. The $(VAR_NAME) syntax can be escaped with a
double $$, ie: $$(VAR_NAME). Escaped references will never
be expanded, regardless of whether the variable exists or
not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
The docker image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
Cannot be updated.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be
a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, metadata.labels,
metadata.annotations, spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment variables
in the container. The keys defined within a source must be
a C_IDENTIFIER. All invalid keys will be reported as an event
when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key
will take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap must be
defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should take
in response to container lifecycle events. Cannot be updated.
properties:
postStart:
description: 'PostStart is called immediately after a container
is created. If the handler fails, the container is terminated
and restarted according to its restart policy. Other management
of the container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before a container
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness. Container
will be restarted if the probe fails. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container. Exposing
a port here gives the system additional information about
the network connections a container uses, but is primarily
informational. Not specifying a port here DOES NOT prevent
that port from being exposed. Any port which is listening
on the default "0.0.0.0" address inside a container will be
accessible from the network. Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
properties:
containerPort:
description: Number of port to expose on the pod's IP
address. This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port to.
type: string
hostPort:
description: Number of port to expose on the host. If
specified, this must be a valid port number, 0 < x <
65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in a pod
must have a unique name. Name for the port that can
be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
securityContext:
description: 'Security options the pod should run with. More
info: https://kubernetes.io/docs/concepts/policy/security-context/
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent process.
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a
non-root user. If true, the Kubelet will validate the
image at runtime to ensure that it does not run as UID
0 (root) and fail to start the container if it does. If
unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
windowsOptions:
description: The Windows specific settings applied to all
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named
by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the
GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has successfully
initialized. If specified, no other probes are executed until
this completes successfully. If this probe fails, the Pod
will be restarted, just as if the livenessProbe failed. This
can be used to provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time to load
data or warm a cache, than during steady-state operation.
This cannot be updated. This is a beta feature enabled by
the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate a buffer
for stdin in the container runtime. If this is not set, reads
from stdin in the container will always result in EOF. Default
is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close the
stdin channel after it has been opened by a single attach.
When stdin is true the stdin stream will remain open across
multiple attach sessions. If stdinOnce is set to true, stdin
is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data
until the client disconnects, at which time stdin is closed
and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which the
container''s termination message will be written is mounted
into the container''s filesystem. Message written is intended
to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes.
The total message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should be
populated. File will use the contents of terminationMessagePath
to populate the container status message on both success and
failure. FallbackToLogsOnError will use the last chunk of
container log output if the termination message file is empty
and the container exited with an error. The log output is
limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
to File. Cannot be updated.
type: string
tty:
description: Whether this container should allocate a TTY for
itself, also requires 'stdin' to be true. Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices to be
used by the container.
items:
description: volumeDevice describes a mapping of a raw block
device within a container.
properties:
devicePath:
description: devicePath is the path inside of the container
that the device will be mapped to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's filesystem.
Cannot be updated.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
properties:
mountPath:
description: Path within the container at which the volume
should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are
propagated from the host to container and the other
way around. When not set, MountPropagationNone is used.
This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which
the container's volume should be mounted. Behaves similarly
to SubPath but environment variable references $(VAR_NAME)
are expanded using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath are mutually
exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which might
be configured in the container image. Cannot be updated.
type: string
required:
- name
type: object
type: array
disableCompaction:
description: Disable prometheus compaction.
type: boolean
enableAdminAPI:
description: 'Enable access to prometheus web admin API. Defaults
to the value of `false`. WARNING: Enabling the admin APIs enables
mutating endpoints, to delete data, shutdown Prometheus, and more.
Enabling this should be done with care and the user is advised to
add additional authentication authorization via a proxy to ensure
only clients authorized to perform these actions can do so. For
more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis'
type: boolean
enableFeatures:
description: Enable access to Prometheus disabled features. By default,
no features are enabled. Enabling disabled features is entirely
outside the scope of what the maintainers will support and by doing
so, you accept that this behaviour may break at any time without
notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/
items:
type: string
type: array
enforcedNamespaceLabel:
description: "EnforcedNamespaceLabel If set, a label will be added
to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor`
and `ProbeConfig` object) and 2. in all `PrometheusRule` objects
(except the ones excluded in `prometheusRulesExcludedFromEnforce`)
to * alerting & recording rules and * the metrics used in
their expressions (`expr`). \n Label name is this field's value.
Label value is the namespace of the created object (mentioned above)."
type: string
enforcedSampleLimit:
description: EnforcedSampleLimit defines global limit on number of
scraped samples that will be accepted. This overrides any SampleLimit
set per ServiceMonitor or/and PodMonitor. It is meant to be used
by admins to enforce the SampleLimit to keep overall number of samples/series
under the desired limit. Note that if SampleLimit is lower that
value will be taken instead.
format: int64
type: integer
enforcedTargetLimit:
description: EnforcedTargetLimit defines a global limit on the number
of scraped targets. This overrides any TargetLimit set per ServiceMonitor
or/and PodMonitor. It is meant to be used by admins to enforce the
TargetLimit to keep overall number of targets under the desired
limit. Note that if TargetLimit is higher that value will be taken
instead.
format: int64
type: integer
evaluationInterval:
description: 'Interval between consecutive evaluations. Default: `1m`'
type: string
externalLabels:
additionalProperties:
type: string
description: The labels to add to any time series or alerts when communicating
with external systems (federation, remote storage, Alertmanager).
type: object
externalUrl:
description: The external URL the Prometheus instances will be available
under. This is necessary to generate correct URLs. This is necessary
if Prometheus is not served from root of a DNS name.
type: string
ignoreNamespaceSelectors:
description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector
settings from the podmonitor and servicemonitor configs, and they
will only discover endpoints within their current namespace. Defaults
to false.
type: boolean
image:
description: Image if specified has precedence over baseImage, tag
and sha combinations. Specifying the version is still necessary
to ensure the Prometheus Operator knows what version of Prometheus
is being configured.
type: string
imagePullSecrets:
description: An optional list of references to secrets in the same
namespace to use for pulling prometheus and alertmanager images
from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: array
initContainers:
description: 'InitContainers allows adding initContainers to the pod
definition. Those can be used to e.g. fetch secrets for injection
into the Prometheus configuration from external sources. Any errors
during the execution of an initContainer will lead to a restart
of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
InitContainers described here modify an operator generated init
containers if they share the same name and modifications are done
via a strategic merge patch. The current init container name is:
`init-config-reloader`. Overriding init containers is entirely outside
the scope of what the maintainers will support and by doing so,
you accept that this behaviour may break at any time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The docker image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
be unchanged. The $(VAR_NAME) syntax can be escaped with a
double $$, ie: $$(VAR_NAME). Escaped references will never
be expanded, regardless of whether the variable exists or
not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
The docker image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
Cannot be updated.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be
a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, metadata.labels,
metadata.annotations, spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment variables
in the container. The keys defined within a source must be
a C_IDENTIFIER. All invalid keys will be reported as an event
when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key
will take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap must be
defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should take
in response to container lifecycle events. Cannot be updated.
properties:
postStart:
description: 'PostStart is called immediately after a container
is created. If the handler fails, the container is terminated
and restarted according to its restart policy. Other management
of the container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before a container
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness. Container
will be restarted if the probe fails. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container. Exposing
a port here gives the system additional information about
the network connections a container uses, but is primarily
informational. Not specifying a port here DOES NOT prevent
that port from being exposed. Any port which is listening
on the default "0.0.0.0" address inside a container will be
accessible from the network. Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
properties:
containerPort:
description: Number of port to expose on the pod's IP
address. This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port to.
type: string
hostPort:
description: Number of port to expose on the host. If
specified, this must be a valid port number, 0 < x <
65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in a pod
must have a unique name. Name for the port that can
be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
securityContext:
description: 'Security options the pod should run with. More
info: https://kubernetes.io/docs/concepts/policy/security-context/
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent process.
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a
non-root user. If true, the Kubelet will validate the
image at runtime to ensure that it does not run as UID
0 (root) and fail to start the container if it does. If
unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
windowsOptions:
description: The Windows specific settings applied to all
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named
by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the
GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has successfully
initialized. If specified, no other probes are executed until
this completes successfully. If this probe fails, the Pod
will be restarted, just as if the livenessProbe failed. This
can be used to provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time to load
data or warm a cache, than during steady-state operation.
This cannot be updated. This is a beta feature enabled by
the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate a buffer
for stdin in the container runtime. If this is not set, reads
from stdin in the container will always result in EOF. Default
is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close the
stdin channel after it has been opened by a single attach.
When stdin is true the stdin stream will remain open across
multiple attach sessions. If stdinOnce is set to true, stdin
is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data
until the client disconnects, at which time stdin is closed
and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which the
container''s termination message will be written is mounted
into the container''s filesystem. Message written is intended
to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes.
The total message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should be
populated. File will use the contents of terminationMessagePath
to populate the container status message on both success and
failure. FallbackToLogsOnError will use the last chunk of
container log output if the termination message file is empty
and the container exited with an error. The log output is
limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
to File. Cannot be updated.
type: string
tty:
description: Whether this container should allocate a TTY for
itself, also requires 'stdin' to be true. Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices to be
used by the container.
items:
description: volumeDevice describes a mapping of a raw block
device within a container.
properties:
devicePath:
description: devicePath is the path inside of the container
that the device will be mapped to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's filesystem.
Cannot be updated.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
properties:
mountPath:
description: Path within the container at which the volume
should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are
propagated from the host to container and the other
way around. When not set, MountPropagationNone is used.
This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which
the container's volume should be mounted. Behaves similarly
to SubPath but environment variable references $(VAR_NAME)
are expanded using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath are mutually
exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which might
be configured in the container image. Cannot be updated.
type: string
required:
- name
type: object
type: array
listenLocal:
description: ListenLocal makes the Prometheus server listen on loopback,
so that it does not bind against the Pod IP.
type: boolean
logFormat:
description: Log format for Prometheus to be configured with.
type: string
logLevel:
description: Log level for Prometheus to be configured with.
type: string
nodeSelector:
additionalProperties:
type: string
description: Define which Nodes the Pods are scheduled on.
type: object
overrideHonorLabels:
description: OverrideHonorLabels if set to true overrides all user
configured honor_labels. If HonorLabels is set in ServiceMonitor
or PodMonitor to true, this overrides honor_labels to false.
type: boolean
overrideHonorTimestamps:
description: OverrideHonorTimestamps allows to globally enforce honoring
timestamps in all scrape configs.
type: boolean
paused:
description: When a Prometheus deployment is paused, no actions except
for deletion will be performed on the underlying objects.
type: boolean
podMetadata:
description: PodMetadata configures Labels and Annotations which are
propagated to the prometheus pods.
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used to
organize and categorize (scope and select) objects. May match
selectors of replication controllers and services. More info:
http://kubernetes.io/docs/user-guide/labels'
type: object
name:
description: 'Name must be unique within a namespace. Is required
when creating resources, although some resources may allow a
client to request the generation of an appropriate name automatically.
Name is primarily intended for creation idempotence and configuration
definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
type: object
podMonitorNamespaceSelector:
description: Namespace's labels to match for PodMonitor discovery.
If nil, only check own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
podMonitorSelector:
description: '*Experimental* PodMonitors to be selected for target
discovery. *Deprecated:* if neither this nor serviceMonitorSelector
are specified, configuration is unmanaged.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
portName:
description: Port name used for the pods and governing service. This
defaults to web
type: string
priorityClassName:
description: Priority class assigned to the Pods
type: string
probeNamespaceSelector:
description: '*Experimental* Namespaces to be selected for Probe discovery.
If nil, only check own namespace.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
probeSelector:
description: '*Experimental* Probes to be selected for target discovery.'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
prometheusExternalLabelName:
description: Name of Prometheus external label used to denote Prometheus
instance name. Defaults to the value of `prometheus`. External label
will _not_ be added when value is set to empty string (`""`).
type: string
prometheusRulesExcludedFromEnforce:
description: PrometheusRulesExcludedFromEnforce - list of prometheus
rules to be excluded from enforcing of adding namespace labels.
Works only if enforcedNamespaceLabel set to true. Make sure both
ruleNamespace and ruleName are set for each pair
items:
description: PrometheusRuleExcludeConfig enables users to configure
excluded PrometheusRule names and their namespaces to be ignored
while enforcing namespace label for alerts and metrics.
properties:
ruleName:
description: RuleNamespace - name of excluded rule
type: string
ruleNamespace:
description: RuleNamespace - namespace of excluded rule
type: string
required:
- ruleName
- ruleNamespace
type: object
type: array
query:
description: QuerySpec defines the query command line flags when starting
Prometheus.
properties:
lookbackDelta:
description: The delta difference allowed for retrieving metrics
during expression evaluations.
type: string
maxConcurrency:
description: Number of concurrent queries that can be run at once.
format: int32
type: integer
maxSamples:
description: Maximum number of samples a single query can load
into memory. Note that queries will fail if they would load
more samples than this into memory, so this also limits the
number of samples a query can return.
format: int32
type: integer
timeout:
description: Maximum time a query may take before being aborted.
type: string
type: object
queryLogFile:
description: QueryLogFile specifies the file to which PromQL queries
are logged. Note that this location must be writable, and can be
persisted using an attached volume. Alternatively, the location
can be set to a stdout location such as `/dev/stdout` to log querie
information to the default Prometheus log stream. This is only available
in versions of Prometheus >= 2.16.0. For more details, see the Prometheus
docs (https://prometheus.io/docs/guides/query-log/)
type: string
remoteRead:
description: If specified, the remote_read spec. This is an experimental
feature, it may change in any upcoming release in a breaking way.
items:
description: RemoteReadSpec defines the remote_read configuration
for prometheus.
properties:
basicAuth:
description: BasicAuth for the URL.
properties:
password:
description: The secret in the service monitor namespace
that contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerToken:
description: Bearer token for remote read.
type: string
bearerTokenFile:
description: File to read bearer token for remote read.
type: string
name:
description: The name of the remote read queue, must be unique
if specified. The name is used in metrics and logging in order
to differentiate read configurations. Only valid in Prometheus
versions 2.15.0 and newer.
type: string
proxyUrl:
description: Optional ProxyURL
type: string
readRecent:
description: Whether reads should be made for queries for time
ranges that the local storage should have complete data for.
type: boolean
remoteTimeout:
description: Timeout for requests to the remote read endpoint.
type: string
requiredMatchers:
additionalProperties:
type: string
description: An optional list of equality matchers which have
to be present in a selector to query the remote read endpoint.
type: object
tlsConfig:
description: TLS Config to use for remote read.
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
description: Struct containing the client cert file for
the targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
url:
description: The URL of the endpoint to send samples to.
type: string
required:
- url
type: object
type: array
remoteWrite:
description: If specified, the remote_write spec. This is an experimental
feature, it may change in any upcoming release in a breaking way.
items:
description: RemoteWriteSpec defines the remote_write configuration
for prometheus.
properties:
basicAuth:
description: BasicAuth for the URL.
properties:
password:
description: The secret in the service monitor namespace
that contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerToken:
description: Bearer token for remote write.
type: string
bearerTokenFile:
description: File to read bearer token for remote write.
type: string
headers:
additionalProperties:
type: string
description: Custom HTTP headers to be sent along with each
remote write request. Be aware that headers that are set by
Prometheus itself can't be overwritten. Only valid in Prometheus
versions 2.25.0 and newer.
type: object
metadataConfig:
description: MetadataConfig configures the sending of series
metadata to remote storage.
properties:
send:
description: Whether metric metadata is sent to remote storage
or not.
type: boolean
sendInterval:
description: How frequently metric metadata is sent to remote
storage.
type: string
type: object
name:
description: The name of the remote write queue, must be unique
if specified. The name is used in metrics and logging in order
to differentiate queues. Only valid in Prometheus versions
2.15.0 and newer.
type: string
proxyUrl:
description: Optional ProxyURL
type: string
queueConfig:
description: QueueConfig allows tuning of the remote write queue
parameters.
properties:
batchSendDeadline:
description: BatchSendDeadline is the maximum time a sample
will wait in buffer.
type: string
capacity:
description: Capacity is the number of samples to buffer
per shard before we start dropping them.
type: integer
maxBackoff:
description: MaxBackoff is the maximum retry delay.
type: string
maxRetries:
description: MaxRetries is the maximum number of times to
retry a batch on recoverable errors.
type: integer
maxSamplesPerSend:
description: MaxSamplesPerSend is the maximum number of
samples per send.
type: integer
maxShards:
description: MaxShards is the maximum number of shards,
i.e. amount of concurrency.
type: integer
minBackoff:
description: MinBackoff is the initial retry delay. Gets
doubled for every retry.
type: string
minShards:
description: MinShards is the minimum number of shards,
i.e. amount of concurrency.
type: integer
type: object
remoteTimeout:
description: Timeout for requests to the remote write endpoint.
type: string
tlsConfig:
description: TLS Config to use for remote write.
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
description: Struct containing the client cert file for
the targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
url:
description: The URL of the endpoint to send samples to.
type: string
writeRelabelConfigs:
description: The list of remote write relabel configurations.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines ``-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
required:
- url
type: object
type: array
replicaExternalLabelName:
description: Name of Prometheus external label used to denote replica
name. Defaults to the value of `prometheus_replica`. External label
will _not_ be added when value is set to empty string (`""`).
type: string
replicas:
description: Number of replicas of each shard to deploy for a Prometheus
deployment. Number of replicas multiplied by shards is the total
number of Pods created.
format: int32
type: integer
resources:
description: Define resources requests and limits for single Pods.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
retention:
description: Time duration Prometheus shall retain data for. Default
is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)`
(milliseconds seconds minutes hours days weeks years).
type: string
retentionSize:
description: 'Maximum amount of disk space used by blocks. Supported
units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.'
type: string
routePrefix:
description: The route prefix Prometheus registers HTTP handlers for.
This is useful, if using ExternalURL and a proxy is rewriting HTTP
routes of a request, and the actual ExternalURL is still true, but
the server serves requests under a different route prefix. For example
for use with `kubectl proxy`.
type: string
ruleNamespaceSelector:
description: Namespaces to be selected for PrometheusRules discovery.
If unspecified, only the same namespace as the Prometheus object
is in is used.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
ruleSelector:
description: A selector to select which PrometheusRules to mount for
loading alerting/recording rules from. Until (excluding) Prometheus
Operator v0.24.0 Prometheus Operator will migrate any legacy rule
ConfigMaps to PrometheusRule custom resources selected by RuleSelector.
Make sure it does not match any config maps that you do not want
to be migrated.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
rules:
description: /--rules.*/ command-line arguments.
properties:
alert:
description: /--rules.alert.*/ command-line arguments
properties:
forGracePeriod:
description: Minimum duration between alert and restored 'for'
state. This is maintained only for alerts with configured
'for' time greater than grace period.
type: string
forOutageTolerance:
description: Max time to tolerate prometheus outage for restoring
'for' state of alert.
type: string
resendDelay:
description: Minimum amount of time to wait before resending
an alert to Alertmanager.
type: string
type: object
type: object
scrapeInterval:
description: 'Interval between consecutive scrapes. Default: `1m`'
type: string
scrapeTimeout:
description: Number of seconds to wait for target to respond before
erroring.
type: string
secrets:
description: Secrets is a list of Secrets in the same namespace as
the Prometheus object, which shall be mounted into the Prometheus
Pods. The Secrets are mounted into /etc/prometheus/secrets/.
items:
type: string
type: array
securityContext:
description: SecurityContext holds pod-level security attributes and
common container settings. This defaults to the default PodSecurityContext.
properties:
fsGroup:
description: "A special supplemental group that applies to all
containers in a pod. Some volume types allow the Kubelet to
change the ownership of that volume to be owned by the pod:
\n 1. The owning GID will be the FSGroup 2. The setgid bit is
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
any volume."
format: int64
type: integer
fsGroupChangePolicy:
description: 'fsGroupChangePolicy defines behavior of changing
ownership and permission of the volume before being exposed
inside Pod. This field will only apply to volume types which
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
If not specified defaults to "Always".'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a non-root
user. If true, the Kubelet will validate the image at runtime
to ensure that it does not run as UID 0 (root) and fail to start
the container if it does. If unset or false, no such validation
will be performed. May also be set in SecurityContext. If set
in both SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all containers.
If unspecified, the container runtime will allocate a random
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
properties:
level:
description: Level is SELinux level label that applies to
the container.
type: string
role:
description: Role is a SELinux role label that applies to
the container.
type: string
type:
description: Type is a SELinux type label that applies to
the container.
type: string
user:
description: User is a SELinux user label that applies to
the container.
type: string
type: object
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
unspecified, no groups will be added to any container.
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
might fail to launch.
items:
description: Sysctl defines a kernel parameter to be set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named by
the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the GMSA
credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set in PodSecurityContext.
If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
type: string
type: object
type: object
serviceAccountName:
description: ServiceAccountName is the name of the ServiceAccount
to use to run the Prometheus Pods.
type: string
serviceMonitorNamespaceSelector:
description: Namespace's labels to match for ServiceMonitor discovery.
If nil, only check own namespace.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
serviceMonitorSelector:
description: ServiceMonitors to be selected for target discovery.
*Deprecated:* if neither this nor podMonitorSelector are specified,
configuration is unmanaged.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
sha:
description: 'SHA of Prometheus container image to be deployed. Defaults
to the value of `version`. Similar to a tag, but the SHA explicitly
deploys an immutable container image. Version and Tag are ignored
if SHA is set. Deprecated: use ''image'' instead. The image digest
can be specified as part of the image URL.'
type: string
shards:
description: 'EXPERIMENTAL: Number of shards to distribute targets
onto. Number of replicas multiplied by shards is the total number
of Pods created. Note that scaling down shards will not reshard
data onto remaining instances, it must be manually moved. Increasing
shards will not reshard data either but it will continue to be available
from the same instances. To query globally use Thanos sidecar and
Thanos querier or remote write data to a central location. Sharding
is done on the content of the `__address__` target meta-label.'
format: int32
type: integer
storage:
description: Storage spec to specify how storage shall be used.
properties:
disableMountSubPath:
description: 'Deprecated: subPath usage will be disabled by default
in a future release, this option will become unnecessary. DisableMountSubPath
allows to remove any subPath usage in volume mounts.'
type: boolean
emptyDir:
description: 'EmptyDirVolumeSource to be used by the Prometheus
StatefulSets. If specified, used in place of any volumeClaimTemplate.
More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
properties:
medium:
description: 'What type of storage medium should back this
directory. The default is "" which means to use the node''s
default medium. Must be an empty string (default) or Memory.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'Total amount of local storage required for this
EmptyDir volume. The size limit is also applicable for memory
medium. The maximum usage on memory medium EmptyDir would
be the minimum value between the SizeLimit specified here
and the sum of memory limits of all containers in a pod.
The default is nil which means that the limit is undefined.
More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
volumeClaimTemplate:
description: A PVC spec to be used by the Prometheus StatefulSets.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST
resource this object represents. Servers may infer this
from the endpoint the client submits requests to. Cannot
be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: EmbeddedMetadata contains metadata relevant to
an EmbeddedResource.
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value
map stored with a resource that may be set by external
tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying
objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be
used to organize and categorize (scope and select) objects.
May match selectors of replication controllers and services.
More info: http://kubernetes.io/docs/user-guide/labels'
type: object
name:
description: 'Name must be unique within a namespace.
Is required when creating resources, although some resources
may allow a client to request the generation of an appropriate
name automatically. Name is primarily intended for creation
idempotence and configuration definition. Cannot be
updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
type: object
spec:
description: 'Spec defines the desired characteristics of
a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
description: 'AccessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'This field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot
- Beta) * An existing PVC (PersistentVolumeClaim) *
An existing custom resource/object that implements data
population (Alpha) In order to use VolumeSnapshot object
types, the appropriate feature gate must be enabled
(VolumeSnapshotDataSource or AnyVolumeDataSource) If
the provisioner or an external controller can support
the specified data source, it will create a new volume
based on the contents of the specified data source.
If the specified data source is not supported, the volume
will not be created and the failure will be reported
as an event. In the future, we plan to support more
data source types and the behavior of the provisioner
may change.'
properties:
apiGroup:
description: APIGroup is the group for the resource
being referenced. If APIGroup is not specified,
the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount
of compute resources required. If Requests is omitted
for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
selector:
description: A label query over volumes to consider for
binding.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
storageClassName:
description: 'Name of the StorageClass required by the
claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume is
required by the claim. Value of Filesystem is implied
when not included in claim spec.
type: string
volumeName:
description: VolumeName is the binding reference to the
PersistentVolume backing this claim.
type: string
type: object
status:
description: 'Status represents the current information/status
of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
description: 'AccessModes contains the actual access modes
the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
capacity:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Represents the actual resources of the underlying
volume.
type: object
conditions:
description: Current Condition of persistent volume claim.
If underlying persistent volume is being resized then
the Condition will be set to 'ResizeStarted'.
items:
description: PersistentVolumeClaimCondition contails
details about state of pvc
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned
from one status to another.
format: date-time
type: string
message:
description: Human-readable message indicating details
about last transition.
type: string
reason:
description: Unique, this should be a short, machine
understandable string that gives the reason for
condition's last transition. If it reports "ResizeStarted"
that means the underlying persistent volume is
being resized.
type: string
status:
type: string
type:
description: PersistentVolumeClaimConditionType
is a valid value of PersistentVolumeClaimCondition.Type
type: string
required:
- status
- type
type: object
type: array
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
type: object
type: object
type: object
tag:
description: 'Tag of Prometheus container image to be deployed. Defaults
to the value of `version`. Version is ignored if Tag is set. Deprecated:
use ''image'' instead. The image tag can be specified as part of
the image URL.'
type: string
thanos:
description: "Thanos configuration allows configuring various aspects
of a Prometheus server in a Thanos environment. \n This section
is experimental, it may change significantly without deprecation
notice in any release. \n This is experimental and may change significantly
without backward compatibility in any release."
properties:
baseImage:
description: 'Thanos base image if other than default. Deprecated:
use ''image'' instead'
type: string
grpcServerTlsConfig:
description: 'GRPCServerTLSConfig configures the gRPC server from
which Thanos Querier reads recorded rule data. Note: Currently
only the CAFile, CertFile, and KeyFile fields are supported.
Maps to the ''--grpc-server-tls-*'' CLI args.'
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
description: Struct containing the client cert file for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
image:
description: Image if specified has precedence over baseImage,
tag and sha combinations. Specifying the version is still necessary
to ensure the Prometheus Operator knows what version of Thanos
is being configured.
type: string
listenLocal:
description: ListenLocal makes the Thanos sidecar listen on loopback,
so that it does not bind against the Pod IP.
type: boolean
logFormat:
description: LogFormat for Thanos sidecar to be configured with.
type: string
logLevel:
description: LogLevel for Thanos sidecar to be configured with.
type: string
minTime:
description: MinTime for Thanos sidecar to be configured with.
Option can be a constant time in RFC3339 format or time duration
relative to current time, such as -1d or 2h45m. Valid duration
units are ms, s, m, h, d, w, y.
type: string
objectStorageConfig:
description: ObjectStorageConfig configures object storage in
Thanos. Alternative to ObjectStorageConfigFile, and lower order
priority.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
objectStorageConfigFile:
description: ObjectStorageConfigFile specifies the path of the
object storage configuration file. When used alongside with
ObjectStorageConfig, ObjectStorageConfigFile takes precedence.
type: string
readyTimeout:
description: ReadyTimeout is the maximum time Thanos sidecar will
wait for Prometheus to start. Eg 10m
type: string
resources:
description: Resources defines the resource requirements for the
Thanos sidecar. If not provided, no requests/limits will be
set
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
sha:
description: 'SHA of Thanos container image to be deployed. Defaults
to the value of `version`. Similar to a tag, but the SHA explicitly
deploys an immutable container image. Version and Tag are ignored
if SHA is set. Deprecated: use ''image'' instead. The image
digest can be specified as part of the image URL.'
type: string
tag:
description: 'Tag of Thanos sidecar container image to be deployed.
Defaults to the value of `version`. Version is ignored if Tag
is set. Deprecated: use ''image'' instead. The image tag can
be specified as part of the image URL.'
type: string
tracingConfig:
description: TracingConfig configures tracing in Thanos. This
is an experimental feature, it may change in any upcoming release
in a breaking way.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
tracingConfigFile:
description: TracingConfig specifies the path of the tracing configuration
file. When used alongside with TracingConfig, TracingConfigFile
takes precedence.
type: string
version:
description: Version describes the version of Thanos to use.
type: string
type: object
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple using the matching
operator .
properties:
effect:
description: Effect indicates the taint effect to match. Empty
means match all taint effects. When specified, allowed values
are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match all
values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the
value. Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod
can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time
the toleration (which must be of effect NoExecute, otherwise
this field is ignored) tolerates the taint. By default, it
is not set, which means tolerate the taint forever (do not
evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
topologySpreadConstraints:
description: If specified, the pod's topology spread constraints.
items:
description: TopologySpreadConstraint specifies how to spread matching
pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching pods. Pods
that match this label selector are counted to determine the
number of pods in their corresponding topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
maxSkew:
description: 'MaxSkew describes the degree to which pods may
be unevenly distributed. It''s the maximum permitted difference
between the number of matching pods in any two topology domains
of a given topology type. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector
spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- if MaxSkew is 1, incoming pod can only be scheduled to zone3
to become 1/1/1; scheduling it onto zone1(zone2) would make
the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). -
if MaxSkew is 2, incoming pod can be scheduled onto any zone.
It''s a required field. Default value is 1 and 0 is not allowed.'
format: int32
type: integer
topologyKey:
description: TopologyKey is the key of node labels. Nodes that
have a label with this key and identical values are considered
to be in the same topology. We consider each
as a "bucket", and try to put balanced number of pods into
each bucket. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal with a
pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
(default) tells the scheduler not to schedule it - ScheduleAnyway
tells the scheduler to still schedule it It''s considered
as "Unsatisfiable" if and only if placing incoming pod on
any topology violates "MaxSkew". For example, in a 3-zone
cluster, MaxSkew is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
If WhenUnsatisfiable is set to DoNotSchedule, incoming pod
can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler
won''t make it *more* imbalanced. It''s a required field.'
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
version:
description: Version of Prometheus to be deployed.
type: string
volumeMounts:
description: VolumeMounts allows configuration of additional VolumeMounts
on the output StatefulSet definition. VolumeMounts specified will
be appended to other VolumeMounts in the prometheus container, that
are generated as a result of StorageSpec objects.
items:
description: VolumeMount describes a mounting of a Volume within
a container.
properties:
mountPath:
description: Path within the container at which the volume should
be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are propagated
from the host to container and the other way around. When
not set, MountPropagationNone is used. This field is beta
in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which the
container's volume should be mounted. Behaves similarly to
SubPath but environment variable references $(VAR_NAME) are
expanded using the container's environment. Defaults to ""
(volume's root). SubPathExpr and SubPath are mutually exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
volumes:
description: Volumes allows configuration of additional volumes on
the output StatefulSet definition. Volumes specified will be appended
to other volumes that are generated as a result of StorageSpec objects.
items:
description: Volume represents a named volume in a pod that may
be accessed by any container in the pod.
properties:
awsElasticBlockStore:
description: 'AWSElasticBlockStore represents an AWS Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
description: 'Specify "true" to force and set the ReadOnly
property in VolumeMounts to "true". If omitted, the default
is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
description: 'Unique ID of the persistent disk resource
in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
description: AzureDisk represents an Azure Data Disk mount on
the host and bind mount to the pod.
properties:
cachingMode:
description: 'Host Caching mode: None, Read Only, Read Write.'
type: string
diskName:
description: The Name of the data disk in the blob storage
type: string
diskURI:
description: The URI the data disk in the blob storage
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
kind:
description: 'Expected values Shared: multiple blob disks
per storage account Dedicated: single blob disk per storage
account Managed: azure managed data disk (only in managed
availability set). defaults to shared'
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
description: AzureFile represents an Azure File Service mount
on the host and bind mount to the pod.
properties:
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
description: the name of secret that contains Azure Storage
Account Name and Key
type: string
shareName:
description: Share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
description: CephFS represents a Ceph FS mount on the host that
shares a pod's lifetime
properties:
monitors:
description: 'Required: Monitors is a collection of Ceph
monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
description: 'Optional: Used as the mounted root, rather
than the full Ceph tree, default is /'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
description: 'Optional: SecretFile is the path to key ring
for User, default is /etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
description: 'Optional: SecretRef is reference to the authentication
secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
user:
description: 'Optional: User is the rados user name, default
is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
description: 'Cinder represents a cinder volume attached and
mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
description: 'Optional: points to a secret object containing
parameters used to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
volumeID:
description: 'volume id used to identify the volume in cinder.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
description: ConfigMap represents a configMap that should populate
this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced ConfigMap will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the ConfigMap, the volume setup will error unless it is
marked optional. Paths must be relative and may not contain
the '..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its keys must
be defined
type: boolean
type: object
csi:
description: CSI (Container Storage Interface) represents storage
that is handled by an external CSI driver (Alpha feature).
properties:
driver:
description: Driver is the name of the CSI driver that handles
this volume. Consult with your admin for the correct name
as registered in the cluster.
type: string
fsType:
description: Filesystem type to mount. Ex. "ext4", "xfs",
"ntfs". If not provided, the empty value is passed to
the associated CSI driver which will determine the default
filesystem to apply.
type: string
nodePublishSecretRef:
description: NodePublishSecretRef is a reference to the
secret object containing sensitive information to pass
to the CSI driver to complete the CSI NodePublishVolume
and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret
object contains more than one secret, all secret references
are passed.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
readOnly:
description: Specifies a read-only configuration for the
volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: VolumeAttributes stores driver-specific properties
that are passed to the CSI driver. Consult your driver's
documentation for supported values.
type: object
required:
- driver
type: object
downwardAPI:
description: DownwardAPI represents downward API about the pod
that should populate this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: Items is a list of downward API volume file
items:
description: DownwardAPIVolumeFile represents information
to create the file containing the pod field
properties:
fieldRef:
description: 'Required: Selects a field of the pod:
only annotations, labels, name and namespace are
supported.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative path
name of the file to be created. Must not be absolute
or contain the ''..'' path. Must be utf-8 encoded.
The first item of the relative path must not start
with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, requests.cpu and requests.memory)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
emptyDir:
description: 'EmptyDir represents a temporary directory that
shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
description: 'What type of storage medium should back this
directory. The default is "" which means to use the node''s
default medium. Must be an empty string (default) or Memory.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'Total amount of local storage required for
this EmptyDir volume. The size limit is also applicable
for memory medium. The maximum usage on memory medium
EmptyDir would be the minimum value between the SizeLimit
specified here and the sum of memory limits of all containers
in a pod. The default is nil which means that the limit
is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
fc:
description: FC represents a Fibre Channel resource that is
attached to a kubelet's host machine and then exposed to the
pod.
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
lun:
description: 'Optional: FC target lun number'
format: int32
type: integer
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
description: 'Optional: FC target worldwide names (WWNs)'
items:
type: string
type: array
wwids:
description: 'Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of targetWWNs and
lun must be set, but not both simultaneously.'
items:
type: string
type: array
type: object
flexVolume:
description: FlexVolume represents a generic volume resource
that is provisioned/attached using an exec based plugin.
properties:
driver:
description: Driver is the name of the driver to use for
this volume.
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". The default filesystem depends on FlexVolume
script.
type: string
options:
additionalProperties:
type: string
description: 'Optional: Extra command options if any.'
type: object
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
description: 'Optional: SecretRef is reference to the secret
object containing sensitive information to pass to the
plugin scripts. This may be empty if no secret object
is specified. If the secret object contains more than
one secret, all secrets are passed to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
required:
- driver
type: object
flocker:
description: Flocker represents a Flocker volume attached to
a kubelet's host machine. This depends on the Flocker control
service being running
properties:
datasetName:
description: Name of the dataset stored as metadata -> name
on the dataset for Flocker should be considered as deprecated
type: string
datasetUUID:
description: UUID of the dataset. This is unique identifier
of a Flocker dataset
type: string
type: object
gcePersistentDisk:
description: 'GCEPersistentDisk represents a GCE Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property empty).
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
description: 'Unique name of the PD resource in GCE. Used
to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- pdName
type: object
gitRepo:
description: 'GitRepo represents a git repository at a particular
revision. DEPRECATED: GitRepo is deprecated. To provision
a container with a git repo, mount an EmptyDir into an InitContainer
that clones the repo using git, then mount the EmptyDir into
the Pod''s container.'
properties:
directory:
description: Target directory name. Must not contain or
start with '..'. If '.' is supplied, the volume directory
will be the git repository. Otherwise, if specified,
the volume will contain the git repository in the subdirectory
with the given name.
type: string
repository:
description: Repository URL
type: string
revision:
description: Commit hash for the specified revision.
type: string
required:
- repository
type: object
glusterfs:
description: 'Glusterfs represents a Glusterfs mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
description: 'EndpointsName is the endpoint name that details
Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
description: 'Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
description: 'ReadOnly here will force the Glusterfs volume
to be mounted with read-only permissions. Defaults to
false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
required:
- endpoints
- path
type: object
hostPath:
description: 'HostPath represents a pre-existing file or directory
on the host machine that is directly exposed to the container.
This is generally used for system agents or other privileged
things that are allowed to see the host machine. Most containers
will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
--- TODO(jonesdl) We need to restrict who can use host directory
mounts and who can/can not mount host directories as read/write.'
properties:
path:
description: 'Path of the directory on the host. If the
path is a symlink, it will follow the link to the real
path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
description: 'Type for HostPath Volume Defaults to "" More
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
description: 'ISCSI represents an ISCSI Disk resource that is
attached to a kubelet''s host machine and then exposed to
the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
description: whether support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
description: whether support iSCSI Session CHAP authentication
type: boolean
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
initiatorName:
description: Custom iSCSI Initiator Name. If initiatorName
is specified with iscsiInterface simultaneously, new iSCSI
interface : will be created
for the connection.
type: string
iqn:
description: Target iSCSI Qualified Name.
type: string
iscsiInterface:
description: iSCSI Interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).
type: string
lun:
description: iSCSI Target Lun number.
format: int32
type: integer
portals:
description: iSCSI Target Portal List. The portal is either
an IP or ip_addr:port if the port is other than default
(typically TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
description: ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: CHAP Secret for iSCSI target and initiator
authentication
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
targetPortal:
description: iSCSI Target Portal. The Portal is either an
IP or ip_addr:port if the port is other than default (typically
TCP ports 860 and 3260).
type: string
required:
- iqn
- lun
- targetPortal
type: object
name:
description: 'Volume''s name. Must be a DNS_LABEL and unique
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
nfs:
description: 'NFS represents an NFS mount on the host that shares
a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
description: 'Path that is exported by the NFS server. More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
description: 'ReadOnly here will force the NFS export to
be mounted with read-only permissions. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
description: 'Server is the hostname or IP address of the
NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'PersistentVolumeClaimVolumeSource represents a
reference to a PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
description: 'ClaimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
description: Will force the ReadOnly setting in VolumeMounts.
Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
description: PhotonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
pdID:
description: ID that identifies Photon Controller persistent
disk
type: string
required:
- pdID
type: object
portworxVolume:
description: PortworxVolume represents a portworx volume attached
and mounted on kubelets host machine
properties:
fsType:
description: FSType represents the filesystem type to mount
Must be a filesystem type supported by the host operating
system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
if unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
description: VolumeID uniquely identifies a Portworx volume
type: string
required:
- volumeID
type: object
projected:
description: Items for all in one resources secrets, configmaps,
and downward API
properties:
defaultMode:
description: Mode bits to use on created files by default.
Must be a value between 0 and 0777. Directories within
the path are not affected by this setting. This might
be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits
set.
format: int32
type: integer
sources:
description: list of volume projections
items:
description: Projection that may be projected along with
other supported volume types
properties:
configMap:
description: information about the configMap data
to project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
If specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the ConfigMap, the volume
setup will error unless it is marked optional.
Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its keys must be defined
type: boolean
type: object
downwardAPI:
description: information about the downwardAPI data
to project
properties:
items:
description: Items is a list of DownwardAPIVolume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing
the pod field
properties:
fieldRef:
description: 'Required: Selects a field
of the pod: only annotations, labels,
name and namespace are supported.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of,
defaults to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created. Must
not be absolute or contain the ''..''
path. Must be utf-8 encoded. The first
item of the relative path must not start
with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu
and requests.memory) are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults
to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
secret:
description: information about the secret data to
project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced Secret will
be projected into the volume as a file whose
name is the key and content is the value. If
specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the Secret, the volume setup
will error unless it is marked optional. Paths
must be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
type: object
serviceAccountToken:
description: information about the serviceAccountToken
data to project
properties:
audience:
description: Audience is the intended audience
of the token. A recipient of a token must identify
itself with an identifier specified in the audience
of the token, and otherwise should reject the
token. The audience defaults to the identifier
of the apiserver.
type: string
expirationSeconds:
description: ExpirationSeconds is the requested
duration of validity of the service account
token. As the token approaches expiration, the
kubelet volume plugin will proactively rotate
the service account token. The kubelet will
start trying to rotate the token if the token
is older than 80 percent of its time to live
or if the token is older than 24 hours.Defaults
to 1 hour and must be at least 10 minutes.
format: int64
type: integer
path:
description: Path is the path relative to the
mount point of the file to project the token
into.
type: string
required:
- path
type: object
type: object
type: array
required:
- sources
type: object
quobyte:
description: Quobyte represents a Quobyte mount on the host
that shares a pod's lifetime
properties:
group:
description: Group to map volume access to Default is no
group
type: string
readOnly:
description: ReadOnly here will force the Quobyte volume
to be mounted with read-only permissions. Defaults to
false.
type: boolean
registry:
description: Registry represents a single or multiple Quobyte
Registry services specified as a string as host:port pair
(multiple entries are separated with commas) which acts
as the central registry for volumes
type: string
tenant:
description: Tenant owning the given Quobyte volume in the
Backend Used with dynamically provisioned Quobyte volumes,
value is set by the plugin
type: string
user:
description: User to map volume access to Defaults to serivceaccount
user
type: string
volume:
description: Volume is a string that references an already
created Quobyte volume by name.
type: string
required:
- registry
- volume
type: object
rbd:
description: 'RBD represents a Rados Block Device mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
image:
description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
description: 'Keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
description: 'A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
description: 'The rados pool name. Default is rbd. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
description: 'SecretRef is name of the authentication secret
for RBDUser. If provided overrides keyring. Default is
nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
user:
description: 'The rados user name. Default is admin. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
description: ScaleIO represents a ScaleIO persistent volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Default is "xfs".
type: string
gateway:
description: The host address of the ScaleIO API Gateway.
type: string
protectionDomain:
description: The name of the ScaleIO Protection Domain for
the configured storage.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef references to the secret for ScaleIO
user and other sensitive information. If this is not provided,
Login operation will fail.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
sslEnabled:
description: Flag to enable/disable SSL communication with
Gateway, default false
type: boolean
storageMode:
description: Indicates whether the storage for a volume
should be ThickProvisioned or ThinProvisioned. Default
is ThinProvisioned.
type: string
storagePool:
description: The ScaleIO Storage Pool associated with the
protection domain.
type: string
system:
description: The name of the storage system as configured
in ScaleIO.
type: string
volumeName:
description: The name of a volume already created in the
ScaleIO system that is associated with this volume source.
type: string
required:
- gateway
- secretRef
- system
type: object
secret:
description: 'Secret represents a secret that should populate
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the Secret, the volume setup will error unless it is marked
optional. Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys must
be defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
description: StorageOS represents a StorageOS volume attached
and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef specifies the secret to use for obtaining
the StorageOS API credentials. If not specified, default
values will be attempted.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
volumeName:
description: VolumeName is the human-readable name of the
StorageOS volume. Volume names are only unique within
a namespace.
type: string
volumeNamespace:
description: VolumeNamespace specifies the scope of the
volume within StorageOS. If no namespace is specified
then the Pod's namespace will be used. This allows the
Kubernetes name scoping to be mirrored within StorageOS
for tighter integration. Set VolumeName to any name to
override the default behaviour. Set to "default" if you
are not using namespaces within StorageOS. Namespaces
that do not pre-exist within StorageOS will be created.
type: string
type: object
vsphereVolume:
description: VsphereVolume represents a vSphere volume attached
and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
storagePolicyID:
description: Storage Policy Based Management (SPBM) profile
ID associated with the StoragePolicyName.
type: string
storagePolicyName:
description: Storage Policy Based Management (SPBM) profile
name.
type: string
volumePath:
description: Path that identifies vSphere volume vmdk
type: string
required:
- volumePath
type: object
required:
- name
type: object
type: array
walCompression:
description: Enable compression of the write-ahead log using Snappy.
This flag is only available in versions of Prometheus >= 2.11.0.
type: boolean
web:
description: WebSpec defines the web command line flags when starting
Prometheus.
properties:
pageTitle:
description: The prometheus web page title
type: string
tlsConfig:
description: WebTLSConfig defines the TLS parameters for HTTPS.
properties:
cert:
description: Contains the TLS certificate for the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
cipherSuites:
description: 'List of supported cipher suites for TLS versions
up to TLS 1.2. If empty, Go default cipher suites are used.
Available cipher suites are documented in the go documentation:
https://golang.org/pkg/crypto/tls/#pkg-constants'
items:
type: string
type: array
client_ca:
description: Contains the CA certificate for client certificate
authentication to the server.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
clientAuthType:
description: 'Server policy for client authentication. Maps
to ClientAuth Policies. For more detail on clientAuth options:
https://golang.org/pkg/crypto/tls/#ClientAuthType'
type: string
curvePreferences:
description: 'Elliptic curves that will be used in an ECDHE
handshake, in preference order. Available curves are documented
in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID'
items:
type: string
type: array
keySecret:
description: Secret containing the TLS key for the server.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
maxVersion:
description: Maximum TLS version that is acceptable. Defaults
to TLS13.
type: string
minVersion:
description: Minimum TLS version that is acceptable. Defaults
to TLS12.
type: string
preferServerCipherSuites:
description: Controls whether the server selects the client's
most preferred cipher suite, or the server's most preferred
cipher suite. If true then the server's preference, as expressed
in the order of elements in cipherSuites, is used.
type: boolean
required:
- cert
- keySecret
type: object
type: object
type: object
status:
description: 'Most recent observed status of the Prometheus cluster. Read-only.
Not included when requesting from the apiserver, only from the Prometheus
Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
availableReplicas:
description: Total number of available pods (ready for at least minReadySeconds)
targeted by this Prometheus deployment.
format: int32
type: integer
paused:
description: Represents whether any actions on the underlying managed
objects are being performed. Only delete actions will be performed.
type: boolean
replicas:
description: Total number of non-terminated pods targeted by this
Prometheus deployment (their labels match the selector).
format: int32
type: integer
unavailableReplicas:
description: Total number of unavailable pods targeted by this Prometheus
deployment.
format: int32
type: integer
updatedReplicas:
description: Total number of non-terminated pods targeted by this
Prometheus deployment that have the desired version spec.
format: int32
type: integer
required:
- availableReplicas
- paused
- replicas
- unavailableReplicas
- updatedReplicas
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
kind: PrometheusRule
listKind: PrometheusRuleList
plural: prometheusrules
singular: prometheusrule
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: PrometheusRule defines recording and alerting rules for a Prometheus
instance
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired alerting rule definitions for Prometheus.
properties:
groups:
description: Content of Prometheus rule file
items:
description: 'RuleGroup is a list of sequentially evaluated recording
and alerting rules. Note: PartialResponseStrategy is only used
by ThanosRuler and will be ignored by Prometheus instances. Valid
values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response'
properties:
interval:
type: string
name:
type: string
partial_response_strategy:
type: string
rules:
items:
description: 'Rule describes an alerting or recording rule
See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/)
or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules)
rule'
properties:
alert:
type: string
annotations:
additionalProperties:
type: string
type: object
expr:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
for:
type: string
labels:
additionalProperties:
type: string
type: object
record:
type: string
required:
- expr
type: object
type: array
required:
- name
- rules
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: servicemonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: ServiceMonitor
listKind: ServiceMonitorList
plural: servicemonitors
singular: servicemonitor
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ServiceMonitor defines monitoring for a set of services.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Specification of desired Service selection for target discovery
by Prometheus.
properties:
endpoints:
description: A list of endpoints allowed as part of this ServiceMonitor.
items:
description: Endpoint defines a scrapeable endpoint serving Prometheus
metrics.
properties:
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over
basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
properties:
password:
description: The secret in the service monitor namespace
that contains the password for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: The secret in the service monitor namespace
that contains the username for authentication.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenFile:
description: File to read bearer token for scraping targets.
type: string
bearerTokenSecret:
description: Secret to mount to read bearer token for scraping
targets. The secret needs to be in the same namespace as the
service monitor and accessible by the Prometheus Operator.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
honorLabels:
description: HonorLabels chooses the metric's labels on collisions
with target labels.
type: boolean
honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects
the timestamps present in scraped data.
type: boolean
interval:
description: Interval at which metrics should be scraped
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before
ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines ``-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
params:
additionalProperties:
items:
type: string
type: array
description: Optional HTTP URL parameters
type: object
path:
description: HTTP path to scrape for metrics.
type: string
port:
description: Name of the service port this endpoint refers to.
Mutually exclusive with targetPort.
type: string
proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
to proxy through this endpoint.
type: string
relabelings:
description: 'RelabelConfigs to apply to samples before scraping.
Prometheus Operator automatically adds relabelings for a few
standard Kubernetes fields and replaces original scrape job
name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It
defines ``-section of Prometheus
configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source
label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. Default is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular
expression for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
scheme:
description: HTTP scheme to use for scraping.
type: string
scrapeTimeout:
description: Timeout after which the scrape is ended
type: string
targetPort:
anyOf:
- type: integer
- type: string
description: Name or number of the target port of the Pod behind
the Service, the port must be specified with container port
property. Mutually exclusive with port.
x-kubernetes-int-or-string: true
tlsConfig:
description: TLS configuration to use when scraping the endpoint
properties:
ca:
description: Struct containing the CA cert to use for the
targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert:
description: Struct containing the client cert file for
the targets.
properties:
configMap:
description: ConfigMap containing data to use for the
targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: Secret containing the client key file for the
targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
type: object
type: array
jobLabel:
description: "Chooses the label of the Kubernetes `Endpoints`. Its
value will be used for the `job`-label's value of the created metrics.
\n Default & fallback value: the name of the respective Kubernetes
`Endpoint`."
type: string
namespaceSelector:
description: Selector to select which namespaces the Kubernetes Endpoints
objects are discovered from.
properties:
any:
description: Boolean describing whether all namespaces are selected
in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes `Pod`
onto the created metrics.
items:
type: string
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
selector:
description: Selector to select Endpoints objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
targetLabels:
description: TargetLabels transfers labels from the Kubernetes `Service`
onto the created metrics. All labels set in `selector.matchLabels`
are automatically transferred.
items:
type: string
type: array
targetLimit:
description: TargetLimit defines a limit on the number of scraped
targets that will be accepted.
format: int64
type: integer
required:
- endpoints
- selector
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml
================================================
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: thanosrulers.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
categories:
- prometheus-operator
kind: ThanosRuler
listKind: ThanosRulerList
plural: thanosrulers
singular: thanosruler
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ThanosRuler defines a ThanosRuler deployment.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the desired behavior of the ThanosRuler
cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
affinity:
description: If specified, the pod's scheduling constraints.
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the
highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects (i.e.
is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may
not try to eventually evict the pod from its node. When
there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms
must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the anti-affinity expressions specified
by this field, but it may choose a node that violates one
or more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its
node. When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected, i.e.
all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
alertDropLabels:
description: AlertDropLabels configure the label names which should
be dropped in ThanosRuler alerts. If `labels` field is not provided,
`thanos_ruler_replica` will be dropped in alerts by default.
items:
type: string
type: array
alertQueryUrl:
description: The external Query URL the Thanos Ruler will set in the
'Source' field of all alerts. Maps to the '--alert.query-url' CLI
arg.
type: string
alertmanagersConfig:
description: Define configuration for connecting to alertmanager. Only
available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config`
arg.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
alertmanagersUrl:
description: 'Define URLs to send alerts to Alertmanager. For Thanos
v0.10.0 and higher, AlertManagersConfig should be used instead. Note:
this field will be ignored if AlertManagersConfig is specified.
Maps to the `alertmanagers.url` arg.'
items:
type: string
type: array
containers:
description: 'Containers allows injecting additional containers or
modifying operator generated containers. This can be used to allow
adding an authentication proxy to a ThanosRuler pod or to change
the behavior of an operator generated container. Containers described
here modify an operator generated container if they share the same
name and modifications are done via a strategic merge patch. The
current container names are: `thanos-ruler` and `config-reloader`.
Overriding containers is entirely outside the scope of what the
maintainers will support and by doing so, you accept that this behaviour
may break at any time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The docker image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
be unchanged. The $(VAR_NAME) syntax can be escaped with a
double $$, ie: $$(VAR_NAME). Escaped references will never
be expanded, regardless of whether the variable exists or
not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
The docker image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
Cannot be updated.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be
a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, metadata.labels,
metadata.annotations, spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment variables
in the container. The keys defined within a source must be
a C_IDENTIFIER. All invalid keys will be reported as an event
when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key
will take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap must be
defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should take
in response to container lifecycle events. Cannot be updated.
properties:
postStart:
description: 'PostStart is called immediately after a container
is created. If the handler fails, the container is terminated
and restarted according to its restart policy. Other management
of the container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before a container
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness. Container
will be restarted if the probe fails. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container. Exposing
a port here gives the system additional information about
the network connections a container uses, but is primarily
informational. Not specifying a port here DOES NOT prevent
that port from being exposed. Any port which is listening
on the default "0.0.0.0" address inside a container will be
accessible from the network. Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
properties:
containerPort:
description: Number of port to expose on the pod's IP
address. This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port to.
type: string
hostPort:
description: Number of port to expose on the host. If
specified, this must be a valid port number, 0 < x <
65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in a pod
must have a unique name. Name for the port that can
be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
securityContext:
description: 'Security options the pod should run with. More
info: https://kubernetes.io/docs/concepts/policy/security-context/
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent process.
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a
non-root user. If true, the Kubelet will validate the
image at runtime to ensure that it does not run as UID
0 (root) and fail to start the container if it does. If
unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
windowsOptions:
description: The Windows specific settings applied to all
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named
by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the
GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has successfully
initialized. If specified, no other probes are executed until
this completes successfully. If this probe fails, the Pod
will be restarted, just as if the livenessProbe failed. This
can be used to provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time to load
data or warm a cache, than during steady-state operation.
This cannot be updated. This is a beta feature enabled by
the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate a buffer
for stdin in the container runtime. If this is not set, reads
from stdin in the container will always result in EOF. Default
is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close the
stdin channel after it has been opened by a single attach.
When stdin is true the stdin stream will remain open across
multiple attach sessions. If stdinOnce is set to true, stdin
is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data
until the client disconnects, at which time stdin is closed
and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which the
container''s termination message will be written is mounted
into the container''s filesystem. Message written is intended
to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes.
The total message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should be
populated. File will use the contents of terminationMessagePath
to populate the container status message on both success and
failure. FallbackToLogsOnError will use the last chunk of
container log output if the termination message file is empty
and the container exited with an error. The log output is
limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
to File. Cannot be updated.
type: string
tty:
description: Whether this container should allocate a TTY for
itself, also requires 'stdin' to be true. Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices to be
used by the container.
items:
description: volumeDevice describes a mapping of a raw block
device within a container.
properties:
devicePath:
description: devicePath is the path inside of the container
that the device will be mapped to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's filesystem.
Cannot be updated.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
properties:
mountPath:
description: Path within the container at which the volume
should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are
propagated from the host to container and the other
way around. When not set, MountPropagationNone is used.
This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which
the container's volume should be mounted. Behaves similarly
to SubPath but environment variable references $(VAR_NAME)
are expanded using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath are mutually
exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which might
be configured in the container image. Cannot be updated.
type: string
required:
- name
type: object
type: array
enforcedNamespaceLabel:
description: EnforcedNamespaceLabel enforces adding a namespace label
of origin for each alert and metric that is user created. The label
value will always be the namespace of the object that is being created.
type: string
evaluationInterval:
description: Interval between consecutive evaluations.
type: string
externalPrefix:
description: The external URL the Thanos Ruler instances will be available
under. This is necessary to generate correct URLs. This is necessary
if Thanos Ruler is not served from root of a DNS name.
type: string
grpcServerTlsConfig:
description: 'GRPCServerTLSConfig configures the gRPC server from
which Thanos Querier reads recorded rule data. Note: Currently only
the CAFile, CertFile, and KeyFile fields are supported. Maps to
the ''--grpc-server-tls-*'' CLI args.'
properties:
ca:
description: Struct containing the CA cert to use for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
caFile:
description: Path to the CA cert in the Prometheus container to
use for the targets.
type: string
cert:
description: Struct containing the client cert file for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
certFile:
description: Path to the client cert file in the Prometheus container
for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus container
for the targets.
type: string
keySecret:
description: Secret containing the client key file for the targets.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
image:
description: Thanos container image URL.
type: string
imagePullSecrets:
description: An optional list of references to secrets in the same
namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod
items:
description: LocalObjectReference contains enough information to
let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
type: array
initContainers:
description: 'InitContainers allows adding initContainers to the pod
definition. Those can be used to e.g. fetch secrets for injection
into the ThanosRuler configuration from external sources. Any errors
during the execution of an initContainer will lead to a restart
of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
Using initContainers for any use case other then secret fetching
is entirely outside the scope of what the maintainers will support
and by doing so, you accept that this behaviour may break at any
time without notice.'
items:
description: A single application container that you want to run
within a pod.
properties:
args:
description: 'Arguments to the entrypoint. The docker image''s
CMD is used if this is not provided. Variable references $(VAR_NAME)
are expanded using the container''s environment. If a variable
cannot be resolved, the reference in the input string will
be unchanged. The $(VAR_NAME) syntax can be escaped with a
double $$, ie: $$(VAR_NAME). Escaped references will never
be expanded, regardless of whether the variable exists or
not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
command:
description: 'Entrypoint array. Not executed within a shell.
The docker image''s ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container''s
environment. If a variable cannot be resolved, the reference
in the input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether the
variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
items:
type: string
type: array
env:
description: List of environment variables to set in the container.
Cannot be updated.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be
a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previous defined environment variables in
the container and any service environment variables.
If a variable cannot be resolved, the reference in the
input string will be unchanged. The $(VAR_NAME) syntax
can be escaped with a double $$, ie: $$(VAR_NAME). Escaped
references will never be expanded, regardless of whether
the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, metadata.labels,
metadata.annotations, spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
envFrom:
description: List of sources to populate environment variables
in the container. The keys defined within a source must be
a C_IDENTIFIER. All invalid keys will be reported as an event
when the container is starting. When a key exists in multiple
sources, the value associated with the last source will take
precedence. Values defined by an Env with a duplicate key
will take precedence. Cannot be updated.
items:
description: EnvFromSource represents the source of a set
of ConfigMaps
properties:
configMapRef:
description: The ConfigMap to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap must be
defined
type: boolean
type: object
prefix:
description: An optional identifier to prepend to each
key in the ConfigMap. Must be a C_IDENTIFIER.
type: string
secretRef:
description: The Secret to select from
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret must be defined
type: boolean
type: object
type: object
type: array
image:
description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images
This field is optional to allow higher level config management
to default or override container images in workload controllers
like Deployments and StatefulSets.'
type: string
imagePullPolicy:
description: 'Image pull policy. One of Always, Never, IfNotPresent.
Defaults to Always if :latest tag is specified, or IfNotPresent
otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
type: string
lifecycle:
description: Actions that the management system should take
in response to container lifecycle events. Cannot be updated.
properties:
postStart:
description: 'PostStart is called immediately after a container
is created. If the handler fails, the container is terminated
and restarted according to its restart policy. Other management
of the container blocks until the hook completes. More
info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
preStop:
description: 'PreStop is called immediately before a container
is terminated due to an API request or management event
such as liveness/startup probe failure, preemption, resource
contention, etc. The handler is not called if the container
crashes or exits. The reason for termination is passed
to the handler. The Pod''s termination grace period countdown
begins before the PreStop hooked is executed. Regardless
of the outcome of the handler, the container will eventually
terminate within the Pod''s termination grace period.
Other management of the container blocks until the hook
completes or until the termination grace period is reached.
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
properties:
exec:
description: One and only one of the following should
be specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for
the command is root ('/') in the container's
filesystem. The command is simply exec'd, it is
not run inside a shell, so traditional shell instructions
('|', etc) won't work. To use a shell, you need
to explicitly call out to that shell. Exit status
of 0 is treated as live/healthy and non-zero is
unhealthy.
items:
type: string
type: array
type: object
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to
the pod IP. You probably want to set "Host" in
httpHeaders instead.
type: string
httpHeaders:
description: Custom headers to set in the request.
HTTP allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the
host. Defaults to HTTP.
type: string
required:
- port
type: object
tcpSocket:
description: 'TCPSocket specifies an action involving
a TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to,
defaults to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access
on the container. Number must be in the range
1 to 65535. Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
type: object
type: object
livenessProbe:
description: 'Periodic probe of container liveness. Container
will be restarted if the probe fails. Cannot be updated. More
info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
name:
description: Name of the container specified as a DNS_LABEL.
Each container in a pod must have a unique name (DNS_LABEL).
Cannot be updated.
type: string
ports:
description: List of ports to expose from the container. Exposing
a port here gives the system additional information about
the network connections a container uses, but is primarily
informational. Not specifying a port here DOES NOT prevent
that port from being exposed. Any port which is listening
on the default "0.0.0.0" address inside a container will be
accessible from the network. Cannot be updated.
items:
description: ContainerPort represents a network port in a
single container.
properties:
containerPort:
description: Number of port to expose on the pod's IP
address. This must be a valid port number, 0 < x < 65536.
format: int32
type: integer
hostIP:
description: What host IP to bind the external port to.
type: string
hostPort:
description: Number of port to expose on the host. If
specified, this must be a valid port number, 0 < x <
65536. If HostNetwork is specified, this must match
ContainerPort. Most containers do not need this.
format: int32
type: integer
name:
description: If specified, this must be an IANA_SVC_NAME
and unique within the pod. Each named port in a pod
must have a unique name. Name for the port that can
be referred to by services.
type: string
protocol:
default: TCP
description: Protocol for port. Must be UDP, TCP, or SCTP.
Defaults to "TCP".
type: string
required:
- containerPort
type: object
type: array
x-kubernetes-list-map-keys:
- containerPort
- protocol
x-kubernetes-list-type: map
readinessProbe:
description: 'Periodic probe of container service readiness.
Container will be removed from service endpoints if the probe
fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
resources:
description: 'Compute Resources required by this container.
Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. More info:
https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
securityContext:
description: 'Security options the pod should run with. More
info: https://kubernetes.io/docs/concepts/policy/security-context/
More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent process.
This bool directly controls if the no_new_privs flag will
be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN'
type: boolean
capabilities:
description: The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by
the container runtime.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent to
root on the host. Defaults to false.
type: boolean
procMount:
description: procMount denotes the type of proc mount to
use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a
non-root user. If true, the Kubelet will validate the
image at runtime to ensure that it does not run as UID
0 (root) and fail to start the container if it does. If
unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both
SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a
random SELinux context for each container. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
windowsOptions:
description: The Windows specific settings applied to all
containers. If unspecified, the options from the PodSecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named
by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the
GMSA credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
startupProbe:
description: 'StartupProbe indicates that the Pod has successfully
initialized. If specified, no other probes are executed until
this completes successfully. If this probe fails, the Pod
will be restarted, just as if the livenessProbe failed. This
can be used to provide different probe parameters at the beginning
of a Pod''s lifecycle, when it might take a long time to load
data or warm a cache, than during steady-state operation.
This cannot be updated. This is a beta feature enabled by
the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
properties:
exec:
description: One and only one of the following should be
specified. Exec specifies the action to take.
properties:
command:
description: Command is the command line to execute
inside the container, the working directory for the
command is root ('/') in the container's filesystem.
The command is simply exec'd, it is not run inside
a shell, so traditional shell instructions ('|', etc)
won't work. To use a shell, you need to explicitly
call out to that shell. Exit status of 0 is treated
as live/healthy and non-zero is unhealthy.
items:
type: string
type: array
type: object
failureThreshold:
description: Minimum consecutive failures for the probe
to be considered failed after having succeeded. Defaults
to 3. Minimum value is 1.
format: int32
type: integer
httpGet:
description: HTTPGet specifies the http request to perform.
properties:
host:
description: Host name to connect to, defaults to the
pod IP. You probably want to set "Host" in httpHeaders
instead.
type: string
httpHeaders:
description: Custom headers to set in the request. HTTP
allows repeated headers.
items:
description: HTTPHeader describes a custom header
to be used in HTTP probes
properties:
name:
description: The header field name
type: string
value:
description: The header field value
type: string
required:
- name
- value
type: object
type: array
path:
description: Path to access on the HTTP server.
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use for connecting to the host.
Defaults to HTTP.
type: string
required:
- port
type: object
initialDelaySeconds:
description: 'Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
periodSeconds:
description: How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
tcpSocket:
description: 'TCPSocket specifies an action involving a
TCP port. TCP hooks not yet supported TODO: implement
a realistic TCP lifecycle hook'
properties:
host:
description: 'Optional: Host name to connect to, defaults
to the pod IP.'
type: string
port:
anyOf:
- type: integer
- type: string
description: Number or name of the port to access on
the container. Number must be in the range 1 to 65535.
Name must be an IANA_SVC_NAME.
x-kubernetes-int-or-string: true
required:
- port
type: object
timeoutSeconds:
description: 'Number of seconds after which the probe times
out. Defaults to 1 second. Minimum value is 1. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
type: object
stdin:
description: Whether this container should allocate a buffer
for stdin in the container runtime. If this is not set, reads
from stdin in the container will always result in EOF. Default
is false.
type: boolean
stdinOnce:
description: Whether the container runtime should close the
stdin channel after it has been opened by a single attach.
When stdin is true the stdin stream will remain open across
multiple attach sessions. If stdinOnce is set to true, stdin
is opened on container start, is empty until the first client
attaches to stdin, and then remains open and accepts data
until the client disconnects, at which time stdin is closed
and remains closed until the container is restarted. If this
flag is false, a container processes that reads from stdin
will never receive an EOF. Default is false
type: boolean
terminationMessagePath:
description: 'Optional: Path at which the file to which the
container''s termination message will be written is mounted
into the container''s filesystem. Message written is intended
to be brief final status, such as an assertion failure message.
Will be truncated by the node if greater than 4096 bytes.
The total message length across all containers will be limited
to 12kb. Defaults to /dev/termination-log. Cannot be updated.'
type: string
terminationMessagePolicy:
description: Indicate how the termination message should be
populated. File will use the contents of terminationMessagePath
to populate the container status message on both success and
failure. FallbackToLogsOnError will use the last chunk of
container log output if the termination message file is empty
and the container exited with an error. The log output is
limited to 2048 bytes or 80 lines, whichever is smaller. Defaults
to File. Cannot be updated.
type: string
tty:
description: Whether this container should allocate a TTY for
itself, also requires 'stdin' to be true. Default is false.
type: boolean
volumeDevices:
description: volumeDevices is the list of block devices to be
used by the container.
items:
description: volumeDevice describes a mapping of a raw block
device within a container.
properties:
devicePath:
description: devicePath is the path inside of the container
that the device will be mapped to.
type: string
name:
description: name must match the name of a persistentVolumeClaim
in the pod
type: string
required:
- devicePath
- name
type: object
type: array
volumeMounts:
description: Pod volumes to mount into the container's filesystem.
Cannot be updated.
items:
description: VolumeMount describes a mounting of a Volume
within a container.
properties:
mountPath:
description: Path within the container at which the volume
should be mounted. Must not contain ':'.
type: string
mountPropagation:
description: mountPropagation determines how mounts are
propagated from the host to container and the other
way around. When not set, MountPropagationNone is used.
This field is beta in 1.10.
type: string
name:
description: This must match the Name of a Volume.
type: string
readOnly:
description: Mounted read-only if true, read-write otherwise
(false or unspecified). Defaults to false.
type: boolean
subPath:
description: Path within the volume from which the container's
volume should be mounted. Defaults to "" (volume's root).
type: string
subPathExpr:
description: Expanded path within the volume from which
the container's volume should be mounted. Behaves similarly
to SubPath but environment variable references $(VAR_NAME)
are expanded using the container's environment. Defaults
to "" (volume's root). SubPathExpr and SubPath are mutually
exclusive.
type: string
required:
- mountPath
- name
type: object
type: array
workingDir:
description: Container's working directory. If not specified,
the container runtime's default will be used, which might
be configured in the container image. Cannot be updated.
type: string
required:
- name
type: object
type: array
labels:
additionalProperties:
type: string
description: Labels configure the external label pairs to ThanosRuler.
If not provided, default replica label `thanos_ruler_replica` will
be added as a label and be dropped in alerts.
type: object
listenLocal:
description: ListenLocal makes the Thanos ruler listen on loopback,
so that it does not bind against the Pod IP.
type: boolean
logFormat:
description: Log format for ThanosRuler to be configured with.
type: string
logLevel:
description: Log level for ThanosRuler to be configured with.
type: string
nodeSelector:
additionalProperties:
type: string
description: Define which Nodes the Pods are scheduled on.
type: object
objectStorageConfig:
description: ObjectStorageConfig configures object storage in Thanos.
Alternative to ObjectStorageConfigFile, and lower order priority.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
objectStorageConfigFile:
description: ObjectStorageConfigFile specifies the path of the object
storage configuration file. When used alongside with ObjectStorageConfig,
ObjectStorageConfigFile takes precedence.
type: string
paused:
description: When a ThanosRuler deployment is paused, no actions except
for deletion will be performed on the underlying objects.
type: boolean
podMetadata:
description: PodMetadata contains Labels and Annotations gets propagated
to the thanos ruler pods.
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value map stored
with a resource that may be set by external tools to store and
retrieve arbitrary metadata. They are not queryable and should
be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be used to
organize and categorize (scope and select) objects. May match
selectors of replication controllers and services. More info:
http://kubernetes.io/docs/user-guide/labels'
type: object
name:
description: 'Name must be unique within a namespace. Is required
when creating resources, although some resources may allow a
client to request the generation of an appropriate name automatically.
Name is primarily intended for creation idempotence and configuration
definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
type: object
portName:
description: Port name used for the pods and governing service. This
defaults to web
type: string
priorityClassName:
description: Priority class assigned to the Pods
type: string
prometheusRulesExcludedFromEnforce:
description: PrometheusRulesExcludedFromEnforce - list of Prometheus
rules to be excluded from enforcing of adding namespace labels.
Works only if enforcedNamespaceLabel set to true. Make sure both
ruleNamespace and ruleName are set for each pair
items:
description: PrometheusRuleExcludeConfig enables users to configure
excluded PrometheusRule names and their namespaces to be ignored
while enforcing namespace label for alerts and metrics.
properties:
ruleName:
description: RuleNamespace - name of excluded rule
type: string
ruleNamespace:
description: RuleNamespace - namespace of excluded rule
type: string
required:
- ruleName
- ruleNamespace
type: object
type: array
queryConfig:
description: Define configuration for connecting to thanos query instances.
If this is defined, the QueryEndpoints field will be ignored. Maps
to the `query.config` CLI argument. Only available with thanos v0.11.0
and higher.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
queryEndpoints:
description: QueryEndpoints defines Thanos querier endpoints from
which to query metrics. Maps to the --query flag of thanos ruler.
items:
type: string
type: array
replicas:
description: Number of thanos ruler instances to deploy.
format: int32
type: integer
resources:
description: Resources defines the resource requirements for single
Pods. If not provided, no requests/limits will be set
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
retention:
description: Time duration ThanosRuler shall retain data for. Default
is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)`
(milliseconds seconds minutes hours days weeks years).
type: string
routePrefix:
description: The route prefix ThanosRuler registers HTTP handlers
for. This allows thanos UI to be served on a sub-path.
type: string
ruleNamespaceSelector:
description: Namespaces to be selected for Rules discovery. If unspecified,
only the same namespace as the ThanosRuler object is in is used.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
ruleSelector:
description: A label selector to select which PrometheusRules to mount
for alerting and recording.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
securityContext:
description: SecurityContext holds pod-level security attributes and
common container settings. This defaults to the default PodSecurityContext.
properties:
fsGroup:
description: "A special supplemental group that applies to all
containers in a pod. Some volume types allow the Kubelet to
change the ownership of that volume to be owned by the pod:
\n 1. The owning GID will be the FSGroup 2. The setgid bit is
set (new files created in the volume will be owned by FSGroup)
3. The permission bits are OR'd with rw-rw---- \n If unset,
the Kubelet will not modify the ownership and permissions of
any volume."
format: int64
type: integer
fsGroupChangePolicy:
description: 'fsGroupChangePolicy defines behavior of changing
ownership and permission of the volume before being exposed
inside Pod. This field will only apply to volume types which
support fsGroup based ownership(and permissions). It will have
no effect on ephemeral volume types such as: secret, configmaps
and emptydir. Valid values are "OnRootMismatch" and "Always".
If not specified defaults to "Always".'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container process.
Uses runtime default if unset. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as a non-root
user. If true, the Kubelet will validate the image at runtime
to ensure that it does not run as UID 0 (root) and fail to start
the container if it does. If unset or false, no such validation
will be performed. May also be set in SecurityContext. If set
in both SecurityContext and PodSecurityContext, the value specified
in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all containers.
If unspecified, the container runtime will allocate a random
SELinux context for each container. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence for that container.
properties:
level:
description: Level is SELinux level label that applies to
the container.
type: string
role:
description: Role is a SELinux role label that applies to
the container.
type: string
type:
description: Type is a SELinux type label that applies to
the container.
type: string
user:
description: User is a SELinux user label that applies to
the container.
type: string
type: object
supplementalGroups:
description: A list of groups applied to the first process run
in each container, in addition to the container's primary GID. If
unspecified, no groups will be added to any container.
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls used for
the pod. Pods with unsupported sysctls (by the container runtime)
might fail to launch.
items:
description: Sysctl defines a kernel parameter to be set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext
will be used. If set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA admission
webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec named by
the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of the GMSA
credential spec to use.
type: string
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set in PodSecurityContext.
If set in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
type: string
type: object
type: object
serviceAccountName:
description: ServiceAccountName is the name of the ServiceAccount
to use to run the Thanos Ruler Pods.
type: string
storage:
description: Storage spec to specify how storage shall be used.
properties:
disableMountSubPath:
description: 'Deprecated: subPath usage will be disabled by default
in a future release, this option will become unnecessary. DisableMountSubPath
allows to remove any subPath usage in volume mounts.'
type: boolean
emptyDir:
description: 'EmptyDirVolumeSource to be used by the Prometheus
StatefulSets. If specified, used in place of any volumeClaimTemplate.
More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir'
properties:
medium:
description: 'What type of storage medium should back this
directory. The default is "" which means to use the node''s
default medium. Must be an empty string (default) or Memory.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'Total amount of local storage required for this
EmptyDir volume. The size limit is also applicable for memory
medium. The maximum usage on memory medium EmptyDir would
be the minimum value between the SizeLimit specified here
and the sum of memory limits of all containers in a pod.
The default is nil which means that the limit is undefined.
More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
volumeClaimTemplate:
description: A PVC spec to be used by the Prometheus StatefulSets.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST
resource this object represents. Servers may infer this
from the endpoint the client submits requests to. Cannot
be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: EmbeddedMetadata contains metadata relevant to
an EmbeddedResource.
properties:
annotations:
additionalProperties:
type: string
description: 'Annotations is an unstructured key value
map stored with a resource that may be set by external
tools to store and retrieve arbitrary metadata. They
are not queryable and should be preserved when modifying
objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
labels:
additionalProperties:
type: string
description: 'Map of string keys and values that can be
used to organize and categorize (scope and select) objects.
May match selectors of replication controllers and services.
More info: http://kubernetes.io/docs/user-guide/labels'
type: object
name:
description: 'Name must be unique within a namespace.
Is required when creating resources, although some resources
may allow a client to request the generation of an appropriate
name automatically. Name is primarily intended for creation
idempotence and configuration definition. Cannot be
updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
type: object
spec:
description: 'Spec defines the desired characteristics of
a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
description: 'AccessModes contains the desired access
modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
dataSource:
description: 'This field can be used to specify either:
* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot
- Beta) * An existing PVC (PersistentVolumeClaim) *
An existing custom resource/object that implements data
population (Alpha) In order to use VolumeSnapshot object
types, the appropriate feature gate must be enabled
(VolumeSnapshotDataSource or AnyVolumeDataSource) If
the provisioner or an external controller can support
the specified data source, it will create a new volume
based on the contents of the specified data source.
If the specified data source is not supported, the volume
will not be created and the failure will be reported
as an event. In the future, we plan to support more
data source types and the behavior of the provisioner
may change.'
properties:
apiGroup:
description: APIGroup is the group for the resource
being referenced. If APIGroup is not specified,
the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
resources:
description: 'Resources represents the minimum resources
the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount
of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount
of compute resources required. If Requests is omitted
for a container, it defaults to Limits if that is
explicitly specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
selector:
description: A label query over volumes to consider for
binding.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
storageClassName:
description: 'Name of the StorageClass required by the
claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
type: string
volumeMode:
description: volumeMode defines what type of volume is
required by the claim. Value of Filesystem is implied
when not included in claim spec.
type: string
volumeName:
description: VolumeName is the binding reference to the
PersistentVolume backing this claim.
type: string
type: object
status:
description: 'Status represents the current information/status
of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
accessModes:
description: 'AccessModes contains the actual access modes
the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
items:
type: string
type: array
capacity:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Represents the actual resources of the underlying
volume.
type: object
conditions:
description: Current Condition of persistent volume claim.
If underlying persistent volume is being resized then
the Condition will be set to 'ResizeStarted'.
items:
description: PersistentVolumeClaimCondition contails
details about state of pvc
properties:
lastProbeTime:
description: Last time we probed the condition.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transitioned
from one status to another.
format: date-time
type: string
message:
description: Human-readable message indicating details
about last transition.
type: string
reason:
description: Unique, this should be a short, machine
understandable string that gives the reason for
condition's last transition. If it reports "ResizeStarted"
that means the underlying persistent volume is
being resized.
type: string
status:
type: string
type:
description: PersistentVolumeClaimConditionType
is a valid value of PersistentVolumeClaimCondition.Type
type: string
required:
- status
- type
type: object
type: array
phase:
description: Phase represents the current phase of PersistentVolumeClaim.
type: string
type: object
type: object
type: object
tolerations:
description: If specified, the pod's tolerations.
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple using the matching
operator .
properties:
effect:
description: Effect indicates the taint effect to match. Empty
means match all taint effects. When specified, allowed values
are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match all
values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the
value. Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod
can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time
the toleration (which must be of effect NoExecute, otherwise
this field is ignored) tolerates the taint. By default, it
is not set, which means tolerate the taint forever (do not
evict). Zero and negative values will be treated as 0 (evict
immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
topologySpreadConstraints:
description: If specified, the pod's topology spread constraints.
items:
description: TopologySpreadConstraint specifies how to spread matching
pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching pods. Pods
that match this label selector are counted to determine the
number of pods in their corresponding topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
maxSkew:
description: 'MaxSkew describes the degree to which pods may
be unevenly distributed. It''s the maximum permitted difference
between the number of matching pods in any two topology domains
of a given topology type. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector
spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | |
- if MaxSkew is 1, incoming pod can only be scheduled to zone3
to become 1/1/1; scheduling it onto zone1(zone2) would make
the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). -
if MaxSkew is 2, incoming pod can be scheduled onto any zone.
It''s a required field. Default value is 1 and 0 is not allowed.'
format: int32
type: integer
topologyKey:
description: TopologyKey is the key of node labels. Nodes that
have a label with this key and identical values are considered
to be in the same topology. We consider each
as a "bucket", and try to put balanced number of pods into
each bucket. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal with a
pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
(default) tells the scheduler not to schedule it - ScheduleAnyway
tells the scheduler to still schedule it It''s considered
as "Unsatisfiable" if and only if placing incoming pod on
any topology violates "MaxSkew". For example, in a 3-zone
cluster, MaxSkew is set to 1, and pods with the same labelSelector
spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
If WhenUnsatisfiable is set to DoNotSchedule, incoming pod
can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2)
as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In
other words, the cluster can still be imbalanced, but scheduler
won''t make it *more* imbalanced. It''s a required field.'
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
tracingConfig:
description: TracingConfig configures tracing in Thanos. This is an
experimental feature, it may change in any upcoming release in a
breaking way.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
volumes:
description: Volumes allows configuration of additional volumes on
the output StatefulSet definition. Volumes specified will be appended
to other volumes that are generated as a result of StorageSpec objects.
items:
description: Volume represents a named volume in a pod that may
be accessed by any container in the pod.
properties:
awsElasticBlockStore:
description: 'AWSElasticBlockStore represents an AWS Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property empty).'
format: int32
type: integer
readOnly:
description: 'Specify "true" to force and set the ReadOnly
property in VolumeMounts to "true". If omitted, the default
is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: boolean
volumeID:
description: 'Unique ID of the persistent disk resource
in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
type: string
required:
- volumeID
type: object
azureDisk:
description: AzureDisk represents an Azure Data Disk mount on
the host and bind mount to the pod.
properties:
cachingMode:
description: 'Host Caching mode: None, Read Only, Read Write.'
type: string
diskName:
description: The Name of the data disk in the blob storage
type: string
diskURI:
description: The URI the data disk in the blob storage
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
kind:
description: 'Expected values Shared: multiple blob disks
per storage account Dedicated: single blob disk per storage
account Managed: azure managed data disk (only in managed
availability set). defaults to shared'
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
required:
- diskName
- diskURI
type: object
azureFile:
description: AzureFile represents an Azure File Service mount
on the host and bind mount to the pod.
properties:
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretName:
description: the name of secret that contains Azure Storage
Account Name and Key
type: string
shareName:
description: Share Name
type: string
required:
- secretName
- shareName
type: object
cephfs:
description: CephFS represents a Ceph FS mount on the host that
shares a pod's lifetime
properties:
monitors:
description: 'Required: Monitors is a collection of Ceph
monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
items:
type: string
type: array
path:
description: 'Optional: Used as the mounted root, rather
than the full Ceph tree, default is /'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: boolean
secretFile:
description: 'Optional: SecretFile is the path to key ring
for User, default is /etc/ceph/user.secret More info:
https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
secretRef:
description: 'Optional: SecretRef is reference to the authentication
secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
user:
description: 'Optional: User is the rados user name, default
is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
type: string
required:
- monitors
type: object
cinder:
description: 'Cinder represents a cinder volume attached and
mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Examples:
"ext4", "xfs", "ntfs". Implicitly inferred to be "ext4"
if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: boolean
secretRef:
description: 'Optional: points to a secret object containing
parameters used to connect to OpenStack.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
volumeID:
description: 'volume id used to identify the volume in cinder.
More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
type: string
required:
- volumeID
type: object
configMap:
description: ConfigMap represents a configMap that should populate
this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced ConfigMap will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the ConfigMap, the volume setup will error unless it is
marked optional. Paths must be relative and may not contain
the '..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its keys must
be defined
type: boolean
type: object
csi:
description: CSI (Container Storage Interface) represents storage
that is handled by an external CSI driver (Alpha feature).
properties:
driver:
description: Driver is the name of the CSI driver that handles
this volume. Consult with your admin for the correct name
as registered in the cluster.
type: string
fsType:
description: Filesystem type to mount. Ex. "ext4", "xfs",
"ntfs". If not provided, the empty value is passed to
the associated CSI driver which will determine the default
filesystem to apply.
type: string
nodePublishSecretRef:
description: NodePublishSecretRef is a reference to the
secret object containing sensitive information to pass
to the CSI driver to complete the CSI NodePublishVolume
and NodeUnpublishVolume calls. This field is optional,
and may be empty if no secret is required. If the secret
object contains more than one secret, all secret references
are passed.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
readOnly:
description: Specifies a read-only configuration for the
volume. Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: VolumeAttributes stores driver-specific properties
that are passed to the CSI driver. Consult your driver's
documentation for supported values.
type: object
required:
- driver
type: object
downwardAPI:
description: DownwardAPI represents downward API about the pod
that should populate this volume
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: Items is a list of downward API volume file
items:
description: DownwardAPIVolumeFile represents information
to create the file containing the pod field
properties:
fieldRef:
description: 'Required: Selects a field of the pod:
only annotations, labels, name and namespace are
supported.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative path
name of the file to be created. Must not be absolute
or contain the ''..'' path. Must be utf-8 encoded.
The first item of the relative path must not start
with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, requests.cpu and requests.memory)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
emptyDir:
description: 'EmptyDir represents a temporary directory that
shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
properties:
medium:
description: 'What type of storage medium should back this
directory. The default is "" which means to use the node''s
default medium. Must be an empty string (default) or Memory.
More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
type: string
sizeLimit:
anyOf:
- type: integer
- type: string
description: 'Total amount of local storage required for
this EmptyDir volume. The size limit is also applicable
for memory medium. The maximum usage on memory medium
EmptyDir would be the minimum value between the SizeLimit
specified here and the sum of memory limits of all containers
in a pod. The default is nil which means that the limit
is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
fc:
description: FC represents a Fibre Channel resource that is
attached to a kubelet's host machine and then exposed to the
pod.
properties:
fsType:
description: 'Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
lun:
description: 'Optional: FC target lun number'
format: int32
type: integer
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
targetWWNs:
description: 'Optional: FC target worldwide names (WWNs)'
items:
type: string
type: array
wwids:
description: 'Optional: FC volume world wide identifiers
(wwids) Either wwids or combination of targetWWNs and
lun must be set, but not both simultaneously.'
items:
type: string
type: array
type: object
flexVolume:
description: FlexVolume represents a generic volume resource
that is provisioned/attached using an exec based plugin.
properties:
driver:
description: Driver is the name of the driver to use for
this volume.
type: string
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". The default filesystem depends on FlexVolume
script.
type: string
options:
additionalProperties:
type: string
description: 'Optional: Extra command options if any.'
type: object
readOnly:
description: 'Optional: Defaults to false (read/write).
ReadOnly here will force the ReadOnly setting in VolumeMounts.'
type: boolean
secretRef:
description: 'Optional: SecretRef is reference to the secret
object containing sensitive information to pass to the
plugin scripts. This may be empty if no secret object
is specified. If the secret object contains more than
one secret, all secrets are passed to the plugin scripts.'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
required:
- driver
type: object
flocker:
description: Flocker represents a Flocker volume attached to
a kubelet's host machine. This depends on the Flocker control
service being running
properties:
datasetName:
description: Name of the dataset stored as metadata -> name
on the dataset for Flocker should be considered as deprecated
type: string
datasetUUID:
description: UUID of the dataset. This is unique identifier
of a Flocker dataset
type: string
type: object
gcePersistentDisk:
description: 'GCEPersistentDisk represents a GCE Disk resource
that is attached to a kubelet''s host machine and then exposed
to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
partition:
description: 'The partition in the volume that you want
to mount. If omitted, the default is to mount by volume
name. Examples: For volume /dev/sda1, you specify the
partition as "1". Similarly, the volume partition for
/dev/sda is "0" (or you can leave the property empty).
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
format: int32
type: integer
pdName:
description: 'Unique name of the PD resource in GCE. Used
to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
type: boolean
required:
- pdName
type: object
gitRepo:
description: 'GitRepo represents a git repository at a particular
revision. DEPRECATED: GitRepo is deprecated. To provision
a container with a git repo, mount an EmptyDir into an InitContainer
that clones the repo using git, then mount the EmptyDir into
the Pod''s container.'
properties:
directory:
description: Target directory name. Must not contain or
start with '..'. If '.' is supplied, the volume directory
will be the git repository. Otherwise, if specified,
the volume will contain the git repository in the subdirectory
with the given name.
type: string
repository:
description: Repository URL
type: string
revision:
description: Commit hash for the specified revision.
type: string
required:
- repository
type: object
glusterfs:
description: 'Glusterfs represents a Glusterfs mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md'
properties:
endpoints:
description: 'EndpointsName is the endpoint name that details
Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
path:
description: 'Path is the Glusterfs volume path. More info:
https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: string
readOnly:
description: 'ReadOnly here will force the Glusterfs volume
to be mounted with read-only permissions. Defaults to
false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
type: boolean
required:
- endpoints
- path
type: object
hostPath:
description: 'HostPath represents a pre-existing file or directory
on the host machine that is directly exposed to the container.
This is generally used for system agents or other privileged
things that are allowed to see the host machine. Most containers
will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
--- TODO(jonesdl) We need to restrict who can use host directory
mounts and who can/can not mount host directories as read/write.'
properties:
path:
description: 'Path of the directory on the host. If the
path is a symlink, it will follow the link to the real
path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
type:
description: 'Type for HostPath Volume Defaults to "" More
info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
type: string
required:
- path
type: object
iscsi:
description: 'ISCSI represents an ISCSI Disk resource that is
attached to a kubelet''s host machine and then exposed to
the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
properties:
chapAuthDiscovery:
description: whether support iSCSI Discovery CHAP authentication
type: boolean
chapAuthSession:
description: whether support iSCSI Session CHAP authentication
type: boolean
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
initiatorName:
description: Custom iSCSI Initiator Name. If initiatorName
is specified with iscsiInterface simultaneously, new iSCSI
interface : will be created
for the connection.
type: string
iqn:
description: Target iSCSI Qualified Name.
type: string
iscsiInterface:
description: iSCSI Interface Name that uses an iSCSI transport.
Defaults to 'default' (tcp).
type: string
lun:
description: iSCSI Target Lun number.
format: int32
type: integer
portals:
description: iSCSI Target Portal List. The portal is either
an IP or ip_addr:port if the port is other than default
(typically TCP ports 860 and 3260).
items:
type: string
type: array
readOnly:
description: ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false.
type: boolean
secretRef:
description: CHAP Secret for iSCSI target and initiator
authentication
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
targetPortal:
description: iSCSI Target Portal. The Portal is either an
IP or ip_addr:port if the port is other than default (typically
TCP ports 860 and 3260).
type: string
required:
- iqn
- lun
- targetPortal
type: object
name:
description: 'Volume''s name. Must be a DNS_LABEL and unique
within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
nfs:
description: 'NFS represents an NFS mount on the host that shares
a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
properties:
path:
description: 'Path that is exported by the NFS server. More
info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
readOnly:
description: 'ReadOnly here will force the NFS export to
be mounted with read-only permissions. Defaults to false.
More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: boolean
server:
description: 'Server is the hostname or IP address of the
NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
type: string
required:
- path
- server
type: object
persistentVolumeClaim:
description: 'PersistentVolumeClaimVolumeSource represents a
reference to a PersistentVolumeClaim in the same namespace.
More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
properties:
claimName:
description: 'ClaimName is the name of a PersistentVolumeClaim
in the same namespace as the pod using this volume. More
info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
type: string
readOnly:
description: Will force the ReadOnly setting in VolumeMounts.
Default false.
type: boolean
required:
- claimName
type: object
photonPersistentDisk:
description: PhotonPersistentDisk represents a PhotonController
persistent disk attached and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
pdID:
description: ID that identifies Photon Controller persistent
disk
type: string
required:
- pdID
type: object
portworxVolume:
description: PortworxVolume represents a portworx volume attached
and mounted on kubelets host machine
properties:
fsType:
description: FSType represents the filesystem type to mount
Must be a filesystem type supported by the host operating
system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4"
if unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
volumeID:
description: VolumeID uniquely identifies a Portworx volume
type: string
required:
- volumeID
type: object
projected:
description: Items for all in one resources secrets, configmaps,
and downward API
properties:
defaultMode:
description: Mode bits to use on created files by default.
Must be a value between 0 and 0777. Directories within
the path are not affected by this setting. This might
be in conflict with other options that affect the file
mode, like fsGroup, and the result can be other mode bits
set.
format: int32
type: integer
sources:
description: list of volume projections
items:
description: Projection that may be projected along with
other supported volume types
properties:
configMap:
description: information about the configMap data
to project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced ConfigMap
will be projected into the volume as a file
whose name is the key and content is the value.
If specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the ConfigMap, the volume
setup will error unless it is marked optional.
Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its keys must be defined
type: boolean
type: object
downwardAPI:
description: information about the downwardAPI data
to project
properties:
items:
description: Items is a list of DownwardAPIVolume
file
items:
description: DownwardAPIVolumeFile represents
information to create the file containing
the pod field
properties:
fieldRef:
description: 'Required: Selects a field
of the pod: only annotations, labels,
name and namespace are supported.'
properties:
apiVersion:
description: Version of the schema the
FieldPath is written in terms of,
defaults to "v1".
type: string
fieldPath:
description: Path of the field to select
in the specified API version.
type: string
required:
- fieldPath
type: object
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: 'Required: Path is the relative
path name of the file to be created. Must
not be absolute or contain the ''..''
path. Must be utf-8 encoded. The first
item of the relative path must not start
with ''..'''
type: string
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu
and requests.memory) are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format
of the exposed resources, defaults
to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
required:
- path
type: object
type: array
type: object
secret:
description: information about the secret data to
project
properties:
items:
description: If unspecified, each key-value pair
in the Data field of the referenced Secret will
be projected into the volume as a file whose
name is the key and content is the value. If
specified, the listed keys will be projected
into the specified paths, and unlisted keys
will not be present. If a key is specified which
is not present in the Secret, the volume setup
will error unless it is marked optional. Paths
must be relative and may not contain the '..'
path or start with '..'.
items:
description: Maps a string key to a path within
a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use
on this file, must be a value between
0 and 0777. If not specified, the volume
defaultMode will be used. This might be
in conflict with other options that affect
the file mode, like fsGroup, and the result
can be other mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file
to map the key to. May not be an absolute
path. May not contain the path element
'..'. May not start with the string '..'.
type: string
required:
- key
- path
type: object
type: array
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
type: object
serviceAccountToken:
description: information about the serviceAccountToken
data to project
properties:
audience:
description: Audience is the intended audience
of the token. A recipient of a token must identify
itself with an identifier specified in the audience
of the token, and otherwise should reject the
token. The audience defaults to the identifier
of the apiserver.
type: string
expirationSeconds:
description: ExpirationSeconds is the requested
duration of validity of the service account
token. As the token approaches expiration, the
kubelet volume plugin will proactively rotate
the service account token. The kubelet will
start trying to rotate the token if the token
is older than 80 percent of its time to live
or if the token is older than 24 hours.Defaults
to 1 hour and must be at least 10 minutes.
format: int64
type: integer
path:
description: Path is the path relative to the
mount point of the file to project the token
into.
type: string
required:
- path
type: object
type: object
type: array
required:
- sources
type: object
quobyte:
description: Quobyte represents a Quobyte mount on the host
that shares a pod's lifetime
properties:
group:
description: Group to map volume access to Default is no
group
type: string
readOnly:
description: ReadOnly here will force the Quobyte volume
to be mounted with read-only permissions. Defaults to
false.
type: boolean
registry:
description: Registry represents a single or multiple Quobyte
Registry services specified as a string as host:port pair
(multiple entries are separated with commas) which acts
as the central registry for volumes
type: string
tenant:
description: Tenant owning the given Quobyte volume in the
Backend Used with dynamically provisioned Quobyte volumes,
value is set by the plugin
type: string
user:
description: User to map volume access to Defaults to serivceaccount
user
type: string
volume:
description: Volume is a string that references an already
created Quobyte volume by name.
type: string
required:
- registry
- volume
type: object
rbd:
description: 'RBD represents a Rados Block Device mount on the
host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md'
properties:
fsType:
description: 'Filesystem type of the volume that you want
to mount. Tip: Ensure that the filesystem type is supported
by the host operating system. Examples: "ext4", "xfs",
"ntfs". Implicitly inferred to be "ext4" if unspecified.
More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
TODO: how do we prevent errors in the filesystem from
compromising the machine'
type: string
image:
description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
keyring:
description: 'Keyring is the path to key ring for RBDUser.
Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
monitors:
description: 'A collection of Ceph monitors. More info:
https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
items:
type: string
type: array
pool:
description: 'The rados pool name. Default is rbd. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
readOnly:
description: 'ReadOnly here will force the ReadOnly setting
in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: boolean
secretRef:
description: 'SecretRef is name of the authentication secret
for RBDUser. If provided overrides keyring. Default is
nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
user:
description: 'The rados user name. Default is admin. More
info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
type: string
required:
- image
- monitors
type: object
scaleIO:
description: ScaleIO represents a ScaleIO persistent volume
attached and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Default is "xfs".
type: string
gateway:
description: The host address of the ScaleIO API Gateway.
type: string
protectionDomain:
description: The name of the ScaleIO Protection Domain for
the configured storage.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef references to the secret for ScaleIO
user and other sensitive information. If this is not provided,
Login operation will fail.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
sslEnabled:
description: Flag to enable/disable SSL communication with
Gateway, default false
type: boolean
storageMode:
description: Indicates whether the storage for a volume
should be ThickProvisioned or ThinProvisioned. Default
is ThinProvisioned.
type: string
storagePool:
description: The ScaleIO Storage Pool associated with the
protection domain.
type: string
system:
description: The name of the storage system as configured
in ScaleIO.
type: string
volumeName:
description: The name of a volume already created in the
ScaleIO system that is associated with this volume source.
type: string
required:
- gateway
- secretRef
- system
type: object
secret:
description: 'Secret represents a secret that should populate
this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
properties:
defaultMode:
description: 'Optional: mode bits to use on created files
by default. Must be a value between 0 and 0777. Defaults
to 0644. Directories within the path are not affected
by this setting. This might be in conflict with other
options that affect the file mode, like fsGroup, and the
result can be other mode bits set.'
format: int32
type: integer
items:
description: If unspecified, each key-value pair in the
Data field of the referenced Secret will be projected
into the volume as a file whose name is the key and content
is the value. If specified, the listed keys will be projected
into the specified paths, and unlisted keys will not be
present. If a key is specified which is not present in
the Secret, the volume setup will error unless it is marked
optional. Paths must be relative and may not contain the
'..' path or start with '..'.
items:
description: Maps a string key to a path within a volume.
properties:
key:
description: The key to project.
type: string
mode:
description: 'Optional: mode bits to use on this file,
must be a value between 0 and 0777. If not specified,
the volume defaultMode will be used. This might
be in conflict with other options that affect the
file mode, like fsGroup, and the result can be other
mode bits set.'
format: int32
type: integer
path:
description: The relative path of the file to map
the key to. May not be an absolute path. May not
contain the path element '..'. May not start with
the string '..'.
type: string
required:
- key
- path
type: object
type: array
optional:
description: Specify whether the Secret or its keys must
be defined
type: boolean
secretName:
description: 'Name of the secret in the pod''s namespace
to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
type: string
type: object
storageos:
description: StorageOS represents a StorageOS volume attached
and mounted on Kubernetes nodes.
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
readOnly:
description: Defaults to false (read/write). ReadOnly here
will force the ReadOnly setting in VolumeMounts.
type: boolean
secretRef:
description: SecretRef specifies the secret to use for obtaining
the StorageOS API credentials. If not specified, default
values will be attempted.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
volumeName:
description: VolumeName is the human-readable name of the
StorageOS volume. Volume names are only unique within
a namespace.
type: string
volumeNamespace:
description: VolumeNamespace specifies the scope of the
volume within StorageOS. If no namespace is specified
then the Pod's namespace will be used. This allows the
Kubernetes name scoping to be mirrored within StorageOS
for tighter integration. Set VolumeName to any name to
override the default behaviour. Set to "default" if you
are not using namespaces within StorageOS. Namespaces
that do not pre-exist within StorageOS will be created.
type: string
type: object
vsphereVolume:
description: VsphereVolume represents a vSphere volume attached
and mounted on kubelets host machine
properties:
fsType:
description: Filesystem type to mount. Must be a filesystem
type supported by the host operating system. Ex. "ext4",
"xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
type: string
storagePolicyID:
description: Storage Policy Based Management (SPBM) profile
ID associated with the StoragePolicyName.
type: string
storagePolicyName:
description: Storage Policy Based Management (SPBM) profile
name.
type: string
volumePath:
description: Path that identifies vSphere volume vmdk
type: string
required:
- volumePath
type: object
required:
- name
type: object
type: array
type: object
status:
description: 'Most recent observed status of the ThanosRuler cluster.
Read-only. Not included when requesting from the apiserver, only from
the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
availableReplicas:
description: Total number of available pods (ready for at least minReadySeconds)
targeted by this ThanosRuler deployment.
format: int32
type: integer
paused:
description: Represents whether any actions on the underlying managed
objects are being performed. Only delete actions will be performed.
type: boolean
replicas:
description: Total number of non-terminated pods targeted by this
ThanosRuler deployment (their labels match the selector).
format: int32
type: integer
unavailableReplicas:
description: Total number of unavailable pods targeted by this ThanosRuler
deployment.
format: int32
type: integer
updatedReplicas:
description: Total number of non-terminated pods targeted by this
ThanosRuler deployment that have the desired version spec.
format: int32
type: integer
required:
- availableReplicas
- paused
- replicas
- unavailableReplicas
- updatedReplicas
type: object
required:
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: charts/charts/kube-prometheus-stack/hack/README.md
================================================
# kube-prometheus-stack hacks
## [sync_prometheus_rules.py](sync_prometheus_rules.py)
This script generates prometheus rules set for alertmanager from any properly formatted kubernetes yaml based on defined input, splitting rules to separate files based on group name.
Currently following imported:
- [prometheus-operator/kube-prometheus rules set](https://github.com/prometheus-operator/kube-prometheus/tree/master/manifests/kubernetes-prometheusRule.yaml)
- In order to modify these rules:
- prepare and merge PR into [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/rules) master and/or release branch
- run import inside your fork of [prometheus-operator/kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/tree/master)
```bash
jb update
make generate
```
- prepare and merge PR with imported changes into `prometheus-operator/kube-prometheus` master and/or release branch
- run sync_prometheus_rules.py inside your fork of this repo
- send PR with changes to this repo
- [etcd-io/website rules set](https://github.com/etcd-io/website/tree/master/content/docs/v3.4.0/etcd-mixin/README.md)
- In order to modify these rules:
- prepare and merge PR into [etcd-io/website](https://github.com/etcd-io/website/blob/master/content/docs/v3.4.0/etcd-mixin/mixin.libsonnet) repo
- run sync_prometheus_rules.py inside your fork of this repo
- send PR with changes to this repo
## [sync_grafana_dashboards.py](sync_grafana_dashboards.py)
This script generates grafana dashboards from json files, splitting them to separate files based on group name.
Currently following imported:
- [prometheus-operator/kube-prometheus dashboards](https://github.com/prometheus-operator/kube-prometheus/tree/master/manifests/grafana-deployment.yaml)
- In order to modify these dashboards:
- prepare and merge PR into [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/dashboards) master and/or release branch
- run import inside your fork of [prometheus-operator/kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/tree/master)
```bash
jb update
make generate
```
- prepare and merge PR with imported changes into `prometheus-operator/kube-prometheus` master and/or release branch
- run sync_grafana_dashboards.py inside your fork of this repo
- send PR with changes to this repo
- [etcd-io/website dashboard](https://github.com/etcd-io/website/blob/master/content/docs/v3.4.0/op-guide/grafana.json)
- In order to modify this dashboard:
- prepare and merge PR into [etcd-io/website](https://github.com/etcd-io/website/blob/master/content/docs/v3.4.0/op-guide/grafana.json) repo
- run sync_grafana_dashboards.py inside your fork of this repo
- send PR with changes to this repo
[CoreDNS dashboard](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml) is the only dashboard which is maintained in this repo and can be changed without import.
================================================
FILE: charts/charts/kube-prometheus-stack/hack/minikube/README.md
================================================
# Testing on Minikube
The configuration in this folder lets you locally test the setup on minikube. Use cmd.sh to set up components and hack a working etcd scrape configuration. Run the commands in the sequence listed in the script to get a local working minikube cluster.
If you're using windows, there's a commented-out section that you should add to the minikube command.
================================================
FILE: charts/charts/kube-prometheus-stack/hack/minikube/cmd.sh
================================================
#!/usr/bin/env bash
HELM_RELEASE_NAME=prom-op
CHART=./
NAMESPACE=monitoring
VALUES_FILES=./hack/minikube/values.yaml
if [ "$1" = "reset-minikube" ]; then
minikube delete
minikube start \
#--vm-driver hyperv --hyperv-virtual-switch "Default Switch" \
--kubernetes-version=v1.13.3 \
--memory=4096 --bootstrapper=kubeadm \
--extra-config=kubelet.authentication-token-webhook=true \
--extra-config=kubelet.authorization-mode=Webhook \
--extra-config=scheduler.address=0.0.0.0 \
--extra-config=controller-manager.address=0.0.0.0
exit 0
fi
if [ "$1" = "init-helm" ]; then
helm init
helm repo update
exit 0
fi
if [ "$1" = "init-etcd-secret" ]; then
kubectl create namespace monitoring
kubectl delete secret etcd-certs -nmonitoring
kubectl create secret generic etcd-certs -nmonitoring \
--from-literal=ca.crt="$(kubectl exec kube-apiserver-minikube -nkube-system -- cat /var/lib/minikube/certs/etcd/ca.crt)" \
--from-literal=client.crt="$(kubectl exec kube-apiserver-minikube -nkube-system -- cat /var/lib/minikube/certs/apiserver-etcd-client.crt)" \
--from-literal=client.key="$(kubectl exec kube-apiserver-minikube -nkube-system -- cat /var/lib/minikube/certs/apiserver-etcd-client.key)"
exit 0
fi
if [ "$1" = "upgrade-install" ]; then
helm upgrade $HELM_RELEASE_NAME $CHART \
--namespace $NAMESPACE \
--values $VALUES_FILES \
--set grafana.podAnnotations.redeploy-hack="$(cat /proc/sys/kernel/random/uuid)" \
--install --debug
exit 0
fi
if [ "$1" = "port-forward" ]; then
killall kubectl &>/dev/null
kubectl port-forward service/prom-op-prometheus-operato-prometheus 9090 &>/dev/null &
kubectl port-forward service/prom-op-prometheus-operato-alertmanager 9093 &>/dev/null &
kubectl port-forward service/prom-op-grafana 3000:80 &>/dev/null &
echo "Started port-forward commands"
echo "localhost:9090 - prometheus"
echo "localhost:9093 - alertmanager"
echo "localhost:3000 - grafana"
exit 0
fi
cat << EOF
Usage:
install.sh
Commands:
reset-minikube - resets minikube with values suitable for running prometheus operator
the normal installation will not allow scraping of the kubelet,
scheduler or controller-manager components
init-helm - initialize helm and update repository so that we can install
the kube-prometheus-stack chart. This has to be run only once after
a minikube installation is done
init-etcd-secret - pulls the certs used to access etcd from the api server and creates
a secret in the monitoring namespace with them. The values files
in the install command assume that this secret exists and is valid.
If not, then prometheus will not start
upgrade-install - install or upgrade the kube-prometheus-stack chart in the cluster
port-forward - starts port-forwarding for prometheus, alertmanager, grafana
localhost:9090 - prometheus
localhost:9093 - alertmanager
localhost:3000 - grafana
EOF
exit 0
}
================================================
FILE: charts/charts/kube-prometheus-stack/hack/minikube/values.yaml
================================================
prometheus:
prometheusSpec:
secrets: [etcd-certs]
kubeEtcd:
serviceMonitor:
scheme: https
caFile: /etc/prometheus/secrets/etcd-certs/ca.crt
certFile: /etc/prometheus/secrets/etcd-certs/client.crt
keyFile: /etc/prometheus/secrets/etcd-certs/client.key
================================================
FILE: charts/charts/kube-prometheus-stack/hack/requirements.txt
================================================
PyYAML==5.4
requests==2.22.0
================================================
FILE: charts/charts/kube-prometheus-stack/hack/sync_grafana_dashboards.py
================================================
#!/usr/bin/env python3
"""Fetch dashboards from provided urls into this chart."""
import json
import textwrap
from os import makedirs, path
import requests
import yaml
from yaml.representer import SafeRepresenter
# https://stackoverflow.com/a/20863889/961092
class LiteralStr(str):
pass
def change_style(style, representer):
def new_representer(dumper, data):
scalar = representer(dumper, data)
scalar.style = style
return scalar
return new_representer
# Source files list
charts = [
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml',
'destination': '../templates/grafana/dashboards-1.14',
'type': 'yaml',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/etcd-io/website/master/content/en/docs/v3.4/op-guide/grafana.json',
'destination': '../templates/grafana/dashboards-1.14',
'type': 'json',
'min_kubernetes': '1.14.0-0'
},
]
# Additional conditions map
condition_map = {
'grafana-coredns-k8s': ' .Values.coreDns.enabled',
'etcd': ' .Values.kubeEtcd.enabled',
'apiserver': ' .Values.kubeApiServer.enabled',
'controller-manager': ' .Values.kubeControllerManager.enabled',
'kubelet': ' .Values.kubelet.enabled',
'proxy': ' .Values.kubeProxy.enabled',
'scheduler': ' .Values.kubeScheduler.enabled',
'node-rsrc-use': ' .Values.nodeExporter.enabled',
'node-cluster-rsrc-use': ' .Values.nodeExporter.enabled',
'prometheus-remote-write': ' .Values.prometheus.prometheusSpec.remoteWriteDashboards'
}
# standard header
header = '''{{- /*
Generated from '%(name)s' from %(url)s
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=%(min_kubernetes)s" $kubeTargetVersion) (semverCompare "<%(max_kubernetes)s" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled%(condition)s }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%%s-%%s" (include "kube-prometheus-stack.fullname" $) "%(name)s" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
'''
def init_yaml_styles():
represent_literal_str = change_style('|', SafeRepresenter.represent_str)
yaml.add_representer(LiteralStr, represent_literal_str)
def escape(s):
return s.replace("{{", "{{`{{").replace("}}", "}}`}}").replace("{{`{{", "{{`{{`}}").replace("}}`}}", "{{`}}`}}")
def unescape(s):
return s.replace("\{\{", "{{").replace("\}\}", "}}")
def yaml_str_repr(struct, indent=2):
"""represent yaml as a string"""
text = yaml.dump(
struct,
width=1000, # to disable line wrapping
default_flow_style=False # to disable multiple items on single line
)
text = escape(text) # escape {{ and }} for helm
text = unescape(text) # unescape \{\{ and \}\} for templating
text = textwrap.indent(text, ' ' * indent)
return text
def patch_json_for_multicluster_configuration(content):
try:
content_struct = json.loads(content)
overwrite_list = []
for variable in content_struct['templating']['list']:
if variable['name'] == 'cluster':
variable['hide'] = ':multicluster:'
overwrite_list.append(variable)
content_struct['templating']['list'] = overwrite_list
content_array = []
original_content_lines = content.split('\n')
for i, line in enumerate(json.dumps(content_struct, indent=4).split('\n')):
if (' []' not in line and ' {}' not in line) or line == original_content_lines[i]:
content_array.append(line)
continue
append = ''
if line.endswith(','):
line = line[:-1]
append = ','
if line.endswith('{}') or line.endswith('[]'):
content_array.append(line[:-1])
content_array.append('')
content_array.append(' ' * (len(line) - len(line.lstrip())) + line[-1] + append)
content = '\n'.join(content_array)
multicluster = content.find(':multicluster:')
if multicluster != -1:
content = ''.join((
content[:multicluster-1],
'\{\{ if .Values.grafana.sidecar.dashboards.multicluster \}\}0\{\{ else \}\}2\{\{ end \}\}',
content[multicluster + 15:]
))
except (ValueError, KeyError):
pass
return content
def write_group_to_file(resource_name, content, url, destination, min_kubernetes, max_kubernetes):
# initialize header
lines = header % {
'name': resource_name,
'url': url,
'condition': condition_map.get(resource_name, ''),
'min_kubernetes': min_kubernetes,
'max_kubernetes': max_kubernetes
}
content = patch_json_for_multicluster_configuration(content)
filename_struct = {resource_name + '.json': (LiteralStr(content))}
# rules themselves
lines += yaml_str_repr(filename_struct)
# footer
lines += '{{- end }}'
filename = resource_name + '.yaml'
new_filename = "%s/%s" % (destination, filename)
# make sure directories to store the file exist
makedirs(destination, exist_ok=True)
# recreate the file
with open(new_filename, 'w') as f:
f.write(lines)
print("Generated %s" % new_filename)
def main():
init_yaml_styles()
# read the rules, create a new template file per group
for chart in charts:
print("Generating rules from %s" % chart['source'])
response = requests.get(chart['source'])
if response.status_code != 200:
print('Skipping the file, response code %s not equals 200' % response.status_code)
continue
raw_text = response.text
if ('max_kubernetes' not in chart):
chart['max_kubernetes']="9.9.9-9"
if chart['type'] == 'yaml':
yaml_text = yaml.full_load(raw_text)
groups = yaml_text['items']
for group in groups:
for resource, content in group['data'].items():
write_group_to_file(resource.replace('.json', ''), content, chart['source'], chart['destination'], chart['min_kubernetes'], chart['max_kubernetes'])
elif chart['type'] == 'json':
json_text = json.loads(raw_text)
# is it already a dashboard structure or is it nested (etcd case)?
flat_structure = bool(json_text.get('annotations'))
if flat_structure:
resource = path.basename(chart['source']).replace('.json', '')
write_group_to_file(resource, json.dumps(json_text, indent=4), chart['source'], chart['destination'], chart['min_kubernetes'], chart['max_kubernetes'])
else:
for resource, content in json_text.items():
write_group_to_file(resource.replace('.json', ''), json.dumps(content, indent=4), chart['source'], chart['destination'], chart['min_kubernetes'], chart['max_kubernetes'])
print("Finished")
if __name__ == '__main__':
main()
================================================
FILE: charts/charts/kube-prometheus-stack/hack/sync_prometheus_rules.py
================================================
#!/usr/bin/env python3
"""Fetch alerting and aggregation rules from provided urls into this chart."""
import textwrap
from os import makedirs
import requests
import yaml
from yaml.representer import SafeRepresenter
import re
# https://stackoverflow.com/a/20863889/961092
class LiteralStr(str):
pass
def change_style(style, representer):
def new_representer(dumper, data):
scalar = representer(dumper, data)
scalar.style = style
return scalar
return new_representer
# Source files list
charts = [
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/alertmanager-prometheusRule.yaml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kube-prometheus-prometheusRule.yaml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kube-state-metrics-prometheusRule.yaml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/node-exporter-prometheusRule.yaml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheus-prometheusRule.yaml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheus-operator-prometheusRule.yaml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
{
'source': 'https://raw.githubusercontent.com/etcd-io/website/master/content/en/docs/v3.4/op-guide/etcd3_alert.rules.yml',
'destination': '../templates/prometheus/rules-1.14',
'min_kubernetes': '1.14.0-0'
},
]
# Additional conditions map
condition_map = {
'alertmanager.rules': ' .Values.defaultRules.rules.alertmanager',
'general.rules': ' .Values.defaultRules.rules.general',
'k8s.rules': ' .Values.defaultRules.rules.k8s',
'kube-apiserver.rules': ' .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver',
'kube-apiserver-availability.rules': ' .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverAvailability',
'kube-apiserver-error': ' .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverError',
'kube-apiserver-slos': ' .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverSlos',
'kube-prometheus-general.rules': ' .Values.defaultRules.rules.kubePrometheusGeneral',
'kube-prometheus-node-alerting.rules': ' .Values.defaultRules.rules.kubePrometheusNodeAlerting',
'kube-prometheus-node-recording.rules': ' .Values.defaultRules.rules.kubePrometheusNodeRecording',
'kube-scheduler.rules': ' .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeScheduler',
'kube-state-metrics': ' .Values.defaultRules.rules.kubeStateMetrics',
'kubelet.rules': ' .Values.kubelet.enabled .Values.defaultRules.rules.kubelet',
'kubernetes-absent': ' .Values.defaultRules.rules.kubernetesAbsent',
'kubernetes-resources': ' .Values.defaultRules.rules.kubernetesResources',
'kubernetes-storage': ' .Values.defaultRules.rules.kubernetesStorage',
'kubernetes-system': ' .Values.defaultRules.rules.kubernetesSystem',
'kubernetes-system-apiserver': ' .Values.defaultRules.rules.kubernetesSystem', # kubernetes-system was split into more groups in 1.14, one of them is kubernetes-system-apiserver
'kubernetes-system-kubelet': ' .Values.defaultRules.rules.kubernetesSystem', # kubernetes-system was split into more groups in 1.14, one of them is kubernetes-system-kubelet
'kubernetes-system-controller-manager': ' .Values.kubeControllerManager.enabled',
'kubernetes-system-scheduler': ' .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeScheduler',
'node-exporter.rules': ' .Values.defaultRules.rules.node',
'node-exporter': ' .Values.defaultRules.rules.node',
'node.rules': ' .Values.defaultRules.rules.node',
'node-network': ' .Values.defaultRules.rules.network',
'node-time': ' .Values.defaultRules.rules.time',
'prometheus-operator': ' .Values.defaultRules.rules.prometheusOperator',
'prometheus.rules': ' .Values.defaultRules.rules.prometheus',
'prometheus': ' .Values.defaultRules.rules.prometheus', # kube-prometheus >= 1.14 uses prometheus as group instead of prometheus.rules
'kubernetes-apps': ' .Values.defaultRules.rules.kubernetesApps',
'etcd': ' .Values.kubeEtcd.enabled .Values.defaultRules.rules.etcd',
}
alert_condition_map = {
'KubeAPIDown': '.Values.kubeApiServer.enabled', # there are more alerts which are left enabled, because they'll never fire without metrics
'KubeControllerManagerDown': '.Values.kubeControllerManager.enabled',
'KubeSchedulerDown': '.Values.kubeScheduler.enabled',
'KubeStateMetricsDown': '.Values.kubeStateMetrics.enabled', # there are more alerts which are left enabled, because they'll never fire without metrics
'KubeletDown': '.Values.prometheusOperator.kubeletService.enabled', # there are more alerts which are left enabled, because they'll never fire without metrics
'PrometheusOperatorDown': '.Values.prometheusOperator.enabled',
'NodeExporterDown': '.Values.nodeExporter.enabled',
'CoreDNSDown': '.Values.kubeDns.enabled',
'AlertmanagerDown': '.Values.alertmanager.enabled',
'AggregatedAPIDown': 'semverCompare ">=1.18.0-0" $kubeTargetVersion',
}
replacement_map = {
'job="prometheus-operator"': {
'replacement': 'job="{{ $operatorJob }}"',
'init': '{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }}'},
'job="prometheus-k8s"': {
'replacement': 'job="{{ $prometheusJob }}"',
'init': '{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }}'},
'job="alertmanager-main"': {
'replacement': 'job="{{ $alertmanagerJob }}"',
'init': '{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}'},
'namespace="monitoring"': {
'replacement': 'namespace="{{ $namespace }}"',
'init': '{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}'},
'alertmanager-$1': {
'replacement': '$1',
'init': ''},
'https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#': {
'replacement': '{{ .Values.defaultRules.runbookUrl }}',
'init': ''},
'https://github.com/prometheus-operator/kube-prometheus/wiki/': {
'replacement': '{{ .Values.defaultRules.runbookUrl }}alert-name-',
'init': ''},
'job="kube-state-metrics"': {
'replacement': 'job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"',
'limitGroup': ['kubernetes-apps'],
'init': '{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }}'},
'job="kubelet"': {
'replacement': 'job="kubelet", namespace=~"{{ $targetNamespace }}"',
'limitGroup': ['kubernetes-storage'],
'init': '{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }}'},
}
# standard header
header = '''{{- /*
Generated from '%(name)s' group from %(url)s
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=%(min_kubernetes)s" $kubeTargetVersion) (semverCompare "<%(max_kubernetes)s" $kubeTargetVersion) .Values.defaultRules.create%(condition)s }}%(init_line)s
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%%s-%%s" (include "kube-prometheus-stack.fullname" .) "%(name)s" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
-'''
def init_yaml_styles():
represent_literal_str = change_style('|', SafeRepresenter.represent_str)
yaml.add_representer(LiteralStr, represent_literal_str)
def escape(s):
return s.replace("{{", "{{`{{").replace("}}", "}}`}}").replace("{{`{{", "{{`{{`}}").replace("}}`}}", "{{`}}`}}")
def fix_expr(rules):
"""Remove trailing whitespaces and line breaks, which happen to creep in
due to yaml import specifics;
convert multiline expressions to literal style, |-"""
for rule in rules:
rule['expr'] = rule['expr'].rstrip()
if '\n' in rule['expr']:
rule['expr'] = LiteralStr(rule['expr'])
def yaml_str_repr(struct, indent=4):
"""represent yaml as a string"""
text = yaml.dump(
struct,
width=1000, # to disable line wrapping
default_flow_style=False # to disable multiple items on single line
)
text = escape(text) # escape {{ and }} for helm
text = textwrap.indent(text, ' ' * indent)[indent - 1:] # indent everything, and remove very first line extra indentation
return text
def add_rules_conditions(rules, indent=4):
"""Add if wrapper for rules, listed in alert_condition_map"""
rule_condition = '{{- if %s }}\n'
for alert_name in alert_condition_map:
line_start = ' ' * indent + '- alert: '
if line_start + alert_name in rules:
rule_text = rule_condition % alert_condition_map[alert_name]
# add if condition
index = rules.index(line_start + alert_name)
rules = rules[:index] + rule_text + rules[index:]
# add end of if
try:
next_index = rules.index(line_start, index + len(rule_text) + 1)
except ValueError:
# we found the last alert in file if there are no alerts after it
next_index = len(rules)
# depending on the rule ordering in alert_condition_map it's possible that an if statement from another rule is present at the end of this block.
found_block_end = False
last_line_index = next_index
while not found_block_end:
last_line_index = rules.rindex('\n', index, last_line_index - 1) # find the starting position of the last line
last_line = rules[last_line_index + 1:next_index]
if last_line.startswith('{{- if'):
next_index = last_line_index + 1 # move next_index back if the current block ends in an if statement
continue
found_block_end = True
rules = rules[:next_index] + '{{- end }}\n' + rules[next_index:]
return rules
def add_custom_labels(rules, indent=4):
"""Add if wrapper for additional rules labels"""
rule_condition = '{{- if .Values.defaultRules.additionalRuleLabels }}\n{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}\n{{- end }}'
rule_condition_len = len(rule_condition) + 1
separator = " " * indent + "- alert:.*"
alerts_positions = re.finditer(separator,rules)
alert=-1
for alert_position in alerts_positions:
# add rule_condition at the end of the alert block
if alert >= 0 :
index = alert_position.start() + rule_condition_len * alert - 1
rules = rules[:index] + "\n" + rule_condition + rules[index:]
alert += 1
# add rule_condition at the end of the last alert
if alert >= 0:
index = len(rules) - 1
rules = rules[:index] + "\n" + rule_condition + rules[index:]
return rules
def write_group_to_file(group, url, destination, min_kubernetes, max_kubernetes):
fix_expr(group['rules'])
group_name = group['name']
# prepare rules string representation
rules = yaml_str_repr(group)
# add replacements of custom variables and include their initialisation in case it's needed
init_line = ''
for line in replacement_map:
if group_name in replacement_map[line].get('limitGroup', [group_name]) and line in rules:
rules = rules.replace(line, replacement_map[line]['replacement'])
if replacement_map[line]['init']:
init_line += '\n' + replacement_map[line]['init']
# append per-alert rules
rules = add_custom_labels(rules)
rules = add_rules_conditions(rules)
# initialize header
lines = header % {
'name': group['name'],
'url': url,
'condition': condition_map.get(group['name'], ''),
'init_line': init_line,
'min_kubernetes': min_kubernetes,
'max_kubernetes': max_kubernetes
}
# rules themselves
lines += rules
# footer
lines += '{{- end }}'
filename = group['name'] + '.yaml'
new_filename = "%s/%s" % (destination, filename)
# make sure directories to store the file exist
makedirs(destination, exist_ok=True)
# recreate the file
with open(new_filename, 'w') as f:
f.write(lines)
print("Generated %s" % new_filename)
def write_rules_names_template():
with open('../templates/prometheus/_rules.tpl', 'w') as f:
f.write('''{{- /*
Generated file. Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}\n''')
f.write('{{- define "rules.names" }}\n')
f.write('rules:\n')
for rule in condition_map:
f.write(' - "%s"\n' % rule)
f.write('{{- end }}')
def main():
init_yaml_styles()
# read the rules, create a new template file per group
for chart in charts:
print("Generating rules from %s" % chart['source'])
response = requests.get(chart['source'])
if response.status_code != 200:
print('Skipping the file, response code %s not equals 200' % response.status_code)
continue
raw_text = response.text
yaml_text = yaml.full_load(raw_text)
if ('max_kubernetes' not in chart):
chart['max_kubernetes']="9.9.9-9"
# etcd workaround, their file don't have spec level
groups = yaml_text['spec']['groups'] if yaml_text.get('spec') else yaml_text['groups']
for group in groups:
write_group_to_file(group, chart['source'], chart['destination'], chart['min_kubernetes'], chart['max_kubernetes'])
# write rules.names named template
write_rules_names_template()
print("Finished")
if __name__ == '__main__':
main()
================================================
FILE: charts/charts/kube-prometheus-stack/hack/update_crds.sh
================================================
#!/bin/bash -eu
VERSION=$1
[ -z "${VERSION}" ] && echo "Pass prometheus-operator version as first comandline argument" && exit 1
FILES=(
"crd-alertmanagerconfigs.yaml : monitoring.coreos.com_alertmanagerconfigs.yaml"
"crd-alertmanagers.yaml : monitoring.coreos.com_alertmanagers.yaml"
"crd-podmonitors.yaml : monitoring.coreos.com_podmonitors.yaml"
"crd-probes.yaml : monitoring.coreos.com_probes.yaml"
"crd-prometheuses.yaml : monitoring.coreos.com_prometheuses.yaml"
"crd-prometheusrules.yaml : monitoring.coreos.com_prometheusrules.yaml"
"crd-servicemonitors.yaml : monitoring.coreos.com_servicemonitors.yaml"
"crd-thanosrulers.yaml : monitoring.coreos.com_thanosrulers.yaml"
)
for line in "${FILES[@]}" ; do
DESTINATION=$(echo "${line%%:*}" | xargs)
SOURCE=$(echo "${line##*:}" | xargs)
URL="https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/$VERSION/example/prometheus-operator-crd/$SOURCE"
echo "# ${URL}" > ../crds/"${DESTINATION}"
curl -L "${URL}" >> ../crds/"${DESTINATION}"
done
================================================
FILE: charts/charts/kube-prometheus-stack/templates/NOTES.txt
================================================
{{ $.Chart.Name }} has been installed. Check its status by running:
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}"
Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.
================================================
FILE: charts/charts/kube-prometheus-stack/templates/_helpers.tpl
================================================
{{/* vim: set filetype=mustache: */}}
{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}}
{{- define "kube-prometheus-stack.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
The components in this chart create additional resources that expand the longest created name strings.
The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26.
*/}}
{{- define "kube-prometheus-stack.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 26 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/* Fullname suffixed with operator */}}
{{- define "kube-prometheus-stack.operator.fullname" -}}
{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}}
{{- end }}
{{/* Fullname suffixed with prometheus */}}
{{- define "kube-prometheus-stack.prometheus.fullname" -}}
{{- printf "%s-prometheus" (include "kube-prometheus-stack.fullname" .) -}}
{{- end }}
{{/* Fullname suffixed with alertmanager */}}
{{- define "kube-prometheus-stack.alertmanager.fullname" -}}
{{- printf "%s-alertmanager" (include "kube-prometheus-stack.fullname" .) -}}
{{- end }}
{{/* Create chart name and version as used by the chart label. */}}
{{- define "kube-prometheus-stack.chartref" -}}
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
{{- end }}
{{/* Generate basic labels */}}
{{- define "kube-prometheus-stack.labels" }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: "{{ .Chart.Version }}"
app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }}
chart: {{ template "kube-prometheus-stack.chartref" . }}
release: {{ $.Release.Name | quote }}
heritage: {{ $.Release.Service | quote }}
{{- if .Values.commonLabels}}
{{ toYaml .Values.commonLabels }}
{{- end }}
{{- end }}
{{/* Create the name of kube-prometheus-stack service account to use */}}
{{- define "kube-prometheus-stack.operator.serviceAccountName" -}}
{{- if .Values.prometheusOperator.serviceAccount.create -}}
{{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.prometheusOperator.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/* Create the name of prometheus service account to use */}}
{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}}
{{- if .Values.prometheus.serviceAccount.create -}}
{{ default (include "kube-prometheus-stack.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.prometheus.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/* Create the name of alertmanager service account to use */}}
{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}}
{{- if .Values.alertmanager.serviceAccount.create -}}
{{ default (include "kube-prometheus-stack.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.alertmanager.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "kube-prometheus-stack.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/* Allow KubeVersion to be overridden. */}}
{{- define "kube-prometheus-stack.ingress.kubeVersion" -}}
{{- $kubeVersion := default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
{{/* Special use case for Amazon EKS, Google GKE */}}
{{- if and (regexMatch "\\d+\\.\\d+\\.\\d+-(?:eks|gke).+" $kubeVersion) (not .Values.kubeVersionOverride) -}}
{{- $kubeVersion = regexFind "\\d+\\.\\d+\\.\\d+" $kubeVersion -}}
{{- end -}}
{{- $kubeVersion -}}
{{- end -}}
{{/* Get Ingress API Version */}}
{{- define "kube-prometheus-stack.ingress.apiVersion" -}}
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "kube-prometheus-stack.ingress.kubeVersion" .)) -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/* Check Ingress stability */}}
{{- define "kube-prometheus-stack.ingress.isStable" -}}
{{- eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1" -}}
{{- end -}}
{{/* Check Ingress supports pathType */}}
{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}}
{{- define "kube-prometheus-stack.ingress.supportsPathType" -}}
{{- or (eq (include "kube-prometheus-stack.ingress.isStable" .) "true") (and (eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "kube-prometheus-stack.ingress.kubeVersion" .))) -}}
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/alertmanager.yaml
================================================
{{- if .Values.alertmanager.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: Alertmanager
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.alertmanager.annotations }}
annotations:
{{ toYaml .Values.alertmanager.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.alertmanager.alertmanagerSpec.image }}
image: {{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}
version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }}
{{- if .Values.alertmanager.alertmanagerSpec.image.sha }}
sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }}
{{- end }}
{{- end }}
replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }}
listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }}
serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }}
externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}"
{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }}
externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
{{- else }}
externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }}
nodeSelector:
{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }}
{{- end }}
paused: {{ .Values.alertmanager.alertmanagerSpec.paused }}
logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }}
logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }}
retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }}
{{- if .Values.alertmanager.alertmanagerSpec.secrets }}
secrets:
{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.configSecret }}
configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.configMaps }}
configMaps:
{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }}
alertmanagerConfigSelector:
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}}
{{ else }}
alertmanagerConfigSelector: {}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }}
alertmanagerConfigNamespaceSelector:
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}}
{{ else }}
alertmanagerConfigNamespaceSelector: {}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.resources }}
resources:
{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.securityContext }}
securityContext:
{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.storage }}
storage:
{{ toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }}
podMetadata:
{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }}
{{- end }}
{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }}
affinity:
{{- if .Values.alertmanager.alertmanagerSpec.affinity }}
{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }}
{{- end }}
{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app, operator: In, values: [alertmanager]}
- {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]}
{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app, operator: In, values: [alertmanager]}
- {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.tolerations }}
tolerations:
{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.containers }}
containers:
{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.initContainers }}
initContainers:
{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }}
priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }}
additionalPeers:
{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.volumes }}
volumes:
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }}
volumeMounts:
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }}
{{- end }}
portName: {{ .Values.alertmanager.alertmanagerSpec.portName }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
{{- end }}
{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/ingress.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }}
{{- $pathType := .Values.alertmanager.ingress.pathType | default "" }}
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
{{- $servicePort := .Values.alertmanager.service.port -}}
{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }}
{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}}
{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $serviceName }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- if .Values.alertmanager.ingress.annotations }}
annotations:
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{- if .Values.alertmanager.ingress.labels }}
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
{{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
{{- if $apiIsStable }}
{{- if .Values.alertmanager.ingress.ingressClassName }}
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
{{- end }}
{{- end }}
rules:
{{- if .Values.alertmanager.ingress.hosts }}
{{- range $host := .Values.alertmanager.ingress.hosts }}
- host: {{ tpl $host $ }}
http:
paths:
{{- range $p := $paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- range $p := $paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.alertmanager.ingress.tls }}
tls:
{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }}
{{- end -}}
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/ingressperreplica.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }}
{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }}
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
{{- $servicePort := .Values.alertmanager.service.port -}}
{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}}
{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
apiVersion: v1
kind: List
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica
namespace: {{ template "kube-prometheus-stack.namespace" . }}
items:
{{ range $i, $e := until $count }}
- kind: Ingress
apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }}
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if $ingressValues.labels }}
{{ toYaml $ingressValues.labels | indent 8 }}
{{- end }}
{{- if $ingressValues.annotations }}
annotations:
{{ toYaml $ingressValues.annotations | indent 8 }}
{{- end }}
spec:
{{- if $apiIsStable }}
{{- if $ingressValues.ingressClassName }}
ingressClassName: {{ $ingressValues.ingressClassName }}
{{- end }}
{{- end }}
rules:
- host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
http:
paths:
{{- range $p := $ingressValues.paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
tls:
- hosts:
- {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
{{- if $ingressValues.tlsSecretPerReplica.enabled }}
secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
{{- else }}
secretName: {{ $ingressValues.tlsSecretName }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/podDisruptionBudget.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
{{- if .Values.alertmanager.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
app: alertmanager
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/psp-role.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
rules:
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
- apiGroups: ['policy']
{{- else }}
- apiGroups: ['extensions']
{{- end }}
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/psp-rolebinding.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/psp.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{- if .Values.global.rbac.pspAnnotations }}
annotations:
{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
{{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
privileged: false
# Required to prevent escalations to root.
# allowPrivilegeEscalation: false
# This is redundant with non-root + disallow privilege escalation,
# but we can provide it for defense in depth.
#requiredDropCapabilities:
# - ALL
# Allow core volume types.
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
# Permits the container to run with root privileges as well.
rule: 'RunAsAny'
seLinux:
# This policy assumes the nodes are using AppArmor rather than SELinux.
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
readOnlyRootFilesystem: false
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/secret.yaml
================================================
{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: alertmanager-{{ template "kube-prometheus-stack.fullname" . }}-alertmanager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- if .Values.alertmanager.secret.annotations }}
annotations:
{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
data:
{{- if .Values.alertmanager.tplConfig }}
alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }}
{{- else }}
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
{{- end}}
{{- range $key, $val := .Values.alertmanager.templateFiles }}
{{ $key }}: {{ $val | b64enc | quote }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/service.yaml
================================================
{{- if .Values.alertmanager.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.alertmanager.service.labels }}
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.service.annotations }}
annotations:
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.alertmanager.service.clusterIP }}
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
{{- end }}
{{- if .Values.alertmanager.service.externalIPs }}
externalIPs:
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: {{ .Values.alertmanager.alertmanagerSpec.portName }}
{{- if eq .Values.alertmanager.service.type "NodePort" }}
nodePort: {{ .Values.alertmanager.service.nodePort }}
{{- end }}
port: {{ .Values.alertmanager.service.port }}
targetPort: {{ .Values.alertmanager.service.targetPort }}
protocol: TCP
{{- if .Values.alertmanager.service.additionalPorts }}
{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }}
{{- end }}
selector:
app: alertmanager
alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
type: "{{ .Values.alertmanager.service.type }}"
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/serviceaccount.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-alertmanager
app.kubernetes.io/component: alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.alertmanager.serviceAccount.annotations }}
annotations:
{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/servicemonitor.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
release: {{ $.Release.Name | quote }}
self-monitor: "true"
namespaceSelector:
matchNames:
- {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
endpoints:
- port: {{ .Values.alertmanager.alertmanagerSpec.portName }}
{{- if .Values.alertmanager.serviceMonitor.interval }}
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.scheme }}
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }}
bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.tlsConfig }}
tlsConfig: {{ toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }}
{{- end }}
path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics"
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | indent 6) . }}
{{- end }}
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.alertmanager.serviceMonitor.relabelings | indent 6 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/alertmanager/serviceperreplica.yaml
================================================
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }}
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
{{- $serviceValues := .Values.alertmanager.servicePerReplica -}}
apiVersion: v1
kind: List
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica
namespace: {{ template "kube-prometheus-stack.namespace" . }}
items:
{{- range $i, $e := until $count }}
- apiVersion: v1
kind: Service
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if $serviceValues.annotations }}
annotations:
{{ toYaml $serviceValues.annotations | indent 8 }}
{{- end }}
spec:
{{- if $serviceValues.clusterIP }}
clusterIP: {{ $serviceValues.clusterIP }}
{{- end }}
{{- if $serviceValues.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: {{ $.Values.alertmanager.alertmanagerSpec.portName }}
{{- if eq $serviceValues.type "NodePort" }}
nodePort: {{ $serviceValues.nodePort }}
{{- end }}
port: {{ $serviceValues.port }}
targetPort: {{ $serviceValues.targetPort }}
selector:
app: alertmanager
alertmanager: {{ template "kube-prometheus-stack.fullname" $ }}-alertmanager
statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
type: "{{ $serviceValues.type }}"
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/core-dns/service.yaml
================================================
{{- if .Values.coreDns.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
labels:
app: {{ template "kube-prometheus-stack.name" . }}-coredns
jobLabel: coredns
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.coreDns.service.port }}
protocol: TCP
targetPort: {{ .Values.coreDns.service.targetPort }}
selector:
{{- if .Values.coreDns.service.selector }}
{{ toYaml .Values.coreDns.service.selector | indent 4 }}
{{- else}}
k8s-app: kube-dns
{{- end}}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/core-dns/servicemonitor.yaml
================================================
{{- if .Values.coreDns.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-coredns
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: jobLabel
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-coredns
release: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- "kube-system"
endpoints:
- port: http-metrics
{{- if .Values.coreDns.serviceMonitor.interval}}
interval: {{ .Values.coreDns.serviceMonitor.interval }}
{{- end }}
{{- if .Values.coreDns.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.coreDns.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml
================================================
{{- if .Values.kubeApiServer.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-apiserver
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl}}
{{- end }}
port: https
scheme: https
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }}
{{- end }}
{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6 }}
{{- end }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }}
insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }}
jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }}
namespaceSelector:
matchNames:
- default
selector:
{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }}
{{- end}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/endpoints.yaml
================================================
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
k8s-app: kube-controller-manager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
subsets:
- addresses:
{{- range .Values.kubeControllerManager.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeControllerManager.service.port }}
protocol: TCP
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/service.yaml
================================================
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
jobLabel: kube-controller-manager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeControllerManager.service.port }}
protocol: TCP
targetPort: {{ .Values.kubeControllerManager.service.targetPort }}
{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
selector:
{{- if .Values.kubeControllerManager.service.selector }}
{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
{{- else}}
component: kube-controller-manager
{{- end}}
{{- end }}
type: ClusterIP
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml
================================================
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: jobLabel
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
release: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- "kube-system"
endpoints:
- port: http-metrics
{{- if .Values.kubeControllerManager.serviceMonitor.interval }}
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.https }}
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
{{- end }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-dns/service.yaml
================================================
{{- if .Values.kubeDns.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
jobLabel: kube-dns
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
spec:
clusterIP: None
ports:
- name: http-metrics-dnsmasq
port: {{ .Values.kubeDns.service.dnsmasq.port }}
protocol: TCP
targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }}
- name: http-metrics-skydns
port: {{ .Values.kubeDns.service.skydns.port }}
protocol: TCP
targetPort: {{ .Values.kubeDns.service.skydns.targetPort }}
selector:
{{- if .Values.kubeDns.service.selector }}
{{ toYaml .Values.kubeDns.service.selector | indent 4 }}
{{- else}}
k8s-app: kube-dns
{{- end}}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-dns/servicemonitor.yaml
================================================
{{- if .Values.kubeDns.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: jobLabel
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
release: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- "kube-system"
endpoints:
- port: http-metrics-dnsmasq
{{- if .Values.kubeDns.serviceMonitor.interval }}
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeDns.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}}
{{- end }}
{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }}
relabelings:
{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }}
{{- end }}
- port: http-metrics-skydns
{{- if .Values.kubeDns.serviceMonitor.interval }}
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubeDns.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-etcd/endpoints.yaml
================================================
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
k8s-app: etcd-server
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
subsets:
- addresses:
{{- range .Values.kubeEtcd.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeEtcd.service.port }}
protocol: TCP
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-etcd/service.yaml
================================================
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
jobLabel: kube-etcd
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeEtcd.service.port }}
protocol: TCP
targetPort: {{ .Values.kubeEtcd.service.targetPort }}
{{- if .Values.kubeEtcd.endpoints }}{{- else }}
selector:
{{- if .Values.kubeEtcd.service.selector }}
{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }}
{{- else}}
component: etcd
{{- end}}
{{- end }}
type: ClusterIP
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-etcd/servicemonitor.yaml
================================================
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: jobLabel
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
release: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- "kube-system"
endpoints:
- port: http-metrics
{{- if .Values.kubeEtcd.serviceMonitor.interval }}
interval: {{ .Values.kubeEtcd.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}}
{{- end }}
{{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }}
scheme: https
tlsConfig:
{{- if .Values.kubeEtcd.serviceMonitor.serverName }}
serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }}
{{- end }}
{{- if .Values.kubeEtcd.serviceMonitor.caFile }}
caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }}
{{- end }}
{{- if .Values.kubeEtcd.serviceMonitor.certFile }}
certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }}
{{- end }}
{{- if .Values.kubeEtcd.serviceMonitor.keyFile }}
keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }}
{{- end}}
insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }}
{{- end }}
{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubeEtcd.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-proxy/endpoints.yaml
================================================
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
k8s-app: kube-proxy
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
subsets:
- addresses:
{{- range .Values.kubeProxy.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeProxy.service.port }}
protocol: TCP
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-proxy/service.yaml
================================================
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
jobLabel: kube-proxy
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeProxy.service.port }}
protocol: TCP
targetPort: {{ .Values.kubeProxy.service.targetPort }}
{{- if .Values.kubeProxy.endpoints }}{{- else }}
selector:
{{- if .Values.kubeProxy.service.selector }}
{{ toYaml .Values.kubeProxy.service.selector | indent 4 }}
{{- else}}
k8s-app: kube-proxy
{{- end}}
{{- end }}
type: ClusterIP
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml
================================================
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: jobLabel
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
release: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- "kube-system"
endpoints:
- port: http-metrics
{{- if .Values.kubeProxy.serviceMonitor.interval }}
interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeProxy.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}}
{{- end }}
{{- if .Values.kubeProxy.serviceMonitor.https }}
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- end}}
{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4 }}
{{- end }}
{{- if .Values.kubeProxy.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/endpoints.yaml
================================================
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }}
apiVersion: v1
kind: Endpoints
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
k8s-app: kube-scheduler
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
subsets:
- addresses:
{{- range .Values.kubeScheduler.endpoints }}
- ip: {{ . }}
{{- end }}
ports:
- name: http-metrics
port: {{ .Values.kubeScheduler.service.port }}
protocol: TCP
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/service.yaml
================================================
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
jobLabel: kube-scheduler
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
namespace: kube-system
spec:
clusterIP: None
ports:
- name: http-metrics
port: {{ .Values.kubeScheduler.service.port}}
protocol: TCP
targetPort: {{ .Values.kubeScheduler.service.targetPort}}
{{- if .Values.kubeScheduler.endpoints }}{{- else }}
selector:
{{- if .Values.kubeScheduler.service.selector }}
{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
{{- else}}
component: kube-scheduler
{{- end}}
{{- end }}
type: ClusterIP
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml
================================================
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: jobLabel
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
release: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- "kube-system"
endpoints:
- port: http-metrics
{{- if .Values.kubeScheduler.serviceMonitor.interval }}
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
{{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}}
{{- end }}
{{- if .Values.kubeScheduler.serviceMonitor.https }}
scheme: https
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }}
{{- end}}
{{- if .Values.kubeScheduler.serviceMonitor.serverName }}
serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
{{- end}}
{{- end}}
{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kube-state-metrics/serviceMonitor.yaml
================================================
{{- if .Values.kubeStateMetrics.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-state-metrics
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kube-state-metrics
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: app.kubernetes.io/name
endpoints:
- port: http
{{- if .Values.kubeStateMetrics.serviceMonitor.interval }}
interval: {{ .Values.kubeStateMetrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubeStateMetrics.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeStateMetrics.serviceMonitor.proxyUrl}}
{{- end }}
honorLabels: true
{{- if .Values.kubeStateMetrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeStateMetrics.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubeStateMetrics.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeStateMetrics.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- if .Values.kubeStateMetrics.serviceMonitor.selfMonitor.enabled }}
- port: metrics
{{- if .Values.kubeStateMetrics.serviceMonitor.interval }}
interval: {{ .Values.kubeStateMetrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubeStateMetrics.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubeStateMetrics.serviceMonitor.proxyUrl}}
{{- end }}
honorLabels: true
{{- if .Values.kubeStateMetrics.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubeStateMetrics.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubeStateMetrics.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubeStateMetrics.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }}
namespaceSelector:
matchNames:
- {{ .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }}
{{- end }}
selector:
matchLabels:
{{- if .Values.kubeStateMetrics.serviceMonitor.selectorOverride }}
{{ toYaml .Values.kubeStateMetrics.serviceMonitor.selectorOverride | indent 6 }}
{{ else }}
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/instance: "{{ $.Release.Name }}"
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml
================================================
{{- if .Values.kubelet.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-kubelet
{{- include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
endpoints:
{{- if .Values.kubelet.serviceMonitor.https }}
- port: https-metrics
scheme: https
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
{{- end }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisor }}
- port: https-metrics
scheme: https
path: /metrics/cadvisor
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
{{- end }}
honorLabels: true
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
relabelings:
{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.probes }}
- port: https-metrics
scheme: https
path: /metrics/probes
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
{{- end }}
honorLabels: true
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.probesRelabelings }}
relabelings:
{{ toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.resource }}
- port: https-metrics
scheme: https
path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
{{- end }}
honorLabels: true
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }}
relabelings:
{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }}
{{- end }}
{{- end }}
{{- else }}
- port: http-metrics
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
{{- end }}
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisor }}
- port: http-metrics
path: /metrics/cadvisor
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
{{- end }}
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
relabelings:
{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.resource }}
- port: http-metrics
path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
{{- if .Values.kubelet.serviceMonitor.interval }}
interval: {{ .Values.kubelet.serviceMonitor.interval }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
{{- end }}
honorLabels: true
{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }}
relabelings:
{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
jobLabel: k8s-app
namespaceSelector:
matchNames:
- {{ .Values.kubelet.namespace }}
selector:
matchLabels:
app.kubernetes.io/name: kubelet
k8s-app: kubelet
{{- end}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/exporters/node-exporter/servicemonitor.yaml
================================================
{{- if .Values.nodeExporter.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-node-exporter
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-node-exporter
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
jobLabel: {{ .Values.nodeExporter.jobLabel }}
selector:
matchLabels:
app: prometheus-node-exporter
release: {{ $.Release.Name }}
{{- if (index .Values "prometheus-node-exporter" "namespaceOverride") }}
namespaceSelector:
matchNames:
- {{ index .Values "prometheus-node-exporter" "namespaceOverride" }}
{{- end }}
endpoints:
- port: metrics
{{- if .Values.nodeExporter.serviceMonitor.interval }}
interval: {{ .Values.nodeExporter.serviceMonitor.interval }}
{{- end }}
{{- if .Values.nodeExporter.serviceMonitor.proxyUrl }}
proxyUrl: {{ .Values.nodeExporter.serviceMonitor.proxyUrl}}
{{- end }}
{{- if .Values.nodeExporter.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.nodeExporter.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.nodeExporter.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.nodeExporter.serviceMonitor.metricRelabelings | indent 4) . }}
{{- end }}
{{- if .Values.nodeExporter.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.nodeExporter.serviceMonitor.relabelings | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/configmap-dashboards.yaml
================================================
{{- if or (and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled) .Values.grafana.forceDeployDashboards }}
{{- $files := .Files.Glob "dashboards-1.14/*.json" }}
{{- if $files }}
apiVersion: v1
kind: ConfigMapList
items:
{{- range $path, $fileContents := $files }}
{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }}
- apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 6 }}
data:
{{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml
================================================
{{- if or (and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled) .Values.grafana.forceDeployDatasources }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- if .Values.grafana.sidecar.datasources.annotations }}
annotations:
{{ toYaml .Values.grafana.sidecar.datasources.annotations | indent 4 }}
{{- end }}
labels:
{{ $.Values.grafana.sidecar.datasources.label }}: "1"
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
datasource.yaml: |-
apiVersion: 1
datasources:
{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }}
{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }}
- name: Prometheus
type: prometheus
{{- if .Values.grafana.sidecar.datasources.url }}
url: {{ .Values.grafana.sidecar.datasources.url }}
{{- else }}
url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }}
{{- end }}
access: proxy
isDefault: true
jsonData:
timeInterval: {{ $scrapeInterval }}
{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }}
{{- range until (int .Values.prometheus.prometheusSpec.replicas) }}
- name: Prometheus-{{ . }}
type: prometheus
url: http://prometheus-{{ template "kube-prometheus-stack.fullname" $ }}-prometheus-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }}
access: proxy
isDefault: false
jsonData:
timeInterval: {{ $scrapeInterval }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.grafana.additionalDataSources }}
{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/alertmanager-overview.yaml
================================================
{{- /*
Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "alertmanager-overview" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
alertmanager-overview.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 1,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "30s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 2,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": false,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(alertmanager_alerts{namespace=\"$namespace\",service=\"$service\"}) by (namespace,service,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Alerts",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 3,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": false,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(alertmanager_alerts_received_total{namespace=\"$namespace\",service=\"$service\"}[5m])) by (namespace,service,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Received",
"refId": "A"
},
{
"expr": "sum(rate(alertmanager_alerts_invalid_total{namespace=\"$namespace\",service=\"$service\"}[5m])) by (namespace,service,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Invalid",
"refId": "B"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Alerts receive rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Alerts",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": false,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": "integration",
"seriesOverrides": [
],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(alertmanager_notifications_total{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (integration,namespace,service,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Total",
"refId": "A"
},
{
"expr": "sum(rate(alertmanager_notifications_failed_total{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (integration,namespace,service,instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Failed",
"refId": "B"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "$integration: Notifications Send Rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 5,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": false,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": "integration",
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (le,namespace,service,instance)\n) \n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} 99th Percentile",
"refId": "A"
},
{
"expr": "histogram_quantile(0.50,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (le,namespace,service,instance)\n) \n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Median",
"refId": "B"
},
{
"expr": "sum(rate(alertmanager_notification_latency_seconds_sum{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (namespace,service,instance)\n/\nsum(rate(alertmanager_notification_latency_seconds_count{namespace=\"$namespace\",service=\"$service\", integration=\"$integration\"}[5m])) by (namespace,service,instance)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Average",
"refId": "C"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "$integration: Notification Duration",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Notifications",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"alertmanager-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(alertmanager_alerts, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "service",
"options": [
],
"query": "label_values(alertmanager_alerts, service)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "all",
"value": "$__all"
},
"datasource": "$datasource",
"hide": 2,
"includeAll": true,
"label": null,
"multi": false,
"name": "integration",
"options": [
],
"query": "label_values(alertmanager_notifications_total{integration=~\".*\"}, integration)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "utc",
"title": "Alertmanager / Overview",
"uid": "alertmanager-overview",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/apiserver.yaml
================================================
{{- /*
Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeApiServer.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
apiserver.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"panels": [
{
"content": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.",
"datasource": null,
"description": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.",
"gridPos": {
"h": 2,
"w": 24,
"x": 0,
"y": 0
},
"id": 2,
"mode": "markdown",
"span": 12,
"title": "Notice",
"type": "text"
}
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"decimals": 3,
"description": "How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?",
"format": "percentunit",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 3,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 4,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Availability (30d) > 99.000%",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": 3,
"description": "How much error budget is left looking at our 0.990% availability guarantees?",
"fill": 10,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 8,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "errorbudget",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "ErrorBudget (30d) > 99.000%",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"decimals": 3,
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"decimals": 3,
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"decimals": 3,
"description": "How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?",
"format": "percentunit",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 5,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Read Availability (30d)",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "How many read requests (LIST,GET) per second do the apiservers get by code?",
"fill": 10,
"fillGradient": 0,
"gridPos": {
},
"id": 6,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
{
"alias": "/2../i",
"color": "#56A64B"
},
{
"alias": "/3../i",
"color": "#F2CC0C"
},
{
"alias": "/4../i",
"color": "#3274D9"
},
{
"alias": "/5../i",
"color": "#E02F44"
}
],
"spaceLength": 10,
"span": 3,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}} code {{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Read SLI - Requests",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "reqps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "reqps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 7,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}} resource {{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Read SLI - Errors",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "How many seconds is the 99th percentile for reading (LIST|GET) a given resource?",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 8,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}} resource {{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Read SLI - Duration",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"decimals": 3,
"description": "How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?",
"format": "percentunit",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 9,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Write Availability (30d)",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?",
"fill": 10,
"fillGradient": 0,
"gridPos": {
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
{
"alias": "/2../i",
"color": "#56A64B"
},
{
"alias": "/3../i",
"color": "#F2CC0C"
},
{
"alias": "/4../i",
"color": "#3274D9"
},
{
"alias": "/5../i",
"color": "#E02F44"
}
],
"spaceLength": 10,
"span": 3,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}} code {{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Write SLI - Requests",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "reqps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "reqps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 11,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}} resource {{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Write SLI - Errors",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 12,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}} resource {{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Write SLI - Duration",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 13,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": false,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Work Queue Add Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 14,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": false,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Work Queue Depth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 15,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Work Queue Latency",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 16,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 17,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 18,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(apiserver_request_total, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(apiserver_request_total{job=\"apiserver\", cluster=\"$cluster\"}, instance)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / API server",
"uid": "09ec8aa1e996d6ffcd6817bbaff4db1b",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/cluster-total.yaml
================================================
{{- /*
Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
cluster-total.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"panels": [
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 2,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 1
},
"id": 3,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Received",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 1
},
"id": 4,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Transmitted",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"columns": [
{
"text": "Time",
"value": "Time"
},
{
"text": "Value #A",
"value": "Value #A"
},
{
"text": "Value #B",
"value": "Value #B"
},
{
"text": "Value #C",
"value": "Value #C"
},
{
"text": "Value #D",
"value": "Value #D"
},
{
"text": "Value #E",
"value": "Value #E"
},
{
"text": "Value #F",
"value": "Value #F"
},
{
"text": "Value #G",
"value": "Value #G"
},
{
"text": "Value #H",
"value": "Value #H"
},
{
"text": "namespace",
"value": "namespace"
}
],
"datasource": "$datasource",
"fill": 1,
"fontSize": "90%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"lines": true,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null as zero",
"renderer": "flot",
"scroll": true,
"showHeader": true,
"sort": {
"col": 0,
"desc": false
},
"spaceLength": 10,
"span": 24,
"styles": [
{
"alias": "Time",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Time",
"thresholds": [
],
"type": "hidden",
"unit": "short"
},
{
"alias": "Current Bandwidth Received",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Current Bandwidth Transmitted",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Average Bandwidth Received",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Average Bandwidth Transmitted",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Rate of Received Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Received Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #G",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #H",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Namespace",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTooltip": "Drill down",
"linkUrl": "d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=$__cell",
"pattern": "namespace",
"thresholds": [
],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "G",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "H",
"step": 10
}
],
"timeFrom": null,
"timeShift": null,
"title": "Current Status",
"type": "table"
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 10
},
"id": 6,
"panels": [
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 11
},
"id": 7,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Rate of Bytes Received",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 11
},
"id": 8,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Rate of Bytes Transmitted",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Average Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 11
},
"id": 9,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth History",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 12
},
"id": 10,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 21
},
"id": 11,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 30
},
"id": 12,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 31
},
"id": 13,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 40
},
"id": 14,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Packets",
"titleSize": "h6",
"type": "row"
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 31
},
"id": 15,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 50
},
"id": 16,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 59
},
"id": 17,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 59
},
"id": 18,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
{
"targetBlank": true,
"title": "What is TCP Retransmit?",
"url": "https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/"
}
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of TCP Retransmits out of all sent segments",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 59
},
"id": 19,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": true,
"min": true,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 2,
"links": [
{
"targetBlank": true,
"title": "Why monitor SYN retransmits?",
"url": "https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365"
}
],
"minSpan": 24,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of TCP SYN Retransmits out of all retransmits",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Errors",
"titleSize": "h6",
"type": "row"
}
],
"refresh": "10s",
"rows": [
],
"schemaVersion": 18,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "resolution",
"options": [
{
"selected": false,
"text": "30s",
"value": "30s"
},
{
"selected": true,
"text": "5m",
"value": "5m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
}
],
"query": "30s,5m,1h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 2,
"includeAll": false,
"label": null,
"multi": false,
"name": "interval",
"options": [
{
"selected": true,
"text": "4h",
"value": "4h"
}
],
"query": "4h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
},
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Networking / Cluster",
"uid": "ff635a025bcfea7bc3dd4f508990a3e9",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/controller-manager.yaml
================================================
{{- /*
Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeControllerManager.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
controller-manager.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 2,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 2,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "sum(up{cluster=\"$cluster\", job=\"kube-controller-manager\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Up",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "min"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 3,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (cluster, instance, name)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Work Queue Add Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (cluster, instance, name)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Work Queue Depth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 5,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\"}[5m])) by (cluster, instance, name, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Work Queue Latency",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 6,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"2..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "2xx",
"refId": "A"
},
{
"expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"3..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "3xx",
"refId": "B"
},
{
"expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"4..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "4xx",
"refId": "C"
},
{
"expr": "sum(rate(rest_client_requests_total{job=\"kube-controller-manager\", instance=~\"$instance\",code=~\"5..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "5xx",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Kube API Request Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 7,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 8,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Post Request Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 8,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-controller-manager\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Get Request Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 9,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 11,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-controller-manager\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-controller-manager\"}, instance)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Controller Manager",
"uid": "72e0e05bef5099e5f049b05fdc429ed4",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/etcd.yaml
================================================
{{- /*
Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/en/docs/v3.4/op-guide/grafana.json
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeEtcd.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
etcd.json: |-
{
"annotations": {
"list": []
},
"description": "etcd sample Grafana dashboard with Prometheus",
"editable": true,
"gnetId": null,
"hideControls": false,
"id": 6,
"links": [],
"refresh": "10s",
"rows": [
{
"collapse": false,
"editable": true,
"height": "250px",
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "$datasource",
"editable": true,
"error": false,
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"id": 28,
"interval": null,
"isNew": true,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"targets": [
{
"expr": "sum(etcd_server_has_leader{job=\"$cluster\"})",
"intervalFactor": 2,
"legendFormat": "",
"metric": "etcd_server_has_leader",
"refId": "A",
"step": 20
}
],
"thresholds": "",
"title": "Up",
"type": "singlestat",
"valueFontSize": "200%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "avg"
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 0,
"id": 23,
"isNew": true,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 5,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "RPC Rate",
"metric": "grpc_server_started_total",
"refId": "A",
"step": 2
},
{
"expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "RPC Failed Rate",
"metric": "grpc_server_handled_total",
"refId": "B",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "RPC Rate",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 0,
"id": 41,
"isNew": true,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 4,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})",
"intervalFactor": 2,
"legendFormat": "Watch Streams",
"metric": "grpc_server_handled_total",
"refId": "A",
"step": 4
},
{
"expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})",
"intervalFactor": 2,
"legendFormat": "Lease Streams",
"metric": "grpc_server_handled_total",
"refId": "B",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Active Streams",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"showTitle": false,
"title": "Row"
},
{
"collapse": false,
"editable": true,
"height": "250px",
"panels": [
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"decimals": null,
"editable": true,
"error": false,
"fill": 0,
"grid": {},
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}",
"hide": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} DB Size",
"metric": "",
"refId": "A",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "DB Size",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 0,
"grid": {},
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 1,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 4,
"stack": false,
"steppedLine": true,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync",
"metric": "etcd_disk_wal_fsync_duration_seconds_bucket",
"refId": "A",
"step": 4
},
{
"expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync",
"metric": "etcd_disk_backend_commit_duration_seconds_bucket",
"refId": "B",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Disk Sync Duration",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 0,
"id": 29,
"isNew": true,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_resident_memory_bytes{job=\"$cluster\"}",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory",
"metric": "process_resident_memory_bytes",
"refId": "A",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Memory",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"title": "New row"
},
{
"collapse": false,
"editable": true,
"height": "250px",
"panels": [
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 5,
"id": 22,
"isNew": true,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 3,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[5m])",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In",
"metric": "etcd_network_client_grpc_received_bytes_total",
"refId": "A",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Client Traffic In",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 5,
"id": 21,
"isNew": true,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 3,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[5m])",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out",
"metric": "etcd_network_client_grpc_sent_bytes_total",
"refId": "A",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Client Traffic Out",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 0,
"id": 20,
"isNew": true,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[5m])) by (instance)",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In",
"metric": "etcd_network_peer_received_bytes_total",
"refId": "A",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Peer Traffic In",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"decimals": null,
"editable": true,
"error": false,
"fill": 0,
"grid": {},
"id": 16,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[5m])) by (instance)",
"hide": false,
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out",
"metric": "etcd_network_peer_sent_bytes_total",
"refId": "A",
"step": 4
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Peer Traffic Out",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "Bps",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"title": "New row"
},
{
"collapse": false,
"editable": true,
"height": "250px",
"panels": [
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fill": 0,
"id": 40,
"isNew": true,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[5m]))",
"intervalFactor": 2,
"legendFormat": "Proposal Failure Rate",
"metric": "etcd_server_proposals_failed_total",
"refId": "A",
"step": 2
},
{
"expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})",
"intervalFactor": 2,
"legendFormat": "Proposal Pending Total",
"metric": "etcd_server_proposals_pending",
"refId": "B",
"step": 2
},
{
"expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[5m]))",
"intervalFactor": 2,
"legendFormat": "Proposal Commit Rate",
"metric": "etcd_server_proposals_committed_total",
"refId": "C",
"step": 2
},
{
"expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[5m]))",
"intervalFactor": 2,
"legendFormat": "Proposal Apply Rate",
"refId": "D",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Raft Proposals",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": "",
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {},
"bars": false,
"datasource": "$datasource",
"decimals": 0,
"editable": true,
"error": false,
"fill": 0,
"id": 19,
"isNew": true,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day",
"metric": "etcd_server_leader_changes_seen_total",
"refId": "A",
"step": 2
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Total Leader Elections Per Day",
"tooltip": {
"msResolution": false,
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"title": "New row"
}
],
"schemaVersion": 13,
"sharedCrosshair": false,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "prod",
"value": "prod"
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [],
"query": "label_values(etcd_server_has_leader, job)",
"refresh": 1,
"regex": "",
"sort": 2,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-15m",
"to": "now"
},
"timepicker": {
"now": true,
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "etcd",
"version": 215
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-coredns.yaml
================================================
{{- /* Added manually, can be changed in-place. */ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
k8s-coredns.json: |-
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.",
"editable": true,
"gnetId": 12539,
"graphTooltip": 0,
"iteration": 1603798405693,
"links": [
{
"icon": "external link",
"tags": [],
"targetBlank": true,
"title": "CoreDNS.io",
"type": "link",
"url": "https://coredns.io"
}
],
"panels": [
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 8,
"x": 0,
"y": 0
},
"hiddenSeries": false,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "total",
"yaxis": 2
}
],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (proto)",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Requests (total)",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 8,
"x": 8,
"y": 0
},
"hiddenSeries": false,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "total",
"yaxis": 2
},
{
"alias": "other",
"yaxis": 2
}
],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(coredns_dns_request_type_count_total{instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (type)",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{type}}"}}",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Requests (by qtype)",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 8,
"x": 16,
"y": 0
},
"hiddenSeries": false,
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "total",
"yaxis": 2
}
],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (zone)",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{zone}}"}}",
"refId": "A",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Requests (by zone)",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 7
},
"hiddenSeries": false,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "total",
"yaxis": 2
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(coredns_dns_request_do_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{instance=~\"$instance\"}[5m]))",
"interval": "",
"intervalFactor": 2,
"legendFormat": "DO",
"refId": "A",
"step": 40
},
{
"expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m]))",
"interval": "",
"intervalFactor": 2,
"legendFormat": "total",
"refId": "B",
"step": 40
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Requests (DO bit)",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 6,
"x": 12,
"y": 7
},
"hiddenSeries": false,
"id": 10,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "tcp:90",
"yaxis": 2
},
{
"alias": "tcp:99 ",
"yaxis": 2
},
{
"alias": "tcp:50",
"yaxis": 2
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:99 ",
"refId": "A",
"step": 60
},
{
"expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:90",
"refId": "B",
"step": 60
},
{
"expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:50",
"refId": "C",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Requests (size, udp)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 6,
"x": 18,
"y": 7
},
"hiddenSeries": false,
"id": 12,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "tcp:90",
"yaxis": 1
},
{
"alias": "tcp:99 ",
"yaxis": 1
},
{
"alias": "tcp:50",
"yaxis": 1
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:99 ",
"refId": "A",
"step": 60
},
{
"expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:90",
"refId": "B",
"step": 60
},
{
"expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))",
"format": "time_series",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:50",
"refId": "C",
"step": 60
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Requests (size,tcp)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 14
},
"hiddenSeries": false,
"id": 14,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(coredns_dns_response_rcode_count_total{instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{instance=~\"$instance\"}[5m])) by (rcode)",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{rcode}}"}}",
"refId": "A",
"step": 40
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Responses (by rcode)",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 14
},
"hiddenSeries": false,
"id": 32,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le, job))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "99%",
"refId": "A",
"step": 40
},
{
"expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "90%",
"refId": "B",
"step": 40
},
{
"expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "50%",
"refId": "C",
"step": 40
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Responses (duration)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "s",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 21
},
"hiddenSeries": false,
"id": 18,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "udp:50%",
"yaxis": 1
},
{
"alias": "tcp:50%",
"yaxis": 2
},
{
"alias": "tcp:90%",
"yaxis": 2
},
{
"alias": "tcp:99%",
"yaxis": 2
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:99%",
"refId": "A",
"step": 40
},
{
"expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:90%",
"refId": "B",
"step": 40
},
{
"expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ",
"hide": false,
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:50%",
"metric": "",
"refId": "C",
"step": 40
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Responses (size, udp)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 21
},
"hiddenSeries": false,
"id": 20,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "udp:50%",
"yaxis": 1
},
{
"alias": "tcp:50%",
"yaxis": 1
},
{
"alias": "tcp:90%",
"yaxis": 1
},
{
"alias": "tcp:99%",
"yaxis": 1
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:99%",
"refId": "A",
"step": 40
},
{
"expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:90%",
"refId": "B",
"step": 40
},
{
"expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{"{{proto}}"}}:50%",
"metric": "",
"refId": "C",
"step": 40
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Responses (size, tcp)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "bytes",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 28
},
"hiddenSeries": false,
"id": 22,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(coredns_cache_size{instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{instance=~\"$instance\"}) by (type)",
"interval": "",
"intervalFactor": 2,
"legendFormat": "{{"{{type}}"}}",
"refId": "A",
"step": 40
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Cache (size)",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "cumulative"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "decbytes",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"editable": true,
"error": false,
"fieldConfig": {
"defaults": {
"custom": {},
"links": []
},
"overrides": []
},
"fill": 1,
"fillGradient": 0,
"grid": {},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 28
},
"hiddenSeries": false,
"id": 24,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [],
"nullPointMode": "connected",
"options": {
"alertThreshold": true
},
"percentage": false,
"pluginVersion": "7.2.0",
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "misses",
"yaxis": 2
}
],
"spaceLength": 10,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(coredns_cache_hits_total{instance=~\"$instance\"}[5m])) by (type)",
"hide": false,
"intervalFactor": 2,
"legendFormat": "hits:{{"{{type}}"}}",
"refId": "A",
"step": 40
},
{
"expr": "sum(rate(coredns_cache_misses_total{instance=~\"$instance\"}[5m])) by (type)",
"hide": false,
"intervalFactor": 2,
"legendFormat": "misses",
"refId": "B",
"step": 40
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Cache (hitrate)",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": "10s",
"schemaVersion": 26,
"style": "dark",
"tags": [
"dns",
"coredns"
],
"templating": {
"list": [
{
"current": {
"selected": true,
"text": "default",
"value": "default"
},
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "datasource",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
},
{
"allValue": ".*",
"current": {
"selected": true,
"text": "All",
"value": "$__all"
},
"datasource": "$datasource",
"definition": "label_values(up{job=\"coredns\"}, instance)",
"hide": 0,
"includeAll": true,
"label": "Instance",
"multi": false,
"name": "instance",
"options": [],
"query": "label_values(up{job=\"coredns\"}, instance)",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-3h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
]
},
"timezone": "utc",
"title": "CoreDNS",
"uid": "vkQ0UHxik",
"version": 2
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml
================================================
{{- /*
Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
k8s-resources-cluster.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "100px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 1,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 2,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[$__rate_interval]))",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "CPU Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 2,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "CPU Requests Commitment",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 2,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "CPU Limits Commitment",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 2,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{cluster=\"$cluster\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "Memory Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 2,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "Memory Requests Commitment",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 2,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "Memory Limits Commitment",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Headlines",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Pods",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Workloads",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to workloads",
"linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "CPU Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #G",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Namespace",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
"pattern": "namespace",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "G",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Usage (w/o cache)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 10,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Pods",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Workloads",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to workloads",
"linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Memory Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #G",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Namespace",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
"pattern": "namespace",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
},
{
"expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "G",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Requests by Namespace",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Requests",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 11,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Current Receive Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Current Transmit Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Rate of Received Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Received Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Namespace",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
"pattern": "namespace",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Network Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Network Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 12,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 13,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 14,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Container Bandwidth by Namespace: Received",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 15,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Container Bandwidth by Namespace: Transmitted",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Average Container Bandwidth by Namespace",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 16,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 17,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 18,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 19,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets Dropped",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": -1,
"fill": 10,
"id": 20,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "ceil(sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m])))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "IOPS(Reads+Writes)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 21,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}namespace{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "ThroughPut(Read+Write)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage IO",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 22,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"sort": {
"col": 4,
"desc": true
},
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "IOPS(Reads)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "IOPS(Writes)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "IOPS(Reads + Writes)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Throughput(Read)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Throughput(Write)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Throughput(Read + Write)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Namespace",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell",
"pattern": "namespace",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum by(namespace) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum by(namespace) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Storage IO",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage IO - Distribution",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(node_cpu_seconds_total, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Compute Resources / Cluster",
"uid": "efa86fd1d0c121a26444b636a3f509a8",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml
================================================
{{- /*
Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
k8s-resources-namespace.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "100px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "CPU Utilisation (from requests)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "CPU Utilisation (from limits)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "Memory Utilisation (from requests)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"format": "percentunit",
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})",
"format": "time_series",
"instant": true,
"intervalFactor": 2,
"refId": "A"
}
],
"thresholds": "70,80",
"timeFrom": null,
"timeShift": null,
"title": "Memory Utilisation (from limits)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "singlestat",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Headlines",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "quota - requests",
"color": "#F2495C",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
},
{
"alias": "quota - limits",
"color": "#FF9830",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
}
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - requests",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - limits",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "CPU Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "CPU Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "quota - requests",
"color": "#F2495C",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
},
{
"alias": "quota - limits",
"color": "#FF9830",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
}
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - requests",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - limits",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Usage (w/o cache)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Memory Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Usage (RSS)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Usage (Cache)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #G",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Usage (Swap)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #H",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
},
{
"expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "G",
"step": 10
},
{
"expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "H",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 9,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Current Receive Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Current Transmit Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Rate of Received Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Received Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Network Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Network Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 10,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 11,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 12,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 13,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 14,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 15,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets Dropped",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": -1,
"fill": 10,
"id": 16,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m])))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "IOPS(Reads+Writes)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 17,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "ThroughPut(Read+Write)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage IO",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 18,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"sort": {
"col": 4,
"desc": true
},
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "IOPS(Reads)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "IOPS(Writes)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "IOPS(Reads + Writes)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Throughput(Read)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Throughput(Write)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Throughput(Read + Write)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Storage IO",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage IO - Distribution",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Compute Resources / Namespace (Pods)",
"uid": "85a562078cdf77779eaa1add43ccec1e",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-node.yaml
================================================
{{- /*
Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
k8s-resources-node.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "CPU Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "CPU Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Usage (w/o cache)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Memory Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Usage (RSS)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Usage (Cache)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #G",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Usage (Swap)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #H",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "G",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "H",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Quota",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": true,
"name": "node",
"options": [
],
"query": "label_values(kube_pod_info{cluster=\"$cluster\"}, node)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Compute Resources / Node (Pods)",
"uid": "200ac8fdbfbb74b39aff88118e4d1c2c",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml
================================================
{{- /*
Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
k8s-resources-pod.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "requests",
"color": "#F2495C",
"fill": 0,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
},
{
"alias": "limits",
"color": "#FF9830",
"fill": 0,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
}
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}container{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "requests",
"legendLink": null,
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "limits",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 2,
"legend": {
"avg": false,
"current": true,
"max": true,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}container{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
{
"colorMode": "critical",
"fill": true,
"line": true,
"op": "gt",
"value": 0.25,
"yaxis": "left"
}
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Throttling",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Throttling",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "CPU Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "CPU Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Container",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "container",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "requests",
"color": "#F2495C",
"dashes": true,
"fill": 0,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
},
{
"alias": "limits",
"color": "#FF9830",
"dashes": true,
"fill": 0,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
}
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}container{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "requests",
"legendLink": null,
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "limits",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Usage (WSS)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Memory Usage (WSS)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Usage (RSS)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Usage (Cache)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #G",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Usage (Swap)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #H",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Container",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "container",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
},
{
"expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "G",
"step": 10
},
{
"expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "H",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 6,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 7,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 8,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 9,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 10,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 11,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets Dropped",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": -1,
"fill": 10,
"id": 12,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Reads",
"legendLink": null,
"step": 10
},
{
"expr": "ceil(sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Writes",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "IOPS",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 13,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Reads",
"legendLink": null,
"step": 10
},
{
"expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Writes",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "ThroughPut",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage IO - Distribution(Pod - Read & Writes)",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"decimals": -1,
"fill": 10,
"id": 14,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "ceil(sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m])))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}container{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "IOPS(Reads+Writes)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 15,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}container{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "ThroughPut(Read+Write)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage IO - Distribution(Containers)",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 16,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"sort": {
"col": 4,
"desc": true
},
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "IOPS(Reads)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "IOPS(Writes)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "IOPS(Reads + Writes)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": -1,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Throughput(Read)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Throughput(Write)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Throughput(Read + Write)",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Container",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "container",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum by(container) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum by(container) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Storage IO",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage IO - Distribution",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "pod",
"options": [
],
"query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=\"$namespace\"}, pod)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Compute Resources / Pod",
"uid": "6581e46e4e5c7ba40a07646395ef7b23",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml
================================================
{{- /*
Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
k8s-resources-workload.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "CPU Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "CPU Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Memory Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 5,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Current Receive Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Current Transmit Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Rate of Received Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Received Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Network Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Network Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Container Bandwidth by Pod: Received",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Container Bandwidth by Pod: Transmitted",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Average Container Bandwidth by Pod",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 10,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 11,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 12,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 13,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets Dropped",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "workload",
"options": [
],
"query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "type",
"options": [
],
"query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Compute Resources / Workload",
"uid": "a164a7f0339f99e89cea5cb47e9be617",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml
================================================
{{- /*
Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
k8s-resources-workloads-namespace.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "quota - requests",
"color": "#F2495C",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
},
{
"alias": "quota - limits",
"color": "#FF9830",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
}
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - requests",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - limits",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Running Pods",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "CPU Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "CPU Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Workload",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2",
"pattern": "workload",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Workload Type",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "workload_type",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "quota - requests",
"color": "#F2495C",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
},
{
"alias": "quota - limits",
"color": "#FF9830",
"dashes": true,
"fill": 0,
"hiddenSeries": true,
"hideTooltip": true,
"legend": true,
"linewidth": 2,
"stack": false
}
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - requests",
"legendLink": null,
"step": 10
},
{
"expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "quota - limits",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Running Pods",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Memory Usage",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Requests %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Memory Limits",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "bytes"
},
{
"alias": "Memory Limits %",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "percentunit"
},
{
"alias": "Workload",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2",
"pattern": "workload",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Workload Type",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "workload_type",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Quota",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory Quota",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 5,
"interval": "1m",
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Current Receive Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Current Transmit Bandwidth",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Rate of Received Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Received Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Workload",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": false,
"linkTooltip": "Drill down to pods",
"linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$type",
"pattern": "workload",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Workload Type",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "workload_type",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Network Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Network Usage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Container Bandwidth by Workload: Received",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Container Bandwidth by Workload: Transmitted",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Average Container Bandwidth by Workload",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 10,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 11,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 12,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 13,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Rate of Packets Dropped",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "deployment",
"value": "deployment"
},
"datasource": "$datasource",
"definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "type",
"options": [
],
"query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Compute Resources / Namespace (Workloads)",
"uid": "a87fb0d919ec0ea5f6543124e16c42a5",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/kubelet.yaml
================================================
{{- /*
Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubelet.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
kubelet.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"panels": [
{
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": [
],
"mappings": [
],
"thresholds": {
"mode": "absolute",
"steps": [
]
},
"unit": "none"
}
},
"gridPos": {
"h": 7,
"w": 4,
"x": 0,
"y": 0
},
"id": 2,
"links": [
],
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
}
},
"pluginVersion": "7",
"targets": [
{
"expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"title": "Running Kubelets",
"transparent": false,
"type": "stat"
},
{
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": [
],
"mappings": [
],
"thresholds": {
"mode": "absolute",
"steps": [
]
},
"unit": "none"
}
},
"gridPos": {
"h": 7,
"w": 4,
"x": 4,
"y": 0
},
"id": 3,
"links": [
],
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
}
},
"pluginVersion": "7",
"targets": [
{
"expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"title": "Running Pods",
"transparent": false,
"type": "stat"
},
{
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": [
],
"mappings": [
],
"thresholds": {
"mode": "absolute",
"steps": [
]
},
"unit": "none"
}
},
"gridPos": {
"h": 7,
"w": 4,
"x": 8,
"y": 0
},
"id": 4,
"links": [
],
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
}
},
"pluginVersion": "7",
"targets": [
{
"expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"title": "Running Container",
"transparent": false,
"type": "stat"
},
{
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": [
],
"mappings": [
],
"thresholds": {
"mode": "absolute",
"steps": [
]
},
"unit": "none"
}
},
"gridPos": {
"h": 7,
"w": 4,
"x": 12,
"y": 0
},
"id": 5,
"links": [
],
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
}
},
"pluginVersion": "7",
"targets": [
{
"expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"title": "Actual Volume Count",
"transparent": false,
"type": "stat"
},
{
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": [
],
"mappings": [
],
"thresholds": {
"mode": "absolute",
"steps": [
]
},
"unit": "none"
}
},
"gridPos": {
"h": 7,
"w": 4,
"x": 16,
"y": 0
},
"id": 6,
"links": [
],
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
}
},
"pluginVersion": "7",
"targets": [
{
"expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"title": "Desired Volume Count",
"transparent": false,
"type": "stat"
},
{
"datasource": "$datasource",
"fieldConfig": {
"defaults": {
"links": [
],
"mappings": [
],
"thresholds": {
"mode": "absolute",
"steps": [
]
},
"unit": "none"
}
},
"gridPos": {
"h": 7,
"w": 4,
"x": 20,
"y": 0
},
"id": 7,
"links": [
],
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
}
},
"pluginVersion": "7",
"targets": [
{
"expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"title": "Config Error Count",
"transparent": false,
"type": "stat"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 7
},
"id": 8,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (operation_type, instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Operation Rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 7
},
"id": 9,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Operation Error Rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 24,
"x": 0,
"y": 14
},
"id": 10,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Operation duration 99th quantile",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 21
},
"id": 11,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} pod",
"refId": "A"
},
{
"expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} worker",
"refId": "B"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Pod Start Rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 21
},
"id": 12,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} pod",
"refId": "A"
},
{
"expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} worker",
"refId": "B"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Pod Start Duration",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 28
},
"id": 13,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Storage Operation Rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 28
},
"id": 14,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Storage Operation Error Rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 24,
"x": 0,
"y": 35
},
"id": 15,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Storage Operation Duration 99th quantile",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 42
},
"id": 16,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}operation_type{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Cgroup manager operation rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 42
},
"id": 17,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Cgroup manager 99th quantile",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"description": "Pod lifecycle event generator",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 0,
"y": 49
},
"id": 18,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "PLEG relist rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 49
},
"id": 19,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "PLEG relist interval",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 24,
"x": 0,
"y": 56
},
"id": 20,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "PLEG relist duration",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 24,
"x": 0,
"y": 63
},
"id": 21,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "2xx",
"refId": "A"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "3xx",
"refId": "B"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "4xx",
"refId": "C"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "5xx",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "RPC Rate",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 24,
"x": 0,
"y": 70
},
"id": 22,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, verb, url, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Request duration 99th quantile",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 8,
"x": 0,
"y": 77
},
"id": 23,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 8,
"x": 8,
"y": 77
},
"id": 24,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU usage",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
"h": 7,
"w": 8,
"x": 16,
"y": 77
},
"id": 25,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{cluster=\"$cluster\",job=\"kubelet\", metrics_path=\"/metrics\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"refresh": "10s",
"rows": [
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(kubelet_runtime_operations_total{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, instance)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Kubelet",
"uid": "3138fa155d5915769fbded898ac09fd9",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-pod.yaml
================================================
{{- /*
Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
namespace-by-pod.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"panels": [
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 2,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"decimals": 0,
"format": "time_series",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 1
},
"height": 9,
"id": 3,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"minSpan": 12,
"nullPointMode": "connected",
"nullText": null,
"options": {
"fieldOptions": {
"calcs": [
"last"
],
"defaults": {
"max": 10000000000,
"min": 0,
"title": "$namespace",
"unit": "Bps"
},
"mappings": [
],
"override": {
},
"thresholds": [
{
"color": "dark-green",
"index": 0,
"value": null
},
{
"color": "dark-yellow",
"index": 1,
"value": 5000000000
},
{
"color": "dark-red",
"index": 2,
"value": 7000000000
}
],
"values": false
}
},
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 12,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))",
"format": "time_series",
"instant": null,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Received",
"type": "gauge",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"decimals": 0,
"format": "time_series",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 1
},
"height": 9,
"id": 4,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"minSpan": 12,
"nullPointMode": "connected",
"nullText": null,
"options": {
"fieldOptions": {
"calcs": [
"last"
],
"defaults": {
"max": 10000000000,
"min": 0,
"title": "$namespace",
"unit": "Bps"
},
"mappings": [
],
"override": {
},
"thresholds": [
{
"color": "dark-green",
"index": 0,
"value": null
},
{
"color": "dark-yellow",
"index": 1,
"value": 5000000000
},
{
"color": "dark-red",
"index": 2,
"value": 7000000000
}
],
"values": false
}
},
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 12,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))",
"format": "time_series",
"instant": null,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Transmitted",
"type": "gauge",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"columns": [
{
"text": "Time",
"value": "Time"
},
{
"text": "Value #A",
"value": "Value #A"
},
{
"text": "Value #B",
"value": "Value #B"
},
{
"text": "Value #C",
"value": "Value #C"
},
{
"text": "Value #D",
"value": "Value #D"
},
{
"text": "Value #E",
"value": "Value #E"
},
{
"text": "Value #F",
"value": "Value #F"
},
{
"text": "pod",
"value": "pod"
}
],
"datasource": "$datasource",
"fill": 1,
"fontSize": "100%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"lines": true,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null as zero",
"renderer": "flot",
"scroll": true,
"showHeader": true,
"sort": {
"col": 0,
"desc": false
},
"spaceLength": 10,
"span": 24,
"styles": [
{
"alias": "Time",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Time",
"thresholds": [
],
"type": "hidden",
"unit": "short"
},
{
"alias": "Bandwidth Received",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Bandwidth Transmitted",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Rate of Received Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Received Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Pod",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTooltip": "Drill down",
"linkUrl": "d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=$__cell",
"pattern": "pod",
"thresholds": [
],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
}
],
"timeFrom": null,
"timeShift": null,
"title": "Current Status",
"type": "table"
},
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 19
},
"id": 6,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 20
},
"id": 7,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 20
},
"id": 8,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 29
},
"id": 9,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 30
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 30
},
"id": 11,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Packets",
"titleSize": "h6",
"type": "row"
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 30
},
"id": 12,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 40
},
"id": 13,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 40
},
"id": 14,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Errors",
"titleSize": "h6",
"type": "row"
}
],
"refresh": "10s",
"rows": [
],
"schemaVersion": 18,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".+",
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "kube-system",
"value": "kube-system"
},
"datasource": "$datasource",
"definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "resolution",
"options": [
{
"selected": false,
"text": "30s",
"value": "30s"
},
{
"selected": true,
"text": "5m",
"value": "5m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
}
],
"query": "30s,5m,1h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 2,
"includeAll": false,
"label": null,
"multi": false,
"name": "interval",
"options": [
{
"selected": true,
"text": "4h",
"value": "4h"
}
],
"query": "4h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Networking / Namespace (Pods)",
"uid": "8b7a8b326d7a6f1f04244066368c67af",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/namespace-by-workload.yaml
================================================
{{- /*
Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
namespace-by-workload.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"panels": [
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 2,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 1
},
"id": 3,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} workload {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Received",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 1
},
"id": 4,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} workload {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Transmitted",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"columns": [
{
"text": "Time",
"value": "Time"
},
{
"text": "Value #A",
"value": "Value #A"
},
{
"text": "Value #B",
"value": "Value #B"
},
{
"text": "Value #C",
"value": "Value #C"
},
{
"text": "Value #D",
"value": "Value #D"
},
{
"text": "Value #E",
"value": "Value #E"
},
{
"text": "Value #F",
"value": "Value #F"
},
{
"text": "Value #G",
"value": "Value #G"
},
{
"text": "Value #H",
"value": "Value #H"
},
{
"text": "workload",
"value": "workload"
}
],
"datasource": "$datasource",
"fill": 1,
"fontSize": "90%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"lines": true,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null as zero",
"renderer": "flot",
"scroll": true,
"showHeader": true,
"sort": {
"col": 0,
"desc": false
},
"spaceLength": 10,
"span": 24,
"styles": [
{
"alias": "Time",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Time",
"thresholds": [
],
"type": "hidden",
"unit": "short"
},
{
"alias": "Current Bandwidth Received",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Current Bandwidth Transmitted",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Average Bandwidth Received",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #C",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Average Bandwidth Transmitted",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #D",
"thresholds": [
],
"type": "number",
"unit": "Bps"
},
{
"alias": "Rate of Received Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #E",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #F",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Received Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #G",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Rate of Transmitted Packets Dropped",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #H",
"thresholds": [
],
"type": "number",
"unit": "pps"
},
{
"alias": "Workload",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTooltip": "Drill down",
"linkUrl": "d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=$__cell",
"pattern": "workload",
"thresholds": [
],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
},
{
"expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "C",
"step": 10
},
{
"expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "D",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "E",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "F",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "G",
"step": 10
},
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "H",
"step": 10
}
],
"timeFrom": null,
"timeShift": null,
"title": "Current Status",
"type": "table"
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 19
},
"id": 6,
"panels": [
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 20
},
"id": 7,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} workload {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Rate of Bytes Received",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 20
},
"id": 8,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} workload {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Rate of Bytes Transmitted",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Average Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 29
},
"id": 9,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth HIstory",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 38
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 38
},
"id": 11,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 39
},
"id": 12,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 40
},
"id": 13,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 40
},
"id": 14,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Packets",
"titleSize": "h6",
"type": "row"
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 40
},
"id": 15,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 41
},
"id": 16,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 41
},
"id": 17,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}workload{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Errors",
"titleSize": "h6",
"type": "row"
}
],
"refresh": "10s",
"rows": [
],
"schemaVersion": 18,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "kube-system",
"value": "kube-system"
},
"datasource": "$datasource",
"definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "deployment",
"value": "deployment"
},
"datasource": "$datasource",
"definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "type",
"options": [
],
"query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "resolution",
"options": [
{
"selected": false,
"text": "30s",
"value": "30s"
},
{
"selected": true,
"text": "5m",
"value": "5m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
}
],
"query": "30s,5m,1h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 2,
"includeAll": false,
"label": null,
"multi": false,
"name": "interval",
"options": [
{
"selected": true,
"text": "4h",
"value": "4h"
}
],
"query": "4h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Networking / Namespace (Workload)",
"uid": "bbb2a765a623ae38130206c7d94a160f",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml
================================================
{{- /*
Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
node-cluster-rsrc-use.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\"}\n*\n instance:node_num_cpu:sum{job=\"node-exporter\"}\n)\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\"}))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Saturation (load1 per CPU)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\"}))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Saturation (Major Page Faults)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "rps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "/ Receive/",
"stack": "A"
},
{
"alias": "/ Transmit/",
"stack": "B",
"transform": "negative-Y"
}
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Receive",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
},
{
"expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Transmit",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Net Utilisation (Bytes Receive/Transmit)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "/ Receive/",
"stack": "A"
},
{
"alias": "/ Transmit/",
"stack": "B",
"transform": "negative-Y"
}
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Receive",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
},
{
"expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} Transmit",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Net Saturation (Drops Receive/Transmit)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "rps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Network",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk IO Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk IO Saturation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Disk IO",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum without (device) (\n max without (fstype, mountpoint) (\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"} - node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\"}\n )\n) \n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"})))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"legendLink": "/dashboard/file/node-rsrc-use.json",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk Space Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Disk Space",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "utc",
"title": "USE Method / Cluster",
"uid": "",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/node-rsrc-use.yaml
================================================
{{- /*
Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
node-rsrc-use.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Utilisation",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Saturation",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Saturation (Load1 per CPU)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "CPU",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Memory",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Major page faults",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Saturation (Major Page Faults)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Memory",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "/Receive/",
"stack": "A"
},
{
"alias": "/Transmit/",
"stack": "B",
"transform": "negative-Y"
}
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Receive",
"legendLink": null,
"step": 10
},
{
"expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Transmit",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Net Utilisation (Bytes Receive/Transmit)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "/Receive/",
"stack": "A"
},
{
"alias": "/Transmit/",
"stack": "B",
"transform": "negative-Y"
}
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Receive drops",
"legendLink": null,
"step": 10
},
{
"expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Transmit drops",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Net Saturation (Drops Receive/Transmit)",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "rps",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Net",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk IO Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk IO Saturation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Disk IO",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": false,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "1 -\n(\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n/\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk Space Utilisation",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Disk Space",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": "prod",
"value": "prod"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": "instance",
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(up{job=\"node-exporter\"}, instance)",
"refresh": 1,
"regex": "",
"sort": 2,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "utc",
"title": "USE Method / Node",
"uid": "",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/nodes.yaml
================================================
{{- /*
Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
nodes.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 2,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(\n (1 - rate(node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"}[$__rate_interval]))\n/ ignoring(cpu) group_left\n count without (cpu)( node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n",
"format": "time_series",
"intervalFactor": 5,
"legendFormat": "{{`{{`}}cpu{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU Usage",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
},
{
"format": "percentunit",
"label": null,
"logBase": 1,
"max": 1,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 0,
"fillGradient": 0,
"gridPos": {
},
"id": 3,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "1m load average",
"refId": "A"
},
{
"expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "5m load average",
"refId": "B"
},
{
"expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "15m load average",
"refId": "C"
},
{
"expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "logical cores",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Load Average",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 9,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "memory used",
"refId": "A"
},
{
"expr": "node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "memory buffers",
"refId": "B"
},
{
"expr": "node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "memory cached",
"refId": "C"
},
{
"expr": "node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "memory free",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory Usage",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "$datasource",
"format": "percent",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": true,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 5,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"})\n/\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "80, 90",
"title": "Memory Usage",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 0,
"fillGradient": 0,
"gridPos": {
},
"id": 6,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
{
"alias": "/ read| written/",
"yaxis": 1
},
{
"alias": "/ io time/",
"yaxis": 2
}
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}} read",
"refId": "A"
},
{
"expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}} written",
"refId": "B"
},
{
"expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}} io time",
"refId": "C"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk I/O",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 7,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
{
"alias": "used",
"color": "#E0B400"
},
{
"alias": "available",
"color": "#73BF69"
}
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(\n max by (device) (\n node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "used",
"refId": "A"
},
{
"expr": "sum(\n max by (device) (\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "available",
"refId": "B"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Disk Space Usage",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 0,
"fillGradient": 0,
"gridPos": {
},
"id": 8,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Network Received",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 0,
"fillGradient": 0,
"gridPos": {
},
"id": 9,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}device{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Network Transmitted",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
],
"templating": {
"list": [
{
"current": {
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(node_exporter_build_info{job=\"node-exporter\"}, instance)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "Nodes",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml
================================================
{{- /*
Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
persistentvolumesusage.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 2,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"max": true,
"min": true,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 9,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Used Space",
"refId": "A"
},
{
"expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Free Space",
"refId": "B"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Volume Space Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "$datasource",
"format": "percent",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": true,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 3,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "80, 90",
"title": "Volume Space Usage",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": true,
"avg": true,
"current": true,
"max": true,
"min": true,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 9,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "Used inodes",
"refId": "A"
},
{
"expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": " Free inodes",
"refId": "B"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Volume inodes Usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"rgba(50, 172, 45, 0.97)",
"rgba(237, 129, 40, 0.89)",
"rgba(245, 54, 54, 0.9)"
],
"datasource": "$datasource",
"format": "percent",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": true,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 5,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "80, 90",
"title": "Volume inodes Usage",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kubelet_volume_stats_capacity_bytes, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": "Namespace",
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\"}, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": "PersistentVolumeClaim",
"multi": false,
"name": "volume",
"options": [
],
"query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"kubelet\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-7d",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Persistent Volumes",
"uid": "919b92a8e8041bd567af9edab12c840c",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/pod-total.yaml
================================================
{{- /*
Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
pod-total.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"panels": [
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 2,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"decimals": 0,
"format": "time_series",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 1
},
"height": 9,
"id": 3,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"minSpan": 12,
"nullPointMode": "connected",
"nullText": null,
"options": {
"fieldOptions": {
"calcs": [
"last"
],
"defaults": {
"max": 10000000000,
"min": 0,
"title": "$namespace: $pod",
"unit": "Bps"
},
"mappings": [
],
"override": {
},
"thresholds": [
{
"color": "dark-green",
"index": 0,
"value": null
},
{
"color": "dark-yellow",
"index": 1,
"value": 5000000000
},
{
"color": "dark-red",
"index": 2,
"value": 7000000000
}
],
"values": false
}
},
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 12,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))",
"format": "time_series",
"instant": null,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Received",
"type": "gauge",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"decimals": 0,
"format": "time_series",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 1
},
"height": 9,
"id": 4,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"minSpan": 12,
"nullPointMode": "connected",
"nullText": null,
"options": {
"fieldOptions": {
"calcs": [
"last"
],
"defaults": {
"max": 10000000000,
"min": 0,
"title": "$namespace: $pod",
"unit": "Bps"
},
"mappings": [
],
"override": {
},
"thresholds": [
{
"color": "dark-green",
"index": 0,
"value": null
},
{
"color": "dark-yellow",
"index": 1,
"value": 5000000000
},
{
"color": "dark-red",
"index": 2,
"value": 7000000000
}
],
"values": false
}
},
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 12,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))",
"format": "time_series",
"instant": null,
"intervalFactor": 1,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Transmitted",
"type": "gauge",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "current"
},
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 11
},
"id": 6,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 11
},
"id": 7,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 20
},
"id": 8,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 21
},
"id": 9,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 21
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Packets",
"titleSize": "h6",
"type": "row"
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 21
},
"id": 11,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 0,
"y": 32
},
"id": 12,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 10,
"w": 12,
"x": 12,
"y": 32
},
"id": 13,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Errors",
"titleSize": "h6",
"type": "row"
}
],
"refresh": "10s",
"rows": [
],
"schemaVersion": 18,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".+",
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "kube-system",
"value": "kube-system"
},
"datasource": "$datasource",
"definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".+",
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "pod",
"options": [
],
"query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "resolution",
"options": [
{
"selected": false,
"text": "30s",
"value": "30s"
},
{
"selected": true,
"text": "5m",
"value": "5m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
}
],
"query": "30s,5m,1h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 2,
"includeAll": false,
"label": null,
"multi": false,
"name": "interval",
"options": [
{
"selected": true,
"text": "4h",
"value": "4h"
}
],
"query": "4h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Networking / Pod",
"uid": "7a18067ce943a40ae25454675c19ff5c",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml
================================================
{{- /*
Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
prometheus-remote-write.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "60s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 2,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Highest Timestamp In vs. Highest Timestamp Sent",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 3,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate[5m]",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Timestamps",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate, in vs. succeeded or dropped [5m]",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Samples",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 5,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"minSpan": 6,
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Shards",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 6,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Max Shards",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 7,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Min Shards",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 8,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Desired Shards",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Shards",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 9,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Shard Capacity",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Pending Samples",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Shard Details",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 11,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "TSDB Current Segment",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 12,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}consumer{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Remote Write Current Segment",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Segments",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 13,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Dropped Samples",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 14,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Failed Samples",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 15,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Retried Samples",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 16,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 3,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Enqueue Retries",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Misc. Rates",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"prometheus-mixin"
],
"templating": {
"list": [
{
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
"text": {
"selected": true,
"text": "All",
"value": "$__all"
},
"value": {
"selected": true,
"text": "All",
"value": "$__all"
}
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(prometheus_build_info, instance)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
"text": {
"selected": true,
"text": "All",
"value": "$__all"
},
"value": {
"selected": true,
"text": "All",
"value": "$__all"
}
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": true,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_container_info{image=~\".*prometheus.*\"}, cluster)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "url",
"options": [
],
"query": "label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "Prometheus / Remote Write",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/prometheus.yaml
================================================
{{- /*
Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
prometheus.json: |-
{
"annotations": {
"list": [
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"links": [
],
"refresh": "60s",
"rows": [
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 1,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "hidden"
},
{
"alias": "Count",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #A",
"thresholds": [
],
"type": "hidden",
"unit": "short"
},
{
"alias": "Uptime",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "Value #B",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Instance",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "instance",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Job",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "job",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "Version",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": false,
"linkTooltip": "Drill down",
"linkUrl": "",
"pattern": "version",
"thresholds": [
],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"pattern": "/.*/",
"thresholds": [
],
"type": "string",
"unit": "short"
}
],
"targets": [
{
"expr": "count by (job, instance, version) (prometheus_build_info{job=~\"$job\", instance=~\"$instance\"})",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "A",
"step": 10
},
{
"expr": "max by (job, instance) (time() - process_start_time_seconds{job=~\"$job\", instance=~\"$instance\"})",
"format": "table",
"instant": true,
"intervalFactor": 2,
"legendFormat": "",
"refId": "B",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Prometheus Stats",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"transform": "table",
"type": "table",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Prometheus Stats",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(prometheus_target_sync_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m])) by (scrape_job) * 1e3",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}scrape_job{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Target Sync",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 3,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum(prometheus_sd_discovered_targets{job=~\"$job\",instance=~\"$instance\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "Targets",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Targets",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Discovery",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"id": 4,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(prometheus_target_interval_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}interval{{`}}`}} configured",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Scrape Interval Duration",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 5,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total[1m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "exceeded body size limit: {{`{{`}}job{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "exceeded sample limit: {{`{{`}}job{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "sum by (job) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total[1m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "duplicate timestamp: {{`{{`}}job{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_bounds_total[1m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "out of bounds: {{`{{`}}job{{`}}`}}",
"legendLink": null,
"step": 10
},
{
"expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_order_total[1m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "out of order: {{`{{`}}job{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Scrape failures",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 6,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "rate(prometheus_tsdb_head_samples_appended_total{job=~\"$job\",instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Appended Samples",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Retrieval",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 7,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_tsdb_head_series{job=~\"$job\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head series",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Head Series",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 8,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "prometheus_tsdb_head_chunks{job=~\"$job\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head chunks",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Head Chunks",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Storage",
"titleSize": "h6"
},
{
"collapse": false,
"height": "250px",
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 9,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "rate(prometheus_engine_query_duration_seconds_count{job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Query Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 10,
"id": 10,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 0,
"links": [
],
"nullPointMode": "null as zero",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",job=~\"$job\",instance=~\"$instance\"}) * 1e3",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}slice{{`}}`}}",
"legendLink": null,
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Stage Duration",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ms",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": false
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Query",
"titleSize": "h6"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"prometheus-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": ".+",
"current": {
"selected": true,
"text": "All",
"value": "$__all"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": "job",
"multi": true,
"name": "job",
"options": [
],
"query": "label_values(prometheus_build_info, job)",
"refresh": 1,
"regex": "",
"sort": 2,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".+",
"current": {
"selected": true,
"text": "All",
"value": "$__all"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": "instance",
"multi": true,
"name": "instance",
"options": [
],
"query": "label_values(prometheus_build_info, instance)",
"refresh": 1,
"regex": "",
"sort": 2,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "utc",
"title": "Prometheus / Overview",
"uid": "",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/proxy.yaml
================================================
{{- /*
Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeProxy.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
proxy.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 2,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 2,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "sum(up{cluster=\"$cluster\", job=\"kube-proxy\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Up",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "min"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 3,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 5,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "rate",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rules Sync Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 5,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rule Sync Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 5,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "rate",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Network Programming Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 6,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 6,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\"}[5m])) by (instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Network Programming Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 7,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"2..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "2xx",
"refId": "A"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"3..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "3xx",
"refId": "B"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"4..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "4xx",
"refId": "C"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\",code=~\"5..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "5xx",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Kube API Request Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 8,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 8,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Post Request Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 9,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Get Request Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 11,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 12,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-proxy\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-proxy\"}, instance)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Proxy",
"uid": "632e265de029684c40b21cb76bca4f94",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/scheduler.yaml
================================================
{{- /*
Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeScheduler.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
scheduler.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "10s",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 2,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 2,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "sum(up{cluster=\"$cluster\", job=\"kube-scheduler\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Up",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "min"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 3,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 5,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e",
"refId": "A"
},
{
"expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding",
"refId": "B"
},
{
"expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm",
"refId": "C"
},
{
"expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])) by (cluster, instance)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Scheduling Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 4,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 5,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e",
"refId": "A"
},
{
"expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding",
"refId": "B"
},
{
"expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm",
"refId": "C"
},
{
"expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}[5m])) by (cluster, instance, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Scheduling latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 5,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"2..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "2xx",
"refId": "A"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"3..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "3xx",
"refId": "B"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"4..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "4xx",
"refId": "C"
},
{
"expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\",code=~\"5..\"}[5m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "5xx",
"refId": "D"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Kube API Request Rate",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "ops",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 6,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 8,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Post Request Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 7,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"total": false,
"values": true
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Get Request Latency 99th Quantile",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "s",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 8,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Memory",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 9,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\", instance=~\"$instance\"}[5m])",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "CPU usage",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "bytes",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 4,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "go_goroutines{cluster=\"$cluster\", job=\"kube-scheduler\",instance=~\"$instance\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{`{{`}}instance{{`}}`}}",
"refId": "A"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Goroutines",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "instance",
"options": [
],
"query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"kube-scheduler\"}, instance)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Scheduler",
"uid": "2e6b6a3b4bddf1427b3a55aa1311c656",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/statefulset.yaml
================================================
{{- /*
Generated from 'statefulset' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "statefulset" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
statefulset.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
]
},
"editable": false,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"refresh": "",
"rows": [
{
"collapse": false,
"collapsed": false,
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 2,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "cores",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 4,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(rate(container_cpu_usage_seconds_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "CPU",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "0",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 3,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "GB",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 4,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(container_memory_usage_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}) / 1024^3",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Memory",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "0",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 4,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "Bps",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 4,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"lineColor": "rgb(31, 120, 193)",
"show": true
},
"tableColumn": "",
"targets": [
{
"expr": "sum(rate(container_network_transmit_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",pod=~\"$statefulset.*\"}[3m]))",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Network",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "0",
"value": "null"
}
],
"valueName": "current"
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"height": "100px",
"panels": [
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 5,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Desired Replicas",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "0",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 6,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Replicas of current version",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "0",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 7,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "max(kube_statefulset_status_observed_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Observed Generation",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "0",
"value": "null"
}
],
"valueName": "current"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "$datasource",
"format": "none",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
},
"id": 8,
"interval": null,
"links": [
],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"span": 3,
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"expr": "max(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"refId": "A"
}
],
"thresholds": "",
"title": "Metadata Generation",
"tooltip": {
"shared": false
},
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "0",
"value": "null"
}
],
"valueName": "current"
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 1,
"fillGradient": 0,
"gridPos": {
},
"id": 9,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [
],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "replicas specified",
"refId": "A"
},
{
"expr": "max(kube_statefulset_status_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "replicas created",
"refId": "B"
},
{
"expr": "min(kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "ready",
"refId": "C"
},
{
"expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "replicas of current version",
"refId": "D"
},
{
"expr": "min(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "updated",
"refId": "E"
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Replicas",
"tooltip": {
"shared": false,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": false,
"title": "Dashboard Row",
"titleSize": "h6",
"type": "row"
}
],
"schemaVersion": 14,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": "cluster",
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_statefulset_metadata_generation, cluster)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": "Namespace",
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": "Name",
"multi": false,
"name": "statefulset",
"options": [
],
"query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, statefulset)",
"refresh": 2,
"regex": "",
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / StatefulSets",
"uid": "a31c1f46e6f727cb37c0d731a7245005",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/dashboards-1.14/workload-total.yaml
================================================
{{- /*
Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }}
annotations:
{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }}
labels:
{{- if $.Values.grafana.sidecar.dashboards.label }}
{{ $.Values.grafana.sidecar.dashboards.label }}: "1"
{{- end }}
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
data:
workload-total.json: |-
{
"__inputs": [
],
"__requires": [
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"hideControls": false,
"id": null,
"links": [
],
"panels": [
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 2,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Current Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 1
},
"id": 3,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} pod {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Received",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 1
},
"id": 4,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} pod {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Current Rate of Bytes Transmitted",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 10
},
"id": 5,
"panels": [
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 11
},
"id": 6,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} pod {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Rate of Bytes Received",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": true,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 11
},
"id": 7,
"legend": {
"alignAsTable": true,
"avg": false,
"current": true,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"sideWidth": null,
"sort": "current",
"sortDesc": true,
"total": false,
"values": true
},
"lines": false,
"linewidth": 1,
"links": [
],
"minSpan": 24,
"nullPointMode": "null",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 24,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}} pod {{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Average Rate of Bytes Transmitted",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "series",
"name": null,
"show": false,
"values": [
"current"
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Average Bandwidth",
"titleSize": "h6",
"type": "row"
},
{
"collapse": false,
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 11
},
"id": 8,
"panels": [
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Bandwidth HIstory",
"titleSize": "h6",
"type": "row"
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 12
},
"id": 9,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Receive Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 12
},
"id": 10,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Transmit Bandwidth",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "Bps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 21
},
"id": 11,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 22
},
"id": 12,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 22
},
"id": 13,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Packets",
"titleSize": "h6",
"type": "row"
},
{
"collapse": true,
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 22
},
"id": 14,
"panels": [
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 23
},
"id": 15,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Received Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
},
{
"aliasColors": {
},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "$datasource",
"fill": 2,
"fillGradient": 0,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 23
},
"id": 16,
"legend": {
"alignAsTable": false,
"avg": false,
"current": false,
"hideEmpty": true,
"hideZero": true,
"max": false,
"min": false,
"rightSide": false,
"show": true,
"sideWidth": null,
"total": false,
"values": false
},
"lines": true,
"linewidth": 2,
"links": [
],
"minSpan": 12,
"nullPointMode": "connected",
"paceLength": 10,
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"repeat": null,
"seriesOverrides": [
],
"spaceLength": 10,
"span": 12,
"stack": true,
"steppedLine": false,
"targets": [
{
"expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{`{{`}}pod{{`}}`}}",
"refId": "A",
"step": 10
}
],
"thresholds": [
],
"timeFrom": null,
"timeShift": null,
"title": "Rate of Transmitted Packets Dropped",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": [
]
},
"yaxes": [
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
},
{
"format": "pps",
"label": null,
"logBase": 1,
"max": null,
"min": 0,
"show": true
}
]
}
],
"repeat": null,
"repeatIteration": null,
"repeatRowId": null,
"showTitle": true,
"title": "Errors",
"titleSize": "h6",
"type": "row"
}
],
"refresh": "10s",
"rows": [
],
"schemaVersion": 18,
"style": "dark",
"tags": [
"kubernetes-mixin"
],
"templating": {
"list": [
{
"current": {
"text": "default",
"value": "default"
},
"hide": 0,
"label": null,
"name": "datasource",
"options": [
],
"query": "prometheus",
"refresh": 1,
"regex": "",
"type": "datasource"
},
{
"allValue": null,
"current": {
},
"datasource": "$datasource",
"hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }},
"includeAll": false,
"label": null,
"multi": false,
"name": "cluster",
"options": [
],
"query": "label_values(kube_pod_info, cluster)",
"refresh": 2,
"regex": "",
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".+",
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "kube-system",
"value": "kube-system"
},
"datasource": "$datasource",
"definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"hide": 0,
"includeAll": true,
"label": null,
"multi": false,
"name": "namespace",
"options": [
],
"query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "",
"value": ""
},
"datasource": "$datasource",
"definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "workload",
"options": [
],
"query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "deployment",
"value": "deployment"
},
"datasource": "$datasource",
"definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "type",
"options": [
],
"query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 0,
"includeAll": false,
"label": null,
"multi": false,
"name": "resolution",
"options": [
{
"selected": false,
"text": "30s",
"value": "30s"
},
{
"selected": true,
"text": "5m",
"value": "5m"
},
{
"selected": false,
"text": "1h",
"value": "1h"
}
],
"query": "30s,5m,1h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
},
{
"allValue": null,
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"text": "5m",
"value": "5m"
},
"datasource": "$datasource",
"hide": 2,
"includeAll": false,
"label": null,
"multi": false,
"name": "interval",
"options": [
{
"selected": true,
"text": "4h",
"value": "4h"
}
],
"query": "4h",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [
],
"tagsQuery": "",
"type": "interval",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "UTC",
"title": "Kubernetes / Networking / Workload",
"uid": "728bf77cc1166d2f3133bf25846876cc",
"version": 0
}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/grafana/servicemonitor.yaml
================================================
{{- if and .Values.grafana.enabled .Values.grafana.serviceMonitor.selfMonitor }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-grafana
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-grafana
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: grafana
app.kubernetes.io/instance: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
endpoints:
- port: {{ .Values.grafana.service.portName }}
{{- if .Values.grafana.serviceMonitor.interval }}
interval: {{ .Values.grafana.serviceMonitor.interval }}
{{- end }}
path: {{ .Values.grafana.serviceMonitor.path | quote }}
{{- if .Values.grafana.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.grafana.serviceMonitor.metricRelabelings | indent 6) . }}
{{- end }}
{{- if .Values.grafana.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.grafana.serviceMonitor.relabelings | indent 6 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/_rules.tpl
================================================
{{- /*
Generated file. Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- define "rules.names" }}
rules:
- "alertmanager.rules"
- "general.rules"
- "k8s.rules"
- "kube-apiserver.rules"
- "kube-apiserver-availability.rules"
- "kube-apiserver-error"
- "kube-apiserver-slos"
- "kube-prometheus-general.rules"
- "kube-prometheus-node-alerting.rules"
- "kube-prometheus-node-recording.rules"
- "kube-scheduler.rules"
- "kube-state-metrics"
- "kubelet.rules"
- "kubernetes-absent"
- "kubernetes-resources"
- "kubernetes-storage"
- "kubernetes-system"
- "kubernetes-system-apiserver"
- "kubernetes-system-kubelet"
- "kubernetes-system-controller-manager"
- "kubernetes-system-scheduler"
- "node-exporter.rules"
- "node-exporter"
- "node.rules"
- "node-network"
- "node-time"
- "prometheus-operator"
- "prometheus.rules"
- "prometheus"
- "kubernetes-apps"
- "etcd"
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/additionalAlertRelabelConfigs.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }}
annotations:
{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-relabel-confg
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
data:
additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/additionalAlertmanagerConfigs.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }}
annotations:
{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-confg
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
data:
additional-alertmanager-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs | b64enc | quote }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/additionalPrometheusRules.yaml
================================================
{{- if or .Values.additionalPrometheusRules .Values.additionalPrometheusRulesMap}}
apiVersion: v1
kind: List
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-additional-prometheus-rules
namespace: {{ template "kube-prometheus-stack.namespace" . }}
items:
{{- if .Values.additionalPrometheusRulesMap }}
{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }}
- apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "kube-prometheus-stack.name" $ }}-{{ $prometheusRuleName }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if $prometheusRule.additionalLabels }}
{{ toYaml $prometheusRule.additionalLabels | indent 8 }}
{{- end }}
spec:
groups:
{{ toYaml $prometheusRule.groups| indent 8 }}
{{- end }}
{{- else }}
{{- range .Values.additionalPrometheusRules }}
- apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ template "kube-prometheus-stack.name" $ }}-{{ .name }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if .additionalLabels }}
{{ toYaml .additionalLabels | indent 8 }}
{{- end }}
spec:
groups:
{{ toYaml .groups| indent 8 }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/additionalScrapeConfigs.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }}
annotations:
{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus-scrape-confg
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
data:
additional-scrape-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs) $ | b64enc | quote }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/clusterrole.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
rules:
# This permission are not in the kube-prometheus repo
# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml
- apiGroups: [""]
resources:
- nodes
- nodes/metrics
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups:
- "networking.k8s.io"
resources:
- ingresses
verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics", "/metrics/cadvisor"]
verbs: ["get"]
{{- if .Values.prometheus.additionalRulesForClusterRole }}
{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/clusterrolebinding.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.global.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/ingress.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled -}}
{{- $pathType := .Values.prometheus.ingress.pathType | default "" -}}
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" -}}
{{- $servicePort := .Values.prometheus.service.port -}}
{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix -}}
{{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}}
{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.prometheus.ingress.annotations }}
annotations:
{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }}
{{- end }}
name: {{ $serviceName }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheus.ingress.labels }}
{{ toYaml .Values.prometheus.ingress.labels | indent 4 }}
{{- end }}
spec:
{{- if $apiIsStable }}
{{- if .Values.prometheus.ingress.ingressClassName }}
ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }}
{{- end }}
{{- end }}
rules:
{{- if .Values.prometheus.ingress.hosts }}
{{- range $host := .Values.prometheus.ingress.hosts }}
- host: {{ tpl $host $ }}
http:
paths:
{{- range $p := $paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- range $p := $paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.prometheus.ingress.tls }}
tls:
{{ tpl (toYaml .Values.prometheus.ingress.tls | indent 4) . }}
{{- end -}}
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/ingressThanosSidecar.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }}
{{- $pathType := .Values.prometheus.thanosIngress.pathType | default "" }}
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }}
{{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}}
{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }}
{{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}}
{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.prometheus.thanosIngress.annotations }}
annotations:
{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }}
{{- end }}
name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheus.thanosIngress.labels }}
{{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }}
{{- end }}
spec:
{{- if $apiIsStable }}
{{- if .Values.prometheus.thanosIngress.ingressClassName }}
ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }}
{{- end }}
{{- end }}
rules:
{{- if .Values.prometheus.thanosIngress.hosts }}
{{- range $host := .Values.prometheus.thanosIngress.hosts }}
- host: {{ tpl $host $ }}
http:
paths:
{{- range $p := $paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $thanosPort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $thanosPort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- else }}
- http:
paths:
{{- range $p := $paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $thanosPort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $thanosPort }}
{{- end }}
{{- end -}}
{{- end -}}
{{- if .Values.prometheus.thanosIngress.tls }}
tls:
{{ toYaml .Values.prometheus.thanosIngress.tls | indent 4 }}
{{- end -}}
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/ingressperreplica.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }}
{{- $pathType := .Values.prometheus.ingressPerReplica.pathType | default "" }}
{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}}
{{- $servicePort := .Values.prometheus.servicePerReplica.port -}}
{{- $ingressValues := .Values.prometheus.ingressPerReplica -}}
{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}}
apiVersion: v1
kind: List
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-ingressperreplica
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
items:
{{ range $i, $e := until $count }}
- kind: Ingress
apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }}
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ include "kube-prometheus-stack.name" $ }}-prometheus
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if $ingressValues.labels }}
{{ toYaml $ingressValues.labels | indent 8 }}
{{- end }}
{{- if $ingressValues.annotations }}
annotations:
{{ toYaml $ingressValues.annotations | indent 8 }}
{{- end }}
spec:
{{- if $apiIsStable }}
{{- if $ingressValues.ingressClassName }}
ingressClassName: {{ $ingressValues.ingressClassName }}
{{- end }}
{{- end }}
rules:
- host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
http:
paths:
{{- range $p := $ingressValues.paths }}
- path: {{ tpl $p $ }}
{{- if and $pathType $ingressSupportsPathType }}
pathType: {{ $pathType }}
{{- end }}
backend:
{{- if $apiIsStable }}
service:
name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
tls:
- hosts:
- {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
{{- if $ingressValues.tlsSecretPerReplica.enabled }}
secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
{{- else }}
secretName: {{ $ingressValues.tlsSecretName }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/podDisruptionBudget.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
{{- if .Values.prometheus.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: prometheus
prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/podmonitors.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPodMonitors }}
apiVersion: v1
kind: List
items:
{{- range .Values.prometheus.additionalPodMonitors }}
- apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ .name }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-prometheus
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if .additionalLabels }}
{{ toYaml .additionalLabels | indent 8 }}
{{- end }}
spec:
podMetricsEndpoints:
{{ toYaml .podMetricsEndpoints | indent 8 }}
{{- if .jobLabel }}
jobLabel: {{ .jobLabel }}
{{- end }}
{{- if .namespaceSelector }}
namespaceSelector:
{{ toYaml .namespaceSelector | indent 8 }}
{{- end }}
selector:
{{ toYaml .selector | indent 8 }}
{{- if .podTargetLabels }}
podTargetLabels:
{{ toYaml .podTargetLabels | indent 8 }}
{{- end }}
{{- if .sampleLimit }}
sampleLimit: {{ .sampleLimit }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml
================================================
{{- if .Values.prometheus.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheus.annotations }}
annotations:
{{ toYaml .Values.prometheus.annotations | indent 4 }}
{{- end }}
spec:
alerting:
alertmanagers:
{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }}
{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }}
{{- else if .Values.alertmanager.enabled }}
- namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
port: {{ .Values.alertmanager.alertmanagerSpec.portName }}
{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
{{- end }}
apiVersion: {{ .Values.alertmanager.apiVersion }}
{{- else }}
[]
{{- end }}
{{- if .Values.prometheus.prometheusSpec.apiserverConfig }}
apiserverConfig:
{{ toYaml .Values.prometheus.prometheusSpec.apiserverConfig | indent 4}}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.image }}
image: {{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }}
version: {{ .Values.prometheus.prometheusSpec.image.tag }}
{{- if .Values.prometheus.prometheusSpec.image.sha }}
sha: {{ .Values.prometheus.prometheusSpec.image.sha }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.externalLabels }}
externalLabels:
{{ tpl (toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4) . }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }}
prometheusExternalLabelName: ""
{{- else if .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}
prometheusExternalLabelName: "{{ .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}"
{{- end }}
{{- if .Values.prometheus.prometheusSpec.replicaExternalLabelNameClear }}
replicaExternalLabelName: ""
{{- else if .Values.prometheus.prometheusSpec.replicaExternalLabelName }}
replicaExternalLabelName: "{{ .Values.prometheus.prometheusSpec.replicaExternalLabelName }}"
{{- end }}
{{- if .Values.prometheus.prometheusSpec.externalUrl }}
externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}"
{{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }}
externalUrl: "http://{{ tpl (index .Values.prometheus.ingress.hosts 0) . }}{{ .Values.prometheus.prometheusSpec.routePrefix }}"
{{- else }}
externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.nodeSelector }}
nodeSelector:
{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }}
{{- end }}
paused: {{ .Values.prometheus.prometheusSpec.paused }}
replicas: {{ .Values.prometheus.prometheusSpec.replicas }}
shards: {{ .Values.prometheus.prometheusSpec.shards }}
logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }}
logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }}
listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }}
enableAdminAPI: {{ .Values.prometheus.prometheusSpec.enableAdminAPI }}
{{- if .Values.prometheus.prometheusSpec.enableFeatures }}
enableFeatures:
{{- range $enableFeatures := .Values.prometheus.prometheusSpec.enableFeatures }}
- {{ tpl $enableFeatures $ }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.scrapeInterval }}
scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.scrapeTimeout }}
scrapeTimeout: {{ .Values.prometheus.prometheusSpec.scrapeTimeout }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.evaluationInterval }}
evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.resources }}
resources:
{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }}
{{- end }}
retention: {{ .Values.prometheus.prometheusSpec.retention | quote }}
{{- if .Values.prometheus.prometheusSpec.retentionSize }}
retentionSize: {{ .Values.prometheus.prometheusSpec.retentionSize | quote }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.walCompression }}
walCompression: {{ .Values.prometheus.prometheusSpec.walCompression }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.routePrefix }}
routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.secrets }}
secrets:
{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.configMaps }}
configMaps:
{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }}
{{- end }}
serviceAccountName: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }}
serviceMonitorSelector:
{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }}
{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }}
serviceMonitorSelector:
matchLabels:
release: {{ $.Release.Name | quote }}
{{ else }}
serviceMonitorSelector: {}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }}
serviceMonitorNamespaceSelector:
{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }}
{{ else }}
serviceMonitorNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.podMonitorSelector }}
podMonitorSelector:
{{ toYaml .Values.prometheus.prometheusSpec.podMonitorSelector | indent 4 }}
{{ else if .Values.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues }}
podMonitorSelector:
matchLabels:
release: {{ $.Release.Name | quote }}
{{ else }}
podMonitorSelector: {}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector }}
podMonitorNamespaceSelector:
{{ toYaml .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector | indent 4 }}
{{ else }}
podMonitorNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.probeSelector }}
probeSelector:
{{ toYaml .Values.prometheus.prometheusSpec.probeSelector | indent 4 }}
{{ else if .Values.prometheus.prometheusSpec.probeSelectorNilUsesHelmValues }}
probeSelector:
matchLabels:
release: {{ $.Release.Name | quote }}
{{ else }}
probeSelector: {}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.probeNamespaceSelector }}
probeNamespaceSelector:
{{ toYaml .Values.prometheus.prometheusSpec.probeNamespaceSelector | indent 4 }}
{{ else }}
probeNamespaceSelector: {}
{{- end }}
{{- if (or .Values.prometheus.prometheusSpec.remoteRead .Values.prometheus.prometheusSpec.additionalRemoteRead) }}
remoteRead:
{{- if .Values.prometheus.prometheusSpec.remoteRead }}
{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4) . }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.additionalRemoteRead }}
{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteRead | indent 4 }}
{{- end }}
{{- end }}
{{- if (or .Values.prometheus.prometheusSpec.remoteWrite .Values.prometheus.prometheusSpec.additionalRemoteWrite) }}
remoteWrite:
{{- if .Values.prometheus.prometheusSpec.remoteWrite }}
{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4) . }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.additionalRemoteWrite }}
{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteWrite | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.securityContext }}
securityContext:
{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }}
ruleNamespaceSelector:
{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }}
{{ else }}
ruleNamespaceSelector: {}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.ruleSelector }}
ruleSelector:
{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}}
{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }}
ruleSelector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}
release: {{ $.Release.Name | quote }}
{{ else }}
ruleSelector: {}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.storageSpec }}
storage:
{{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.podMetadata }}
podMetadata:
{{ tpl (toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4) . }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.query }}
query:
{{ toYaml .Values.prometheus.prometheusSpec.query | indent 4}}
{{- end }}
{{- if or .Values.prometheus.prometheusSpec.podAntiAffinity .Values.prometheus.prometheusSpec.affinity }}
affinity:
{{- if .Values.prometheus.prometheusSpec.affinity }}
{{ toYaml .Values.prometheus.prometheusSpec.affinity | indent 4 }}
{{- end }}
{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
- {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]}
{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }}
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }}
labelSelector:
matchExpressions:
- {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
- {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]}
{{- end }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.tolerations }}
tolerations:
{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml .Values.prometheus.prometheusSpec.topologySpreadConstraints | indent 4 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigs }}
additionalScrapeConfigs:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg
key: additional-scrape-configs.yaml
{{- end }}
{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.enabled }}
additionalScrapeConfigs:
name: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.name }}
key: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.key }}
{{- end }}
{{- if or .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret }}
additionalAlertManagerConfigs:
{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }}
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg
key: additional-alertmanager-configs.yaml
{{- end }}
{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret }}
name: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.name }}
key: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.key }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }}
additionalAlertRelabelConfigs:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg
key: additional-alert-relabel-configs.yaml
{{- end }}
{{- if .Values.prometheus.prometheusSpec.containers }}
containers:
{{ toYaml .Values.prometheus.prometheusSpec.containers | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.initContainers }}
initContainers:
{{ toYaml .Values.prometheus.prometheusSpec.initContainers | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.priorityClassName }}
priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.thanos }}
thanos:
{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.disableCompaction }}
disableCompaction: {{ .Values.prometheus.prometheusSpec.disableCompaction }}
{{- end }}
portName: {{ .Values.prometheus.prometheusSpec.portName }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.volumes }}
volumes:
{{ toYaml .Values.prometheus.prometheusSpec.volumes | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.volumeMounts }}
volumeMounts:
{{ toYaml .Values.prometheus.prometheusSpec.volumeMounts | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs }}
arbitraryFSAccessThroughSMs:
{{ toYaml .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs | indent 4 }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.overrideHonorLabels }}
overrideHonorLabels: {{ .Values.prometheus.prometheusSpec.overrideHonorLabels }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.overrideHonorTimestamps }}
overrideHonorTimestamps: {{ .Values.prometheus.prometheusSpec.overrideHonorTimestamps }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }}
enforcedNamespaceLabel: {{ .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }}
{{- $prometheusDefaultRulesExcludedFromEnforce := (include "rules.names" .) | fromYaml }}
prometheusRulesExcludedFromEnforce:
{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }}
- ruleNamespace: "{{ template "kube-prometheus-stack.namespace" $ }}"
ruleName: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}"
{{- end }}
{{- if .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce }}
{{ toYaml .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce | indent 4 }}
{{- end }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.queryLogFile }}
queryLogFile: {{ .Values.prometheus.prometheusSpec.queryLogFile }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.enforcedSampleLimit }}
enforcedSampleLimit: {{ .Values.prometheus.prometheusSpec.enforcedSampleLimit }}
{{- end }}
{{- if .Values.prometheus.prometheusSpec.allowOverlappingBlocks }}
allowOverlappingBlocks: {{ .Values.prometheus.prometheusSpec.allowOverlappingBlocks }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrole.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
rules:
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
- apiGroups: ['policy']
{{- else }}
- apiGroups: ['extensions']
{{- end }}
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "kube-prometheus-stack.fullname" . }}-prometheus
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/psp-clusterrolebinding.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/psp.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{- if .Values.global.rbac.pspAnnotations }}
annotations:
{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
{{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
privileged: false
# Required to prevent escalations to root.
# allowPrivilegeEscalation: false
# This is redundant with non-root + disallow privilege escalation,
# but we can provide it for defense in depth.
#requiredDropCapabilities:
# - ALL
# Allow core volume types.
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
{{- if .Values.prometheus.podSecurityPolicy.volumes }}
{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }}
{{- end }}
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
# Permits the container to run with root privileges as well.
rule: 'RunAsAny'
seLinux:
# This policy assumes the nodes are using AppArmor rather than SELinux.
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
readOnlyRootFilesystem: false
{{- if .Values.prometheus.podSecurityPolicy.allowedCapabilities }}
allowedCapabilities:
{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }}
{{- end }}
{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }}
allowedHostPaths:
{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/alertmanager.rules.yaml
================================================
{{- /*
Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/alertmanager-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }}
{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: alertmanager.rules
rules:
- alert: AlertmanagerFailedReload
annotations:
description: Configuration has failed to load for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerfailedreload
summary: Reloading an Alertmanager configuration has failed.
expr: |-
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
max_over_time(alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) == 0
for: 10m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AlertmanagerMembersInconsistent
annotations:
description: Alertmanager {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} has only found {{`{{`}} $value {{`}}`}} members of the {{`{{`}}$labels.job{{`}}`}} cluster.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagermembersinconsistent
summary: A member of an Alertmanager cluster has not found all other cluster members.
expr: |-
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])
< on (namespace,service) group_left
count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]))
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AlertmanagerFailedToSendAlerts
annotations:
description: Alertmanager {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} failed to send {{`{{`}} $value | humanizePercentage {{`}}`}} of notifications to {{`{{`}} $labels.integration {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerfailedtosendalerts
summary: An Alertmanager instance failed to send notifications.
expr: |-
(
rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])
/
rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])
)
> 0.01
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AlertmanagerClusterFailedToSendAlerts
annotations:
description: The minimum notification failure rate to {{`{{`}} $labels.integration {{`}}`}} sent from any instance in the {{`{{`}}$labels.job{{`}}`}} cluster is {{`{{`}} $value | humanizePercentage {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerclusterfailedtosendalerts
summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration.
expr: |-
min by (namespace,service, integration) (
rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m])
/
rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m])
)
> 0.01
for: 5m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AlertmanagerClusterFailedToSendAlerts
annotations:
description: The minimum notification failure rate to {{`{{`}} $labels.integration {{`}}`}} sent from any instance in the {{`{{`}}$labels.job{{`}}`}} cluster is {{`{{`}} $value | humanizePercentage {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerclusterfailedtosendalerts
summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration.
expr: |-
min by (namespace,service, integration) (
rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m])
/
rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m])
)
> 0.01
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AlertmanagerConfigInconsistent
annotations:
description: Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have different configurations.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerconfiginconsistent
summary: Alertmanager instances within the same cluster have different configurations.
expr: |-
count by (namespace,service) (
count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"})
)
!= 1
for: 20m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AlertmanagerClusterDown
annotations:
description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have been up for less than half of the last 5m.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerclusterdown
summary: Half or more of the Alertmanager instances within the same cluster are down.
expr: |-
(
count by (namespace,service) (
avg_over_time(up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) < 0.5
)
/
count by (namespace,service) (
up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}
)
)
>= 0.5
for: 5m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AlertmanagerClusterCrashlooping
annotations:
description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have restarted at least 5 times in the last 10m.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-alertmanagerclustercrashlooping
summary: Half or more of the Alertmanager instances within the same cluster are crashlooping.
expr: |-
(
count by (namespace,service) (
changes(process_start_time_seconds{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[10m]) > 4
)
/
count by (namespace,service) (
up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}
)
)
>= 0.5
for: 5m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/etcd.yaml
================================================
{{- /*
Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/website/master/content/en/docs/v3.4/op-guide/etcd3_alert.rules.yml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeEtcd.enabled .Values.defaultRules.rules.etcd }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: etcd
rules:
- alert: etcdInsufficientMembers
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).'
expr: sum(up{job=~".*etcd.*"} == bool 1) by (job) < ((count(up{job=~".*etcd.*"}) by (job) + 1) / 2)
for: 3m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdNoLeader
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.'
expr: etcd_server_has_leader{job=~".*etcd.*"} == 0
for: 1m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighNumberOfLeaderChanges
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": instance {{`{{`}} $labels.instance {{`}}`}} has seen {{`{{`}} $value {{`}}`}} leader changes within the last hour.'
expr: rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighNumberOfFailedGRPCRequests
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: |-
100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
/
sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
> 1
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighNumberOfFailedGRPCRequests
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: |-
100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method)
/
sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method)
> 5
for: 5m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdGRPCRequestsSlow
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": gRPC requests to {{`{{`}} $labels.grpc_method {{`}}`}} are taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: |-
histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_type="unary"}[5m])) by (job, instance, grpc_service, grpc_method, le))
> 0.15
for: 10m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdMemberCommunicationSlow
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: |-
histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m]))
> 0.15
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighNumberOfFailedProposals
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last hour on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighFsyncDurations
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: |-
histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m]))
> 0.5
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighCommitDurations
annotations:
message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: |-
histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m]))
> 0.25
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighNumberOfFailedHTTPRequests
annotations:
message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}'
expr: |-
sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m]))
BY (method) > 0.01
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHighNumberOfFailedHTTPRequests
annotations:
message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.'
expr: |-
sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m]))
BY (method) > 0.05
for: 10m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: etcdHTTPRequestsSlow
annotations:
message: etcd instance {{`{{`}} $labels.instance {{`}}`}} HTTP requests to {{`{{`}} $labels.method {{`}}`}} are slow.
expr: |-
histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m]))
> 0.15
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/general.rules.yaml
================================================
{{- /*
Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kube-prometheus-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: general.rules
rules:
- alert: TargetDown
annotations:
description: '{{`{{`}} printf "%.4g" $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.service {{`}}`}} targets in {{`{{`}} $labels.namespace {{`}}`}} namespace are down.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-targetdown
summary: One or more targets are unreachable.
expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: Watchdog
annotations:
description: 'This is an alert meant to ensure that the entire alerting pipeline is functional.
This alert is always firing, therefore it should always be firing in Alertmanager
and always fire against a receiver. There are integrations with various notification
mechanisms that send a notification when this alert is not firing. For example the
"DeadMansSnitch" integration in PagerDuty.
'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-watchdog
summary: An alert that should always be firing to certify that Alertmanager is working properly.
expr: vector(1)
labels:
severity: none
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/k8s.rules.yaml
================================================
{{- /*
Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: k8s.rules
rules:
- expr: |-
sum by (cluster, namespace, pod, container) (
irate(container_cpu_usage_seconds_total{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}[5m])
) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) (
1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""})
)
record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate
- expr: |-
container_memory_working_set_bytes{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
* on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
max by(namespace, pod, node) (kube_pod_info{node!=""})
)
record: node_namespace_pod_container:container_memory_working_set_bytes
- expr: |-
container_memory_rss{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
* on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
max by(namespace, pod, node) (kube_pod_info{node!=""})
)
record: node_namespace_pod_container:container_memory_rss
- expr: |-
container_memory_cache{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
* on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
max by(namespace, pod, node) (kube_pod_info{node!=""})
)
record: node_namespace_pod_container:container_memory_cache
- expr: |-
container_memory_swap{job="kubelet", metrics_path="/metrics/cadvisor", image!=""}
* on (namespace, pod) group_left(node) topk by(namespace, pod) (1,
max by(namespace, pod, node) (kube_pod_info{node!=""})
)
record: node_namespace_pod_container:container_memory_swap
- expr: |-
kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster)
group_left() max by (namespace, pod) (
(kube_pod_status_phase{phase=~"Pending|Running"} == 1)
)
record: cluster:namespace:pod_memory:active:kube_pod_container_resource_requests
- expr: |-
sum by (namespace, cluster) (
sum by (namespace, pod, cluster) (
max by (namespace, pod, container, cluster) (
kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"}
) * on(namespace, pod, cluster) group_left() max by (namespace, pod) (
kube_pod_status_phase{phase=~"Pending|Running"} == 1
)
)
)
record: namespace_memory:kube_pod_container_resource_requests:sum
- expr: |-
kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster)
group_left() max by (namespace, pod) (
(kube_pod_status_phase{phase=~"Pending|Running"} == 1)
)
record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests
- expr: |-
sum by (namespace, cluster) (
sum by (namespace, pod, cluster) (
max by (namespace, pod, container, cluster) (
kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"}
) * on(namespace, pod, cluster) group_left() max by (namespace, pod) (
kube_pod_status_phase{phase=~"Pending|Running"} == 1
)
)
)
record: namespace_cpu:kube_pod_container_resource_requests:sum
- expr: |-
kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster)
group_left() max by (namespace, pod) (
(kube_pod_status_phase{phase=~"Pending|Running"} == 1)
)
record: cluster:namespace:pod_memory:active:kube_pod_container_resource_limits
- expr: |-
sum by (namespace, cluster) (
sum by (namespace, pod, cluster) (
max by (namespace, pod, container, cluster) (
kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"}
) * on(namespace, pod, cluster) group_left() max by (namespace, pod) (
kube_pod_status_phase{phase=~"Pending|Running"} == 1
)
)
)
record: namespace_memory:kube_pod_container_resource_limits:sum
- expr: |-
kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster)
group_left() max by (namespace, pod) (
(kube_pod_status_phase{phase=~"Pending|Running"} == 1)
)
record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits
- expr: |-
sum by (namespace, cluster) (
sum by (namespace, pod, cluster) (
max by (namespace, pod, container, cluster) (
kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"}
) * on(namespace, pod, cluster) group_left() max by (namespace, pod) (
kube_pod_status_phase{phase=~"Pending|Running"} == 1
)
)
)
record: namespace_cpu:kube_pod_container_resource_limits:sum
- expr: |-
max by (cluster, namespace, workload, pod) (
label_replace(
label_replace(
kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"},
"replicaset", "$1", "owner_name", "(.*)"
) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) (
1, max by (replicaset, namespace, owner_name) (
kube_replicaset_owner{job="kube-state-metrics"}
)
),
"workload", "$1", "owner_name", "(.*)"
)
)
labels:
workload_type: deployment
record: namespace_workload_pod:kube_pod_owner:relabel
- expr: |-
max by (cluster, namespace, workload, pod) (
label_replace(
kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"},
"workload", "$1", "owner_name", "(.*)"
)
)
labels:
workload_type: daemonset
record: namespace_workload_pod:kube_pod_owner:relabel
- expr: |-
max by (cluster, namespace, workload, pod) (
label_replace(
kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"},
"workload", "$1", "owner_name", "(.*)"
)
)
labels:
workload_type: statefulset
record: namespace_workload_pod:kube_pod_owner:relabel
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml
================================================
{{- /*
Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverAvailability }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-availability.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- interval: 3m
name: kube-apiserver-availability.rules
rules:
- expr: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30
record: code_verb:apiserver_request_total:increase30d
- expr: sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"})
labels:
verb: read
record: code:apiserver_request_total:increase30d
- expr: sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"})
labels:
verb: write
record: code:apiserver_request_total:increase30d
- expr: |-
1 - (
(
# write too slow
sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d]))
-
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d]))
) +
(
# read too slow
sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d]))
-
(
(
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="1"}[30d]))
or
vector(0)
)
+
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="5"}[30d]))
+
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="40"}[30d]))
)
) +
# errors
sum by (cluster) (code:apiserver_request_total:increase30d{code=~"5.."} or vector(0))
)
/
sum by (cluster) (code:apiserver_request_total:increase30d)
labels:
verb: all
record: apiserver_request:availability30d
- expr: |-
1 - (
sum by (cluster) (increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d]))
-
(
# too slow
(
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[30d]))
or
vector(0)
)
+
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[30d]))
+
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[30d]))
)
+
# errors
sum by (cluster) (code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0))
)
/
sum by (cluster) (code:apiserver_request_total:increase30d{verb="read"})
labels:
verb: read
record: apiserver_request:availability30d
- expr: |-
1 - (
(
# too slow
sum by (cluster) (increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d]))
-
sum by (cluster) (increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d]))
)
+
# errors
sum by (cluster) (code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0))
)
/
sum by (cluster) (code:apiserver_request_total:increase30d{verb="write"})
labels:
verb: write
record: apiserver_request:availability30d
- expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m]))
labels:
verb: read
record: code_resource:apiserver_request_total:rate5m
- expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
labels:
verb: write
record: code_resource:apiserver_request_total:rate5m
- expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"2.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"3.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"4.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
- expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"5.."}[1h]))
record: code_verb:apiserver_request_total:increase1h
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml
================================================
{{- /*
Generated from 'kube-apiserver-burnrate.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-burnrate.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-apiserver-burnrate.rules
rules:
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[1d]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[1d]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[1d]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d]))
labels:
verb: read
record: apiserver_request:burnrate1d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[1h]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[1h]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[1h]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h]))
labels:
verb: read
record: apiserver_request:burnrate1h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[2h]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[2h]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[2h]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h]))
labels:
verb: read
record: apiserver_request:burnrate2h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[30m]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[30m]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[30m]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m]))
labels:
verb: read
record: apiserver_request:burnrate30m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[3d]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[3d]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[3d]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d]))
labels:
verb: read
record: apiserver_request:burnrate3d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[5m]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[5m]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[5m]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m]))
labels:
verb: read
record: apiserver_request:burnrate5m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="1"}[6h]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="5"}[6h]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="40"}[6h]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h]))
labels:
verb: read
record: apiserver_request:burnrate6h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d]))
labels:
verb: write
record: apiserver_request:burnrate1d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h]))
labels:
verb: write
record: apiserver_request:burnrate1h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h]))
labels:
verb: write
record: apiserver_request:burnrate2h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m]))
labels:
verb: write
record: apiserver_request:burnrate30m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d]))
labels:
verb: write
record: apiserver_request:burnrate3d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
labels:
verb: write
record: apiserver_request:burnrate5m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h]))
labels:
verb: write
record: apiserver_request:burnrate6h
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml
================================================
{{- /*
Generated from 'kube-apiserver-histogram.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-histogram.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-apiserver-histogram.rules
rules:
- expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0
labels:
quantile: '0.99'
verb: read
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0
labels:
quantile: '0.99'
verb: write
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod))
labels:
quantile: '0.99'
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.9, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod))
labels:
quantile: '0.9'
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.5, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod))
labels:
quantile: '0.5'
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml
================================================
{{- /*
Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverSlos }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-slos" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-apiserver-slos
rules:
- alert: KubeAPIErrorBudgetBurn
annotations:
description: The API server is burning too much error budget.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn
summary: The API server is burning too much error budget.
expr: |-
sum(apiserver_request:burnrate1h) > (14.40 * 0.01000)
and
sum(apiserver_request:burnrate5m) > (14.40 * 0.01000)
for: 2m
labels:
long: 1h
severity: critical
short: 5m
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeAPIErrorBudgetBurn
annotations:
description: The API server is burning too much error budget.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn
summary: The API server is burning too much error budget.
expr: |-
sum(apiserver_request:burnrate6h) > (6.00 * 0.01000)
and
sum(apiserver_request:burnrate30m) > (6.00 * 0.01000)
for: 15m
labels:
long: 6h
severity: critical
short: 30m
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeAPIErrorBudgetBurn
annotations:
description: The API server is burning too much error budget.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn
summary: The API server is burning too much error budget.
expr: |-
sum(apiserver_request:burnrate1d) > (3.00 * 0.01000)
and
sum(apiserver_request:burnrate2h) > (3.00 * 0.01000)
for: 1h
labels:
long: 1d
severity: warning
short: 2h
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeAPIErrorBudgetBurn
annotations:
description: The API server is burning too much error budget.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn
summary: The API server is burning too much error budget.
expr: |-
sum(apiserver_request:burnrate3d) > (1.00 * 0.01000)
and
sum(apiserver_request:burnrate6h) > (1.00 * 0.01000)
for: 3h
labels:
long: 3d
severity: warning
short: 6h
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml
================================================
{{- /*
Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-apiserver.rules
rules:
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d]))
labels:
verb: read
record: apiserver_request:burnrate1d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h]))
labels:
verb: read
record: apiserver_request:burnrate1h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h]))
labels:
verb: read
record: apiserver_request:burnrate2h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m]))
labels:
verb: read
record: apiserver_request:burnrate30m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d]))
labels:
verb: read
record: apiserver_request:burnrate3d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m]))
labels:
verb: read
record: apiserver_request:burnrate5m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h]))
-
(
(
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h]))
or
vector(0)
)
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h]))
+
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h]))
)
)
+
# errors
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h]))
labels:
verb: read
record: apiserver_request:burnrate6h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d]))
labels:
verb: write
record: apiserver_request:burnrate1d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h]))
labels:
verb: write
record: apiserver_request:burnrate1h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h]))
labels:
verb: write
record: apiserver_request:burnrate2h
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m]))
labels:
verb: write
record: apiserver_request:burnrate30m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d]))
labels:
verb: write
record: apiserver_request:burnrate3d
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
labels:
verb: write
record: apiserver_request:burnrate5m
- expr: |-
(
(
# too slow
sum by (cluster) (rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h]))
-
sum by (cluster) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h]))
)
+
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h]))
)
/
sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h]))
labels:
verb: write
record: apiserver_request:burnrate6h
- expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m]))
labels:
verb: read
record: code_resource:apiserver_request_total:rate5m
- expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))
labels:
verb: write
record: code_resource:apiserver_request_total:rate5m
- expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0
labels:
quantile: '0.99'
verb: read
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0
labels:
quantile: '0.99'
verb: write
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod))
labels:
quantile: '0.99'
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.9, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod))
labels:
quantile: '0.9'
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.5, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod))
labels:
quantile: '0.5'
record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml
================================================
{{- /*
Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kube-prometheus-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusGeneral }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-general.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-prometheus-general.rules
rules:
- expr: count without(instance, pod, node) (up == 1)
record: count:up1
- expr: count without(instance, pod, node) (up == 0)
record: count:up0
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml
================================================
{{- /*
Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kube-prometheus-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-prometheus-node-recording.rules
rules:
- expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance)
record: instance:node_cpu:rate:sum
- expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance)
record: instance:node_network_receive_bytes:rate:sum
- expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance)
record: instance:node_network_transmit_bytes:rate:sum
- expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)
record: instance:node_cpu:ratio
- expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m]))
record: cluster:node_cpu:sum_rate5m
- expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu))
record: cluster:node_cpu:ratio
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml
================================================
{{- /*
Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeScheduler }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-scheduler.rules
rules:
- expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.99'
record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.99'
record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.99'
record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.9'
record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.9'
record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.9'
record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.5'
record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.5'
record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="kube-scheduler"}[5m])) without(instance, pod))
labels:
quantile: '0.5'
record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kube-state-metrics.yaml
================================================
{{- /*
Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kube-state-metrics-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeStateMetrics }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-state-metrics" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kube-state-metrics
rules:
- alert: KubeStateMetricsListErrors
annotations:
description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricslisterrors
summary: kube-state-metrics is experiencing errors in list operations.
expr: |-
(sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m]))
/
sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m])))
> 0.01
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeStateMetricsWatchErrors
annotations:
description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricswatcherrors
summary: kube-state-metrics is experiencing errors in watch operations.
expr: |-
(sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m]))
/
sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m])))
> 0.01
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeStateMetricsShardingMismatch
annotations:
description: kube-state-metrics pods are running with different --total-shards configuration, some Kubernetes objects may be exposed multiple times or not exposed at all.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricsshardingmismatch
summary: kube-state-metrics sharding is misconfigured.
expr: stdvar (kube_state_metrics_total_shards{job="kube-state-metrics"}) != 0
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeStateMetricsShardsMissing
annotations:
description: kube-state-metrics shards are missing, some Kubernetes objects are not being exposed.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricsshardsmissing
summary: kube-state-metrics shards are missing.
expr: |-
2^max(kube_state_metrics_total_shards{job="kube-state-metrics"}) - 1
-
sum( 2 ^ max by (shard_ordinal) (kube_state_metrics_shard_ordinal{job="kube-state-metrics"}) )
!= 0
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubelet.rules.yaml
================================================
{{- /*
Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubelet.enabled .Values.defaultRules.rules.kubelet }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubelet.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubelet.rules
rules:
- expr: histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"})
labels:
quantile: '0.99'
record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"})
labels:
quantile: '0.9'
record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile
- expr: histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"})
labels:
quantile: '0.5'
record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-apps.yaml
================================================
{{- /*
Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }}
{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-apps
rules:
- alert: KubePodCrashLooping
annotations:
description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 10 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping
summary: Pod is crash looping.
expr: |-
increase(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) > 0
and
kube_pod_container_status_waiting{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} == 1
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubePodNotReady
annotations:
description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than 15 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodnotready
summary: Pod has been in a non-ready state for more than 15 minutes.
expr: |-
sum by (namespace, pod) (
max by(namespace, pod) (
kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown"}
) * on(namespace, pod) group_left(owner_kind) topk by(namespace, pod) (
1, max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"})
)
) > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeDeploymentGenerationMismatch
annotations:
description: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentgenerationmismatch
summary: Deployment generation mismatch due to possible roll-back
expr: |-
kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeDeploymentReplicasMismatch
annotations:
description: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentreplicasmismatch
summary: Deployment has not matched the expected number of replicas.
expr: |-
(
kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
>
kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
) and (
changes(kube_deployment_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m])
==
0
)
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeStatefulSetReplicasMismatch
annotations:
description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetreplicasmismatch
summary: Deployment has not matched the expected number of replicas.
expr: |-
(
kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
) and (
changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m])
==
0
)
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeStatefulSetGenerationMismatch
annotations:
description: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetgenerationmismatch
summary: StatefulSet generation mismatch due to possible roll-back
expr: |-
kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeStatefulSetUpdateNotRolledOut
annotations:
description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetupdatenotrolledout
summary: StatefulSet update has not been rolled out.
expr: |-
(
max without (revision) (
kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
unless
kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
)
*
(
kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
)
) and (
changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m])
==
0
)
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeDaemonSetRolloutStuck
annotations:
description: DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} has not finished or progressed for at least 15 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetrolloutstuck
summary: DaemonSet rollout is stuck.
expr: |-
(
(
kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
) or (
kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
0
) or (
kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
) or (
kube_daemonset_status_number_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
)
) and (
changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m])
==
0
)
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeContainerWaiting
annotations:
description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} container {{`{{`}} $labels.container{{`}}`}} has been in waiting state for longer than 1 hour.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontainerwaiting
summary: Pod container waiting longer than 1 hour
expr: sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) > 0
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeDaemonSetNotScheduled
annotations:
description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetnotscheduled
summary: DaemonSet pods are not scheduled.
expr: |-
kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
-
kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeDaemonSetMisScheduled
annotations:
description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetmisscheduled
summary: DaemonSet pods are misscheduled.
expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeJobCompletion
annotations:
description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than 12 hours to complete.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobcompletion
summary: Job did not complete in time
expr: kube_job_spec_completions{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - kube_job_status_succeeded{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0
for: 12h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeJobFailed
annotations:
description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. Removing failed job after investigation should clear this alert.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobfailed
summary: Job failed to complete.
expr: kube_job_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeHpaReplicasMismatch
annotations:
description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.horizontalpodautoscaler {{`}}`}} has not matched the desired number of replicas for longer than 15 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpareplicasmismatch
summary: HPA has not matched descired number of replicas.
expr: |-
(kube_horizontalpodautoscaler_status_desired_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
!=
kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"})
and
(kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
>
kube_horizontalpodautoscaler_spec_min_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"})
and
(kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
<
kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"})
and
changes(kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[15m]) == 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeHpaMaxedOut
annotations:
description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.horizontalpodautoscaler {{`}}`}} has been running at max replicas for longer than 15 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpamaxedout
summary: HPA is running at max replicas
expr: |-
kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
==
kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-resources.yaml
================================================
{{- /*
Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-resources
rules:
- alert: KubeCPUOvercommit
annotations:
description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit
summary: Cluster has overcommitted CPU resource requests.
expr: |-
sum(namespace_cpu:kube_pod_container_resource_requests:sum{})
/
sum(kube_node_status_allocatable{resource="cpu"})
>
((count(kube_node_status_allocatable{resource="cpu"}) > 1) - 1) / count(kube_node_status_allocatable{resource="cpu"})
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeMemoryOvercommit
annotations:
description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryovercommit
summary: Cluster has overcommitted memory resource requests.
expr: |-
sum(namespace_memory:kube_pod_container_resource_requests:sum{})
/
sum(kube_node_status_allocatable{resource="memory"})
>
((count(kube_node_status_allocatable{resource="memory"}) > 1) - 1)
/
count(kube_node_status_allocatable{resource="memory"})
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeCPUQuotaOvercommit
annotations:
description: Cluster has overcommitted CPU resource requests for Namespaces.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuquotaovercommit
summary: Cluster has overcommitted CPU resource requests.
expr: |-
sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"})
/
sum(kube_node_status_allocatable{resource="cpu"})
> 1.5
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeMemoryQuotaOvercommit
annotations:
description: Cluster has overcommitted memory resource requests for Namespaces.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryquotaovercommit
summary: Cluster has overcommitted memory resource requests.
expr: |-
sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"})
/
sum(kube_node_status_allocatable{resource="memory",job="kube-state-metrics"})
> 1.5
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeQuotaAlmostFull
annotations:
description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaalmostfull
summary: Namespace quota is going to be full.
expr: |-
kube_resourcequota{job="kube-state-metrics", type="used"}
/ ignoring(instance, job, type)
(kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
> 0.9 < 1
for: 15m
labels:
severity: info
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeQuotaFullyUsed
annotations:
description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotafullyused
summary: Namespace quota is fully used.
expr: |-
kube_resourcequota{job="kube-state-metrics", type="used"}
/ ignoring(instance, job, type)
(kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
== 1
for: 15m
labels:
severity: info
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeQuotaExceeded
annotations:
description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaexceeded
summary: Namespace quota has exceeded the limits.
expr: |-
kube_resourcequota{job="kube-state-metrics", type="used"}
/ ignoring(instance, job, type)
(kube_resourcequota{job="kube-state-metrics", type="hard"} > 0)
> 1
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: CPUThrottlingHigh
annotations:
description: '{{`{{`}} $value | humanizePercentage {{`}}`}} throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container {{`}}`}} in pod {{`{{`}} $labels.pod {{`}}`}}.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-cputhrottlinghigh
summary: Processes experience elevated CPU throttling.
expr: |-
sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace)
/
sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace)
> ( 25 / 100 )
for: 15m
labels:
severity: info
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-storage.yaml
================================================
{{- /*
Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }}
{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-storage
rules:
- alert: KubePersistentVolumeFillingUp
annotations:
description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} $value | humanizePercentage {{`}}`}} free.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup
summary: PersistentVolume is filling up.
expr: |-
(
kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
/
kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
) < 0.03
and
kubelet_volume_stats_used_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0
for: 1m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubePersistentVolumeFillingUp
annotations:
description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} is available.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup
summary: PersistentVolume is filling up.
expr: |-
(
kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
/
kubelet_volume_stats_capacity_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}
) < 0.15
and
kubelet_volume_stats_used_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0
and
predict_linear(kubelet_volume_stats_available_bytes{job="kubelet", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubePersistentVolumeErrors
annotations:
description: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeerrors
summary: PersistentVolume is having issues with provisioning.
expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0
for: 5m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml
================================================
{{- /*
Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-apiserver" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-system-apiserver
rules:
- alert: KubeClientCertificateExpiration
annotations:
description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration
summary: Client certificate is about to expire.
expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeClientCertificateExpiration
annotations:
description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration
summary: Client certificate is about to expire.
expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: AggregatedAPIErrors
annotations:
description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapierrors
summary: An aggregated API has reported errors.
expr: sum by(name, namespace)(increase(aggregator_unavailable_apiservice_total[10m])) > 4
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- if semverCompare ">=1.18.0-0" $kubeTargetVersion }}
- alert: AggregatedAPIDown
annotations:
description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapidown
summary: An aggregated API is down.
expr: (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.kubeApiServer.enabled }}
- alert: KubeAPIDown
annotations:
description: KubeAPI has disappeared from Prometheus target discovery.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapidown
summary: Target disappeared from Prometheus target discovery.
expr: absent(up{job="apiserver"} == 1)
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
- alert: KubeAPITerminatedRequests
annotations:
description: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapiterminatedrequests
summary: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests.
expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml
================================================
{{- /*
Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeControllerManager.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-controller-manager" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-system-controller-manager
rules:
{{- if .Values.kubeControllerManager.enabled }}
- alert: KubeControllerManagerDown
annotations:
description: KubeControllerManager has disappeared from Prometheus target discovery.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontrollermanagerdown
summary: Target disappeared from Prometheus target discovery.
expr: absent(up{job="kube-controller-manager"} == 1)
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml
================================================
{{- /*
Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kubelet" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-system-kubelet
rules:
- alert: KubeNodeNotReady
annotations:
description: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than 15 minutes.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodenotready
summary: Node is not ready.
expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeNodeUnreachable
annotations:
description: '{{`{{`}} $labels.node {{`}}`}} is unreachable and some workloads may be rescheduled.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodeunreachable
summary: Node is unreachable.
expr: (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletTooManyPods
annotations:
description: Kubelet '{{`{{`}} $labels.node {{`}}`}}' is running at {{`{{`}} $value | humanizePercentage {{`}}`}} of its Pod capacity.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubelettoomanypods
summary: Kubelet is running at capacity.
expr: |-
count by(node) (
(kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"})
)
/
max by(node) (
kube_node_status_capacity{job="kube-state-metrics",resource="pods"} != 1
) > 0.95
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeNodeReadinessFlapping
annotations:
description: The readiness status of node {{`{{`}} $labels.node {{`}}`}} has changed {{`{{`}} $value {{`}}`}} times in the last 15 minutes.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodereadinessflapping
summary: Node readiness status is flapping.
expr: sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletPlegDurationHigh
annotations:
description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletplegdurationhigh
summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist.
expr: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletPodStartUpLatencyHigh
annotations:
description: Kubelet Pod startup 99th percentile latency is {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletpodstartuplatencyhigh
summary: Kubelet Pod startup latency is too high.
expr: histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="kubelet", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="kubelet", metrics_path="/metrics"} > 60
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletClientCertificateExpiration
annotations:
description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration
summary: Kubelet client certificate is about to expire.
expr: kubelet_certificate_manager_client_ttl_seconds < 604800
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletClientCertificateExpiration
annotations:
description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration
summary: Kubelet client certificate is about to expire.
expr: kubelet_certificate_manager_client_ttl_seconds < 86400
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletServerCertificateExpiration
annotations:
description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration
summary: Kubelet server certificate is about to expire.
expr: kubelet_certificate_manager_server_ttl_seconds < 604800
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletServerCertificateExpiration
annotations:
description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration
summary: Kubelet server certificate is about to expire.
expr: kubelet_certificate_manager_server_ttl_seconds < 86400
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletClientCertificateRenewalErrors
annotations:
description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its client certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes).
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificaterenewalerrors
summary: Kubelet has failed to renew its client certificate.
expr: increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeletServerCertificateRenewalErrors
annotations:
description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its server certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes).
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificaterenewalerrors
summary: Kubelet has failed to renew its server certificate.
expr: increase(kubelet_server_expiration_renew_errors[5m]) > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.kubeletService.enabled }}
- alert: KubeletDown
annotations:
description: Kubelet has disappeared from Prometheus target discovery.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletdown
summary: Target disappeared from Prometheus target discovery.
expr: absent(up{job="kubelet", metrics_path="/metrics"} == 1)
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml
================================================
{{- /*
Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeScheduler }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-scheduler" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-system-scheduler
rules:
{{- if .Values.kubeScheduler.enabled }}
- alert: KubeSchedulerDown
annotations:
description: KubeScheduler has disappeared from Prometheus target discovery.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeschedulerdown
summary: Target disappeared from Prometheus target discovery.
expr: absent(up{job="kube-scheduler"} == 1)
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/kubernetes-system.yaml
================================================
{{- /*
Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: kubernetes-system
rules:
- alert: KubeVersionMismatch
annotations:
description: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeversionmismatch
summary: Different semantic versions of Kubernetes components running.
expr: count(count by (git_version) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"git_version","$1","git_version","(v[0-9]*.[0-9]*).*"))) > 1
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: KubeClientErrors
annotations:
description: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} $value | humanizePercentage {{`}}`}} errors.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors
summary: Kubernetes API server client is experiencing errors.
expr: |-
(sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job)
/
sum(rate(rest_client_requests_total[5m])) by (instance, job))
> 0.01
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.rules.yaml
================================================
{{- /*
Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/node-exporter-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: node-exporter.rules
rules:
- expr: |-
count without (cpu) (
count without (mode) (
node_cpu_seconds_total{job="node-exporter"}
)
)
record: instance:node_num_cpu:sum
- expr: |-
1 - avg without (cpu, mode) (
rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[5m])
)
record: instance:node_cpu_utilisation:rate5m
- expr: |-
(
node_load1{job="node-exporter"}
/
instance:node_num_cpu:sum{job="node-exporter"}
)
record: instance:node_load1_per_cpu:ratio
- expr: |-
1 - (
node_memory_MemAvailable_bytes{job="node-exporter"}
/
node_memory_MemTotal_bytes{job="node-exporter"}
)
record: instance:node_memory_utilisation:ratio
- expr: rate(node_vmstat_pgmajfault{job="node-exporter"}[5m])
record: instance:node_vmstat_pgmajfault:rate5m
- expr: rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[5m])
record: instance_device:node_disk_io_time_seconds:rate5m
- expr: rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[5m])
record: instance_device:node_disk_io_time_weighted_seconds:rate5m
- expr: |-
sum without (device) (
rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_receive_bytes_excluding_lo:rate5m
- expr: |-
sum without (device) (
rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_transmit_bytes_excluding_lo:rate5m
- expr: |-
sum without (device) (
rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_receive_drop_excluding_lo:rate5m
- expr: |-
sum without (device) (
rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[5m])
)
record: instance:node_network_transmit_drop_excluding_lo:rate5m
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-exporter.yaml
================================================
{{- /*
Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/node-exporter-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: node-exporter
rules:
- alert: NodeFilesystemSpaceFillingUp
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemspacefillingup
summary: Filesystem is predicted to run out of space within the next 24 hours.
expr: |-
(
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40
and
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFilesystemSpaceFillingUp
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemspacefillingup
summary: Filesystem is predicted to run out of space within the next 4 hours.
expr: |-
(
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15
and
predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFilesystemAlmostOutOfSpace
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutofspace
summary: Filesystem has less than 5% space left.
expr: |-
(
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFilesystemAlmostOutOfSpace
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutofspace
summary: Filesystem has less than 3% space left.
expr: |-
(
node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFilesystemFilesFillingUp
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemfilesfillingup
summary: Filesystem is predicted to run out of inodes within the next 24 hours.
expr: |-
(
node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40
and
predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFilesystemFilesFillingUp
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemfilesfillingup
summary: Filesystem is predicted to run out of inodes within the next 4 hours.
expr: |-
(
node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20
and
predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFilesystemAlmostOutOfFiles
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutoffiles
summary: Filesystem has less than 5% inodes left.
expr: |-
(
node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFilesystemAlmostOutOfFiles
annotations:
description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefilesystemalmostoutoffiles
summary: Filesystem has less than 3% inodes left.
expr: |-
(
node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3
and
node_filesystem_readonly{job="node-exporter",fstype!=""} == 0
)
for: 1h
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeNetworkReceiveErrs
annotations:
description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodenetworkreceiveerrs
summary: Network interface is reporting many receive errors.
expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeNetworkTransmitErrs
annotations:
description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodenetworktransmiterrs
summary: Network interface is reporting many transmit errors.
expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01
for: 1h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeHighNumberConntrackEntriesUsed
annotations:
description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodehighnumberconntrackentriesused
summary: Number of conntrack are getting close to the limit.
expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeTextFileCollectorScrapeError
annotations:
description: Node Exporter text file collector failed to scrape.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodetextfilecollectorscrapeerror
summary: Node Exporter text file collector failed to scrape.
expr: node_textfile_scrape_error{job="node-exporter"} == 1
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeClockSkewDetected
annotations:
description: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodeclockskewdetected
summary: Clock skew detected.
expr: |-
(
node_timex_offset_seconds > 0.05
and
deriv(node_timex_offset_seconds[5m]) >= 0
)
or
(
node_timex_offset_seconds < -0.05
and
deriv(node_timex_offset_seconds[5m]) <= 0
)
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeClockNotSynchronising
annotations:
description: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodeclocknotsynchronising
summary: Clock not synchronising.
expr: |-
min_over_time(node_timex_sync_status[5m]) == 0
and
node_timex_maxerror_seconds >= 16
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeRAIDDegraded
annotations:
description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-noderaiddegraded
summary: RAID Array is degraded
expr: node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeRAIDDiskFailure
annotations:
description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-noderaiddiskfailure
summary: Failed device in RAID array
expr: node_md_disks{state="failed"} > 0
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFileDescriptorLimit
annotations:
description: File descriptors limit at {{`{{`}} $labels.instance {{`}}`}} is currently at {{`{{`}} printf "%.2f" $value {{`}}`}}%.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefiledescriptorlimit
summary: Kernel is predicted to exhaust file descriptors limit soon.
expr: |-
(
node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 70
)
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: NodeFileDescriptorLimit
annotations:
description: File descriptors limit at {{`{{`}} $labels.instance {{`}}`}} is currently at {{`{{`}} printf "%.2f" $value {{`}}`}}%.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodefiledescriptorlimit
summary: Kernel is predicted to exhaust file descriptors limit soon.
expr: |-
(
node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 90
)
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node-network.yaml
================================================
{{- /*
Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kube-prometheus-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: node-network
rules:
- alert: NodeNetworkInterfaceFlapping
annotations:
description: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing it's up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-nodenetworkinterfaceflapping
summary: Network interface is often changin it's status
expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2
for: 2m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/node.rules.yaml
================================================
{{- /*
Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetes-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: node.rules
rules:
- expr: |-
topk by(namespace, pod) (1,
max by (node, namespace, pod) (
label_replace(kube_pod_info{job="kube-state-metrics",node!=""}, "pod", "$1", "pod", "(.*)")
))
record: 'node_namespace_pod:kube_pod_info:'
- expr: |-
count by (cluster, node) (sum by (node, cpu) (
node_cpu_seconds_total{job="node-exporter"}
* on (namespace, pod) group_left(node)
topk by(namespace, pod) (1, node_namespace_pod:kube_pod_info:)
))
record: node:node_num_cpu:sum
- expr: |-
sum(
node_memory_MemAvailable_bytes{job="node-exporter"} or
(
node_memory_Buffers_bytes{job="node-exporter"} +
node_memory_Cached_bytes{job="node-exporter"} +
node_memory_MemFree_bytes{job="node-exporter"} +
node_memory_Slab_bytes{job="node-exporter"}
)
) by (cluster)
record: :node_memory_MemAvailable_bytes:sum
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus-operator.yaml
================================================
{{- /*
Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheus-operator-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }}
{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }}
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: prometheus-operator
rules:
- alert: PrometheusOperatorListErrors
annotations:
description: Errors while performing List operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorlisterrors
summary: Errors while performing list operations in controller.
expr: (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusOperatorWatchErrors
annotations:
description: Errors while performing watch operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorwatcherrors
summary: Errors while performing watch operations in controller.
expr: (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusOperatorSyncFailed
annotations:
description: Controller {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} namespace fails to reconcile {{`{{`}} $value {{`}}`}} objects.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorsyncfailed
summary: Last controller reconciliation failed
expr: min_over_time(prometheus_operator_syncs{status="failed",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusOperatorReconcileErrors
annotations:
description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of reconciling operations failed for {{`{{`}} $labels.controller {{`}}`}} controller in {{`{{`}} $labels.namespace {{`}}`}} namespace.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorreconcileerrors
summary: Errors while reconciling controller.
expr: (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.1
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusOperatorNodeLookupErrors
annotations:
description: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornodelookuperrors
summary: Errors while reconciling Prometheus.
expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusOperatorNotReady
annotations:
description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace isn't ready to reconcile {{`{{`}} $labels.controller {{`}}`}} resources.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornotready
summary: Prometheus operator not ready
expr: min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) == 0)
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusOperatorRejectedResources
annotations:
description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace rejected {{`{{`}} printf "%0.0f" $value {{`}}`}} {{`{{`}} $labels.controller {{`}}`}}/{{`{{`}} $labels.resource {{`}}`}} resources.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorrejectedresources
summary: Resources rejected by Prometheus operator
expr: min_over_time(prometheus_operator_managed_resources{state="rejected",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 5m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/rules-1.14/prometheus.yaml
================================================
{{- /*
Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheus-prometheusRule.yaml
Do not change in-place! In order to change this file first read following link:
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack
*/ -}}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }}
{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }}
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" | trunc 63 | trimSuffix "-" }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.defaultRules.labels }}
{{ toYaml .Values.defaultRules.labels | indent 4 }}
{{- end }}
{{- if .Values.defaultRules.annotations }}
annotations:
{{ toYaml .Values.defaultRules.annotations | indent 4 }}
{{- end }}
spec:
groups:
- name: prometheus
rules:
- alert: PrometheusBadConfig
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to reload its configuration.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusbadconfig
summary: Failed Prometheus configuration reload.
expr: |-
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
max_over_time(prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) == 0
for: 10m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusNotificationQueueRunningFull
annotations:
description: Alert notification queue of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is running full.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusnotificationqueuerunningfull
summary: Prometheus alert notification queue predicted to run full in less than 30m.
expr: |-
# Without min_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
(
predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30)
>
min_over_time(prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
)
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusErrorSendingAlertsToSomeAlertmanagers
annotations:
description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.alertmanager{{`}}`}}.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheuserrorsendingalertstosomealertmanagers
summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager.
expr: |-
(
rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
/
rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
)
* 100
> 1
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusNotConnectedToAlertmanagers
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not connected to any Alertmanagers.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusnotconnectedtoalertmanagers
summary: Prometheus is not connected to any Alertmanagers.
expr: |-
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
max_over_time(prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) < 1
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusTSDBReloadsFailing
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} reload failures over the last 3h.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheustsdbreloadsfailing
summary: Prometheus has issues reloading blocks from disk.
expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0
for: 4h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusTSDBCompactionsFailing
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last 3h.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheustsdbcompactionsfailing
summary: Prometheus has issues compacting blocks.
expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0
for: 4h
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusNotIngestingSamples
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not ingesting samples.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusnotingestingsamples
summary: Prometheus is not ingesting samples.
expr: |-
(
rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0
and
(
sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}) > 0
or
sum without(rule_group) (prometheus_rule_group_rules{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}) > 0
)
)
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusDuplicateTimestamps
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with different values but duplicated timestamp.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusduplicatetimestamps
summary: Prometheus is dropping samples with duplicate timestamps.
expr: rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusOutOfOrderTimestamps
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with timestamps arriving out of order.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoutofordertimestamps
summary: Prometheus drops samples with out-of-order timestamps.
expr: rate(prometheus_target_scrapes_sample_out_of_order_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 10m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusRemoteStorageFailures
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} failed to send {{`{{`}} printf "%.1f" $value {{`}}`}}% of the samples to {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusremotestoragefailures
summary: Prometheus fails to send samples to remote storage.
expr: |-
(
(rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]))
/
(
(rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]))
+
(rate(prometheus_remote_storage_succeeded_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]))
)
)
* 100
> 1
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusRemoteWriteBehind
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write is {{`{{`}} printf "%.1f" $value {{`}}`}}s behind for {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusremotewritebehind
summary: Prometheus remote write is behind.
expr: |-
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
(
max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
- ignoring(remote_name, url) group_right
max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
)
> 120
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusRemoteWriteDesiredShards
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write desired shards calculation wants to run {{`{{`}} $value {{`}}`}} shards for queue {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}, which is more than the max of {{`{{`}} printf `prometheus_remote_storage_shards_max{instance="%s",job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}` $labels.instance | query | first | value {{`}}`}}.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusremotewritedesiredshards
summary: Prometheus remote write desired shards calculation wants to run more than configured max shards.
expr: |-
# Without max_over_time, failed scrapes could create false negatives, see
# https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details.
(
max_over_time(prometheus_remote_storage_shards_desired{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
>
max_over_time(prometheus_remote_storage_shards_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])
)
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusRuleFailures
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to evaluate {{`{{`}} printf "%.0f" $value {{`}}`}} rules in the last 5m.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusrulefailures
summary: Prometheus is failing rule evaluations.
expr: increase(prometheus_rule_evaluation_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusMissingRuleEvaluations
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has missed {{`{{`}} printf "%.0f" $value {{`}}`}} rule group evaluations in the last 5m.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusmissingruleevaluations
summary: Prometheus is missing rule evaluations due to slow rule group evaluation.
expr: increase(prometheus_rule_group_iterations_missed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusTargetLimitHit
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because the number of targets exceeded the configured target_limit.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheustargetlimithit
summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit.
expr: increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusLabelLimitHit
annotations:
description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because some samples exceeded the configured label_limit, label_name_length_limit or label_value_length_limit.
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheuslabellimithit
summary: Prometheus has dropped targets because some scrape configs have exceeded the labels limit.
expr: increase(prometheus_target_scrape_pool_exceeded_label_limits_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0
for: 15m
labels:
severity: warning
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusTargetSyncFailure
annotations:
description: '{{`{{`}} printf "%.0f" $value {{`}}`}} targets in Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} have failed to sync because invalid configuration was supplied.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheustargetsyncfailure
summary: Prometheus has failed to sync targets.
expr: increase(prometheus_target_sync_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[30m]) > 0
for: 5m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
- alert: PrometheusErrorSendingAlertsToAnyAlertmanager
annotations:
description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% minimum errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to any Alertmanager.'
runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheuserrorsendingalertstoanyalertmanager
summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager.
expr: |-
min without (alertmanager) (
rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}",alertmanager!~``}[5m])
/
rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}",alertmanager!~``}[5m])
)
* 100
> 3
for: 15m
labels:
severity: critical
{{- if .Values.defaultRules.additionalRuleLabels }}
{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/service.yaml
================================================
{{- if .Values.prometheus.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
self-monitor: {{ .Values.prometheus.serviceMonitor.selfMonitor | quote }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheus.service.labels }}
{{ toYaml .Values.prometheus.service.labels | indent 4 }}
{{- end }}
{{- if .Values.prometheus.service.annotations }}
annotations:
{{ toYaml .Values.prometheus.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.prometheus.service.clusterIP }}
clusterIP: {{ .Values.prometheus.service.clusterIP }}
{{- end }}
{{- if .Values.prometheus.service.externalIPs }}
externalIPs:
{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.prometheus.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }}
{{- end }}
{{- if .Values.prometheus.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: {{ .Values.prometheus.prometheusSpec.portName }}
{{- if eq .Values.prometheus.service.type "NodePort" }}
nodePort: {{ .Values.prometheus.service.nodePort }}
{{- end }}
port: {{ .Values.prometheus.service.port }}
targetPort: {{ .Values.prometheus.service.targetPort }}
{{- if .Values.prometheus.thanosIngress.enabled }}
- name: grpc
{{- if eq .Values.prometheus.service.type "NodePort" }}
nodePort: {{ .Values.prometheus.thanosIngress.nodePort }}
{{- end }}
port: {{ .Values.prometheus.thanosIngress.servicePort }}
targetPort: {{ .Values.prometheus.thanosIngress.servicePort }}
{{- end }}
{{- if .Values.prometheus.service.additionalPorts }}
{{ toYaml .Values.prometheus.service.additionalPorts | indent 2 }}
{{- end }}
selector:
app.kubernetes.io/name: prometheus
prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
{{- if .Values.prometheus.service.sessionAffinity }}
sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }}
{{- end }}
type: "{{ .Values.prometheus.service.type }}"
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecar.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.thanosService.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-discovery
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheus.thanosService.labels }}
{{ toYaml .Values.prometheus.thanosService.labels | indent 4 }}
{{- end }}
{{- if .Values.prometheus.thanosService.annotations }}
annotations:
{{ toYaml .Values.prometheus.thanosService.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.prometheus.thanosService.type }}
clusterIP: {{ .Values.prometheus.thanosService.clusterIP }}
ports:
- name: {{ .Values.prometheus.thanosService.portName }}
port: {{ .Values.prometheus.thanosService.port }}
targetPort: {{ .Values.prometheus.thanosService.targetPort }}
{{- if eq .Values.prometheus.thanosService.type "NodePort" }}
nodePort: {{ .Values.prometheus.thanosService.nodePort }}
{{- end }}
selector:
app.kubernetes.io/name: prometheus
prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/serviceThanosSidecarExternal.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.thanosServiceExternal.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-external
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheus.thanosServiceExternal.labels }}
{{ toYaml .Values.prometheus.thanosServiceExternal.labels | indent 4 }}
{{- end }}
{{- if .Values.prometheus.thanosServiceExternal.annotations }}
annotations:
{{ toYaml .Values.prometheus.thanosServiceExternal.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.prometheus.thanosServiceExternal.type }}
{{- if .Values.prometheus.thanosServiceExternal.loadBalancerIP }}
loadBalancerIP: {{ .Values.prometheus.thanosServiceExternal.loadBalancerIP }}
{{- end }}
{{- if .Values.prometheus.thanosServiceExternal.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.prometheus.thanosServiceExternal.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: {{ .Values.prometheus.thanosServiceExternal.portName }}
port: {{ .Values.prometheus.thanosServiceExternal.port }}
targetPort: {{ .Values.prometheus.thanosServiceExternal.targetPort }}
{{- if eq .Values.prometheus.thanosServiceExternal.type "NodePort" }}
nodePort: {{ .Values.prometheus.thanosServiceExternal.nodePort }}
{{- end }}
selector:
app.kubernetes.io/name: prometheus
prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/serviceaccount.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus
app.kubernetes.io/component: prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheus.serviceAccount.annotations }}
annotations:
{{ toYaml .Values.prometheus.serviceAccount.annotations | indent 4 }}
{{- end }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/servicemonitor.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-prometheus
release: {{ $.Release.Name | quote }}
self-monitor: "true"
namespaceSelector:
matchNames:
- {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
endpoints:
- port: {{ .Values.prometheus.prometheusSpec.portName }}
{{- if .Values.prometheus.serviceMonitor.interval }}
interval: {{ .Values.prometheus.serviceMonitor.interval }}
{{- end }}
{{- if .Values.prometheus.serviceMonitor.scheme }}
scheme: {{ .Values.prometheus.serviceMonitor.scheme }}
{{- end }}
{{- if .Values.prometheus.serviceMonitor.tlsConfig }}
tlsConfig: {{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | nindent 6 }}
{{- end }}
{{- if .Values.prometheus.serviceMonitor.bearerTokenFile }}
bearerTokenFile: {{ .Values.prometheus.serviceMonitor.bearerTokenFile }}
{{- end }}
path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics"
{{- if .Values.prometheus.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | indent 6) . }}
{{- end }}
{{- if .Values.prometheus.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.prometheus.serviceMonitor.relabelings | indent 6 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/servicemonitors.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }}
apiVersion: v1
kind: List
items:
{{- range .Values.prometheus.additionalServiceMonitors }}
- apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ .name }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-prometheus
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if .additionalLabels }}
{{ toYaml .additionalLabels | indent 8 }}
{{- end }}
spec:
endpoints:
{{ toYaml .endpoints | indent 8 }}
{{- if .jobLabel }}
jobLabel: {{ .jobLabel }}
{{- end }}
{{- if .namespaceSelector }}
namespaceSelector:
{{ toYaml .namespaceSelector | indent 8 }}
{{- end }}
selector:
{{ toYaml .selector | indent 8 }}
{{- if .targetLabels }}
targetLabels:
{{ toYaml .targetLabels | indent 8 }}
{{- end }}
{{- if .podTargetLabels }}
podTargetLabels:
{{ toYaml .podTargetLabels | indent 8 }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus/serviceperreplica.yaml
================================================
{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }}
{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}}
{{- $serviceValues := .Values.prometheus.servicePerReplica -}}
apiVersion: v1
kind: List
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-serviceperreplica
namespace: {{ template "kube-prometheus-stack.namespace" . }}
items:
{{- range $i, $e := until $count }}
- apiVersion: v1
kind: Service
metadata:
name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
labels:
app: {{ include "kube-prometheus-stack.name" $ }}-prometheus
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
{{- if $serviceValues.annotations }}
annotations:
{{ toYaml $serviceValues.annotations | indent 8 }}
{{- end }}
spec:
{{- if $serviceValues.clusterIP }}
clusterIP: {{ $serviceValues.clusterIP }}
{{- end }}
{{- if $serviceValues.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: {{ $.Values.prometheus.prometheusSpec.portName }}
{{- if eq $serviceValues.type "NodePort" }}
nodePort: {{ $serviceValues.nodePort }}
{{- end }}
port: {{ $serviceValues.port }}
targetPort: {{ $serviceValues.targetPort }}
selector:
app.kubernetes.io/name: prometheus
prometheus: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus
statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }}
type: "{{ $serviceValues.type }}"
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- get
- update
{{- if .Values.global.rbac.pspEnabled }}
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
- apiGroups: ['policy']
{{- else }}
- apiGroups: ['extensions']
{{- end }}
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished: 0
{{- end }}
template:
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | indent 8 }}
spec:
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
{{- end }}
containers:
- name: create
{{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
{{- else }}
image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
args:
- create
- --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
- --namespace={{ template "kube-prometheus-stack.namespace" . }}
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
resources:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
restartPolicy: OnFailure
serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
securityContext:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished: 0
{{- end }}
template:
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
{{- include "kube-prometheus-stack.labels" $ | indent 8 }}
spec:
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
{{- end }}
containers:
- name: patch
{{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
{{- else }}
image: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
{{- end }}
imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
args:
- patch
- --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission
- --namespace={{ template "kube-prometheus-stack.namespace" . }}
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
- --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
resources:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
restartPolicy: OnFailure
serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
securityContext:
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" . }}-admission
{{- if .Values.global.rbac.pspAnnotations }}
annotations:
{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
{{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
privileged: false
# Required to prevent escalations to root.
# allowPrivilegeEscalation: false
# This is redundant with non-root + disallow privilege escalation,
# but we can provide it for defense in depth.
#requiredDropCapabilities:
# - ALL
# Allow core volume types.
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
# Permits the container to run with root privileges as well.
rule: 'RunAsAny'
seLinux:
# This policy assumes the nodes are using AppArmor rather than SELinux.
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
readOnlyRootFilesystem: false
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
namespace: {{ template "kube-prometheus-stack.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
annotations:
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
webhooks:
- name: prometheusrulemutate.monitoring.coreos.com
{{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
failurePolicy: Ignore
{{- else }}
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
{{- end }}
rules:
- apiGroups:
- monitoring.coreos.com
apiVersions:
- "*"
resources:
- prometheusrules
operations:
- CREATE
- UPDATE
clientConfig:
service:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
path: /admission-prometheusrules/mutate
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
{{- end }}
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
annotations:
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
{{- end }}
labels:
app: {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
webhooks:
- name: prometheusrulemutate.monitoring.coreos.com
{{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
failurePolicy: Ignore
{{- else }}
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
{{- end }}
rules:
- apiGroups:
- monitoring.coreos.com
apiVersions:
- "*"
resources:
- prometheusrules
operations:
- CREATE
- UPDATE
clientConfig:
service:
namespace: {{ template "kube-prometheus-stack.namespace" . }}
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
path: /admission-prometheusrules/validate
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
{{- end }}
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/certmanager.yaml
================================================
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}}
{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}}
# Create a selfsigned Issuer, in order to create a root CA certificate for
# signing webhook serving certificates
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
selfSigned: {}
---
# Generate a CA Certificate used to sign certificates for the webhook
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
duration: 43800h0m0s # 5y
issuerRef:
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
commonName: "ca.webhook.kube-prometheus-stack"
isCA: true
---
# Create an Issuer that uses the above generated CA certificate to issue certs
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
ca:
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
{{- end }}
---
# generate a serving certificate for the apiservices to use
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
namespace: {{ template "kube-prometheus-stack.namespace" . }}
spec:
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
duration: 8760h0m0s # 1y
issuerRef:
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
{{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
{{- else }}
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
{{- end }}
dnsNames:
- {{ template "kube-prometheus-stack.operator.fullname" . }}
- {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}
- {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
{{- end -}}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrole.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- alertmanagers/finalizers
- alertmanagerconfigs
- prometheuses
- prometheuses/finalizers
- thanosrulers
- thanosrulers/finalizers
- servicemonitors
- podmonitors
- probes
- prometheusrules
verbs:
- '*'
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- services
- services/finalizers
- endpoints
verbs:
- get
- create
- update
- delete
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/clusterrolebinding.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml
================================================
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
{{- if .Values.prometheusOperator.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
release: {{ $.Release.Name | quote }}
template:
metadata:
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 8 }}
{{- if .Values.prometheusOperator.podLabels }}
{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.podAnnotations }}
annotations:
{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.prometheusOperator.priorityClassName }}
priorityClassName: {{ .Values.prometheusOperator.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kube-prometheus-stack.name" . }}
{{- if .Values.prometheusOperator.image.sha }}
image: "{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}"
{{- else }}
image: "{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}"
{{- end }}
imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}"
args:
{{- if .Values.prometheusOperator.kubeletService.enabled }}
- --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "kube-prometheus-stack.fullname" . }}-kubelet
{{- end }}
{{- if .Values.prometheusOperator.logFormat }}
- --log-format={{ .Values.prometheusOperator.logFormat }}
{{- end }}
{{- if .Values.prometheusOperator.logLevel }}
- --log-level={{ .Values.prometheusOperator.logLevel }}
{{- end }}
{{- if .Values.prometheusOperator.denyNamespaces }}
- --deny-namespaces={{ .Values.prometheusOperator.denyNamespaces | join "," }}
{{- end }}
{{- with $.Values.prometheusOperator.namespaces }}
{{ $ns := .additional }}
{{- if .releaseNamespace }}
{{- $ns = append $ns $namespace }}
{{- end }}
- --namespaces={{ $ns | join "," }}
{{- end }}
- --localhost=127.0.0.1
{{- if .Values.prometheusOperator.prometheusDefaultBaseImage }}
- --prometheus-default-base-image={{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
{{- end }}
{{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
- --alertmanager-default-base-image={{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
{{- end }}
{{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
- --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
{{- else }}
- --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}
{{- end }}
- --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }}
- --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }}
{{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
- --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
{{- end }}
{{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
- --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
{{- end }}
{{- if .Values.prometheusOperator.thanosImage.sha }}
- --thanos-default-base-image={{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }}
{{- else }}
- --thanos-default-base-image={{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}
{{- end }}
{{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
- --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
{{- end }}
{{- if .Values.prometheusOperator.secretFieldSelector }}
- --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }}
{{- end }}
{{- if .Values.prometheusOperator.clusterDomain }}
- --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
{{- end }}
{{- if .Values.prometheusOperator.tls.enabled }}
- --web.enable-tls=true
- --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}
- --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}
- --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }}
- --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }}
ports:
- containerPort: {{ .Values.prometheusOperator.tls.internalPort }}
name: https
{{- else }}
ports:
- containerPort: 8080
name: http
{{- end }}
resources:
{{ toYaml .Values.prometheusOperator.resources | indent 12 }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
{{- if .Values.prometheusOperator.tls.enabled }}
volumeMounts:
- name: tls-secret
mountPath: /cert
readOnly: true
volumes:
- name: tls-secret
secret:
defaultMode: 420
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- end }}
{{- with .Values.prometheusOperator.dnsConfig }}
dnsConfig:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.securityContext }}
securityContext:
{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}
{{- end }}
serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
{{- if .Values.prometheusOperator.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{{- end }}
{{- with .Values.prometheusOperator.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrole.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
rules:
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
- apiGroups: ['policy']
{{- else }}
- apiGroups: ['extensions']
{{- end }}
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "kube-prometheus-stack.fullname" . }}-operator
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/psp-clusterrolebinding.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp
subjects:
- kind: ServiceAccount
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/psp.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{- if .Values.global.rbac.pspAnnotations }}
annotations:
{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }}
{{- end }}
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
privileged: false
# Required to prevent escalations to root.
# allowPrivilegeEscalation: false
# This is redundant with non-root + disallow privilege escalation,
# but we can provide it for defense in depth.
#requiredDropCapabilities:
# - ALL
# Allow core volume types.
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: {{ .Values.prometheusOperator.hostNetwork }}
hostIPC: false
hostPID: false
runAsUser:
# Permits the container to run with root privileges as well.
rule: 'RunAsAny'
seLinux:
# This policy assumes the nodes are using AppArmor rather than SELinux.
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 0
max: 65535
readOnlyRootFilesystem: false
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml
================================================
{{- if .Values.prometheusOperator.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.prometheusOperator.service.labels }}
{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }}
{{- end }}
{{- if .Values.prometheusOperator.service.annotations }}
annotations:
{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.prometheusOperator.service.clusterIP }}
clusterIP: {{ .Values.prometheusOperator.service.clusterIP }}
{{- end }}
{{- if .Values.prometheusOperator.service.externalIPs }}
externalIPs:
{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.prometheusOperator.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }}
{{- end }}
{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
{{- if not .Values.prometheusOperator.tls.enabled }}
- name: http
{{- if eq .Values.prometheusOperator.service.type "NodePort" }}
nodePort: {{ .Values.prometheusOperator.service.nodePort }}
{{- end }}
port: 8080
targetPort: http
{{- end }}
{{- if .Values.prometheusOperator.tls.enabled }}
- name: https
{{- if eq .Values.prometheusOperator.service.type "NodePort"}}
nodePort: {{ .Values.prometheusOperator.service.nodePortTls }}
{{- end }}
port: 443
targetPort: https
{{- end }}
selector:
app: {{ template "kube-prometheus-stack.name" . }}-operator
release: {{ $.Release.Name | quote }}
type: "{{ .Values.prometheusOperator.service.type }}"
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/serviceaccount.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
app.kubernetes.io/component: prometheus-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
{{- if .Values.global.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.global.imagePullSecrets | indent 2 }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/templates/prometheus-operator/servicemonitor.yaml
================================================
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceMonitor.selfMonitor }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kube-prometheus-stack.fullname" . }}-operator
namespace: {{ template "kube-prometheus-stack.namespace" . }}
labels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
endpoints:
{{- if .Values.prometheusOperator.tls.enabled }}
- port: https
scheme: https
tlsConfig:
serverName: {{ template "kube-prometheus-stack.operator.fullname" . }}
ca:
secret:
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }}
optional: false
{{- else }}
- port: http
{{- end }}
honorLabels: true
{{- if .Values.prometheusOperator.serviceMonitor.interval }}
interval: {{ .Values.prometheusOperator.serviceMonitor.interval }}
{{- end }}
{{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }}
{{- end }}
{{- if .Values.prometheusOperator.serviceMonitor.relabelings }}
relabelings:
{{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }}
{{- end }}
selector:
matchLabels:
app: {{ template "kube-prometheus-stack.name" . }}-operator
release: {{ $.Release.Name | quote }}
namespaceSelector:
matchNames:
- {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
{{- end }}
================================================
FILE: charts/charts/kube-prometheus-stack/values.yaml
================================================
# Default values for kube-prometheus-stack.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
## Provide a name in place of kube-prometheus-stack for `app:` labels
##
nameOverride: ""
## Override the deployment namespace
##
namespaceOverride: ""
## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6
##
kubeTargetVersionOverride: ""
## Allow kubeVersion to be overridden while creating the ingress
##
kubeVersionOverride: ""
## Provide a name to substitute for the full names of resources
##
fullnameOverride: ""
## Labels to apply to all resources
##
commonLabels: {}
# scmhash: abc123
# myLabel: aakkmd
## Create default rules for monitoring the cluster
##
defaultRules:
create: false
rules:
alertmanager: true
etcd: true
general: true
k8s: true
kubeApiserver: true
kubeApiserverAvailability: true
kubeApiserverError: true
kubeApiserverSlos: true
kubelet: true
kubePrometheusGeneral: true
kubePrometheusNodeAlerting: true
kubePrometheusNodeRecording: true
kubernetesAbsent: true
kubernetesApps: true
kubernetesResources: true
kubernetesStorage: true
kubernetesSystem: true
kubeScheduler: true
kubeStateMetrics: true
network: true
node: true
prometheus: true
prometheusOperator: true
time: true
## Runbook url prefix for default rules
runbookUrl: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#
## Reduce app namespace alert scope
appNamespacesTarget: ".*"
## Labels for default rules
labels: {}
## Annotations for default rules
annotations: {}
## Additional labels for PrometheusRule alerts
additionalRuleLabels: {}
## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster.
##
# additionalPrometheusRules: []
# - name: my-rule-file
# groups:
# - name: my_group
# rules:
# - record: my_record
# expr: 100 * my_record
## Provide custom recording or alerting rules to be deployed into the cluster.
##
additionalPrometheusRulesMap: {}
# rule-name:
# groups:
# - name: my_group
# rules:
# - record: my_record
# expr: 100 * my_record
##
global:
rbac:
create: true
pspEnabled: true
pspAnnotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
imagePullSecrets: []
# - name: "image-pull-secret"
## Configuration for alertmanager
## ref: https://prometheus.io/docs/alerting/alertmanager/
##
alertmanager:
## Deploy alertmanager
##
enabled: false
## Annotations for Alertmanager
##
annotations: {}
## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2
##
apiVersion: v2
## Service account for Alertmanager to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
create: true
name: ""
annotations: {}
## Configure pod disruption budgets for Alertmanager
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
## This configuration is immutable once created and will require the PDB to be deleted to be changed
## https://github.com/kubernetes/kubernetes/issues/45398
##
podDisruptionBudget:
enabled: false
minAvailable: 1
maxUnavailable: ""
## Alertmanager configuration directives
## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
## https://prometheus.io/webtools/alerting/routing-tree-editor/
##
config:
global:
resolve_timeout: 5m
route:
group_by: ['job']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'null'
routes:
- match:
alertname: Watchdog
receiver: 'null'
receivers:
- name: 'null'
templates:
- '/etc/alertmanager/config/*.tmpl'
## Pass the Alertmanager configuration directives through Helm's templating
## engine. If the Alertmanager configuration contains Alertmanager templates,
## they'll need to be properly escaped so that they are not interpreted by
## Helm
## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function
## https://prometheus.io/docs/alerting/configuration/#tmpl_string
## https://prometheus.io/docs/alerting/notifications/
## https://prometheus.io/docs/alerting/notification_examples/
tplConfig: false
## Alertmanager template files to format alerts
## By default, templateFiles are placed in /etc/alertmanager/config/ and if
## they have a .tmpl file suffix will be loaded. See config.templates above
## to change, add other suffixes. If adding other suffixes, be sure to update
## config.templates above to include those suffixes.
## ref: https://prometheus.io/docs/alerting/notifications/
## https://prometheus.io/docs/alerting/notification_examples/
##
templateFiles: {}
#
## An example template:
# template_1.tmpl: |-
# {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }}
#
# {{ define "slack.myorg.text" }}
# {{- $root := . -}}
# {{ range .Alerts }}
# *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}`
# *Cluster:* {{ template "cluster" $root }}
# *Description:* {{ .Annotations.description }}
# *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:>
# *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:>
# *Details:*
# {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}`
# {{ end }}
# {{ end }}
# {{ end }}
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
annotations: {}
labels: {}
## Hosts must be provided if Ingress is enabled.
##
hosts: []
# - alertmanager.domain.com
## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix
##
paths: []
# - /
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
# pathType: ImplementationSpecific
## TLS configuration for Alertmanager Ingress
## Secret must be manually created in the namespace
##
tls: []
# - secretName: alertmanager-general-tls
# hosts:
# - alertmanager.example.com
## Configuration for Alertmanager secret
##
secret:
annotations: {}
## Configuration for creating an Ingress that will map to each Alertmanager replica service
## alertmanager.servicePerReplica must be enabled
##
ingressPerReplica:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
annotations: {}
labels: {}
## Final form of the hostname for each per replica ingress is
## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
##
## Prefix for the per replica ingress that will have `-$replicaNumber`
## appended to the end
hostPrefix: ""
## Domain that will be used for the per replica ingress
hostDomain: ""
## Paths to use for ingress rules
##
paths: []
# - /
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
# pathType: ImplementationSpecific
## Secret name containing the TLS certificate for alertmanager per replica ingress
## Secret must be manually created in the namespace
tlsSecretName: ""
## Separated secret for each per replica Ingress. Can be used together with cert-manager
##
tlsSecretPerReplica:
enabled: false
## Final form of the secret for each per replica ingress is
## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
##
prefix: "alertmanager"
## Configuration for Alertmanager service
##
service:
annotations: {}
labels: {}
clusterIP: ""
## Port for Alertmanager Service to listen on
##
port: 9093
## To be used with a proxy extraContainer port
##
targetPort: 9093
## Port to expose on each node
## Only used if service.type is 'NodePort'
##
nodePort: 30903
## List of IP addresses at which the Prometheus server service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
## Additional ports to open for Alertmanager service
additionalPorts: []
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
## Service type
##
type: ClusterIP
## Configuration for creating a separate Service for each statefulset Alertmanager replica
##
servicePerReplica:
enabled: false
annotations: {}
## Port for Alertmanager Service per replica to listen on
##
port: 9093
## To be used with a proxy extraContainer port
targetPort: 9093
## Port to expose on each node
## Only used if servicePerReplica.type is 'NodePort'
##
nodePort: 30904
## Loadbalancer source IP ranges
## Only used if servicePerReplica.type is "LoadBalancer"
loadBalancerSourceRanges: []
## Service type
##
type: ClusterIP
## If true, create a serviceMonitor for alertmanager
##
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
selfMonitor: true
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
scheme: ""
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
tlsConfig: {}
bearerTokenFile:
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Settings affecting alertmanagerSpec
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec
##
alertmanagerSpec:
## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
## Metadata Labels and Annotations gets propagated to the Alertmanager pods.
##
podMetadata: {}
## Image of Alertmanager
##
image:
repository: quay.io/prometheus/alertmanager
tag: v0.22.2
sha: ""
## If true then the user will be responsible to provide a secret with alertmanager configuration
## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used
##
useExistingSecret: false
## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the
## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.
##
secrets: []
## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods.
## The ConfigMaps are mounted into /etc/alertmanager/configmaps/.
##
configMaps: []
## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for
## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config.
##
# configSecret:
## AlertmanagerConfigs to be selected to merge and configure Alertmanager with.
##
alertmanagerConfigSelector: {}
## Example which selects all alertmanagerConfig resources
## with label "alertconfig" with values any of "example-config" or "example-config-2"
# alertmanagerConfigSelector:
# matchExpressions:
# - key: alertconfig
# operator: In
# values:
# - example-config
# - example-config-2
#
## Example which selects all alertmanagerConfig resources with label "role" set to "example-config"
# alertmanagerConfigSelector:
# matchLabels:
# role: example-config
## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.
##
alertmanagerConfigNamespaceSelector: {}
## Example which selects all namespaces
## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2"
# alertmanagerConfigNamespaceSelector:
# matchExpressions:
# - key: alertmanagerconfig
# operator: In
# values:
# - example-namespace
# - example-namespace-2
## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled"
# alertmanagerConfigNamespaceSelector:
# matchLabels:
# alertmanagerconfig: enabled
## Define Log Format
# Use logfmt (default) or json logging
logFormat: logfmt
## Log level for Alertmanager to be configured with.
##
logLevel: info
## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the
## running cluster equal to the expected size.
replicas: 1
## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression
## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours).
##
retention: 120h
## Storage is the definition of how storage will be used by the Alertmanager instances.
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
##
storage: {}
# volumeClaimTemplate:
# spec:
# storageClassName: gluster
# accessModes: ["ReadWriteOnce"]
# resources:
# requests:
# storage: 50Gi
# selector: {}
## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false
##
externalUrl:
## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true,
## but the server serves requests under a different route prefix. For example for use with kubectl proxy.
##
routePrefix: /
## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions.
##
paused: false
## Define which Nodes the Pods are scheduled on.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Define resources requests and limits for single Pods.
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
##
resources: {}
# requests:
# memory: 400Mi
## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
##
podAntiAffinity: ""
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
##
podAntiAffinityTopologyKey: kubernetes.io/hostname
## Assign custom affinity rules to the alertmanager instance
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
## If specified, the pod's tolerations.
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
## If specified, the pod's topology spread constraints.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app: alertmanager
## SecurityContext holds pod-level security attributes and common container settings.
## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP.
## Note this is only for the Alertmanager UI, not the gossip communication.
##
listenLocal: false
## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod.
##
containers: []
# Additional volumes on the output StatefulSet definition.
volumes: []
# Additional VolumeMounts on the output StatefulSet definition.
volumeMounts: []
## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
## (permissions, dir tree) on mounted volumes before starting prometheus
initContainers: []
## Priority class assigned to the Pods
##
priorityClassName: ""
## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.
##
additionalPeers: []
## PortName to use for Alert Manager.
##
portName: "web"
## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918
##
clusterAdvertiseAddress: false
## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.
## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.
forceEnableClusterMode: false
## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml
##
grafana:
enabled: false
namespaceOverride: ""
## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled
##
forceDeployDatasources: false
## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled
##
forceDeployDashboards: false
## Deploy default dashboards.
##
defaultDashboardsEnabled: true
adminPassword: prom-operator
ingress:
## If true, Grafana Ingress will be created
##
enabled: false
## Annotations for Grafana Ingress
##
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
## Labels to be added to the Ingress
##
labels: {}
## Hostnames.
## Must be provided if Ingress is enable.
##
# hosts:
# - grafana.domain.com
hosts: []
## Path for grafana ingress
path: /
## TLS configuration for grafana Ingress
## Secret must be manually created in the namespace
##
tls: []
# - secretName: grafana-general-tls
# hosts:
# - grafana.example.com
sidecar:
dashboards:
enabled: true
label: grafana_dashboard
## Annotations for Grafana dashboard configmaps
##
annotations: {}
multicluster: false
datasources:
enabled: true
defaultDatasourceEnabled: true
## URL of prometheus datasource
##
# url: http://prometheus-stack-prometheus:9090/
# If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default
# defaultDatasourceScrapeInterval: 15s
## Annotations for Grafana datasource configmaps
##
annotations: {}
## Create datasource for each Pod of Prometheus StatefulSet;
## this uses headless service `prometheus-operated` which is
## created by Prometheus Operator
## ref: https://git.io/fjaBS
createPrometheusReplicasDatasources: false
label: grafana_datasource
extraConfigmapMounts: []
# - name: certs-configmap
# mountPath: /etc/grafana/ssl/
# configMap: certs-configmap
# readOnly: true
## Configure additional grafana datasources (passed through tpl)
## ref: http://docs.grafana.org/administration/provisioning/#datasources
additionalDataSources: []
# - name: prometheus-sample
# access: proxy
# basicAuth: true
# basicAuthPassword: pass
# basicAuthUser: daco
# editable: false
# jsonData:
# tlsSkipVerify: true
# orgId: 1
# type: prometheus
# url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090
# version: 1
## Passed to grafana subchart and used by servicemonitor below
##
service:
portName: service
## If true, create a serviceMonitor for grafana
##
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
selfMonitor: true
# Path to use for scraping metrics. Might be different if server.root_url is set
# in grafana.ini
path: "/metrics"
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Component scraping the kube api server
##
kubeApiServer:
enabled: false
tlsConfig:
serverName: kubernetes
insecureSkipVerify: false
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
jobLabel: component
selector:
matchLabels:
component: apiserver
provider: kubernetes
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
relabelings: []
# - sourceLabels:
# - __meta_kubernetes_namespace
# - __meta_kubernetes_service_name
# - __meta_kubernetes_endpoint_port_name
# action: keep
# regex: default;kubernetes;https
# - targetLabel: __address__
# replacement: kubernetes.default.svc:443
## Component scraping the kubelet and kubelet-hosted cAdvisor
##
kubelet:
enabled: false
namespace: kube-system
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## Enable scraping the kubelet over https. For requirements to enable this see
## https://github.com/prometheus-operator/prometheus-operator/issues/926
##
https: true
## Enable scraping /metrics/cadvisor from kubelet's service
##
cAdvisor: true
## Enable scraping /metrics/probes from kubelet's service
##
probes: true
## Enable scraping /metrics/resource from kubelet's service
## This is disabled by default because container metrics are already exposed by cAdvisor
##
resource: false
# From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource
resourcePath: "/metrics/resource/v1alpha1"
## Metric relabellings to apply to samples before ingestion
##
cAdvisorMetricRelabelings: []
# - sourceLabels: [__name__, image]
# separator: ;
# regex: container_([a-z_]+);
# replacement: $1
# action: drop
# - sourceLabels: [__name__]
# separator: ;
# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
# replacement: $1
# action: drop
## Metric relabellings to apply to samples before ingestion
##
probesMetricRelabelings: []
# - sourceLabels: [__name__, image]
# separator: ;
# regex: container_([a-z_]+);
# replacement: $1
# action: drop
# - sourceLabels: [__name__]
# separator: ;
# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
# replacement: $1
# action: drop
# relabel configs to apply to samples before ingestion.
# metrics_path is required to match upstream rules and charts
##
cAdvisorRelabelings:
- sourceLabels: [__metrics_path__]
targetLabel: metrics_path
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
probesRelabelings:
- sourceLabels: [__metrics_path__]
targetLabel: metrics_path
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
resourceRelabelings:
- sourceLabels: [__metrics_path__]
targetLabel: metrics_path
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
metricRelabelings: []
# - sourceLabels: [__name__, image]
# separator: ;
# regex: container_([a-z_]+);
# replacement: $1
# action: drop
# - sourceLabels: [__name__]
# separator: ;
# regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
# replacement: $1
# action: drop
# relabel configs to apply to samples before ingestion.
# metrics_path is required to match upstream rules and charts
##
relabelings:
- sourceLabels: [__metrics_path__]
targetLabel: metrics_path
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Component scraping the kube controller manager
##
kubeControllerManager:
enabled: false
## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
##
endpoints: []
## If using kubeControllerManager.endpoints only the port and targetPort are used
##
service:
enabled: true
port: 10252
targetPort: 10252
# selector:
# component: kube-controller-manager
serviceMonitor:
enabled: true
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## Enable scraping kube-controller-manager over https.
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
##
https: false
# Skip TLS certificate validation when scraping
insecureSkipVerify: null
# Name of the server to use when validating TLS certificate
serverName: null
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Component scraping coreDns. Use either this or kubeDns
##
coreDns:
enabled: false
service:
port: 9153
targetPort: 9153
# selector:
# k8s-app: kube-dns
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Component scraping kubeDns. Use either this or coreDns
##
kubeDns:
enabled: false
service:
dnsmasq:
port: 10054
targetPort: 10054
skydns:
port: 10055
targetPort: 10055
# selector:
# k8s-app: kube-dns
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
dnsmasqMetricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
dnsmasqRelabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Component scraping etcd
##
kubeEtcd:
enabled: false
## If your etcd is not deployed as a pod, specify IPs it can be found on
##
endpoints: []
## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used
##
service:
enabled: true
port: 2379
targetPort: 2379
# selector:
# component: etcd
## Configure secure access to the etcd cluster by loading a secret into prometheus and
## specifying security configuration below. For example, with a secret named etcd-client-cert
##
## serviceMonitor:
## scheme: https
## insecureSkipVerify: false
## serverName: localhost
## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client
## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
##
serviceMonitor:
enabled: true
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
scheme: http
insecureSkipVerify: false
serverName: ""
caFile: ""
certFile: ""
keyFile: ""
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Component scraping kube scheduler
##
kubeScheduler:
enabled: false
## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
##
endpoints: []
## If using kubeScheduler.endpoints only the port and targetPort are used
##
service:
enabled: true
port: 10251
targetPort: 10251
# selector:
# component: kube-scheduler
serviceMonitor:
enabled: true
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## Enable scraping kube-scheduler over https.
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
##
https: false
## Skip TLS certificate validation when scraping
insecureSkipVerify: null
## Name of the server to use when validating TLS certificate
serverName: null
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Component scraping kube proxy
##
kubeProxy:
enabled: false
## If your kube proxy is not deployed as a pod, specify IPs it can be found on
##
endpoints: []
service:
enabled: false
port: 10249
targetPort: 10249
# selector:
# k8s-app: kube-proxy
serviceMonitor:
enabled: false
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## Enable scraping kube-proxy over https.
## Requires proper certs (not self-signed) and delegated authentication/authorization checks
##
https: false
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
## Component scraping kube state metrics
##
kubeStateMetrics:
enabled: false
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## Override serviceMonitor selector
##
selectorOverride: {}
## Override namespace selector
##
namespaceOverride: ""
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
# Enable self metrics configuration for Service Monitor
selfMonitor:
enabled: false
## Configuration for kube-state-metrics subchart
##
kube-state-metrics:
namespaceOverride: ""
rbac:
create: false
podSecurityPolicy:
enabled: false
## Deploy node exporter as a daemonset to all nodes
##
nodeExporter:
enabled: false
## Use the value configured in prometheus-node-exporter.podLabels
##
jobLabel: jobLabel
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## proxyUrl: URL of a proxy that should be used for scraping.
##
proxyUrl: ""
## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used.
##
scrapeTimeout: ""
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - sourceLabels: [__name__]
# separator: ;
# regex: ^node_mountstats_nfs_(event|operations|transport)_.+
# replacement: $1
# action: drop
## relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Configuration for prometheus-node-exporter subchart
##
prometheus-node-exporter:
namespaceOverride: ""
podLabels:
## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards
##
jobLabel: node-exporter
extraArgs:
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
- --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
## Manages Prometheus and Alertmanager components
##
prometheusOperator:
enabled: true
## Prometheus-Operator v0.39.0 and later support TLS natively.
##
tls:
enabled: true
# Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
tlsMinVersion: VersionTLS13
# The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules.
internalPort: 10250
## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
## rules from making their way into prometheus and potentially preventing the container from starting
admissionWebhooks:
failurePolicy: Fail
enabled: true
## A PEM encoded CA bundle which will be used to validate the webhook's server certificate.
## If unspecified, system trust roots on the apiserver are used.
caBundle: ""
## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data.
## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own
## certs ahead of time if you wish.
##
patch:
enabled: true
image:
repository: jettech/kube-webhook-certgen
tag: v1.5.2
sha: ""
pullPolicy: IfNotPresent
resources: {}
## Provide a priority class name to the webhook patching job
##
priorityClassName: ""
podAnnotations: {}
nodeSelector: {}
affinity: {}
tolerations: []
## SecurityContext holds pod-level security attributes and common container settings.
## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
# Use certmanager to generate webhook certs
certManager:
enabled: false
# issuerRef:
# name: "issuer"
# kind: "ClusterIssuer"
## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list).
## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration
##
namespaces: {}
# releaseNamespace: true
# additional:
# - kube-system
## Namespaces not to scope the interaction of the Prometheus Operator (deny list).
##
denyNamespaces: []
## Filter namespaces to look for prometheus-operator custom resources
##
alertmanagerInstanceNamespaces: []
prometheusInstanceNamespaces: []
thanosRulerInstanceNamespaces: []
## The clusterDomain value will be added to the cluster.peer option of the alertmanager.
## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value)
## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094
##
# clusterDomain: "cluster.local"
## Service account for Alertmanager to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
create: true
name: ""
## Configuration for Prometheus operator service
##
service:
annotations: {}
labels: {}
clusterIP: ""
## Port to expose on each node
## Only used if service.type is 'NodePort'
##
nodePort: 30080
nodePortTls: 30443
## Additional ports to open for Prometheus service
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services
##
additionalPorts: []
## Loadbalancer IP
## Only use if service.type is "LoadBalancer"
##
loadBalancerIP: ""
loadBalancerSourceRanges: []
## Service type
## NodePort, ClusterIP, LoadBalancer
##
type: ClusterIP
## List of IP addresses at which the Prometheus server service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
## Labels to add to the operator pod
##
podLabels: {}
## Annotations to add to the operator pod
##
podAnnotations: {}
## Assign a PriorityClassName to pods if set
# priorityClassName: ""
## Define Log Format
# Use logfmt (default) or json logging
# logFormat: logfmt
## Decrease log verbosity to errors only
# logLevel: error
## If true, the operator will create and maintain a service for scraping kubelets
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/helm/prometheus-operator/README.md
##
kubeletService:
enabled: true
namespace: kube-system
## Create a servicemonitor for the operator
##
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
## Scrape timeout. If not set, the Prometheus default scrape timeout is used.
scrapeTimeout: ""
selfMonitor: true
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Resource limits & requests
##
resources: {}
# limits:
# cpu: 200m
# memory: 200Mi
# requests:
# cpu: 100m
# memory: 100Mi
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
##
hostNetwork: false
## Define which Nodes the Pods are scheduled on.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for use with node taints
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
## Assign custom affinity rules to the prometheus operator
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
dnsConfig: {}
# nameservers:
# - 1.2.3.4
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
securityContext:
fsGroup: 65534
runAsGroup: 65534
runAsNonRoot: true
runAsUser: 65534
## Prometheus-operator image
##
image:
repository: quay.io/prometheus-operator/prometheus-operator
tag: v0.49.0
sha: ""
pullPolicy: IfNotPresent
## Prometheus image to use for prometheuses managed by the operator
##
# prometheusDefaultBaseImage: quay.io/prometheus/prometheus
## Alertmanager image to use for alertmanagers managed by the operator
##
# alertmanagerDefaultBaseImage: quay.io/prometheus/alertmanager
## Prometheus-config-reloader image to use for config and rule reloading
##
prometheusConfigReloaderImage:
repository: quay.io/prometheus-operator/prometheus-config-reloader
tag: v0.49.0
sha: ""
## Set the prometheus config reloader side-car CPU limit
##
configReloaderCpu: 100m
## Set the prometheus config reloader side-car memory limit
##
configReloaderMemory: 50Mi
## Thanos side-car image when configured
##
thanosImage:
repository: quay.io/thanos/thanos
tag: v0.17.2
sha: ""
## Set a Field Selector to filter watched secrets
##
secretFieldSelector: ""
## Deploy a Prometheus instance
##
prometheus:
enabled: true
## Annotations for Prometheus
##
annotations: {}
## Service account for Prometheuses to use.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
create: true
name: ""
annotations: {}
# Service for thanos service discovery on sidecar
# Enable this can make Thanos Query can use
# `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery
# Thanos sidecar on prometheus nodes
# (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!)
thanosService:
enabled: false
annotations: {}
labels: {}
portName: grpc
port: 10901
targetPort: "grpc"
clusterIP: "None"
## Service type
##
type: ClusterIP
## Port to expose on each node
##
nodePort: 30901
# Service for external access to sidecar
# Enabling this creates a service to expose thanos-sidecar outside the cluster.
thanosServiceExternal:
enabled: false
annotations: {}
labels: {}
portName: grpc
port: 10901
targetPort: "grpc"
loadBalancerIP: ""
loadBalancerSourceRanges: []
## Service type
##
type: LoadBalancer
## Port to expose on each node
##
nodePort: 30901
## Configuration for Prometheus service
##
service:
annotations: {}
labels: {}
clusterIP: ""
## Port for Prometheus Service to listen on
##
port: 9090
## To be used with a proxy extraContainer port
targetPort: 9090
## List of IP addresses at which the Prometheus server service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
## Port to expose on each node
## Only used if service.type is 'NodePort'
##
nodePort: 30090
## Loadbalancer IP
## Only use if service.type is "LoadBalancer"
loadBalancerIP: ""
loadBalancerSourceRanges: []
## Service type
##
type: ClusterIP
sessionAffinity: ""
## Configuration for creating a separate Service for each statefulset Prometheus replica
##
servicePerReplica:
enabled: false
annotations: {}
## Port for Prometheus Service per replica to listen on
##
port: 9090
## To be used with a proxy extraContainer port
targetPort: 9090
## Port to expose on each node
## Only used if servicePerReplica.type is 'NodePort'
##
nodePort: 30091
## Loadbalancer source IP ranges
## Only used if servicePerReplica.type is "LoadBalancer"
loadBalancerSourceRanges: []
## Service type
##
type: ClusterIP
## Configure pod disruption budgets for Prometheus
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
## This configuration is immutable once created and will require the PDB to be deleted to be changed
## https://github.com/kubernetes/kubernetes/issues/45398
##
podDisruptionBudget:
enabled: false
minAvailable: 1
maxUnavailable: ""
# Ingress exposes thanos sidecar outside the cluster
thanosIngress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
annotations: {}
labels: {}
servicePort: 10901
## Port to expose on each node
## Only used if service.type is 'NodePort'
##
nodePort: 30901
## Hosts must be provided if Ingress is enabled.
##
hosts: []
# - thanos-gateway.domain.com
## Paths to use for ingress rules
##
paths: []
# - /
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
# pathType: ImplementationSpecific
## TLS configuration for Thanos Ingress
## Secret must be manually created in the namespace
##
tls: []
# - secretName: thanos-gateway-tls
# hosts:
# - thanos-gateway.domain.com
ingress:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
annotations: {}
labels: {}
## Hostnames.
## Must be provided if Ingress is enabled.
##
# hosts:
# - prometheus.domain.com
hosts: []
## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix
##
paths: []
# - /
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
# pathType: ImplementationSpecific
## TLS configuration for Prometheus Ingress
## Secret must be manually created in the namespace
##
tls: []
# - secretName: prometheus-general-tls
# hosts:
# - prometheus.example.com
## Configuration for creating an Ingress that will map to each Prometheus replica service
## prometheus.servicePerReplica must be enabled
##
ingressPerReplica:
enabled: false
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
# ingressClassName: nginx
annotations: {}
labels: {}
## Final form of the hostname for each per replica ingress is
## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }}
##
## Prefix for the per replica ingress that will have `-$replicaNumber`
## appended to the end
hostPrefix: ""
## Domain that will be used for the per replica ingress
hostDomain: ""
## Paths to use for ingress rules
##
paths: []
# - /
## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched)
## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types
# pathType: ImplementationSpecific
## Secret name containing the TLS certificate for Prometheus per replica ingress
## Secret must be manually created in the namespace
tlsSecretName: ""
## Separated secret for each per replica Ingress. Can be used together with cert-manager
##
tlsSecretPerReplica:
enabled: false
## Final form of the secret for each per replica ingress is
## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }}
##
prefix: "prometheus"
## Configure additional options for default pod security policy for Prometheus
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy:
allowedCapabilities: []
allowedHostPaths: []
volumes: []
serviceMonitor:
## Scrape interval. If not set, the Prometheus default scrape interval is used.
##
interval: ""
selfMonitor: true
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
scheme: ""
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
tlsConfig: {}
bearerTokenFile:
## metric relabel configs to apply to samples before ingestion.
##
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
# relabel configs to apply to samples before ingestion.
##
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
## Settings affecting prometheusSpec
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
##
prometheusSpec:
## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos
##
disableCompaction: false
## APIServerConfig
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#apiserverconfig
##
apiserverConfig: {}
## Interval between consecutive scrapes.
## Defaults to 30s.
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183
##
scrapeInterval: ""
## Number of seconds to wait for target to respond before erroring
##
scrapeTimeout: ""
## Interval between consecutive evaluations.
##
evaluationInterval: ""
## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.
##
listenLocal: false
## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series.
## This is disabled by default.
## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis
##
enableAdminAPI: false
# EnableFeatures API enables access to Prometheus disabled features.
# ref: https://prometheus.io/docs/prometheus/latest/disabled_features/
enableFeatures: []
# - exemplar-storage
## Image of Prometheus.
##
image:
repository: quay.io/prometheus/prometheus
tag: v2.28.1
sha: ""
## Tolerations for use with node taints
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
# - key: "key"
# operator: "Equal"
# value: "value"
# effect: "NoSchedule"
## If specified, the pod's topology spread constraints.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app: prometheus
## Alertmanagers to which alerts will be sent
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints
##
## Default configuration will connect to the alertmanager deployed as part of this release
##
alertingEndpoints: []
# - name: ""
# namespace: ""
# port: http
# scheme: http
# pathPrefix: ""
# tlsConfig: {}
# bearerTokenFile: ""
# apiVersion: v2
## External labels to add to any time series or alerts when communicating with external systems
##
externalLabels: {}
## Name of the external label used to denote replica name
##
replicaExternalLabelName: ""
## If true, the Operator won't add the external label used to denote replica name
##
replicaExternalLabelNameClear: false
## Name of the external label used to denote Prometheus instance name
##
prometheusExternalLabelName: ""
## If true, the Operator won't add the external label used to denote Prometheus instance name
##
prometheusExternalLabelNameClear: false
## External URL at which Prometheus will be reachable.
##
externalUrl: ""
## Define which Nodes the Pods are scheduled on.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not
## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated
## with the new list of secrets.
##
secrets: []
## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods.
## The ConfigMaps are mounted into /etc/prometheus/configmaps/.
##
configMaps: []
## QuerySpec defines the query command line flags when starting Prometheus.
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec
##
query: {}
## Namespaces to be selected for PrometheusRules discovery.
## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery.
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
##
ruleNamespaceSelector: {}
## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the PrometheusRule resources created
##
ruleSelectorNilUsesHelmValues: true
## PrometheusRules to be selected for target discovery.
## If {}, select all PrometheusRules
##
ruleSelector: {}
## Example which select all PrometheusRules resources
## with label "prometheus" with values any of "example-rules" or "example-rules-2"
# ruleSelector:
# matchExpressions:
# - key: prometheus
# operator: In
# values:
# - example-rules
# - example-rules-2
#
## Example which select all PrometheusRules resources with label "role" set to "example-rules"
# ruleSelector:
# matchLabels:
# role: example-rules
## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the servicemonitors created
##
serviceMonitorSelectorNilUsesHelmValues: false
## ServiceMonitors to be selected for target discovery.
## If {}, select all ServiceMonitors
##
serviceMonitorSelector: {}
## Example which selects ServiceMonitors with label "prometheus" set to "somelabel"
# serviceMonitorSelector:
# matchLabels:
# prometheus: somelabel
## Namespaces to be selected for ServiceMonitor discovery.
##
serviceMonitorNamespaceSelector: {}
## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel"
# serviceMonitorNamespaceSelector:
# matchLabels:
# prometheus: somelabel
## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the podmonitors created
##
podMonitorSelectorNilUsesHelmValues: true
## PodMonitors to be selected for target discovery.
## If {}, select all PodMonitors
##
podMonitorSelector: {}
## Example which selects PodMonitors with label "prometheus" set to "somelabel"
# podMonitorSelector:
# matchLabels:
# prometheus: somelabel
## Namespaces to be selected for PodMonitor discovery.
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
##
podMonitorNamespaceSelector: {}
## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the probes created
##
probeSelectorNilUsesHelmValues: true
## Probes to be selected for target discovery.
## If {}, select all Probes
##
probeSelector: {}
## Example which selects Probes with label "prometheus" set to "somelabel"
# probeSelector:
# matchLabels:
# prometheus: somelabel
## Namespaces to be selected for Probe discovery.
## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage
##
probeNamespaceSelector: {}
## How long to retain metrics
##
retention: 10d
## Maximum size of metrics
##
retentionSize: ""
## Enable compression of the write-ahead log using Snappy.
##
walCompression: false
## If true, the Operator won't process any Prometheus configuration changes
##
paused: false
## Number of replicas of each shard to deploy for a Prometheus deployment.
## Number of replicas multiplied by shards is the total number of Pods created.
##
replicas: 1
## EXPERIMENTAL: Number of shards to distribute targets onto.
## Number of replicas multiplied by shards is the total number of Pods created.
## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved.
## Increasing shards will not reshard data either but it will continue to be available from the same instances.
## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location.
## Sharding is done on the content of the `__address__` target meta-label.
##
shards: 1
## Log level for Prometheus be configured in
##
logLevel: info
## Log format for Prometheus be configured in
##
logFormat: logfmt
## Prefix used to register routes, overriding externalUrl route.
## Useful for proxies that rewrite URLs.
##
routePrefix: /
## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
## Metadata Labels and Annotations gets propagated to the prometheus pods.
##
podMetadata: {}
# labels:
# app: prometheus
# k8s-app: prometheus
## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node.
## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured.
podAntiAffinity: ""
## If anti-affinity is enabled sets the topologyKey to use for anti-affinity.
## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone
##
podAntiAffinityTopologyKey: kubernetes.io/hostname
## Assign custom affinity rules to the prometheus instance
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
##
affinity: {}
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
## The remote_read spec configuration for Prometheus.
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
remoteRead: []
# - url: http://remote1/read
## additionalRemoteRead is appended to remoteRead
additionalRemoteRead: []
## The remote_write spec configuration for Prometheus.
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
remoteWrite: []
# - url: http://remote1/push
## additionalRemoteWrite is appended to remoteWrite
additionalRemoteWrite: []
## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature
remoteWriteDashboards: false
## Resource limits & requests
##
resources: {}
# requests:
# memory: 400Mi
## Prometheus StorageSpec for persistent data
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
##
storageSpec: {}
## Using PersistentVolumeClaim
##
# volumeClaimTemplate:
# spec:
# storageClassName: gluster
# accessModes: ["ReadWriteOnce"]
# resources:
# requests:
# storage: 50Gi
# selector: {}
## Using tmpfs volume
##
# emptyDir:
# medium: Memory
# Additional volumes on the output StatefulSet definition.
volumes: []
# Additional VolumeMounts on the output StatefulSet definition.
volumeMounts: []
## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations
## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form
## as specified in the official Prometheus documentation:
## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are
## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility
## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible
## scrape configs are going to break Prometheus after the upgrade.
##
## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the
## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes
##
additionalScrapeConfigs: []
# - job_name: kube-etcd
# kubernetes_sd_configs:
# - role: node
# scheme: https
# tls_config:
# ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca
# cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client
# key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key
# relabel_configs:
# - action: labelmap
# regex: __meta_kubernetes_node_label_(.+)
# - source_labels: [__address__]
# action: replace
# targetLabel: __address__
# regex: ([^:;]+):(\d+)
# replacement: ${1}:2379
# - source_labels: [__meta_kubernetes_node_name]
# action: keep
# regex: .*mst.*
# - source_labels: [__meta_kubernetes_node_name]
# action: replace
# targetLabel: node
# regex: (.*)
# replacement: ${1}
# metric_relabel_configs:
# - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)
# action: labeldrop
## If additional scrape configurations are already deployed in a single secret file you can use this section.
## Expected values are the secret name and key
## Cannot be used with additionalScrapeConfigs
additionalScrapeConfigsSecret: {}
# enabled: false
# name:
# key:
## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful
## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false'
additionalPrometheusSecretsAnnotations: {}
## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified
## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#.
## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator.
## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this
## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release
## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.
##
additionalAlertManagerConfigs: []
# - consul_sd_configs:
# - server: consul.dev.test:8500
# scheme: http
# datacenter: dev
# tag_separator: ','
# services:
# - metrics-prometheus-alertmanager
## If additional alertmanager configurations are already deployed in a single secret, or you want to manage
## them separately from the helm deployment, you can use this section.
## Expected values are the secret name and key
## Cannot be used with additionalAlertManagerConfigs
additionalAlertManagerConfigsSecret: {}
# name:
# key:
## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended
## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the
## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs.
## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the
## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel
## configs are going to break Prometheus after the upgrade.
##
additionalAlertRelabelConfigs: []
# - separator: ;
# regex: prometheus_replica
# replacement: $1
# action: labeldrop
## SecurityContext holds pod-level security attributes and common container settings.
## This defaults to non root user with uid 1000 and gid 2000.
## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md
##
securityContext:
runAsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
## Priority class assigned to the Pods
##
priorityClassName: ""
## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment.
## This section is experimental, it may change significantly without deprecation notice in any release.
## This is experimental and may change significantly without backward compatibility in any release.
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#thanosspec
##
thanos: {}
## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.
## if using proxy extraContainer update targetPort with proxy container port
containers: []
## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
## (permissions, dir tree) on mounted volumes before starting prometheus
initContainers: []
## PortName to use for Prometheus.
##
portName: "web"
## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files
## on the file system of the Prometheus container e.g. bearer token files.
arbitraryFSAccessThroughSMs: false
## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor
## or PodMonitor to true, this overrides honor_labels to false.
overrideHonorLabels: false
## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs.
overrideHonorTimestamps: false
## IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor
## configs, and they will only discover endpoints within their current namespace. Defaults to false.
ignoreNamespaceSelectors: false
## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created.
## The label value will always be the namespace of the object that is being created.
## Disabled by default
enforcedNamespaceLabel: ""
## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels.
## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair
prometheusRulesExcludedFromEnforce: []
## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable,
## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such
## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions
## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/)
queryLogFile: false
## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit
## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall
## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.
enforcedSampleLimit: false
## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental
## in Prometheus so it may change in any upcoming release.
allowOverlappingBlocks: false
additionalRulesForClusterRole: []
# - apiGroups: [ "" ]
# resources:
# - nodes/proxy
# verbs: [ "get", "list", "watch" ]
additionalServiceMonitors: []
## Name of the ServiceMonitor to create
##
# - name: ""
## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from
## the chart
##
# additionalLabels: {}
## Service label for use in assembling a job name of the form -
## If no label is specified, the service name is used.
##
# jobLabel: ""
## labels to transfer from the kubernetes service to the target
##
# targetLabels: []
## labels to transfer from the kubernetes pods to the target
##
# podTargetLabels: []
## Label selector for services to which this ServiceMonitor applies
##
# selector: {}
## Namespaces from which services are selected
##
# namespaceSelector:
## Match any namespace
##
# any: false
## Explicit list of namespace names to select
##
# matchNames: []
## Endpoints of the selected service to be monitored
##
# endpoints: []
## Name of the endpoint's service port
## Mutually exclusive with targetPort
# - port: ""
## Name or number of the endpoint's target port
## Mutually exclusive with port
# - targetPort: ""
## File containing bearer token to be used when scraping targets
##
# bearerTokenFile: ""
## Interval at which metrics should be scraped
##
# interval: 30s
## HTTP path to scrape for metrics
##
# path: /metrics
## HTTP scheme to use for scraping
##
# scheme: http
## TLS configuration to use when scraping the endpoint
##
# tlsConfig:
## Path to the CA file
##
# caFile: ""
## Path to client certificate file
##
# certFile: ""
## Skip certificate verification
##
# insecureSkipVerify: false
## Path to client key file
##
# keyFile: ""
## Server name used to verify host name
##
# serverName: ""
additionalPodMonitors: []
## Name of the PodMonitor to create
##
# - name: ""
## Additional labels to set used for the PodMonitorSelector. Together with standard labels from
## the chart
##
# additionalLabels: {}
## Pod label for use in assembling a job name of the form -
## If no label is specified, the pod endpoint name is used.
##
# jobLabel: ""
## Label selector for pods to which this PodMonitor applies
##
# selector: {}
## PodTargetLabels transfers labels on the Kubernetes Pod onto the target.
##
# podTargetLabels: {}
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
##
# sampleLimit: 0
## Namespaces from which pods are selected
##
# namespaceSelector:
## Match any namespace
##
# any: false
## Explicit list of namespace names to select
##
# matchNames: []
## Endpoints of the selected pods to be monitored
## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint
##
# podMetricsEndpoints: []
================================================
FILE: charts/charts/tapp/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: charts/charts/tapp/Chart.yaml
================================================
apiVersion: v2
name: tapp
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
================================================
FILE: charts/charts/tapp/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "tapp.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "tapp.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "tapp.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "tapp.labels" -}}
helm.sh/chart: {{ include "tapp.chart" . }}
{{ include "tapp.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "tapp.selectorLabels" -}}
app.kubernetes.io/name: {{ include "tapp.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "tapp.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "tapp.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/tapp/templates/configmap.yaml
================================================
apiVersion: v1
data:
ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIIXKC0USDrkqAwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UE
BhMCQ04xLTARBgNVBAoTCnRlbmNlbnR5dW4wGAYDVQQKExFjbG91ZC50ZW5jZW50
LmNvbTEoMCYGA1UEAxMfdGFwcC1jb250cm9sbGVyLmt1YmUtc3lzdGVtLnN2YzAe
Fw0yMTExMDgxNTE0NTVaFw00MTExMDgxNTE0NTVaMGYxCzAJBgNVBAYTAkNOMS0w
EQYDVQQKEwp0ZW5jZW50eXVuMBgGA1UEChMRY2xvdWQudGVuY2VudC5jb20xKDAm
BgNVBAMTH3RhcHAtY29udHJvbGxlci5rdWJlLXN5c3RlbS5zdmMwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAjK4kj9CvGtrVkrm5kyqUyPYG/1aYoV77
PKug8EfZqQjlEAWsxdMltTigLk1Q5D1Ta/A6uc9mERMYjBRHTfvXfkWu6wQeISsy
3BT7O3DeG00DYsiZ63CckTtq+LgFrbN/ARB496nuwKCog2CesXmFMf+pBgihYYMH
iodKjRi2bxa5/+KZilX4ghuMgR7tGBv+Q0GzTYCA1zVS09xaQzGe37wkrk3AJF8N
KkTWbHsr57q7j9/0gMqdMtMFkJSiNLV9HrfZDOacDrYAuGuPi3VkQi9eKsCkI/AV
b88wL1i3Yi8MRbETc5+PbK6/2wJZoIquU+cYGfrKYA3OdPkzum9TAgMBAAGjYTBf
MA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWpTX6J/rjMHNfkdOhIvcPlSXFoEw
DQYJKoZIhvcNAQELBQADggEBALFwMm94ncjIWAQ47qiwvAY9Z9cLeVhbMqndJGIV
fcOddl382NWjDOCTAv4a107SFAZHCjo46zAgG5znAF3InnWkUVn6vi1aHklokOHW
vnF/aN0s9LwHyy4N3hXh1NHTJwB5HUfKKJke+Kf2Kiif5lD6tDuOQ1C14CslD6if
rBNBF730SoqyuEEaVXfDFQFc/DVFLbXXElEypUrJHhrjs1zKPFzoHiDs/Jz1X5jt
qYPF3WB8juPLBYWN9y4cPRmBIIZNSwKGFUJnT6mHv5XY+olZQq8MgS6lh3WQIu/Z
CUjiy0Y+vpeN58ri2WqbTicEP7ExEFWZedK5Qq4iYlXC+L0=
-----END CERTIFICATE-----
server.crt: |
-----BEGIN CERTIFICATE-----
MIIDuTCCAqGgAwIBAgIIH9lNVRc2YsAwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UE
BhMCQ04xLTARBgNVBAoTCnRlbmNlbnR5dW4wGAYDVQQKExFjbG91ZC50ZW5jZW50
LmNvbTEoMCYGA1UEAxMfdGFwcC1jb250cm9sbGVyLmt1YmUtc3lzdGVtLnN2YzAe
Fw0yMTExMDgxNTE0NTVaFw00MTExMDgxNTE0NTVaMGYxCzAJBgNVBAYTAkNOMS0w
EQYDVQQKEwp0ZW5jZW50eXVuMBgGA1UEChMRY2xvdWQudGVuY2VudC5jb20xKDAm
BgNVBAMTH3RhcHAtY29udHJvbGxlci5rdWJlLXN5c3RlbS5zdmMwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbl84mM1nv2zx8gtyKohEsEWLTjNFCgLwp
z7NzKAMdbWAVKlBPIernJ5qH+t8Z6iOFB/43IyuHFdNzYFACpuolShlnN9sZ0W9W
q47uvfJd/gpsBpxoYORo5uT7un9DGO3Rq9TBPnDtoE4GR1iMZqeGEMWh671nozjV
uGg/nV0LRCDijcBIdyhNSIhQDaPqTr+6UQB7uFi7OEN+V9T2/r1VSZMOUY4C6Q3Y
r0ijbRWeYiZeIlFdu3486YZ0M3SsJ4JMvHap5aeHTATyZBisyV4rqog3nqhq1Zcc
t3bk7dBMa5ADOsoI6g4ThtjsXe0asjYWL7cAdLywRxogOxz1ib91AgMBAAGjazBp
MA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
DAYDVR0TAQH/BAIwADAqBgNVHREEIzAhgh90YXBwLWNvbnRyb2xsZXIua3ViZS1z
eXN0ZW0uc3ZjMA0GCSqGSIb3DQEBCwUAA4IBAQBmr52hjKdNsgoUDvANZOc0y2z7
45i+4PD5YA9IlfeJKdUqo7dTKIYVSWaLqixaUc+dK/Uw+3tKvGIKMtYFn8pVHlau
Abfr2IBhH/w+YhfET/G166lsIR5cN185gjavbxb0oZSE8yFJZH1SRTEoI0twxjbF
fOSYJdoioJqnFFewAWrfUsRRTIH6FAZK5s+rhJ8xhMYz3+KW1EbrGPT4eDeUwgnw
vSmc9uM0lhgXY16L77TwPiuOhl7s+aU1vQHVBrMeY5BzwHddCfvKPq32jXojiAhA
ZPR8fKWYMEisIA4z6IfMVxc44Yxxwm/qN7TPR64mwcw61WAS0427jzG0/12i
-----END CERTIFICATE-----
server.key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA25fOJjNZ79s8fILciqIRLBFi04zRQoC8Kc+zcygDHW1gFSpQ
TyHq5yeah/rfGeojhQf+NyMrhxXTc2BQAqbqJUoZZzfbGdFvVquO7r3yXf4KbAac
aGDkaObk+7p/Qxjt0avUwT5w7aBOBkdYjGanhhDFoeu9Z6M41bhoP51dC0Qg4o3A
SHcoTUiIUA2j6k6/ulEAe7hYuzhDflfU9v69VUmTDlGOAukN2K9Io20VnmImXiJR
Xbt+POmGdDN0rCeCTLx2qeWnh0wE8mQYrMleK6qIN56oatWXHLd25O3QTGuQAzrK
COoOE4bY7F3tGrI2Fi+3AHS8sEcaIDsc9Ym/dQIDAQABAoIBAEuzpLTUpR+kI9EE
yATe5C6d+8TUWdukR7neSY3ccF53s1T4lmEBX1q683IHUVw8tGwLGl9lt37FTnUK
8epIIpYiWmmT/uuCoPBvCkJRpzkx9+PPz6HILVXgq3YAkBjQgkPzCdBot0OkLOHL
PMKCLSRxqcAtZclRoqlC/mVX2ZilC3MbKHZSglmoTkXxM+ARJqJHc/vANFFlZDNJ
wGqSPYvCTTediTPewMG6csxt3SUrD7KlBBVNKVe8NEbXvbMAdViSu2AbJr8UVxt2
5wmlQrgnJ0MCojQo6uiB4gUSVhw1eaZ+LghOl7Dm8pzV1TpLz85lAiJHrT9Yr+eH
tmhleMECgYEA8d4x0lTImYj6CGiloFymY6hFutBo8SSBrXxfyAbnsqvJlDRqgdtA
f40i6kEjNR9/KMuxe+9tkH/rtyEd+NpYw+zKTjn++mm4/YWRHc5amKPMKs/sn/Yj
iVOCIOFdOauzDb7kzQxr7ArSl62SjQxqZxyPSNmFjX8BBGzc37gJ9DECgYEA6Gxt
SxwFNYikTF40srcg7J1M4vxV603byj85fXY34JzsowmY5mgtZIj+YtDTZOLSwToN
IsW1YluEN6Xj55dQwyUO4epH1zri8awBX93fxV4PEmdYagdoPkn21wGChk4Zpo9w
dnLQjeM8ne9TUrqoXqBf/DdX+m9yiIDZCIntgoUCgYB9LhG9GVJlXGaD+Z1XPPyE
8a99O6ZEwC85mfh8r041xAFlaieBo/dizKo4cZQGR5HpjFsEmOus8PgPZN19UYzF
goVGLXARLKyo0ftEYOu0unnN4qVGOP81cPoViG5Wjc3zHEyQ74/fr85E4HnL9JQR
X8+s1Z/wlr3xC2LZiwfj0QKBgD+RCAM20qXljSnlyfvm4fZUvyaFZOpKDQavbAXI
Q1gHEyE0CsFZVLDeVtSn0GkTMBjwy47rC8SuyuZ9VGuOkuQMSpm2/Zb73/3A0U9q
2zybkPuzkBbPl88RY5VCMHSS/6jyKgv7Mtbbg0Seo+dIbawTqKzOZh10RZrXwoP3
VSIRAoGAIVXkFnJXxhYOgVY5+3WbeREfh0uWyVD76Rksk+pTmpHMWZFu/UVafazi
eH/5ziBAhidJ00g8MC5SubbiRYWvjLlk2tUa5t/Ni0DrwG9yuxJ9GpB1I9MSljlf
aQ0pkqMK2yWHJUoz/FfToQtGeVD8ZjnX+F8KIB975hOuKBtiSJw=
-----END RSA PRIVATE KEY-----
kind: ConfigMap
metadata:
name: tapp-controller-certs
# namespace: {{ .Release.Namespace }}
namespace: kube-system
================================================
FILE: charts/charts/tapp/templates/deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "tapp.fullname" . }}
labels:
{{- include "tapp.labels" . | nindent 4 }}
namespace: kube-system
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "tapp.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "tapp.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "tapp.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- configMap:
defaultMode: 420
name: tapp-controller-certs
name: tapp-controller-certs
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
args:
- "--v=3"
- "--register-admission=true"
- "--tlsCAFile=/etc/tapp/certs/ca.pem"
- "--tlsCertFile=/etc/tapp/certs/server.crt"
- "--tlsKeyFile=/etc/tapp/certs/server.key"
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- if eq .Values.global.env "production" }}
{{- toYaml .Values.prodResources | nindent 12 }}
{{- else }}
{{- toYaml .Values.testResources | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /etc/tapp/certs
name: tapp-controller-certs
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
================================================
FILE: charts/charts/tapp/templates/hpa.yaml
================================================
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "tapp.fullname" . }}
labels:
{{- include "tapp.labels" . | nindent 4 }}
namespace: kube-system
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "tapp.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
================================================
FILE: charts/charts/tapp/templates/service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
# name: {{ include "tapp.fullname" . }}
name: tapp-controller
labels:
{{- include "tapp.labels" . | nindent 4 }}
namespace: kube-system
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: 8443
protocol: TCP
selector:
{{- include "tapp.selectorLabels" . | nindent 4 }}
================================================
FILE: charts/charts/tapp/templates/serviceaccount.yaml
================================================
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "tapp.serviceAccountName" . }}
# namespace: {{ .Release.Namespace }}
namespace: kube-system
labels:
{{- include "tapp.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "tapp.serviceAccountName" . }}-role-binding
subjects:
- kind: ServiceAccount
name: {{ include "tapp.serviceAccountName" . }}
# namespace: {{ .Release.Namespace }}
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
{{- end }}
================================================
FILE: charts/charts/tapp/templates/tests/test-connection.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "tapp.fullname" . }}-test-connection"
labels:
{{- include "tapp.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "tapp.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
================================================
FILE: charts/charts/tapp/values.yaml
================================================
# Default values for tapp.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: tkestack/tapp-controller
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: v1.2.1
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: tapp-controller
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 443
prodResources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
testResources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 100m
memory: 50Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
================================================
FILE: charts/templates/_helpers.tpl
================================================
{{/*
Expand the name of the chart.
*/}}
{{- define "kstone.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kstone.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kstone.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "kstone.labels" -}}
helm.sh/chart: {{ include "kstone.chart" . }}
{{ include "kstone.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kstone.selectorLabels" -}}
app.kubernetes.io/name: {{ include "kstone.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "kstone.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "kstone.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
================================================
FILE: charts/templates/crd.yaml
================================================
{{- if .Values.crd.create -}}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: etcdclusters.kstone.tkestack.io
spec:
group: kstone.tkestack.io
names:
kind: EtcdCluster
listKind: EtcdClusterList
plural: etcdclusters
singular: etcdcluster
shortNames:
- cluster
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: EtcdCluster is the Schema for the etcdclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
x-kubernetes-preserve-unknown-fields: true
description: EtcdClusterSpec defines the desired state of EtcdCluster
properties:
affinity:
description: Affinity is a group of affinity scheduling rules.
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the
highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects (i.e.
is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces. This field is alpha-level
and is only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may
not try to eventually evict the pod from its node. When
there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms
must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
union of the namespaces selected by this field and
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
This field is alpha-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
"this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the anti-affinity expressions specified
by this field, but it may choose a node that violates one
or more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces. This field is alpha-level
and is only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its
node. When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected, i.e.
all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
union of the namespaces selected by this field and
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
This field is alpha-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
"this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
args:
items:
type: string
type: array
authConfig:
description: AuthTlsConfig defines tls
properties:
enableTLS:
type: boolean
san:
items:
type: string
type: array
tlsSecret:
type: string
type: object
clusterType:
description: provider, if has extra info, please use annotation to
store
type: string
description:
type: string
diskSize:
type: integer
diskType:
type: string
env:
items:
description: EnvVar represents an environment variable present in
a Container.
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded using
the previous defined environment variables in the container
and any service environment variables. If a variable cannot
be resolved, the reference in the input string will be unchanged.
The $(VAR_NAME) syntax can be escaped with a double $$, ie:
$$(VAR_NAME). Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value. Cannot
be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`,
spec.nodeName, spec.serviceAccountName, status.hostIP,
status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
name:
type: string
repository:
type: string
size:
type: integer
version:
type: string
required:
- clusterType
- description
- diskSize
- diskType
- name
- size
- version
type: object
status:
description: EtcdClusterStatus defines the observed state of EtcdCluster
properties:
conditions:
items:
description: EtcdClusterCondition contains condition information
for a EtcdCluster.
properties:
endTime:
description: Last time the condition transit from one status
to another.
format: date-time
type: string
message:
description: Human readable message indicating details about
last transition.
type: string
reason:
description: (brief) reason for the condition's last transition.
type: string
startTime:
description: Last time we got an update on a given condition.
format: date-time
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of EtcdCluster condition.
type: string
required:
- status
- type
type: object
type: array
featureGatesStatus:
additionalProperties:
type: string
type: object
members:
items:
properties:
clientUrl:
type: string
endpoint:
type: string
errors:
items:
type: string
type: array
extensionClientUrl:
type: string
memberId:
type: string
name:
type: string
port:
type: string
role:
type: string
status:
type: string
version:
type: string
required:
- clientUrl
- endpoint
- extensionClientUrl
- memberId
- name
- port
- role
- status
- version
type: object
type: array
phase:
type: string
serviceName:
type: string
required:
- phase
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: EtcdCluster
plural: etcdclusters
singular: etcdcluster
shortNames:
- cluster
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: etcdinspections.kstone.tkestack.io
spec:
group: kstone.tkestack.io
names:
kind: EtcdInspection
listKind: EtcdInspectionList
plural: etcdinspections
singular: etcdinspection
shortNames:
- inspection
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: EtcdInspection is a specification for a EtcdInspection resource
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: EtcdInspectionSpec is the spec for a EtcdInspectionSpec resource
properties:
clusterName:
type: string
intervalInSecond:
type: integer
inspectionProvider:
type: string
inspectionType:
type: string
required:
- clusterName
- inspectionType
type: object
status:
properties:
elapsedTime:
type: integer
message:
type: string
reason:
type: string
records:
items:
description: EtcdInspectionStatus is the status for a EtcdInspectionStatus
resource
properties:
endTime:
description: Last time the condition transit from one status
to another.
format: date-time
type: string
message:
description: Human readable message indicating details about
last transition.
type: string
reason:
description: (brief) reason for the condition's last transition.
type: string
startTime:
description: Last time we got an update on a given condition.
format: date-time
type: string
type: object
type: array
updatedAt:
format: date-time
type: string
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}
================================================
FILE: charts/templates/ingress.yaml
================================================
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "kstone.fullname" . -}}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "kstone.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $.Release.Name }}-{{ .backend.serviceName }}
port:
number: {{ .backend.servicePort }}
{{- else }}
serviceName: {{ $.Release.Name }}-{{ .backend.serviceName }}
servicePort: {{ .backend.servicePort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
================================================
FILE: charts/templates/serviceaccount.yaml
================================================
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "kstone.serviceAccountName" . }}
labels:
{{- include "kstone.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kstone.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: {{ include "kstone.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
================================================
FILE: charts/values.test.yaml
================================================
# Default values for kstone.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
env: test
kstone:
tag: v0.2.0-beta.2
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "kstone"
ingress:
enabled: true
className: ""
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /$2
service.cloud.tencent.com/direct-access: 'false'
kubernetes.io/ingress.class: qcloud
# # lb info
# service.kubernetes.io/tke-existed-lbid: ${lb-id}
# kubernetes.io/ingress.existLbId: ${lb-id}
# kubernetes.io/ingress.subnetId: ${subnet-id}
hosts:
- host: ""
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: dashboard
servicePort: 80
- path: /apis
pathType: ImplementationSpecific
backend:
serviceName: dashboard-api
servicePort: 80
- path: /grafana
pathType: ImplementationSpecific
backend:
serviceName: grafana
servicePort: 80
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
crd:
create: true
================================================
FILE: charts/values.yaml
================================================
# Default values for kstone.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
env: production
kstone:
tag: v0.2.0-beta.2
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "kstone"
ingress:
enabled: true
className: ""
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /$2
service.cloud.tencent.com/direct-access: 'false'
kubernetes.io/ingress.class: qcloud
# # lb info
# service.kubernetes.io/tke-existed-lbid: ${lb-id}
# kubernetes.io/ingress.existLbId: ${lb-id}
# kubernetes.io/ingress.subnetId: ${subnet-id}
hosts:
- host: ""
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: dashboard
servicePort: 80
- path: /apis
pathType: ImplementationSpecific
backend:
serviceName: dashboard-api
servicePort: 80
- path: /grafana
pathType: ImplementationSpecific
backend:
serviceName: grafana
servicePort: 80
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
crd:
create: true
================================================
FILE: cmd/kstone-api/apiserver.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package main
import (
"math/rand"
"os"
"time"
klog "k8s.io/klog/v2"
"tkestack.io/kstone/cmd/kstone-api/app"
)
func main() {
rand.Seed(time.Now().UnixNano())
command := app.NewAPIServerCommand()
if err := command.Execute(); err != nil {
klog.Errorf("failed to execute api, err: %v", err)
os.Exit(1)
}
}
================================================
FILE: cmd/kstone-api/app/server.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package app
import (
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"k8s.io/klog/v2"
"tkestack.io/kstone/cmd/kstone-api/config"
"tkestack.io/kstone/pkg/authentication"
"tkestack.io/kstone/pkg/middlewares"
kstoneRouter "tkestack.io/kstone/pkg/router"
)
type APIServerCommand struct {
token string
authenticator string
namespace string
authCfg string
enableProfiling bool
}
// NewAPIServerCommand creates a *cobra.Command object with default parameters
func NewAPIServerCommand() *cobra.Command {
ac := &APIServerCommand{}
cmd := &cobra.Command{
Use: "kstone-apiserver",
Long: `The Kstone API server validates and configures data
for the api objects which include etcdinspections, etcdclusters, and others.
The API Server services REST operations and provides the frontend to the
other components interact, such as kstone-controller, kstone-dashboard.`,
// stop printing usage when the command errors
SilenceUsage: true,
RunE: func(cmd *cobra.Command, args []string) error {
cmd.Flags().VisitAll(func(flag *pflag.Flag) {
klog.V(1).Infof("FLAG: --%s=%q", flag.Name, flag.Value)
})
if err := ac.Run(); err != nil {
return err
}
return nil
},
}
fs := cmd.PersistentFlags()
ac.AddFlags(fs)
return cmd
}
func (c *APIServerCommand) Run() error {
klog.Info("start kstone-api")
config.CreateConfigFromFlags(c.token, c.authenticator, c.enableProfiling)
kstoneRouter.SetWorkNamespace(c.namespace)
authentication.SetAuthConfigMapName(c.authCfg)
router := kstoneRouter.NewRouter()
router.Use(middlewares.Cors())
err := router.Run()
if err != nil {
return err
}
return nil
}
func (c *APIServerCommand) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(
&c.token,
"token",
"jwt",
"specify the authentication token type.",
)
fs.StringVar(
&c.authenticator,
"authenticator",
"bearertoken",
"specify the authenticator type.",
)
fs.StringVar(&c.namespace,
"namespace",
"kstone",
"specify the work namespace of kstone.")
fs.StringVar(&c.authCfg,
"auth",
"kstone-api-user",
"specify the auth configmap of kstone.")
fs.BoolVar(&c.enableProfiling,
"profiling",
true,
"enable profiling via web interface host:port/apis/debug/pprof/.")
}
================================================
FILE: cmd/kstone-api/config/config.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package config
var Cfg *Config
type Config struct {
Token string
Authenticator string
EnableProfiling bool
}
// CreateConfigFromOptions creates a running configuration instance based
// on a given kstone-api command line or configuration file option.
func CreateConfigFromFlags(token, authenticator string, enableProfiling bool) {
Cfg = &Config{
Token: token,
Authenticator: authenticator,
EnableProfiling: enableProfiling,
}
}
================================================
FILE: cmd/kstone-controller/etcdcluster-controller/controller.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcdclustercontroller
import (
"context"
"io"
"net/http"
"os"
"time"
// import http pprof
_ "net/http/pprof"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/uuid"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
klog "k8s.io/klog/v2"
"tkestack.io/kstone/pkg/controllers/etcdcluster"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/k8s"
"tkestack.io/kstone/pkg/signals"
)
type EtcdClusterCommand struct {
out io.Writer
kubeconfig string
masterURL string
labelSelector string
leaseLockName string
leaseLockNamespace string
enableProfiling bool
}
// NewEtcdClusterControllerCommand creates a *cobra.Command object with default parameters
func NewEtcdClusterControllerCommand(out io.Writer) *cobra.Command {
cc := &EtcdClusterCommand{out: out}
cmd := &cobra.Command{
Use: "etcdcluster",
Short: "run etcdcluster controller",
Long: `The etcdcluster controller is a daemon, it will watches the changes of EtcdCluster resources
through the apiserver and makes changes attempting to move the current state towards the desired state.`,
RunE: func(cmd *cobra.Command, args []string) error {
cmd.Flags().VisitAll(func(flag *pflag.Flag) {
klog.V(1).Infof("FLAG: --%s=%q", flag.Name, flag.Value)
})
if err := cc.Run(); err != nil {
return err
}
return nil
},
}
fs := cmd.PersistentFlags()
cc.AddFlags(fs)
return cmd
}
// Run start etcdcluster controller
func (c *EtcdClusterCommand) Run() error {
stopCh := signals.SetupSignalHandler()
config, err := clientcmd.BuildConfigFromFlags(c.masterURL, c.kubeconfig)
if err != nil {
klog.Fatalf("Error to build kube config: %v", err)
return err
}
kubeClient, clusterClient, kubeInformerFactory, informerFactory, err := k8s.GenerateInformer(config, c.labelSelector)
if err != nil {
klog.Fatalf("Error to generate informer: %v", err)
return err
}
controller := etcdcluster.NewEtcdclusterController(
util.NewSimpleClientBuilder(c.kubeconfig),
kubeClient,
clusterClient,
kubeInformerFactory.Core().V1().Secrets(),
informerFactory.Kstone().V1alpha2().EtcdClusters(),
)
// notice that there is no need to run Start methods in a separate goroutine.
// (i.e. go kubeInformerFactory.Start(stopCh)
// Start method is non-blocking and runs all registered informers in a dedicated goroutine.
kubeInformerFactory.Start(stopCh)
informerFactory.Start(stopCh)
leaderElectionConfig, err := c.makeLeaderElectionConfig(kubeClient, controller, stopCh)
if err != nil {
klog.Fatalf("Error to generate leader election config: %v", err)
return err
}
// use a Go context so we can tell the leaderelection code when we
// want to step down
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
if c.enableProfiling {
go func() {
addr := "0.0.0.0:6060"
klog.Infof("Listen on %s for profiling", addr)
klog.Error(http.ListenAndServe(addr, nil))
}()
}
go func() {
<-stopCh
klog.Info("Received termination, signaling shutdown")
cancel()
}()
// start the leader election code loop
leaderelection.RunOrDie(ctx, *leaderElectionConfig)
return err
}
func (c *EtcdClusterCommand) AddFlags(fs *pflag.FlagSet) {
fs.StringVarP(
&c.kubeconfig,
"kubeconfig",
"k",
"",
"force to specify the kubeconfig",
)
fs.StringVar(
&c.masterURL,
"master",
"",
"The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.",
)
fs.StringVar(
&c.labelSelector,
"labelSelector",
"",
"The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.",
)
fs.StringVar(
&c.leaseLockName,
"lease-lock-name",
"kstone-etcdcluster-controller",
"the lease lock resource name",
)
fs.StringVar(&c.leaseLockNamespace,
"lease-lock-namespace",
"kstone",
"the lease lock resource namespace",
)
fs.BoolVar(&c.enableProfiling,
"profiling",
true,
"enable profiling via web interface host:port/debug/pprof/.")
}
func (c *EtcdClusterCommand) makeLeaderElectionConfig(kubeClient *kubernetes.Clientset, controller *etcdcluster.ClusterController, stopCh <-chan struct{}) (*leaderelection.LeaderElectionConfig, error) {
if c.leaseLockName == "" {
klog.Fatal("unable to get lease lock resource name (missing lease-lock-name flag).")
}
if c.leaseLockNamespace == "" {
klog.Fatal("unable to get lease lock resource namespace (missing lease-lock-namespace flag).")
}
hostname, err := os.Hostname()
if err != nil {
klog.Errorf("unable to get hostname: %v", err)
return nil, err
}
// add a uniquifier so that two processes on the same host don't accidentally both become active
id := hostname + "_" + string(uuid.NewUUID())
// we use the Lease lock type since edits to Leases are less common
// and fewer objects in the cluster watch "all Leases".
lock := &resourcelock.LeaseLock{
LeaseMeta: metav1.ObjectMeta{
Name: c.leaseLockName,
Namespace: c.leaseLockNamespace,
},
Client: kubeClient.CoordinationV1(),
LockConfig: resourcelock.ResourceLockConfig{
Identity: id,
},
}
// start the leader election code loop
return &leaderelection.LeaderElectionConfig{
Lock: lock,
// IMPORTANT: you MUST ensure that any code you have that
// is protected by the lease must terminate **before**
// you call cancel. Otherwise, you could have a background
// loop still running and another process could
// get elected before your background loop finished, violating
// the stated goal of the lease.
ReleaseOnCancel: true,
LeaseDuration: 60 * time.Second,
RenewDeadline: 15 * time.Second,
RetryPeriod: 5 * time.Second,
Callbacks: leaderelection.LeaderCallbacks{
OnStartedLeading: func(ctx context.Context) {
// we're notified when we start - this is where you would
// usually put your code
if err := controller.Run(2, stopCh); err != nil {
klog.Fatalf("Error running etcd controller: %s", err.Error())
}
},
OnStoppedLeading: func() {
// we can do cleanup here
klog.Infof("leader lost: %s", id)
os.Exit(0)
},
OnNewLeader: func(identity string) {
// we're notified when new leader elected
if identity == id {
// I just got the lock
return
}
klog.Infof("new leader elected: %s", identity)
},
},
}, nil
}
================================================
FILE: cmd/kstone-controller/etcdinspection-controller/controller.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcdinspectioncontroller
import (
"context"
"io"
"net/http"
"os"
"time"
// import http pprof
_ "net/http/pprof"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/uuid"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
klog "k8s.io/klog/v2"
"tkestack.io/kstone/pkg/controllers/etcdinspection"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/k8s"
"tkestack.io/kstone/pkg/signals"
)
type EtcdInspectionCommand struct {
out io.Writer
kubeconfig string
masterURL string
labelSelector string
leaseLockName string
leaseLockNamespace string
enableProfiling bool
}
// NewEtcdInspectionControllerCommand creates a *cobra.Command object with default parameters
func NewEtcdInspectionControllerCommand(out io.Writer) *cobra.Command {
cc := &EtcdInspectionCommand{out: out}
cmd := &cobra.Command{
Use: "inspection",
Short: "run inspection controller",
Long: `The inspection controller is a daemon, it will watches the changes of etcdinspection resources
through the apiserver and makes changes attempting to move the current state towards the desired state.`,
RunE: func(cmd *cobra.Command, args []string) error {
cmd.Flags().VisitAll(func(flag *pflag.Flag) {
klog.V(1).Infof("FLAG: --%s=%q", flag.Name, flag.Value)
})
if err := cc.Run(); err != nil {
return err
}
return nil
},
}
fs := cmd.PersistentFlags()
cc.AddFlags(fs)
return cmd
}
// Run start etcdinspection controller
func (c *EtcdInspectionCommand) Run() error {
stopCh := signals.SetupSignalHandler()
config, err := clientcmd.BuildConfigFromFlags(c.masterURL, c.kubeconfig)
if err != nil {
klog.Fatalf("Error building kubeconfig: %v", err)
return err
}
kubeClient, clusterClient, kubeInformerFactory, informerFactory, err := k8s.GenerateInformer(config, c.labelSelector)
if err != nil {
klog.Fatalf("Error generate informer: %v", err)
return err
}
controller := etcdinspection.NewEtcdInspectionController(
util.NewSimpleClientBuilder(c.kubeconfig),
kubeClient,
clusterClient,
kubeInformerFactory.Core().V1().Secrets(),
informerFactory.Kstone().V1alpha2().EtcdInspections(),
)
// notice that there is no need to run Start methods in a separate goroutine.
// (i.e. go kubeInformerFactory.Start(stopCh)
// Start method is non-blocking and runs all registered informers in a dedicated goroutine.
kubeInformerFactory.Start(stopCh)
informerFactory.Start(stopCh)
leaderElectionConfig, err := c.makeLeaderElectionConfig(kubeClient, controller, stopCh)
if err != nil {
klog.Fatalf("Error to generate leader election config: %v", err)
return err
}
// use a Go context so we can tell the leaderelection code when we
// want to step down
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
if c.enableProfiling {
go func() {
addr := "0.0.0.0:6060"
klog.Infof("Listen on %s for profiling", addr)
klog.Error(http.ListenAndServe(addr, nil))
}()
}
go func() {
<-stopCh
klog.Info("Received termination, signaling shutdown")
cancel()
}()
// start the leader election code loop
leaderelection.RunOrDie(ctx, *leaderElectionConfig)
return err
}
func (c *EtcdInspectionCommand) AddFlags(fs *pflag.FlagSet) {
fs.StringVarP(
&c.kubeconfig,
"kubeconfig",
"k",
"",
"force to specify the kubeconfig",
)
fs.StringVar(
&c.masterURL,
"master",
"",
"The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.",
)
fs.StringVar(
&c.labelSelector,
"labelSelector",
"",
"The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster.",
)
fs.StringVar(
&c.leaseLockName,
"lease-lock-name",
"kstone-etcdinspection-controller",
"the lease lock resource name",
)
fs.StringVar(&c.leaseLockNamespace,
"lease-lock-namespace",
"kstone",
"the lease lock resource namespace",
)
fs.BoolVar(&c.enableProfiling,
"profiling",
true,
"enable profiling via web interface host:port/debug/pprof/.")
}
func (c *EtcdInspectionCommand) makeLeaderElectionConfig(kubeClient *kubernetes.Clientset, controller *etcdinspection.InspectionController, stopCh <-chan struct{}) (*leaderelection.LeaderElectionConfig, error) {
if c.leaseLockName == "" {
klog.Fatal("unable to get lease lock resource name (missing lease-lock-name flag).")
}
if c.leaseLockNamespace == "" {
klog.Fatal("unable to get lease lock resource namespace (missing lease-lock-namespace flag).")
}
hostname, err := os.Hostname()
if err != nil {
klog.Errorf("unable to get hostname: %v", err)
return nil, err
}
// add a uniquifier so that two processes on the same host don't accidentally both become active
id := hostname + "_" + string(uuid.NewUUID())
// we use the Lease lock type since edits to Leases are less common
// and fewer objects in the cluster watch "all Leases".
lock := &resourcelock.LeaseLock{
LeaseMeta: metav1.ObjectMeta{
Name: c.leaseLockName,
Namespace: c.leaseLockNamespace,
},
Client: kubeClient.CoordinationV1(),
LockConfig: resourcelock.ResourceLockConfig{
Identity: id,
},
}
// start the leader election code loop
return &leaderelection.LeaderElectionConfig{
Lock: lock,
// IMPORTANT: you MUST ensure that any code you have that
// is protected by the lease must terminate **before**
// you call cancel. Otherwise, you could have a background
// loop still running and another process could
// get elected before your background loop finished, violating
// the stated goal of the lease.
ReleaseOnCancel: true,
LeaseDuration: 60 * time.Second,
RenewDeadline: 15 * time.Second,
RetryPeriod: 5 * time.Second,
Callbacks: leaderelection.LeaderCallbacks{
OnStartedLeading: func(ctx context.Context) {
// we're notified when we start - this is where you would
// usually put your code
if err := controller.Run(2, stopCh); err != nil {
klog.Fatalf("Error running etcd controller: %s", err.Error())
}
},
OnStoppedLeading: func() {
// we can do cleanup here
klog.Infof("leader lost: %s", id)
os.Exit(0)
},
OnNewLeader: func(identity string) {
// we're notified when new leader elected
if identity == id {
// I just got the lock
return
}
klog.Infof("new leader elected: %s", identity)
},
},
}, nil
}
================================================
FILE: cmd/kstone-controller/main.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package main
import (
goflag "flag"
"math/rand"
"os"
"time"
"github.com/spf13/cobra"
flag "github.com/spf13/pflag"
klog "k8s.io/klog/v2"
etcdclustercontroller "tkestack.io/kstone/cmd/kstone-controller/etcdcluster-controller"
etcdinspectioncontroller "tkestack.io/kstone/cmd/kstone-controller/etcdinspection-controller"
)
func main() {
rand.Seed(time.Now().UnixNano())
var cmd = &cobra.Command{
Use: "kstone-controller",
Short: "run etcdcluster/etcdinspection controller",
PersistentPreRun: func(c *cobra.Command, args []string) {},
}
flags := cmd.PersistentFlags()
out := cmd.OutOrStdout()
cmd.AddCommand(
etcdclustercontroller.NewEtcdClusterControllerCommand(out),
etcdinspectioncontroller.NewEtcdInspectionControllerCommand(out),
)
klog.InitFlags(nil)
defer klog.Flush()
flag.CommandLine.AddGoFlagSet(goflag.CommandLine)
err := flags.Parse(os.Args[1:])
if err != nil {
klog.Errorf("failed to parse args, err is %v", err)
}
if err = cmd.Execute(); err != nil {
klog.Errorf("failed to execute controller, err: %v", err)
os.Exit(1)
}
}
================================================
FILE: deploy/crds/kstone.tkestack.io_etcdclusters.yaml
================================================
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: etcdclusters.kstone.tkestack.io
spec:
group: kstone.tkestack.io
names:
kind: EtcdCluster
listKind: EtcdClusterList
plural: etcdclusters
singular: etcdcluster
shortNames:
- cluster
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: EtcdCluster is the Schema for the etcdclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
x-kubernetes-preserve-unknown-fields: true
description: EtcdClusterSpec defines the desired state of EtcdCluster
properties:
affinity:
description: Affinity is a group of affinity scheduling rules.
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the
pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node matches
the corresponding matchExpressions; the node(s) with the
highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects (i.e.
is also a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists, DoesNotExist. Gt, and
Lt.
type: string
values:
description: An array of string values. If
the operator is In or NotIn, the values
array must be non-empty. If the operator
is Exists or DoesNotExist, the values array
must be empty. If the operator is Gt or
Lt, the values array must have a single
element, which will be interpreted as an
integer. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the affinity expressions specified by
this field, but it may choose a node that violates one or
more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces. This field is alpha-level
and is only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may
not try to eventually evict the pod from its node. When
there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms
must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
union of the namespaces selected by this field and
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
This field is alpha-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
"this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to
nodes that satisfy the anti-affinity expressions specified
by this field, but it may choose a node that violates one
or more of the expressions. The node that is most preferred
is the one with the greatest sum of weights, i.e. for each
node that meets all of the scheduling requirements (resource
request, requiredDuringScheduling anti-affinity expressions,
etc.), compute a sum by iterating through the elements of
this field and adding "weight" to the sum if the node has
pods which matches the corresponding podAffinityTerm; the
node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied
to the union of the namespaces selected by this
field and the ones listed in the namespaces field.
null selector and null or empty namespaces list
means "this pod's namespace". An empty selector
({}) matches all namespaces. This field is alpha-level
and is only honored when PodAffinityNamespaceSelector
feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list
of namespace names that the term applies to. The
term is applied to the union of the namespaces
listed in this field and the ones selected by
namespaceSelector. null or empty namespaces list
and null namespaceSelector means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey
matches that of any node on which any of the selected
pods is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its
node. When there are multiple elements, the lists of nodes
corresponding to each podAffinityTerm are intersected, i.e.
all terms must be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s))
that this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key
matches that of any node on which a pod of the set of
pods is running
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaceSelector:
description: A label query over the set of namespaces
that the term applies to. The term is applied to the
union of the namespaces selected by this field and
the ones listed in the namespaces field. null selector
and null or empty namespaces list means "this pod's
namespace". An empty selector ({}) matches all namespaces.
This field is alpha-level and is only honored when
PodAffinityNamespaceSelector feature is enabled.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a
selector that contains values, a key, and an
operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are
In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If the
operator is Exists or DoesNotExist, the
values array must be empty. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value". The
requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies a static list of namespace
names that the term applies to. The term is applied
to the union of the namespaces listed in this field
and the ones selected by namespaceSelector. null or
empty namespaces list and null namespaceSelector means
"this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of
any node on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
args:
items:
type: string
type: array
authConfig:
description: AuthTlsConfig defines tls
properties:
enableTLS:
type: boolean
san:
items:
type: string
type: array
tlsSecret:
type: string
type: object
clusterType:
description: provider, if has extra info, please use annotation to
store
type: string
description:
type: string
diskSize:
type: integer
diskType:
type: string
env:
items:
description: EnvVar represents an environment variable present in
a Container.
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded using
the previous defined environment variables in the container
and any service environment variables. If a variable cannot
be resolved, the reference in the input string will be unchanged.
The $(VAR_NAME) syntax can be escaped with a double $$, ie:
$$(VAR_NAME). Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value. Cannot
be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`,
spec.nodeName, spec.serviceAccountName, status.hostIP,
status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
name:
type: string
repository:
type: string
size:
type: integer
version:
type: string
required:
- clusterType
- description
- diskSize
- diskType
- name
- size
- version
type: object
status:
description: EtcdClusterStatus defines the observed state of EtcdCluster
properties:
conditions:
items:
description: EtcdClusterCondition contains condition information
for a EtcdCluster.
properties:
endTime:
description: Last time the condition transit from one status
to another.
format: date-time
type: string
message:
description: Human readable message indicating details about
last transition.
type: string
reason:
description: (brief) reason for the condition's last transition.
type: string
startTime:
description: Last time we got an update on a given condition.
format: date-time
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of EtcdCluster condition.
type: string
required:
- status
- type
type: object
type: array
featureGatesStatus:
additionalProperties:
type: string
type: object
members:
items:
properties:
clientUrl:
type: string
endpoint:
type: string
errors:
items:
type: string
type: array
extensionClientUrl:
type: string
memberId:
type: string
name:
type: string
port:
type: string
role:
type: string
status:
type: string
version:
type: string
required:
- clientUrl
- endpoint
- extensionClientUrl
- memberId
- name
- port
- role
- status
- version
type: object
type: array
phase:
type: string
serviceName:
type: string
required:
- phase
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: EtcdCluster
plural: etcdclusters
singular: etcdcluster
shortNames:
- cluster
conditions: []
storedVersions: []
================================================
FILE: deploy/crds/kstone.tkestack.io_etcdinspections.yaml
================================================
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: etcdinspections.kstone.tkestack.io
spec:
group: kstone.tkestack.io
names:
kind: EtcdInspection
listKind: EtcdInspectionList
plural: etcdinspections
singular: etcdinspection
shortNames:
- inspection
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: EtcdInspection is a specification for a EtcdInspection resource
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: EtcdInspectionSpec is the spec for a EtcdInspectionSpec resource
properties:
clusterName:
type: string
intervalInSecond:
type: integer
inspectionProvider:
type: string
inspectionType:
type: string
required:
- clusterName
- inspectionType
type: object
status:
properties:
elapsedTime:
type: integer
message:
type: string
reason:
type: string
records:
items:
description: EtcdInspectionStatus is the status for a EtcdInspectionStatus
resource
properties:
endTime:
description: Last time the condition transit from one status
to another.
format: date-time
type: string
message:
description: Human readable message indicating details about
last transition.
type: string
reason:
description: (brief) reason for the condition's last transition.
type: string
startTime:
description: Last time we got an update on a given condition.
format: date-time
type: string
type: object
type: array
updatedAt:
format: date-time
type: string
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: deploy/etcd-backup-operator.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: etcd-backup-operator
namespace: kstone
labels:
app: etcd-backup-operator
spec:
replicas: 1
selector:
matchLabels:
app: etcd-backup-operator
template:
metadata:
labels:
app: etcd-backup-operator
spec:
serviceAccountName: kstone-controller
containers:
- name: etcd-backup-operator
image: ccr.ccs.tencentyun.com/ccs-dev/etcd-operator:v1.0.4
imagePullPolicy: Always
command:
- etcd-backup-operator
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
================================================
FILE: deploy/kstone-controller.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: kstone-etcdcluster-controller
namespace: kstone
labels:
app: kstone-etcdcluster-controller
spec:
replicas: 1
selector:
matchLabels:
app: kstone-etcdcluster-controller
template:
metadata:
labels:
app: kstone-etcdcluster-controller
spec:
serviceAccountName: kstone-controller
volumes:
- name: kstone-kubeconfig
secret:
secretName: kstone-kubeconfig
containers:
- name: kstone-etcdcluster-controller
image: mirrors.tencent.com/etcd/kstone-controller:dev
imagePullPolicy: Always
volumeMounts:
- name: kstone-kubeconfig
mountPath: "/etc/kstone/config/kubeconfig"
readOnly: true
args:
- etcdcluster
- --kubeconfig
- /etc/kstone/config/kubeconfig/default.yaml
command:
- /data/app
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kstone-etcdinspection-controller
namespace: kstone
labels:
app: kstone-etcdinspection-controller
spec:
replicas: 1
selector:
matchLabels:
app: kstone-etcdinspection-controller
template:
metadata:
labels:
app: kstone-etcdinspection-controller
spec:
serviceAccountName: kstone-controller
volumes:
- name: kstone-kubeconfig
secret:
secretName: kstone-kubeconfig
containers:
- name: kstone-etcdinspection-controller
image: mirrors.tencent.com/etcd/kstone-controller:dev
imagePullPolicy: Always
volumeMounts:
- name: kstone-kubeconfig
mountPath: "/etc/kstone/config/kubeconfig"
readOnly: true
args:
- etcdinspection
- --kubeconfig
- /etc/kstone/config/kubeconfig/default.yaml
command:
- /data/app
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kstone-controller
namespace: kstone
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kstone-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kstone-controller
namespace: kstone
================================================
FILE: docs/README.md
================================================
# Documentation
[中文](README_CN.md)
In this page You can find kstone documentation.
**Note**: The `master` branch may be in an *unstable or even broken state* during development. For stable versions, see [releases][releases].
## Installation
please refer to [installation guide](installation)
## Backup
please refer to [backup guide](backup)
## Proposal
please refer to [proposal list](proposal)
[releases]: https://github.com/tkestack/kstone/releases
================================================
FILE: docs/README_CN.md
================================================
# 文档
[English](README.md)
你可以在本页面找到 kstone 相关文档
**注意**: `master` 分支是开发中的 *非稳定* 版本。 对于稳定版本, 请看 [releases][releases].
## 安装部署
请参考 [安装文档](installation)
## 备份
请参考 [备份文档](backup)
## 提案
请参考 [提案](proposal)
[releases]: https://github.com/tkestack/kstone/releases
================================================
FILE: docs/backup/cos/cos_en.md
================================================
# Backup guide for Tencent COS
[中文](cos_zh.md)
## 1 Preparation
+ Prerequisites
- Kubernetes Cluster with kstone installed.
- Tencent cloud account with COS feature enabled.
# 2 Guide
### Step 1: Access kstone-dashboard UI and Click "Import Cluster":
### Step 2: Associate etcd cluster with kstone:
in this document we will use kubeadm managed etcd cluster
fill the content and click "Submit"
Cluster Name : etcd cluster name,uniqueKey
Cluster Description : description about this cluster
For Kubernetes : Is this cluster used by kubernetes
Access Method : the access method of etcd, if choose HTTPS, etcd certificate and key should be provided.
CPU Cores : single node's CPU, unit: Core
Memory Size : single node's mem, unit: GiB
Disk type : disk type, CLOUD_SSD/CLOUD_PREMIUM/CLOUD_BASIC
Disk size : single node's disk size, unit: GB
Cluster Size : etcd cluster member count: support 1, 3, 5, 7
Cluster Node Mapping : the private and public address of etcd cluster, omit if not used
CA Certificate : the ca certificate of etcd cluster
Client Certificate : the client certificate of etcd cluster
Client Private Key : the client key of etcd cluster
Description : etcd description
### Step3: Enable BACKUP feature
now we have a working etcd cluster, it's time for us to enable the backup feature.
+ We need to get the Tencent cloud COS SecretId and SecretKey and bucket first
- open and login to the Tencent cloud COS website: https://console.cloud.tencent.com/cos5
- if not enabled, please enable this feature
- create a bucket and save the bucket URL path
- open and login to the Tencent cloud cam website: https://console.cloud.tencent.com/cam
- create a user with QcloudCOSDataFullControl permission and save the secretId and SecretKey
+ Let's head back to the kstone-dashboard
- click "Operation"
- click "Cluster Feature"
- toggle "Backup:"
- fill below parameters
- BackupIntervalInSecond determines how often the backup-operator will start an etcd backup job
- MaxBackups is the maximum backup count you want to keep in the COS bucket, if your backup file count exceeds this number, backup-operator will delete old file by time order.
- TimeoutInSecond is the timeout second for backup-operator
- SecretId is the secret id copied from the previous step
- SecretKey is the secret key copied from the previous step
- Path:
# important!!!
you need to fill this parameter without https:// and with / and backup file prefix you want
if your COS bucket URL address is https://etcd-bakcup-XXXXXXX.cos.ap-guangzhou.myqcloud.com and you want your backup file prefix to be like my-first-cluster, you need to fill the path like below:
#### etcd-bakcup-XXXXXXX.cos.ap-guangzhou.myqcloud.com/my-first-cluster
+ wait BackupIntervalInSecond and check the COS bucket
You will find an etcd backup file with the prefix you specified in the previous step.
================================================
FILE: docs/backup/cos/cos_zh.md
================================================
# 腾讯COS备份参考
[English](cos_en.md)
## 1 准备工作
+ 前提条件
- 安装好kstone的Kubernetes集群.
- 开启COS功能的腾讯云账号.
# 2 参考
### 步骤1: 打开 kstone-dashboard UI 然后点击 "导入集群":
### 步骤 2: 导入etcd集群到kstone:
本文档将会使用kubeadm管理的etcd集群
填好下面的内容然后 "提交"
集群名称: etcd集群的名称,唯一键
集群备注: 集群的备注名称
用于Kubernetes: 该集群是否用于Kubernetes
访问方式: etcd的访问方式, 如果是 HTTPS, 需要提供相应的证书还有秘钥
CPU核数: 单个节点的CPU, 单位: Core
内存大小:单个节点的内存, 单位: GiB
磁盘类型: 磁盘种类, 比如CLOUD_SSD/CLOUD_PREMIUM/CLOUD_BASIC
磁盘大小: 单个节点的磁盘大小, 单位: GB
集群规模: etcd集群成员数量: 支持1, 3, 5, 7
集群节点映射: etcd集群的内网还有外网地址, 如果不用可以省略
CA证书: etcd集群的CA证书
客户端证书: etcd集群的客户端证书
客户端私钥: etcd集群的客户端私钥
描述: etcd的描述
### 步骤 3: 开启备份功能
现在我们有了一个状态正常的etcd集群, 让我们来开启备份功能.
+ 我们首先需要拿到腾讯云COS的SecretId还有SecretKey还有bucket
- 打开并登录腾讯云COS对象存储网站: https://console.cloud.tencent.com/cos5
- 如果没有开启该功能,请开启
- 创建一个bucket然后保存下该bucket的URL路径
- 打开并登录腾讯云CAM对象存储网站: https://console.cloud.tencent.com/cam
- 创建一个具有QcloudCOSDataFullControl权限的用户并且保存下该用户的SecretId还有SecretKey
+ 让我们回到 kstone-dashboard
- 点击 "操作"
- 点击 "集群功能项"
- 点击 "Backup:"
- 填好下面的参数
- BackupIntervalInSecond 决定了多久backup-operator会进行一次etcd备份工作
- MaxBackups 是你想要存放的etcd备份文件的最大数量,如果备份超过了这个数量,backup-operator会按时间顺序删掉多余的旧的备份文件。
- TimeoutInSecond 是 backup-operator的超时时间
- SecretId 是之前步骤保存下来的SecretId
- SecretKey 是之前步骤保存下来的SecretKey
- Path:
# 重要!!!
你首先需要去掉 https:// 然后加上 / 还有你想要的文件的备份前缀
如果你的COS bucket URL 地址是 https://etcd-bakcup-XXXXXXX.cos.ap-guangzhou.myqcloud.com
然后你想要你的备份文件的前缀是my-first-cluster, 你需要像下面一样填好path:
#### etcd-bakcup-XXXXXXX.cos.ap-guangzhou.myqcloud.com/my-first-cluster
+ 等待BackupIntervalInSecond秒然后检查 COS bucket
你会发现一个带有之前指定前缀的etcd备份文件
================================================
FILE: docs/installation/kubeadm_en.md
================================================
# Kstone Installation
## 1 Preparation
- Prerequisites
- Kubernetes version is between 1.14 and 1.20.
- The version of Prometheus Operator is v0.49.0.
- Requirements:
- For production environment (recommended): Worker >= 4 vCPU 8 GB of Memory.
- For test environment (minimum): Worker >= 2 vCPU 2 GB of Memory.
## 2 Install kubeadm and CNI Plugin
you can check below guide
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
## 3 Deploy
- 3.1 Modify Helm Configuration
### Step 1:
- Install helm:
Please refer to [helm installation](https://helm.sh/docs/intro/install/) or just directly download and install
```bash
wget https://get.helm.sh/helm-v3.7.2-linux-amd64.tar.gz
tar -zxvf helm-v3.7.2-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm
```
- Install git:
```bash
yum -y install git
```
- Download Helm Repo:
```bash
git clone -b release-0.2 git@github.com:tkestack/kstone.git
cd kstone
cd ./charts
```
#### Step 2:
- Create Admin TOKEN for dashboard-api to access Kubernetes
```bash
kubectl create serviceaccount kube-admin -n kube-system
kubectl create clusterrolebinding kube-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kube-admin
```
- Get Admin TOKEN from Kubeadm cluster
```
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='kube-admin')].data.token}" -n kube-system|base64 --decode
```
- Fill in the TOKEN of the cluster to deploy.
```
// charts/charts/dashboard-api/values.yaml
kube:
token: $token
target: kubernetes.default.svc.cluster.local:443
```
- Requirements:
- $token is the access credential TOKEN of the cluster to be deployed.
- $token needs to have access to all resources in the cluster.
#### Step 3: Using the existing Prometheus Operator (optional)
- Set `prometheusOperator.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Set `prometheus.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Modify the file: `charts/charts/grafana/templates/configmap.yaml`, replace `http://{{ .Release.Name }}-prometheus-prometheus.{{ .Release.Namespace }}.svc.cluster.local:9090` to the query URL from the existing Prometheus Operator.
### 3.2 Install
- Create kstone namespace
```bash
kubectl create ns kstone
```
- Helm install for production environment
```bash
cd charts/
helm install kstone . -n kstone -f values.yaml
```
or
- Helm install for test environment
```bash
cd charts/
helm install kstone . -n kstone -f values.test.yaml
```
- Delete Ingress Rule
```bash
kubectl delete ingress kstone -n kstone
```
- Create a new Ingress Rule
```yaml
cat < 80:30700/TCP,443:31221/TCP 40h
ingress-nginx-controller-admission ClusterIP 10.105.48.164 443/TCP
```
- Visit kstone dashboard `http://:8080` or the ingress NodePort address in the browser
- ### important: Do not access the dashboard directly!!!
- Create an ETCD cluster
- Cluster is Running
### 3.3 Update
- Helm upgrade for production environment
```bash
cd charts
helm upgrade kstone . -n kstone -f values.yaml
```
or
- Helm upgrade for test environment
```bash
cd charts
helm upgrade kstone . -n kstone -f values.test.yaml
```
### 3.4 Uninstall
```bash
helm uninstall kstone -n kstone
kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
kubectl delete crd alertmanagers.monitoring.coreos.com
kubectl delete crd podmonitors.monitoring.coreos.com
kubectl delete crd probes.monitoring.coreos.com
kubectl delete crd prometheuses.monitoring.coreos.com
kubectl delete crd prometheusrules.monitoring.coreos.com
kubectl delete crd servicemonitors.monitoring.coreos.com
kubectl delete crd thanosrulers.monitoring.coreos.com
kubectl delete crd etcdclusters.kstone.tkestack.io
kubectl delete crd etcdinspections.kstone.tkestack.io
```
- Uninstall Kubeadm
https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-reset/
================================================
FILE: docs/installation/minikube-amd64.md
================================================
# Kstone Installation
## 1 Preparation
- Prerequisites
- Kubernetes version is between 1.14 and 1.20.
- The version of Prometheus Operator is v0.49.0.
- Requirements:
- For production environment (recommended): Worker >= 4 vCPU 8 GB of Memory.
- For test environment (minimum): Worker >= 2 vCPU 2 GB of Memory.
- Can access the managed etcd.
## 2 Install Minikube
#### Step 1:
- Switch to non-root User
```shell
adduser kstone
# set password for kstone user
passwd kstone
su - kstone
sudo groupadd docker
sudo usermod -aG docker $USER
# Re-Login and Restart the Docker Server
systemctl restart docker
```
#### Step 2:
- [Install Minikube](https://minikube.sigs.k8s.io/docs/start/) (e.g. Linux amd64)
- Requirements:version <= 1.20.x
```shell
VERSION=v1.20.0
curl -LO https://github.com/kubernetes/minikube/releases/download/${VERSION}/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
minikube start --driver=docker
```
- Alias `minikube kubectl`
```shell
alias kubectl="minikube kubectl --"
```
#### Step 3:
- Deploy ingress controller
```shell
minikube addons enable ingress
```
## 3 Deploy
### 3.1 Modify Helm Configuration
#### Step 1:
- Install helm:
Please refer to [helm installation](https://helm.sh/docs/intro/install/)
- Download Helm Repo:
``` shell
git clone -b release-0.2 git@github.com:tkestack/kstone.git
cd ./charts
```
#### Step 2:
- Get Admin TOKEN from Minikube cluster
```shell
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}" -n kube-system|base64 --decode
```
- Fill in the TOKEN of the cluster to deploy.
``` yaml
// charts/charts/dashboard-api/values.yaml
kube:
token: $token
target: kubernetes.default.svc.cluster.local:443
```
- Requirements:
- $token is the access credential TOKEN of the cluster to be deployed.
- $token needs to have access to all resources in the cluster.
#### Step 3: Using the existing Prometheus Operator (optional)
- Set `prometheusOperator.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Set `prometheus.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Modify the file: `charts/charts/grafana/templates/configmap.yaml`, replace `http://{{ .Release.Name }}-prometheus-prometheus.{{ .Release.Namespace }}.svc.cluster.local:9090` to the query URL from the existing Prometheus Operator.
### 3.2 Install
- Create kstone namespace
``` shell
kubectl create ns kstone
```
- Helm install for production environment
```shell
cd charts/
helm install kstone . -n kstone -f values.yaml
```
or
- Helm install for test environment
```shell
cd charts/
helm install kstone . -n kstone -f values.test.yaml
```
- Create Ingress Rule
```shell
cat <:8080` in the browser
- Create an ETCD cluster
- Cluster is Running
### 3.3 Update
- Helm upgrade for production environment
``` shell
cd charts
helm upgrade kstone . -n kstone -f values.yaml
```
or
- Helm upgrade for test environment
``` shell
cd charts
helm upgrade kstone . -n kstone -f values.test.yaml
```
### 3.4 Uninstall
``` shell
helm uninstall kstone -n kstone
kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
kubectl delete crd alertmanagers.monitoring.coreos.com
kubectl delete crd podmonitors.monitoring.coreos.com
kubectl delete crd probes.monitoring.coreos.com
kubectl delete crd prometheuses.monitoring.coreos.com
kubectl delete crd prometheusrules.monitoring.coreos.com
kubectl delete crd servicemonitors.monitoring.coreos.com
kubectl delete crd thanosrulers.monitoring.coreos.com
kubectl delete crd etcdclusters.kstone.tkestack.io
kubectl delete crd etcdinspections.kstone.tkestack.io
```
- Uninstall Minikube
```shell
minikube stop && minikube delete
```
================================================
FILE: docs/installation/minikube-macos.md
================================================
# Kstone Installation
## 1 Preparation
- Prerequisites
- Kubernetes version is between 1.14 and 1.20.
- The version of Prometheus Operator is v0.49.0.
- Requirements:
- For production environment (recommended): Worker >= 4 vCPU 8 GB of Memory.
- For test environment (minimum): Worker >= 2 vCPU 2 GB of Memory.
- Can access the managed etcd.
## 2 Install Minikube
#### Step 1:
- [Install VirtualBox](https://www.virtualbox.org/wiki/Downloads)
- [Configure Virtual Box Network](https://www.virtualbox.org/manual/ch06.html#network_hostonly) (Allow 10.0.0.0/8 and 192.168.0.0/16 IPv4 ranges)
```shell
sudo mkdir -p /etc/vbox && sudo bash -c "cat > /etc/vbox/networks.conf" << EOF
* 10.0.0.0/8 192.168.0.0/16
* 2001::/64
EOF
```
#### Step 2:
- [Install Minikube](https://minikube.sigs.k8s.io/docs/start/) (e.g. Mac OSX)
- Requirements:version <= 1.20.x
```shell
VERSION=v1.20.0
curl -LO https://github.com/kubernetes/minikube/releases/download/${VERSION}/minikube-darwin-amd64
sudo install minikube-darwin-amd64 /usr/local/bin/minikube
minikube start --vm-driver=virtualbox
```
#### Step 3:
- Alias `minikube kubectl`
```shell
alias kubectl="minikube kubectl --"
```
#### Step 4:
- Deploy ingress controller
```shell
minikube addons enable ingress
```
## 3 Deploy
### 3.1 Modify Helm Configuration
#### Step 1:
- Install helm:
Please refer to [helm installation](https://helm.sh/docs/intro/install/)
- Download Helm Repo:
``` shell
git clone -b release-0.2 git@github.com:tkestack/kstone.git
cd ./charts
```
#### Step 2:
- Get Admin TOKEN from Minikube cluster
```shell
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}" -n kube-system|base64 --decode
```
- Fill in the TOKEN of the cluster to deploy.
``` yaml
// charts/charts/dashboard-api/values.yaml
kube:
token: $token
target: kubernetes.default.svc.cluster.local:443
```
- Requirements:
- $token is the access credential TOKEN of the cluster to be deployed.
- $token needs to have access to all resources in the cluster.
#### Step 3: Using the existing Prometheus Operator (optional)
- Set `prometheusOperator.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Set `prometheus.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Modify the file: `charts/charts/grafana/templates/configmap.yaml`, replace `http://{{ .Release.Name }}-prometheus-prometheus.{{ .Release.Namespace }}.svc.cluster.local:9090` to the query URL from the existing Prometheus Operator.
### 3.2 Install
- Create kstone namespace
``` shell
kubectl create ns kstone
```
- Helm install for production environment
```shell
cd charts/
helm install kstone . -n kstone -f values.yaml
```
or
- Helm install for test environment
```shell
cd charts/
helm install kstone . -n kstone -f values.test.yaml
```
- Create Ingress Rule
```shell
cat <= 4 vCPU 8 GB of Memory.
- For test environment (minimum): Worker >= 2 vCPU 2 GB of Memory.
- Can access the managed etcd.
## 2 Deploy
### 2.1 Modify Helm Configuration
#### Step 1:
- Install helm:
Please refer to [helm installation](https://helm.sh/docs/intro/install/)
- Download Helm Repo:
``` shell
git clone -b release-0.2 git@github.com:tkestack/kstone.git
cd ./charts
```
- Modify Setting:
``` yaml
// charts/values.yaml
ingress:
enabled: true
className: ""
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
service.cloud.tencent.com/direct-access: 'false'
kubernetes.io/ingress.class: qcloud
service.kubernetes.io/tke-existed-lbid: $lb
kubernetes.io/ingress.existLbId: $lb
kubernetes.io/ingress.subnetId: $subnet
```
Method 1: Use existing LB
Refer to the above configuration and fill in the $lb and $subnet under the same VPC of the TKE cluster.
Method 2: Do not use existing LB
Delete the following configurations:
- ingress.annotations.service.kubernetes.io/tke-existed-lbid
- kubernetes.io/ingress.existLbId
- kubernetes.io/ingress.subnetId
#### Step 2:
- Get Admin TOKEN from TKE cluster
```shell
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='kube-admin')].data.token}" -n kube-system|base64 --decode
```
- Fill in the TOKEN of the cluster to deploy.
``` yaml
// charts/charts/dashboard-api/values.yaml
kube:
token: $token
target: kubernetes.default.svc.cluster.local:443
```
- Requirements:
- $token is the access credential TOKEN of the TKE cluster to be deployed.
- $token needs to have access to all resources in the cluster.
#### Step 3: Using the existing Prometheus Operator (optional)
- Set `prometheusOperator.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Set `prometheus.enabled=false` in the file `charts/charts/kube-prometheus-stack/values.yaml`.
- Modify the file: `charts/charts/grafana/templates/configmap.yaml`, replace `http://{{ .Release.Name }}-prometheus-prometheus.{{ .Release.Namespace }}.svc.cluster.local:9090` to the query URL from the existing Prometheus Operator.
### 2.2 Install
- Create kstone namespace
``` shell
kubectl create ns kstone
```
- Helm install for production environment
```shell
cd charts/
helm install kstone . -n kstone -f values.yaml
```
or
- Helm install for test environment
```shell
cd charts/
helm install kstone . -n kstone -f values.test.yaml
```
### 2.3 Update
- Helm upgrade for production environment
```bash
cd charts
helm upgrade kstone . -n kstone -f values.yaml
```
or
- Helm upgrade for test environment
```bash
cd charts
helm upgrade kstone . -n kstone -f values.test.yaml
```
### 2.4 Uninstall
``` shell
helm uninstall kstone -n kstone
kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
kubectl delete crd alertmanagers.monitoring.coreos.com
kubectl delete crd podmonitors.monitoring.coreos.com
kubectl delete crd probes.monitoring.coreos.com
kubectl delete crd prometheuses.monitoring.coreos.com
kubectl delete crd prometheusrules.monitoring.coreos.com
kubectl delete crd servicemonitors.monitoring.coreos.com
kubectl delete crd thanosrulers.monitoring.coreos.com
kubectl delete crd etcdclusters.kstone.tkestack.io
kubectl delete crd etcdinspections.kstone.tkestack.io
```
================================================
FILE: docs/migration/README.md
================================================
# API v1alpha2 Migration (Imported ETCD Clusters Only)
## 1 Preparation
- Prerequisites
- Already installed the [release-0.1.0](https://github.com/tkestack/kstone/releases/tag/v0.1.0-alpha.2) or lower version kstone.
- Already installed kubectl and set up the kubeconfig in /root/.kube/config for kstone cluster.
> **Risk Warning:**
>
> Migrating API from v1alpha1 to v1alpha2 will delete the existing clusters from kstone.
>
> Please notice this migration document is only for **Imported etcd** etcd clsuters migration.
## 2 Backup and Recreate the cluster and secret from v1alpha1 API
Run the migration script:
```shell
./hack/migratev1.sh
```
the outputs:
```shell
==========Starting to backup...============
==========Starting to delete clusters, inspections and secrets...==========
customresourcedefinition.apiextensions.k8s.io "etcdclusters.kstone.tkestack.io" deleted
customresourcedefinition.apiextensions.k8s.io "etcdinspections.kstone.tkestack.io" deleted
==========Starting to re-create crds...==========
customresourcedefinition.apiextensions.k8s.io/etcdclusters.kstone.tkestack.io created
==========Starting to generate clusters...==========
etcdcluster.kstone.tkestack.io/test-kstone created
==========Starting to generate secrets...==========
secret/xxx created
==========finished==========
```
## 3 Upgrade kstone by helm
- Helm upgrade for production environment
``` shell
cd charts
helm upgrade kstone . -n kstone -f values.yaml
```
or
- Helm upgrade for test environment
``` shell
cd charts
helm upgrade kstone . -n kstone -f values.test.yaml
```
# 4 Clear browser cache
If your browser is chrome, please refer to [this](https://support.google.com/accounts/answer/32050?hl=en&co=GENIE.Platform%3DDesktop).
================================================
FILE: docs/proposal/authentication-support/README.md
================================================
# kstone-api Supports Authentication
## Motivation
Kstone has become a popular solution for etcd management. Due to lack of authentication ability, it has safety vulnerability and is not recommended using in production environment. To improve safety features of kstone, we'd like to support authentication in kstone.
## Goals
* Designed to support multiple authentication plugins.
* Strong security (password encryption, token expiration time, password reset only, etc.).
* Built-in username/password authentication, the default is based on bearer token authentication (jwt).
## Non-Goals
* Implement a complex RBAC authentication system.
* Implement a complete user management system(only create an admin user by default).
## Use Cases
* Visiting [kstone-dashboard](https://github.com/tkestack/kstone-dashboard) login page to authenticate.
* Any requests to access kstone-api without authentication will directly return a HTTP 401 Unauthorized
error.
### Bear Token Authentication
- Users use their username and password to login.
- The token authenticator generates a bear token set in response body.
- Users send request with bear token request header, the token authenticator verifies if the token is valid.
### External Auth
Users configure their own authentication system (e.g. ldap, oidc), and use their custom authentication system to verify identity.
## Proposal
In order to implement login feature, we develop an authentication module in kstone-api. It supports not only basic auth(username/password authentication) by default but also other authentication protocols.
## Design Details
### Authentication Process
#### 1. Login Process
- First time login, POST request will be sent to kstone-api, URL path `/apis/login`.
- User login with default username and password.
Request example:
```json
{
"username":"admin",
"password":"adm1n@kstone.io"
}
```
Response example:
```json
{
"username":"admin",
// this will be true when login with default username and password
"reset_password": true,
"token":"eyJhbGciOiJSUzI1N.xxx.xxx"
}
```
- **Authenticator**: Compare user and password with `kstone-api-user` configmap configuration.
- **TokenGenerator**: Generate a JWT token for users and put it in response body.
- If user login with default username and password, the response body will contain `"reset_password": true`, users must reset the password.
#### 2. JWT Token Authentication Process
- **JWTTokenAuthenticator**: Verify JWT Token from request header.
> If user sends request with JWT token header, **JWTTokenAuthenticator** middleware will only verify the token until it is expired.
### Authentication Interface
- Authentication Request, Token and TokenGenerator Interface
```go
// Token checks a string value against a backing authentication store and
// returns a Response or an error if the token could not be checked.
type Token interface {
AuthenticateToken(ctx context.Context, token string) (*Response, bool, error)
}
// TokenGenerator generates tokens
type TokenGenerator interface {
GenerateToken(ctx context.Context, username string, password string) (string, error)
}
// Request attempts to extract authentication information from a request and
// returns a Response or an error if the request could not be checked.
type Request interface {
AuthenticateRequest(ctx *gin.Context) (*Response, bool, error)
}
```
- Store Interface
```go
// Store defines auth user/password storage interface
type Store interface {
// UserGet gets a user
UserGet() User
// UserAdd adds a user
UserAdd(user User) error
// UserDelete deletes a user
UserDelete(username string) error
// UserList lists users
UserList() []User
// UserChangePassword changes a password of a user
UserChangePassword(username, password string) error
}
```
### Bear Token Authentication
#### Auth Configuration
By default, we create a `kstone-api-key` secret and `kstone-api-user` configmap in kstone namespace.
- `kstone-api-key` secret specifies private key:
```yaml
apiVersion: v1
data:
private.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeURuTHlyS0t4d1lhQVF1VDhSRVZ0bWR1VDYyV0xYTGIvUEs4bStJZG8yd3U1L1oxCmpCTVBIcWFzMjdabGlaeXF5bFVWZ3FsSUxNZUxPYlFtY0JvTUdGNkxuemVreHdEYVdmNTBRYW5JeTNSdFR4UVYKaEdIMnc0ZS8yQnI2NXlucUh6N0NZSy9VUHhWSWRTYWZaZ08vM0VGTWZVZVZRV0RWRWJCaTZWSW5hZzdsQjlRUQo2Q2tPTFM2ZFl5YXJnWWcrWWJZUkliVkVCNmNRTzNvcXJVTzR4OTlpZ3l3Z0Q3dlRReHdOMXB5eHVNbmlRYW5HCkREakludndTdUMxYTlUREdWc0ZXMzU5OUVoeGFuc3FUaUhvMm04YjJwNzdsWFFGYy9Qc1UwNTB6dDgxN1czTVEKbGlQRU5ycUhQTUpTNXhFQkhjdEdzb3Rtc3J6NmNIUklrclFLblFJREFRQUJBb0lCQVFDSDg0NW5aRkdNajUwSwpocVQrTXo2TjZxN2hGUmw2Wkpud3A1VGZOMm91YzU5cHkxUEhONDIxbnpDUndzZ3c1eHFrWlo5RVo5TGs3TnlnCjRxeVN3MnpoQXhsRWs1Q2p1dldIMDVsMm1HVUptRlU4TTRQa3JtdlNHaE51RmV1MUdDV3E3MzhtRFYxTk5CTk4KMEZxODl1RElHZUpvMGprSytrZlNTZlR2UGVRYlF5d3BPdVg3Wmp1RCtLOE9qRzlhWnpNOTYyUERoREJ2VlBCZQpKeXNqV0VqU0d5YWc3NjMza3Y0dWtPeDhycVBRLzJUdStIcElyQTljVXBnVDh6V0UycThxcHdVZzBHY0NuZ21mCnFsZjU1a1lzL1RhMW9iUjNxYVg2bWpKL2dFNlZyUzFpSTc1em5lbkh3Tmp6WExpaE5JL3ZkMXh1QnREV2JLTVUKK0M3bnpPZlZBb0dCQU9vaTNZM2luOGgrTjczYVdyWnIxQ29FNzBFWHg2dFZwdnBTUHJyMmZhUG5UVDBOR1RpUgpsTFJlOEp3WU9nNlgzQjU4SEwxVUtnZ05pT285TS9FSUlMblU0RzdHbDZSTG52NUNBODVtYWJ4Q3JkMTJXeWlpCmVnMy80ODRselFpdDliQ0lFV3VaekcySnBYb2Jzc3FjT0szNjNKKzBtUk1JUDhLTWVVbFlwYVo3QW9HQkFOcnMKU1R6aXhwWm0yYUYrUzNYV0l0TmRjakhMRW1BU1orcVZ6TXRRcHFLUjRlSXlodDNtczRGWmdCSFpxTVMzWTlDLwppdUFQNWJMMTA4NGdtWWJmMjhpRjNyakdhbGdHUkRpaDh6REgyR2pMVitrbE1PUm1GaFRPeDF5SHhTVWVaOEpjCmZ3aG42Y3RxcVRQaE5mQmw0SUV1eklEalZueDdUL09IMkhybDFaUEhBb0dCQU5aeW5LNnFGV05UaDhhU1NtZXYKRjZKczVwNmVJem1ndDlHcXB0NGppaXduWEsxQVpBdFYrL2ZBeFd5VEhBbmx1YTBLVEdCMHlCS2NJdjA0bFd4OAozMHlWMkFKZVR1SWlpVHVrUjB3eXJVSExhT2ZnMGRuRUJ6cnZWejJuamNZWFgyTVRIYkdLS3AxaFoza1NDWTVkCnkrUStVdmpNTnpBaGJCVExDUVBPOTlvbEFvR0FQanhrQ2FvU2VKbGVqemwvTEUybTh0Mmk1Q0x0NDEvNEtNbFQKUWcxNGdjamxKVS9sNVZsN2VHOUFLRkx2VnBVb0RDVVh6dURXRlEwcm5ITEtFbnk3VjRNdk1Pby9PeXowNGdDdwpTUkxYSTl1QzcyWENRM3YrRlFZL3lMOVVQVndxZFNla2VYaEpENm9QMWc3VkxiVllvSUQwWkVPOHg0Q3Exdm1zCmdpdXFqdXNDZ1lFQXI0WVhUWWZQUk9YQXRmN01ETUs5bmVRcHZNUytiMit5RGNhdFM0YitNT0kxY3ViNFFsdDEKMDdWV2RnWnNybTc2bkZ2TDF4SWptREhPZnJPbU1Zd2Y3VGRhYWVIbG1Qa1BvOHc2ZG1lbkdGaHV2Q1lZa3YyagpsS3o2VWhtYzlCNkc4VVlQNzdvWTR5RkhoQU9mVXpTQVF4bEpEV0hzeVA0SmRtZTlYZnNURUU0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
name: kstone-api-key
namespace: kstone
type: Opaque
```
- `kstone-api-user` configmap specifies username and password:
```yaml
data:
# password: bcrypt encryption(e.g. adm1n@kstone.io)
admin: $2y$10$dgolimSP5PywT3yMaRqppeA5GflVmyf/cWaL6bfmXVk6Rsjlmp0ui
kind: ConfigMap
metadata:
name: kstone-api-user
namespace: kstone
```
To customize admin username and password, modify or add the data field in `kstone-api-user` configmap.
> To support multiple users, user can add multiple `username: password` key-value pairs in `kstone-api-user` configmap
#### Encryption && Decryption
Use [`golang.org/x/crypto`](https://pkg.go.dev/golang.org/x/crypto) to compare a **bcrypt hashed password** with its **possible plaintext equivalent**. Returns nil on success, or an error on failure.
- **bcrypt hashed password** stored in `kstone-api-user` configmap.
- **possible plaintext equivalent** is the login password from user.
```go
bcrypt.CompareHashAndPassword(bcryptHashedPassword, plaintextPassword)
```
#### Customize Admin Username, Password or Private Key
- Specify a new username and password(e.g. admin:custom@kstone.io)
```shell
USER=admin
PASSWORD=custom@kstone.io
```
> Password must contain numbers, letters, eight digits or more in length
- Generate a new password hash
```shell
# yum -y install httpd-tools
# e.g. htpasswd -nbBC 10 admin admin
HASH_PASSWORD=`htpasswd -nbBC 10 ${USER} ${PASSWORD}|awk -F ':' '{print $2}'`
```
- Update username and password:
- 1. use `--dry-run=client` option to print out a custom `kstone-api-user` configmap:
```shell
kubectl create configmap -n kstone kstone-api-user --from-literal=${USER}=${HASH_PASSWORD} --dry-run=client -oyaml
```
- 2. replace the default `kstone-api-user` configmap with the new `kstone-api-user` configmap.
> If the user forgets the password, please refer to this method to reset the password.
- Generate a new private key
```shell
openssl genrsa -out private.key 2048
```
- Update private key:
- 1. use `--dry-run=client` option to print out a custom `kstone-api-key` secret:
```shell
kubectl create secret generic -n kstone kstone-api-key --from-file=private.pem --dry-run=client -oyaml
```
- 2. replace the default `kstone-api-key` secret with the new `kstone-api-key` secret.
### External Auth
kstone-api plans to support external auth plugins, such as: LDAP, OIDC etc.
A few work needs to be done:
1. Implement the Request interface to verify the external authentication request.
2. Implement the Token interface to verify token for the external authentication protocol.
3. Implement the TokenGenerator interface to generate a token if needed.(optional if reusing JWTTokenAuthenticator)
4. Implement the Store interface to update users information.(add users, reset password etc.)
### REST API
#### Login
- request example
```json
POST /apis/login
{
"username":"admin",
"password":"adm1n@kstone.io"
}
```
- response example
```json
{
"username": "admin",
// this will be true when login with default username and password
"reset_password": true,
"token": "eyJhbGciOiJSUzI1N.xxx.xxx",
"message": ""
}
```
> if `reset_password` is true, kstone-dashboard will redirect to reset password page.
#### Request with Authentication
- request example
```json
GET /apis/users
Header:
kstone-api-jwt: eyJhbGciOiJSUzI1N.xxx.xxx
```
- response example
```json
{
"username": "",
// this will be true when login with default username and password
"reset_password": false,
"token": "",
"message": "admin,admin-2,admin3"
}
```
## Testing Plan
Add e2e test to verify the login feature in kstone-api.
## References
- [Introduction to JSON Web Tokens](https://jwt.io/introduction)
- [etcd v3 authentication design](https://etcd.io/docs/v3.5/learning/design-auth-v3/)
- [grafana basic authentication](https://grafana.com/docs/grafana/latest/auth/overview/#basic-authentication)
- [kubernetes authentication implementation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/)
================================================
FILE: docs/proposal/authentication-support/proposal.yaml
================================================
title: kstone-api supports authentication
proposal-number: 1
authors:
- "@lianghao208"
reviewers:
- "@tangcong"
- "@engow"
- "@maudL1n"
approvers:
- "@tangcong"
- "@engow"
creation-date: 2022-01-13
last-updated: 2022-01-13
status: implementable
================================================
FILE: go.mod
================================================
module tkestack.io/kstone
go 1.16
require (
github.com/aws/aws-sdk-go v1.13.8
github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect
github.com/coreos/etcd v3.3.13+incompatible
github.com/coreos/etcd-operator v0.9.4
github.com/gin-contrib/pprof v1.4.0
github.com/gin-gonic/gin v1.8.1
github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab
github.com/go-openapi/spec v0.20.3 // indirect
github.com/go-openapi/swag v0.19.15 // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/google/go-querystring v1.1.0 // indirect
github.com/mozillazg/go-httpheader v0.3.0 // indirect
github.com/onsi/ginkgo v1.16.4
github.com/onsi/gomega v1.16.0
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.48.1
github.com/prometheus-operator/prometheus-operator/pkg/client v0.48.1
github.com/prometheus/client_golang v1.11.0
github.com/spf13/cobra v1.1.3
github.com/spf13/pflag v1.0.5
github.com/tencentyun/cos-go-sdk-v5 v0.7.31
go.etcd.io/etcd/api/v3 v3.5.0
go.etcd.io/etcd/client/pkg/v3 v3.5.0
go.etcd.io/etcd/client/v2 v2.305.0-alpha.0
go.etcd.io/etcd/client/v3 v3.5.0
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
k8s.io/api v0.21.3
k8s.io/apimachinery v0.21.3
k8s.io/client-go v12.0.0+incompatible
k8s.io/code-generator v0.21.3
k8s.io/klog/v2 v2.8.0
k8s.io/kubectl v0.21.3
sigs.k8s.io/controller-runtime v0.9.1
sigs.k8s.io/yaml v1.2.0
)
replace (
github.com/coreos/etcd-operator v0.9.4 => ./third_party/etcd-operator
k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.21.1
)
================================================
FILE: go.sum
================================================
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw=
cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
git.apache.org/thrift.git v0.0.0-20181218151757-9b75e4fe745a/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
github.com/Azure/azure-sdk-for-go v11.3.0-beta+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest v11.1.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM=
github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190125095113-2b29687e15f2/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.13.8 h1:2GXJr7VVErT37gjlGzkRI7Pb0alhJ2Y3XoCRcXRhavQ=
github.com/aws/aws-sdk-go v1.13.8/go.mod h1:ZRmQr0FajVIyZ4ZzBYKG5P3ZqPz9IHG41ZoMu1ADI3k=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 h1:sDMmm+q/3+BukdIpxwO365v/Rbspp2Nt5XntgQRXq8Q=
github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/etcd v3.3.13+incompatible h1:8F3hqu9fGYLBifCmRCJsicFqDx/D68Rt3q1JMazcgBQ=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.11.0+incompatible h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs=
github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/gin-contrib/pprof v1.4.0 h1:XxiBSf5jWZ5i16lNOPbMTVdgHBdhfGRD5PZ1LWazzvg=
github.com/gin-contrib/pprof v1.4.0/go.mod h1:RrehPJasUVBPK6yTUwOl8/NP6i0vbUgmxtis+Z5KE90=
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-ini/ini v1.42.0 h1:TWr1wGj35+UiWHlBA8er89seFXxzwFn11spilrrj+38=
github.com/go-ini/ini v1.42.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/zapr v0.4.0 h1:uc1uML3hRYL9/ZZPdgHS/n8Nzo+eaYL/Efxkkamf7OM=
github.com/go-logr/zapr v0.4.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk=
github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab h1:xveKWz2iaueeTaUgdetzel+U7exyigDYBryyVfV/rZk=
github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8=
github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU=
github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs=
github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk=
github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
github.com/go-openapi/spec v0.20.3 h1:uH9RQ6vdyPSs2pSy9fL8QPspDF2AMIMPtmK5coSSjtQ=
github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg=
github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-openapi/validate v0.19.8/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PLa8Y5fM=
github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go v0.0.0-20181219185031-c8a15bac9b9f/go.mod h1:5VvnLYVimBt+hOVlFtJDkYQHVmk4K27qHHioZjPbYAI=
github.com/googleapis/gax-go/v2 v2.0.2/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=
github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8 h1:12VvqtR6Aowv3l/EQUlocDHW2Cp4G9WJVH7uyH8QFJE=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60=
github.com/mozillazg/go-httpheader v0.3.0 h1:3brX5z8HTH+0RrNA1362Rc3HsaxyWEKtGY45YrhuINM=
github.com/mozillazg/go-httpheader v0.3.0/go.mod h1:PuT8h0pw6efvp8ZeUec1Rs7dwjK08bt6gKSReGMqtdA=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E=
github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c/go.mod h1:HUpKUBZnpzkdx0kD/+Yfuft+uD3zHGtXF/XJB14TUr4=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.44.1/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.48.1 h1:OGC7+ktZ6h8xI99VB6i8iuiXecdhUmwto9vbGzoVMac=
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.48.1/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
github.com/prometheus-operator/prometheus-operator/pkg/client v0.48.1 h1:i3bwALeHBJaLRw+z/8IPujQpAAVwqXpyLrftdhysFrk=
github.com/prometheus-operator/prometheus-operator/pkg/client v0.48.1/go.mod h1:k4BrWlVQQsvBiTcDnKEMgyh/euRxyxgrHdur/ZX/sdA=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ=
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ=
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4=
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/satori/uuid v1.2.0/go.mod h1:B8HLsPLik/YNn6KKWVMDJ8nzCL8RP5WyfsnmvnAEwIU=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M=
github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.194/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.194/go.mod h1:yrBKWhChnDqNz1xuXdSbWXG56XawEq0G5j1lg4VwBD4=
github.com/tencentyun/cos-go-sdk-v5 v0.7.31 h1:NujkkOKMJ3IFs1+trCwXOKRCIPQ8qI5Lxul9JkhTg6M=
github.com/tencentyun/cos-go-sdk-v5 v0.7.31/go.mod h1:4E4+bQ2gBVJcgEC9Cufwylio4mXOct2iu05WjgEBx1o=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
github.com/ugorji/go v1.2.7 h1:qYhyWUUd6WbiM+C6JZAUkIJt/1WrjzNHY9+KCIjVqTo=
github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo=
go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw=
go.etcd.io/etcd/api/v3 v3.5.0 h1:GsV3S+OfZEOCNXdtNkBSR7kgLobAa/SO6tCxRa0GAYw=
go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
go.etcd.io/etcd/client/pkg/v3 v3.5.0 h1:2aQv6F436YnN7I4VbI8PPYrBhu+SmrTaADcf8Mi/6PU=
go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
go.etcd.io/etcd/client/v2 v2.305.0-alpha.0 h1:jZepGpOeJATxsbMNBZczDS2jHdK/QVHM1iPe9jURJ8o=
go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU=
go.etcd.io/etcd/client/v3 v3.5.0 h1:62Eh0XOro+rDwkrypAGDfgmNh5Joq+z+W9HZdlXMzek=
go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 h1:3yLUEC0nFCxw/RArImOyRUI4OAFbg4PFpBbAhSNzKNY=
go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY=
go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558 h1:D7nTwh4J0i+5mW4Zjzn5omvlr6YBcWywE6KOcatyNxY=
golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 h1:siQdpVirKtzPhKl3lZWozZraCFObP8S1v6PRp0bLrtU=
golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE=
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6 h1:Vv0JUPWTyeqUq42B2WJ1FeIDjjvGKoA2Ss+Ts0lAVbs=
golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA=
golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0=
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0=
google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA=
k8s.io/api v0.19.2/go.mod h1:IQpK0zFQ1xc5iNIQPqzgoOwuFugaYHK4iCknlAQP9nI=
k8s.io/api v0.21.1/go.mod h1:FstGROTmsSHBarKc8bylzXih8BLNYTiS3TZcsoEDg2s=
k8s.io/api v0.21.2/go.mod h1:Lv6UGJZ1rlMI1qusN8ruAp9PUBFyBwpEHAdG24vIsiU=
k8s.io/api v0.21.3 h1:cblWILbLO8ar+Fj6xdDGr603HRsf8Wu9E9rngJeprZQ=
k8s.io/api v0.21.3/go.mod h1:hUgeYHUbBp23Ue4qdX9tR8/ANi/g3ehylAqDn9NWVOg=
k8s.io/apiextensions-apiserver v0.18.3/go.mod h1:TMsNGs7DYpMXd+8MOCX8KzPOCx8fnZMoIGB24m03+JE=
k8s.io/apiextensions-apiserver v0.21.2 h1:+exKMRep4pDrphEafRvpEi79wTnCFMqKf8LBtlA3yrE=
k8s.io/apiextensions-apiserver v0.21.2/go.mod h1:+Axoz5/l3AYpGLlhJDfcVQzCerVYq3K3CvDMvw6X1RA=
k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
k8s.io/apimachinery v0.19.2/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA=
k8s.io/apimachinery v0.21.1/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY=
k8s.io/apimachinery v0.21.2/go.mod h1:CdTY8fU/BlvAbJ2z/8kBwimGki5Zp8/fbVuLY8gJumM=
k8s.io/apimachinery v0.21.3 h1:3Ju4nvjCngxxMYby0BimUk+pQHPOQp3eCGChk5kfVII=
k8s.io/apimachinery v0.21.3/go.mod h1:H/IM+5vH9kZRNJ4l3x/fXP/5bOPJaVP/guptnZPeCFI=
k8s.io/apiserver v0.18.3/go.mod h1:tHQRmthRPLUtwqsOnJJMoI8SW3lnoReZeE861lH8vUw=
k8s.io/apiserver v0.21.2/go.mod h1:lN4yBoGyiNT7SC1dmNk0ue6a5Wi6O3SWOIw91TsucQw=
k8s.io/cli-runtime v0.21.3/go.mod h1:h65y0uXIXDnNjd5J+F3CvQU3ZNplH4+rjqbII7JkD4A=
k8s.io/client-go v0.18.3/go.mod h1:4a/dpQEvzAhT1BbuWW09qvIaGw6Gbu1gZYiQZIi1DMw=
k8s.io/client-go v0.19.2/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA=
k8s.io/client-go v0.21.1 h1:bhblWYLZKUu+pm50plvQF8WpY6TXdRRtcS/K9WauOj4=
k8s.io/client-go v0.21.1/go.mod h1:/kEw4RgW+3xnBGzvp9IWxKSNA+lXn3A7AuH3gdOAzLs=
k8s.io/client-go v0.21.2/go.mod h1:HdJ9iknWpbl3vMGtib6T2PyI/VYxiZfq936WNVHBRrA=
k8s.io/client-go v0.21.3/go.mod h1:+VPhCgTsaFmGILxR/7E1N0S+ryO010QBeNCv5JwRGYU=
k8s.io/client-go v11.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c=
k8s.io/code-generator v0.21.2/go.mod h1:8mXJDCB7HcRo1xiEQstcguZkbxZaqeUOrO9SsicWs3U=
k8s.io/code-generator v0.21.3 h1:K2Onrjuve/31D4Y5DpR9ngWM2BiiKUxrGaCxSEJS/Y8=
k8s.io/code-generator v0.21.3/go.mod h1:K3y0Bv9Cz2cOW2vXUrNZlFbflhuPvuadW6JdnN6gGKo=
k8s.io/component-base v0.18.3/go.mod h1:bp5GzGR0aGkYEfTj+eTY0AN/vXTgkJdQXjNTTVUaa3k=
k8s.io/component-base v0.21.2/go.mod h1:9lvmIThzdlrJj5Hp8Z/TOgIkdfsNARQ1pT+3PByuiuc=
k8s.io/component-base v0.21.3/go.mod h1:kkuhtfEHeZM6LkX0saqSK8PbdO7A0HigUngmhhrwfGQ=
k8s.io/component-helpers v0.21.3/go.mod h1:FJCpEhM9fkKvNN0QAl33ozmMj+Bx8R64wcOBqhng0oQ=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 h1:Uusb3oh8XcdzDF/ndlI4ToKTYVlkCSJP39SRY2mfRAw=
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/klog/v2 v2.8.0 h1:Q3gmuM9hKEjefWFFYF0Mat+YyFJvsUyYuwyNNJ5C9Ts=
k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o=
k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7 h1:vEx13qjvaZ4yfObSSXW7BrMc/KQBBT/Jyee8XtLf4x0=
k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE=
k8s.io/kubectl v0.21.3 h1:RmHvvz7tLnFmVqUzJuR44D8oE5zv1iyDojxSQllY+II=
k8s.io/kubectl v0.21.3/go.mod h1:/x/kzrhfL1h1W07z6a1UTbd8SWZUYAWXskigkG4OBCg=
k8s.io/metrics v0.21.3/go.mod h1:mN3Klf203Lw1hOsfg1MG7DR/kKUhwiyu8GSFCXZdz+o=
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20210527160623-6fdb442a123b h1:MSqsVQ3pZvPGTqCjptfimO2WjG7A9un2zcpiHkA6M/s=
k8s.io/utils v0.0.0-20210527160623-6fdb442a123b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.19/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
sigs.k8s.io/controller-runtime v0.9.1 h1:+LAqHAhkVW4lt/jLlrKmnGPA7OORMw/xEUH3Ey1h1Bs=
sigs.k8s.io/controller-runtime v0.9.1/go.mod h1:cTqsgnwSOsYS03XwySYZj8k6vf0+eC4FJRcCgQ9elb4=
sigs.k8s.io/kustomize/api v0.8.8/go.mod h1:He1zoK0nk43Pc6NlV085xDXDXTNprtcyKZVm3swsdNY=
sigs.k8s.io/kustomize/cmd/config v0.9.10/go.mod h1:Mrby0WnRH7hA6OwOYnYpfpiY0WJIMgYrEDfwOeFdMK0=
sigs.k8s.io/kustomize/kustomize/v4 v4.1.2/go.mod h1:PxBvo4WGYlCLeRPL+ziT64wBXqbgfcalOS/SXa/tcyo=
sigs.k8s.io/kustomize/kyaml v0.10.17/go.mod h1:mlQFagmkm1P+W4lZJbJ/yaxMd8PqMRSC4cPcfUVt5Hg=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.1.0/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.1.2 h1:Hr/htKFmJEbtMgS/UD0N+gtgctAqz81t3nu+sPzynno=
sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
================================================
FILE: hack/boilerplate.go.txt
================================================
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
================================================
FILE: hack/custom-boilerplate.go.txt
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2021 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
================================================
FILE: hack/migratev1.sh
================================================
#!/bin/bash
DATE=`date +%Y%m%d%H%M%S`
mkdir -p ./migrate-${DATE} && cd ./migrate-${DATE}
echo "==========Starting to backup...============"
kubectl get cluster -n kstone -oyaml > cluster-v1-backup-${DATE}.yaml
sed 's#apiVersion: kstone.tkestack.io/v1alpha1#apiVersion: kstone.tkestack.io/v1alpha2#g;/ totalCpu/,/ totalMem/d' cluster-v1-backup-${DATE}.yaml > cluster-v2-backup-${DATE}.yaml
for i in `kubectl get cluster -n kstone --no-headers | awk '{print $1}'`;do kubectl get secret ${i} -n kstone -oyaml > secret-backup-${i}-${DATE}.yaml;done
for i in `ls secret-backup-*`;do sed '/ ownerReferences:/,/ uid:/d' ${i} > new-${i} ;done
echo "==========Starting to delete clusters, inspections and secrets...=========="
kubectl delete crd etcdclusters.kstone.tkestack.io etcdinspections.kstone.tkestack.io
echo "==========Starting to re-create crds...=========="
for i in `ls ../deploy/crds/kstone.tkestack.io_*`;do kubectl create -f $i ;done
echo "==========Starting to generate clusters...=========="
kubectl create -f cluster-v2-backup-${DATE}.yaml
echo "==========Starting to generate secrets...=========="
for i in `ls new-secret-backup-*`;do kubectl create -f ${i} ;done
echo "==========finished=========="
================================================
FILE: hack/tools.go
================================================
//go:build tools
// +build tools
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// This package imports things required by build scripts, to force `go mod` to see them as dependencies
package tools
// import tools
import _ "k8s.io/code-generator"
================================================
FILE: hack/update-codegen.sh
================================================
#!/usr/bin/env bash
#
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
set -o errexit
set -o nounset
set -o pipefail
SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)}
# generate the code with:
# --output-base because this script should also be able to run inside the vendor dir of
# k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir
# instead of the $GOPATH directly. For normal projects this can be dropped.
bash "${CODEGEN_PKG}"/generate-groups.sh "deepcopy,client,informer,lister" \
tkestack.io/kstone/pkg/generated tkestack.io/kstone/pkg/apis \
kstone:v1alpha1 kstone.v1alpha2\
--output-base "$(dirname "${BASH_SOURCE[0]}")/../../.." \
--go-header-file "${SCRIPT_ROOT}"/hack/custom-boilerplate.go.txt
================================================
FILE: hack/verify-codegen.sh
================================================
#!/usr/bin/env bash
#
# Tencent is pleased to support the open source community by making TKEStack
# available.
#
# Copyright (C) 2012-2023 Tencent. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use
# this file except in compliance with the License. You may obtain a copy of the
# License at
#
# https://opensource.org/licenses/Apache-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
set -o errexit
set -o nounset
set -o pipefail
SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
DIFFROOT="${SCRIPT_ROOT}/pkg"
TMP_DIFFROOT="${SCRIPT_ROOT}/_tmp/pkg"
_tmp="${SCRIPT_ROOT}/_tmp"
cleanup() {
rm -rf "${_tmp}"
}
trap "cleanup" EXIT SIGINT
cleanup
mkdir -p "${TMP_DIFFROOT}"
cp -a "${DIFFROOT}"/* "${TMP_DIFFROOT}"
"${SCRIPT_ROOT}/hack/update-codegen.sh"
echo "diffing ${DIFFROOT} against freshly generated codegen"
ret=0
diff -Naupr "${DIFFROOT}" "${TMP_DIFFROOT}" || ret=$?
cp -a "${TMP_DIFFROOT}"/* "${DIFFROOT}"
if [[ $ret -eq 0 ]]
then
echo "${DIFFROOT} up to date."
else
echo "${DIFFROOT} is out of date. Please run hack/update-codegen.sh"
exit 1
fi
================================================
FILE: pkg/apis/kstone/register.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package kstone
// GroupName is the group name used in this package
const (
GroupName = "kstone.tkestack.io"
)
================================================
FILE: pkg/apis/kstone/v1alpha1/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// +k8s:deepcopy-gen=package
// +groupName=kstone.tkestack.io
// Package v1alpha1 is the v1alpha1 version of the API.
package v1alpha1
================================================
FILE: pkg/apis/kstone/v1alpha1/register.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
platform "tkestack.io/kstone/pkg/apis/kstone"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: platform.GroupName, Version: "v1alpha1"}
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) schema.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
// SchemeBuilder initializes a scheme builder
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// AddToScheme is a global function that registers this API group & version to a scheme
AddToScheme = SchemeBuilder.AddToScheme
)
// Adds the list of known types to Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&EtcdCluster{},
&EtcdClusterList{},
&EtcdInspection{},
&EtcdInspectionList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}
================================================
FILE: pkg/apis/kstone/v1alpha1/types.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package v1alpha1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdCluster is the Schema for the etcdclusters API
type EtcdCluster struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Spec EtcdClusterSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
Status EtcdClusterStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
type EtcdClusterPhase string
const (
EtcdClusterInit EtcdClusterPhase = "Initing"
EtcdCluterCreating EtcdClusterPhase = "Creating"
EtcdClusterRunning EtcdClusterPhase = "Running"
EtcdClusterUpdating EtcdClusterPhase = "Updating"
EtcdClusterDeleteing EtcdClusterPhase = "Deleting"
EtcdClusterDeleted EtcdClusterPhase = "Deleted"
EtcdClusterUnknown EtcdClusterPhase = "Unknown" // connection refused or other errors
EtcdClusterUnhealthy EtcdClusterPhase = "UnHealthy" // node health check returns unhealthy
)
type EtcdClusterConditionType string
const (
EtcdClusterConditionCreate EtcdClusterConditionType = "Create"
EtcdClusterConditionImport EtcdClusterConditionType = "Import"
EtcdClusterConditionUpdate EtcdClusterConditionType = "Update"
EtcdClusterConditionDelete EtcdClusterConditionType = "Delete"
)
// EtcdClusterCondition contains condition information for a EtcdCluster.
type EtcdClusterCondition struct {
// Type of EtcdCluster condition.
Type EtcdClusterConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=EtcdClusterPhase"`
// Status of the condition, one of True, False, Unknown.
Status corev1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"`
// Last time we got an update on a given condition.
// +optional
StartTime metav1.Time `json:"startTime,omitempty" protobuf:"bytes,3,opt,name=startTime"`
// Last time the condition transit from one status to another.
// +optional
EndTime metav1.Time `json:"endTime,omitempty" protobuf:"bytes,4,opt,name=endTime"`
// (brief) reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty" protobuf:"bytes,5,opt,name=reason"`
// Human readable message indicating details about last transition.
// +optional
Message string `json:"message,omitempty" protobuf:"bytes,6,opt,name=message"`
}
type EtcdClusterType string
const (
EtcdClusterKstone EtcdClusterType = "kstone-etcd-operator"
EtcdClusterImported EtcdClusterType = "imported"
)
// EtcdClusterSpec defines the desired state of EtcdCluster
type EtcdClusterSpec struct {
Name string `json:"name" protobuf:"bytes,1,opt,name=name"` // etcd cluster name,uniqueKey
Description string `json:"description" protobuf:"bytes,2,opt,name=description"` // etcd description
AuthConfig AuthConfig `json:"authConfig,omitempty" protobuf:"bytes,3,opt,name=authConfig"` // tls config
TotalCpu uint `json:"totalCpu" protobuf:"varint,4,opt,name=totalCpu"` // single node's cpu, unit: Core
TotalMem uint `json:"totalMem" protobuf:"varint,5,opt,name=totalMem"` // single node's mem, unit: GiB
DiskType string `json:"diskType" protobuf:"bytes,6,opt,name=diskType"` // disk type, CLOUD_SSD/CLOUD_PREMIUM/CLOUD_BASIC
DiskSize uint `json:"diskSize" protobuf:"varint,7,opt,name=diskSize"` // single node's disk size, unit: GB
Size uint `json:"size" protobuf:"varint,8,opt,name=size"` // etcd cluster member count: support 1, 3, 5, 7
Affinity corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,9,opt,name=affinity"`
Args []string `json:"args,omitempty" protobuf:"bytes,10,rep,name=args"`
Env []corev1.EnvVar `json:"env,omitempty" protobuf:"bytes,11,rep,name=env"` // etcd environment variables
Version string `json:"version" protobuf:"bytes,12,opt,name=version"` // etcd version
Repository string `json:"repository,omitempty" protobuf:"bytes,13,opt,name=repository"` // etcd image
ClusterType EtcdClusterType `json:"clusterType" protobuf:"bytes,14,opt,name=clusterType,casttype=EtcdClusterType"` // ClusterType specifies the etcd cluster provider.
}
// AuthConfig defines tls
type AuthConfig struct {
EnableTLS bool `json:"enableTLS,omitempty" protobuf:"varint,1,opt,name=enableTLS"`
SAN []string `json:"san,omitempty" protobuf:"bytes,2,rep,name=san"`
TLSSecret string `json:"tlsSecret,omitempty" protobuf:"bytes,3,opt,name=tlsSecret"`
}
type KStoneFeature string
const (
KStoneFeatureAnno = "featureGates"
KStoneFeatureMonitor KStoneFeature = "monitor"
KStoneFeatureBackup KStoneFeature = "backup"
KStoneFeatureHealthy KStoneFeature = "healthy"
KStoneFeatureConsistency KStoneFeature = "consistency"
KStoneFeatureRequest KStoneFeature = "request"
KStoneFeatureAlarm KStoneFeature = "alarm"
KStoneFeatureBackupCheck KStoneFeature = "backupcheck"
)
// EtcdClusterStatus defines the actual state of EtcdCluster.
type EtcdClusterStatus struct {
Conditions []EtcdClusterCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`
Phase EtcdClusterPhase `json:"phase" protobuf:"bytes,2,opt,name=phase,casttype=EtcdClusterPhase"`
Members []MemberStatus `json:"members,omitempty" protobuf:"bytes,3,rep,name=members"`
FeatureGatesStatus map[KStoneFeature]string `json:"featureGatesStatus,omitempty" protobuf:"bytes,4,rep,name=featureGatesStatus,castkey=KStoneFeature"`
ServiceName string `json:"serviceName,omitempty" protobuf:"bytes,5,opt,name=serviceName"`
}
type MemberPhase string
const (
MemberPhaseUnStarted MemberPhase = "UnStarted" // etcd member list return unstarted
MemberPhaseUnKnown MemberPhase = "UnKnown" // endpoint can not be connected
MemberPhaseRunning MemberPhase = "Running" // health check returns healthy
MemberPhaseUnHealthy MemberPhase = "UnHealthy" // health check returns unhealthy
)
type EtcdMemberRole string
const (
EtcdMemberLearner EtcdMemberRole = "Learner"
// kstone can get the list of etcd members, but cannot connect to the endpoint.
EtcdMemberUnKnown EtcdMemberRole = "UnKnown"
EtcdMemberFollower EtcdMemberRole = "Follower"
EtcdMemberLeader EtcdMemberRole = "Leader"
)
type MemberStatus struct {
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
MemberId string `json:"memberId" protobuf:"bytes,2,opt,name=memberId"`
Status MemberPhase `json:"status" protobuf:"bytes,3,opt,name=status,casttype=MemberPhase"`
Version string `json:"version" protobuf:"bytes,4,opt,name=version"`
Endpoint string `json:"endpoint" protobuf:"bytes,5,opt,name=endpoint"`
Port string `json:"port" protobuf:"bytes,6,opt,name=port"`
ClientUrl string `json:"clientUrl" protobuf:"bytes,7,opt,name=clientUrl"`
ExtensionClientUrl string `json:"extensionClientUrl" protobuf:"bytes,8,opt,name=extensionClientUrl"`
Role EtcdMemberRole `json:"role" protobuf:"bytes,9,opt,name=role,casttype=EtcdMemberRole"`
Errors []string `json:"errors,omitempty" protobuf:"bytes,10,rep,name=errors"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdClusterList contains a list of EtcdCluster
type EtcdClusterList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []EtcdCluster `json:"items" protobuf:"bytes,2,rep,name=items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:defaulter-gen=TypeMeta
// EtcdInspection is a specification for a EtcdInspection resource
type EtcdInspection struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Spec EtcdInspectionSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
Status EtcdInspectionStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
// EtcdInspectionSpec is the spec for a EtcdInspectionSpec resource
type EtcdInspectionSpec struct {
ClusterName string `json:"clusterName" protobuf:"bytes,1,opt,name=clusterName"`
InspectionType string `json:"inspectionType" protobuf:"bytes,2,opt,name=inspectionType"`
InspectionProvider string `json:"inspectionProvider,omitempty" protobuf:"bytes,3,opt,name=inspectionProvider"`
IntervalInSecond int `json:"intervalInSecond,omitempty" protobuf:"varint,4,opt,name=intervalInSecond"`
}
// EtcdInspectionRecord is the status record for a EtcdInspectionRecord resource
type EtcdInspectionRecord struct {
// Last time we got an update on a given condition.
// +optional
StartTime metav1.Time `json:"startTime,omitempty" protobuf:"bytes,1,opt,name=startTime"`
// Last time the condition transit from one status to another.
// +optional
EndTime metav1.Time `json:"endTime,omitempty" protobuf:"bytes,2,opt,name=endTime"`
// (brief) reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty" protobuf:"bytes,3,opt,name=reason"`
// Human readable message indicating details about last transition.
// +optional
Message string `json:"message,omitempty" protobuf:"bytes,4,opt,name=message"`
}
// EtcdInspectionStatus is the status for a EtcdInspectionStatus resource
type EtcdInspectionStatus struct {
Reason string `json:"reason,omitempty" protobuf:"bytes,1,opt,name=reason"`
Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"`
Records []EtcdInspectionRecord `json:"records,omitempty" protobuf:"bytes,3,rep,name=records"`
LastUpdatedTime metav1.Time `json:"lastUpdatedTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdatedTime"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdInspectionList is a list of EtcdInspection resources
type EtcdInspectionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
Items []EtcdInspection `json:"items" protobuf:"bytes,2,rep,name=items"`
}
================================================
FILE: pkg/apis/kstone/v1alpha1/zz_generated.deepcopy.go
================================================
// +build !ignore_autogenerated
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha1
import (
v1 "k8s.io/api/core/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuthConfig) DeepCopyInto(out *AuthConfig) {
*out = *in
if in.SAN != nil {
in, out := &in.SAN, &out.SAN
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig.
func (in *AuthConfig) DeepCopy() *AuthConfig {
if in == nil {
return nil
}
out := new(AuthConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdCluster) DeepCopyInto(out *EtcdCluster) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdCluster.
func (in *EtcdCluster) DeepCopy() *EtcdCluster {
if in == nil {
return nil
}
out := new(EtcdCluster)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdCluster) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterCondition) DeepCopyInto(out *EtcdClusterCondition) {
*out = *in
in.StartTime.DeepCopyInto(&out.StartTime)
in.EndTime.DeepCopyInto(&out.EndTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterCondition.
func (in *EtcdClusterCondition) DeepCopy() *EtcdClusterCondition {
if in == nil {
return nil
}
out := new(EtcdClusterCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterList) DeepCopyInto(out *EtcdClusterList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]EtcdCluster, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterList.
func (in *EtcdClusterList) DeepCopy() *EtcdClusterList {
if in == nil {
return nil
}
out := new(EtcdClusterList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdClusterList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterSpec) DeepCopyInto(out *EtcdClusterSpec) {
*out = *in
in.AuthConfig.DeepCopyInto(&out.AuthConfig)
in.Affinity.DeepCopyInto(&out.Affinity)
if in.Args != nil {
in, out := &in.Args, &out.Args
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Env != nil {
in, out := &in.Env, &out.Env
*out = make([]v1.EnvVar, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterSpec.
func (in *EtcdClusterSpec) DeepCopy() *EtcdClusterSpec {
if in == nil {
return nil
}
out := new(EtcdClusterSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterStatus) DeepCopyInto(out *EtcdClusterStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]EtcdClusterCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Members != nil {
in, out := &in.Members, &out.Members
*out = make([]MemberStatus, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.FeatureGatesStatus != nil {
in, out := &in.FeatureGatesStatus, &out.FeatureGatesStatus
*out = make(map[KStoneFeature]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterStatus.
func (in *EtcdClusterStatus) DeepCopy() *EtcdClusterStatus {
if in == nil {
return nil
}
out := new(EtcdClusterStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspection) DeepCopyInto(out *EtcdInspection) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
out.Spec = in.Spec
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspection.
func (in *EtcdInspection) DeepCopy() *EtcdInspection {
if in == nil {
return nil
}
out := new(EtcdInspection)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdInspection) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionList) DeepCopyInto(out *EtcdInspectionList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]EtcdInspection, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionList.
func (in *EtcdInspectionList) DeepCopy() *EtcdInspectionList {
if in == nil {
return nil
}
out := new(EtcdInspectionList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdInspectionList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionRecord) DeepCopyInto(out *EtcdInspectionRecord) {
*out = *in
in.StartTime.DeepCopyInto(&out.StartTime)
in.EndTime.DeepCopyInto(&out.EndTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionRecord.
func (in *EtcdInspectionRecord) DeepCopy() *EtcdInspectionRecord {
if in == nil {
return nil
}
out := new(EtcdInspectionRecord)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionSpec) DeepCopyInto(out *EtcdInspectionSpec) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionSpec.
func (in *EtcdInspectionSpec) DeepCopy() *EtcdInspectionSpec {
if in == nil {
return nil
}
out := new(EtcdInspectionSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionStatus) DeepCopyInto(out *EtcdInspectionStatus) {
*out = *in
if in.Records != nil {
in, out := &in.Records, &out.Records
*out = make([]EtcdInspectionRecord, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
in.LastUpdatedTime.DeepCopyInto(&out.LastUpdatedTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionStatus.
func (in *EtcdInspectionStatus) DeepCopy() *EtcdInspectionStatus {
if in == nil {
return nil
}
out := new(EtcdInspectionStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *MemberStatus) DeepCopyInto(out *MemberStatus) {
*out = *in
if in.Errors != nil {
in, out := &in.Errors, &out.Errors
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemberStatus.
func (in *MemberStatus) DeepCopy() *MemberStatus {
if in == nil {
return nil
}
out := new(MemberStatus)
in.DeepCopyInto(out)
return out
}
================================================
FILE: pkg/apis/kstone/v1alpha1/zz_generated.defaults.go
================================================
// +build !ignore_autogenerated
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by defaulter-gen. DO NOT EDIT.
package v1alpha1
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// RegisterDefaults adds defaulters functions to the given scheme.
// Public to allow building arbitrary schemes.
// All generated defaulters are covering - they call all nested defaulters.
func RegisterDefaults(scheme *runtime.Scheme) error {
return nil
}
================================================
FILE: pkg/apis/kstone/v1alpha2/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// +k8s:deepcopy-gen=package
// +groupName=kstone.tkestack.io
// Package v1alpha2 is the v1alpha2 version of the API.
package v1alpha2
================================================
FILE: pkg/apis/kstone/v1alpha2/register.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
platform "tkestack.io/kstone/pkg/apis/kstone"
)
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: platform.GroupName, Version: "v1alpha2"}
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) schema.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
// SchemeBuilder initializes a scheme builder
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// AddToScheme is a global function that registers this API group & version to a scheme
AddToScheme = SchemeBuilder.AddToScheme
)
// Adds the list of known types to Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&EtcdCluster{},
&EtcdClusterList{},
&EtcdInspection{},
&EtcdInspectionList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}
================================================
FILE: pkg/apis/kstone/v1alpha2/types.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package v1alpha2
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdCluster is the Schema for the etcdclusters API
type EtcdCluster struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Spec EtcdClusterSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
Status EtcdClusterStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
type EtcdClusterPhase string
const (
EtcdClusterInit EtcdClusterPhase = "Initing"
EtcdCluterCreating EtcdClusterPhase = "Creating"
EtcdClusterRunning EtcdClusterPhase = "Running"
EtcdClusterUpdating EtcdClusterPhase = "Updating"
EtcdClusterDeleteing EtcdClusterPhase = "Deleting"
EtcdClusterDeleted EtcdClusterPhase = "Deleted"
EtcdClusterUnknown EtcdClusterPhase = "Unknown" // connection refused or other errors
EtcdClusterUnhealthy EtcdClusterPhase = "UnHealthy" // node health check returns unhealthy
)
type EtcdClusterConditionType string
const (
EtcdClusterConditionCreate EtcdClusterConditionType = "Create"
EtcdClusterConditionImport EtcdClusterConditionType = "Import"
EtcdClusterConditionUpdate EtcdClusterConditionType = "Update"
EtcdClusterConditionDelete EtcdClusterConditionType = "Delete"
)
// EtcdClusterCondition contains condition information for a EtcdCluster.
type EtcdClusterCondition struct {
// Type of EtcdCluster condition.
Type EtcdClusterConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=EtcdClusterPhase"`
// Status of the condition, one of True, False, Unknown.
Status corev1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"`
// Last time we got an update on a given condition.
// +optional
StartTime metav1.Time `json:"startTime,omitempty" protobuf:"bytes,3,opt,name=startTime"`
// Last time the condition transit from one status to another.
// +optional
EndTime metav1.Time `json:"endTime,omitempty" protobuf:"bytes,4,opt,name=endTime"`
// (brief) reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty" protobuf:"bytes,5,opt,name=reason"`
// Human readable message indicating details about last transition.
// +optional
Message string `json:"message,omitempty" protobuf:"bytes,6,opt,name=message"`
}
type EtcdClusterType string
const (
EtcdClusterKstone EtcdClusterType = "kstone-etcd-operator"
EtcdClusterImported EtcdClusterType = "imported"
)
type EtcdStorageBackend string
const (
EtcdStorageV2 EtcdStorageBackend = "v2"
EtcdStorageV3 EtcdStorageBackend = "v3"
)
// EtcdClusterSpec defines the desired state of EtcdCluster
type EtcdClusterSpec struct {
Name string `json:"name" protobuf:"bytes,1,opt,name=name"` // etcd cluster name,uniqueKey
Description string `json:"description" protobuf:"bytes,2,opt,name=description"` // etcd description
AuthConfig AuthConfig `json:"authConfig,omitempty" protobuf:"bytes,3,opt,name=authConfig"` // tls config
DiskType string `json:"diskType" protobuf:"bytes,4,opt,name=diskType"` // disk type, CLOUD_SSD/CLOUD_PREMIUM/CLOUD_BASIC
DiskSize uint `json:"diskSize" protobuf:"varint,5,opt,name=diskSize"` // single node's disk size, unit: GB
Size uint `json:"size" protobuf:"varint,6,opt,name=size"` // etcd cluster member count: support 1, 3, 5, 7
Affinity corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,7,opt,name=affinity"`
Args []string `json:"args,omitempty" protobuf:"bytes,8,rep,name=args"`
Env []corev1.EnvVar `json:"env,omitempty" protobuf:"bytes,9,rep,name=env"` // etcd environment variables
StorageBackend string `json:"storageBackend" protobuf:"bytes,7,opt,name=storageBackend"`
Version string `json:"version" protobuf:"bytes,10,opt,name=version"` // etcd version
Repository string `json:"repository,omitempty" protobuf:"bytes,11,opt,name=repository"` // etcd image
ClusterType EtcdClusterType `json:"clusterType" protobuf:"bytes,12,opt,name=clusterType,casttype=EtcdClusterType"` // ClusterType specifies the etcd cluster provider.
Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,13,opt,name=resources"` // Resources specifies requests and limits
// If specified, the pod's tolerations.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
}
// AuthConfig defines tls
type AuthConfig struct {
EnableTLS bool `json:"enableTLS,omitempty" protobuf:"varint,1,opt,name=enableTLS"`
SAN []string `json:"san,omitempty" protobuf:"bytes,2,rep,name=san"`
TLSSecret string `json:"tlsSecret,omitempty" protobuf:"bytes,3,opt,name=tlsSecret"`
}
type KStoneFeature string
const (
KStoneFeatureAnno = "featureGates"
KStoneFeatureMonitor KStoneFeature = "monitor"
KStoneFeatureBackup KStoneFeature = "backup"
KStoneFeatureHealthy KStoneFeature = "healthy"
KStoneFeatureConsistency KStoneFeature = "consistency"
KStoneFeatureRequest KStoneFeature = "request"
KStoneFeatureAlarm KStoneFeature = "alarm"
KStoneFeatureBackupCheck KStoneFeature = "backupcheck"
)
// EtcdClusterStatus defines the actual state of EtcdCluster.
type EtcdClusterStatus struct {
Conditions []EtcdClusterCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`
Phase EtcdClusterPhase `json:"phase" protobuf:"bytes,2,opt,name=phase,casttype=EtcdClusterPhase"`
Members []MemberStatus `json:"members,omitempty" protobuf:"bytes,3,rep,name=members"`
FeatureGatesStatus map[KStoneFeature]string `json:"featureGatesStatus,omitempty" protobuf:"bytes,4,rep,name=featureGatesStatus,castkey=KStoneFeature"`
ServiceName string `json:"serviceName,omitempty" protobuf:"bytes,5,opt,name=serviceName"`
}
type MemberPhase string
const (
MemberPhaseUnStarted MemberPhase = "UnStarted" // etcd member list return unstarted
MemberPhaseUnKnown MemberPhase = "UnKnown" // endpoint can not be connected
MemberPhaseRunning MemberPhase = "Running" // health check returns healthy
MemberPhaseUnHealthy MemberPhase = "UnHealthy" // health check returns unhealthy
)
type EtcdMemberRole string
const (
EtcdMemberLearner EtcdMemberRole = "Learner"
// kstone can get the list of etcd members, but cannot connect to the endpoint.
EtcdMemberUnKnown EtcdMemberRole = "UnKnown"
EtcdMemberFollower EtcdMemberRole = "Follower"
EtcdMemberLeader EtcdMemberRole = "Leader"
)
type MemberStatus struct {
Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
MemberId string `json:"memberId" protobuf:"bytes,2,opt,name=memberId"`
Status MemberPhase `json:"status" protobuf:"bytes,3,opt,name=status,casttype=MemberPhase"`
Version string `json:"version" protobuf:"bytes,4,opt,name=version"`
Endpoint string `json:"endpoint" protobuf:"bytes,5,opt,name=endpoint"`
Port string `json:"port" protobuf:"bytes,6,opt,name=port"`
ClientUrl string `json:"clientUrl" protobuf:"bytes,7,opt,name=clientUrl"`
ExtensionClientUrl string `json:"extensionClientUrl" protobuf:"bytes,8,opt,name=extensionClientUrl"`
Role EtcdMemberRole `json:"role" protobuf:"bytes,9,opt,name=role,casttype=EtcdMemberRole"`
Errors []string `json:"errors,omitempty" protobuf:"bytes,10,rep,name=errors"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdClusterList contains a list of EtcdCluster
type EtcdClusterList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []EtcdCluster `json:"items" protobuf:"bytes,2,rep,name=items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:defaulter-gen=TypeMeta
// EtcdInspection is a specification for a EtcdInspection resource
type EtcdInspection struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Spec EtcdInspectionSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
Status EtcdInspectionStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
// EtcdInspectionSpec is the spec for a EtcdInspectionSpec resource
type EtcdInspectionSpec struct {
ClusterName string `json:"clusterName" protobuf:"bytes,1,opt,name=clusterName"`
InspectionType string `json:"inspectionType" protobuf:"bytes,2,opt,name=inspectionType"`
InspectionProvider string `json:"inspectionProvider,omitempty" protobuf:"bytes,3,opt,name=inspectionProvider"`
IntervalInSecond int `json:"intervalInSecond,omitempty" protobuf:"varint,4,opt,name=intervalInSecond"`
}
// EtcdInspectionRecord is the status record for a EtcdInspectionRecord resource
type EtcdInspectionRecord struct {
// Last time we got an update on a given condition.
// +optional
StartTime metav1.Time `json:"startTime,omitempty" protobuf:"bytes,1,opt,name=startTime"`
// Last time the condition transit from one status to another.
// +optional
EndTime metav1.Time `json:"endTime,omitempty" protobuf:"bytes,2,opt,name=endTime"`
// (brief) reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty" protobuf:"bytes,3,opt,name=reason"`
// Human readable message indicating details about last transition.
// +optional
Message string `json:"message,omitempty" protobuf:"bytes,4,opt,name=message"`
}
// EtcdInspectionStatus is the status for a EtcdInspectionStatus resource
type EtcdInspectionStatus struct {
Reason string `json:"reason,omitempty" protobuf:"bytes,1,opt,name=reason"`
Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"`
Records []EtcdInspectionRecord `json:"records,omitempty" protobuf:"bytes,3,rep,name=records"`
LastUpdatedTime metav1.Time `json:"lastUpdatedTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdatedTime"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdInspectionList is a list of EtcdInspection resources
type EtcdInspectionList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
Items []EtcdInspection `json:"items" protobuf:"bytes,2,rep,name=items"`
}
================================================
FILE: pkg/apis/kstone/v1alpha2/zz_generated.deepcopy.go
================================================
// +build !ignore_autogenerated
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha2
import (
v1 "k8s.io/api/core/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuthConfig) DeepCopyInto(out *AuthConfig) {
*out = *in
if in.SAN != nil {
in, out := &in.SAN, &out.SAN
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig.
func (in *AuthConfig) DeepCopy() *AuthConfig {
if in == nil {
return nil
}
out := new(AuthConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdCluster) DeepCopyInto(out *EtcdCluster) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdCluster.
func (in *EtcdCluster) DeepCopy() *EtcdCluster {
if in == nil {
return nil
}
out := new(EtcdCluster)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdCluster) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterCondition) DeepCopyInto(out *EtcdClusterCondition) {
*out = *in
in.StartTime.DeepCopyInto(&out.StartTime)
in.EndTime.DeepCopyInto(&out.EndTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterCondition.
func (in *EtcdClusterCondition) DeepCopy() *EtcdClusterCondition {
if in == nil {
return nil
}
out := new(EtcdClusterCondition)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterList) DeepCopyInto(out *EtcdClusterList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]EtcdCluster, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterList.
func (in *EtcdClusterList) DeepCopy() *EtcdClusterList {
if in == nil {
return nil
}
out := new(EtcdClusterList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdClusterList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterSpec) DeepCopyInto(out *EtcdClusterSpec) {
*out = *in
in.AuthConfig.DeepCopyInto(&out.AuthConfig)
in.Affinity.DeepCopyInto(&out.Affinity)
if in.Args != nil {
in, out := &in.Args, &out.Args
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Env != nil {
in, out := &in.Env, &out.Env
*out = make([]v1.EnvVar, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
in.Resources.DeepCopyInto(&out.Resources)
if in.Tolerations != nil {
in, out := &in.Tolerations, &out.Tolerations
*out = make([]v1.Toleration, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterSpec.
func (in *EtcdClusterSpec) DeepCopy() *EtcdClusterSpec {
if in == nil {
return nil
}
out := new(EtcdClusterSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdClusterStatus) DeepCopyInto(out *EtcdClusterStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
*out = make([]EtcdClusterCondition, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.Members != nil {
in, out := &in.Members, &out.Members
*out = make([]MemberStatus, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.FeatureGatesStatus != nil {
in, out := &in.FeatureGatesStatus, &out.FeatureGatesStatus
*out = make(map[KStoneFeature]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdClusterStatus.
func (in *EtcdClusterStatus) DeepCopy() *EtcdClusterStatus {
if in == nil {
return nil
}
out := new(EtcdClusterStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspection) DeepCopyInto(out *EtcdInspection) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
out.Spec = in.Spec
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspection.
func (in *EtcdInspection) DeepCopy() *EtcdInspection {
if in == nil {
return nil
}
out := new(EtcdInspection)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdInspection) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionList) DeepCopyInto(out *EtcdInspectionList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]EtcdInspection, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionList.
func (in *EtcdInspectionList) DeepCopy() *EtcdInspectionList {
if in == nil {
return nil
}
out := new(EtcdInspectionList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *EtcdInspectionList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionRecord) DeepCopyInto(out *EtcdInspectionRecord) {
*out = *in
in.StartTime.DeepCopyInto(&out.StartTime)
in.EndTime.DeepCopyInto(&out.EndTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionRecord.
func (in *EtcdInspectionRecord) DeepCopy() *EtcdInspectionRecord {
if in == nil {
return nil
}
out := new(EtcdInspectionRecord)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionSpec) DeepCopyInto(out *EtcdInspectionSpec) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionSpec.
func (in *EtcdInspectionSpec) DeepCopy() *EtcdInspectionSpec {
if in == nil {
return nil
}
out := new(EtcdInspectionSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EtcdInspectionStatus) DeepCopyInto(out *EtcdInspectionStatus) {
*out = *in
if in.Records != nil {
in, out := &in.Records, &out.Records
*out = make([]EtcdInspectionRecord, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
in.LastUpdatedTime.DeepCopyInto(&out.LastUpdatedTime)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdInspectionStatus.
func (in *EtcdInspectionStatus) DeepCopy() *EtcdInspectionStatus {
if in == nil {
return nil
}
out := new(EtcdInspectionStatus)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *MemberStatus) DeepCopyInto(out *MemberStatus) {
*out = *in
if in.Errors != nil {
in, out := &in.Errors, &out.Errors
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MemberStatus.
func (in *MemberStatus) DeepCopy() *MemberStatus {
if in == nil {
return nil
}
out := new(MemberStatus)
in.DeepCopyInto(out)
return out
}
================================================
FILE: pkg/apis/kstone/v1alpha2/zz_generated.defaults.go
================================================
// +build !ignore_autogenerated
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by defaulter-gen. DO NOT EDIT.
package v1alpha2
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// RegisterDefaults adds defaulters functions to the given scheme.
// Public to allow building arbitrary schemes.
// All generated defaulters are covering - they call all nested defaulters.
func RegisterDefaults(scheme *runtime.Scheme) error {
return nil
}
================================================
FILE: pkg/authentication/authenticator/authenticator.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package authenticator
import (
"sync"
"github.com/gin-gonic/gin"
"tkestack.io/kstone/cmd/kstone-api/config"
"tkestack.io/kstone/pkg/authentication"
)
const (
ProviderName = "generic"
)
var (
once sync.Once
instance *Authenticator
)
type Authenticator struct{}
func init() {
authentication.RegisterAuthenticatorFactory(ProviderName,
func(ctx *authentication.AuthenticatorContext) (authentication.Request, error) {
return initAuthenticatorInstance(ctx)
},
)
}
func initAuthenticatorInstance(ctx *authentication.AuthenticatorContext) (*Authenticator, error) {
once.Do(func() {
instance = &Authenticator{}
})
return instance, nil
}
// AuthenticateRequest authenticates the request using custom authenticator.Request objects.
func (a *Authenticator) AuthenticateRequest(ctx *gin.Context) (*authentication.Response, bool, error) {
authenticator, err := authentication.GetAuthenticatorProvider(config.Cfg.Authenticator, &authentication.AuthenticatorContext{})
if err != nil {
return authentication.UnauthenticatedResponse(), false, err
}
return authenticator.AuthenticateRequest(ctx)
}
================================================
FILE: pkg/authentication/authenticator/bearertoken/bearertoken.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package bearertoken
import (
"context"
"sync"
"github.com/gin-gonic/gin"
"k8s.io/klog/v2"
"tkestack.io/kstone/cmd/kstone-api/config"
"tkestack.io/kstone/pkg/authentication"
)
const (
ProviderName = "bearertoken"
)
var (
authContextOnce sync.Once
authenticator *Authenticator
)
type Authenticator struct{}
func init() {
authentication.RegisterAuthenticatorFactory(ProviderName,
func(ctx *authentication.AuthenticatorContext) (authentication.Request, error) {
return initAuthenticatorInstance(ctx)
},
)
}
func initAuthenticatorInstance(ctx *authentication.AuthenticatorContext) (*Authenticator, error) {
authContextOnce.Do(func() {
authenticator = &Authenticator{}
})
return authenticator, nil
}
func (a *Authenticator) AuthenticateRequest(ctx *gin.Context) (*authentication.Response, bool, error) {
key, err := authentication.GetPrivateKey()
if err != nil {
return authentication.InternalServerErrorResponse(authentication.UserUnknown, err.Error()), false, err
}
c := &authentication.TokenContext{
SignMethod: authentication.SignMethodRS256,
PrivateKey: key,
}
t, err := authentication.GetTokenProvider(config.Cfg.Token, c)
if err != nil {
klog.Errorf("login error: %v", err)
return authentication.InternalServerErrorResponse(authentication.UserUnknown, err.Error()), false, err
}
return t.AuthenticateToken(context.TODO(), ctx.GetHeader(authentication.JWTTokenKey))
}
================================================
FILE: pkg/authentication/helper.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package authentication
import (
"io/ioutil"
"golang.org/x/crypto/bcrypt"
)
const (
JWTTokenKey = "kstone-api-jwt"
SignMethodRS256 = "RS256"
DataSuccess = "success"
DataUnauthorized = "failed to authenticate user"
UserUnknown = "unknown"
DefaultKeyPath = "/app/certs/private.key"
DefaultKstoneNamespace = "kstone"
DefaultUsername = "admin"
DefaultPassword = "adm1n@kstone.io"
)
// Response is the struct returned by authenticator interfaces
type Response struct {
Username string `json:"username"`
ResetPassword bool `json:"reset_password"`
Token string `json:"token"`
Message string `json:"message"`
}
var DefaultConfigMapName = "kstone-api-user"
func SetAuthConfigMapName(name string) {
DefaultConfigMapName = name
}
func SuccessResponse(username string, message string) *Response {
return &Response{
Username: username,
Message: message,
}
}
func SuccessTokenResponse(username string, token string) *Response {
return &Response{
Username: username,
Token: token,
}
}
func SuccessResetPasswordResponse(username string, token string) *Response {
return &Response{
Username: username,
Token: token,
ResetPassword: true,
}
}
func UnauthenticatedResponse() *Response {
return &Response{
Username: UserUnknown,
Message: DataUnauthorized,
}
}
func InternalServerErrorResponse(username string, message string) *Response {
return &Response{
Username: username,
Message: message,
}
}
func GetPrivateKey() (string, error) {
key, err := ioutil.ReadFile(DefaultKeyPath)
if err != nil {
return "", err
}
return string(key), nil
}
func GeneratePasswordHash(password string) (string, error) {
ph, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return "", err
}
return string(ph), nil
}
func IsDefaultUser(username, password string) bool {
return username == DefaultUsername && password == DefaultPassword
}
func CheckPassword(hashedPassword, password string) error {
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
}
================================================
FILE: pkg/authentication/interfaces.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package authentication
import (
"context"
"github.com/gin-gonic/gin"
)
// Token checks a string value against a backing authentication store and
// returns a Response or an error if the token could not be checked.
type Token interface {
AuthenticateToken(ctx context.Context, token string) (*Response, bool, error)
}
// TokenGenerator generates tokens
type TokenGenerator interface {
GenerateToken(ctx context.Context, username string, password string) (string, error)
}
// Request attempts to extract authentication information from a request and
// returns a Response or an error if the request could not be checked.
type Request interface {
AuthenticateRequest(ctx *gin.Context) (*Response, bool, error)
}
type TokenContext struct {
SignMethod string
PrivateKey string
TTL string
}
type AuthenticatorContext struct{}
================================================
FILE: pkg/authentication/plugins.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package authentication
import (
"errors"
"sync"
"k8s.io/klog/v2"
)
var (
mutex sync.Mutex
TokenProviders = make(map[string]TokenFactory)
AuthenticatorProviders = make(map[string]AuthenticatorFactory)
)
type TokenFactory func(cfg *TokenContext) (Token, error)
type AuthenticatorFactory func(cfg *AuthenticatorContext) (Request, error)
// RegisterTokenFactory registers the specified token provider
func RegisterTokenFactory(name string, factory TokenFactory) {
mutex.Lock()
defer mutex.Unlock()
if _, found := TokenProviders[name]; found {
klog.V(2).Infof("token provider:%s was registered twice", name)
}
klog.V(2).Infof("token provider:%s", name)
TokenProviders[name] = factory
}
// RegisterAuthenticatorFactory registers the specified authenticator provider
func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory) {
mutex.Lock()
defer mutex.Unlock()
if _, found := AuthenticatorProviders[name]; found {
klog.V(2).Infof("authenticator provider:%s was registered twice", name)
}
klog.V(2).Infof("authenticator provider:%s", name)
AuthenticatorProviders[name] = factory
}
// GetTokenProvider gets the specified token provider
func GetTokenProvider(name string, ctx *TokenContext) (Token, error) {
mutex.Lock()
defer mutex.Unlock()
f, found := TokenProviders[name]
klog.V(1).Infof("get token name %s,status:%t", name, found)
if !found {
return nil, errors.New("fatal error,token provider not found")
}
return f(ctx)
}
// GetAuthenticatorProvider gets the specified authenticator provider
func GetAuthenticatorProvider(name string, ctx *AuthenticatorContext) (Request, error) {
mutex.Lock()
defer mutex.Unlock()
f, found := AuthenticatorProviders[name]
klog.V(1).Infof("get token name %s,status:%t", name, found)
if !found {
return nil, errors.New("fatal error,token provider not found")
}
return f(ctx)
}
================================================
FILE: pkg/authentication/providers/providers.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package providers
import (
// import jwt token provider
_ "tkestack.io/kstone/pkg/authentication/token/jwt"
// import generic authenticator provider
_ "tkestack.io/kstone/pkg/authentication/authenticator"
// import bearer token authenticator provider
_ "tkestack.io/kstone/pkg/authentication/authenticator/bearertoken"
)
================================================
FILE: pkg/authentication/request/request.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package request
import (
"encoding/json"
"errors"
"io/ioutil"
"strings"
"github.com/gin-gonic/gin"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/authentication"
"tkestack.io/kstone/pkg/authentication/authenticator"
"tkestack.io/kstone/pkg/authentication/token/jwt"
)
func LoginRequest(ctx *gin.Context) (*authentication.Response, bool, error) {
username, password, err := getUser(ctx)
if err != nil {
klog.Errorf("get user error: %v", err)
return authentication.UnauthenticatedResponse(), false, err
}
store := authentication.GetDefaultStoreInstance()
user, err := store.UserGet(username)
if err != nil {
klog.Errorf("get store user error: %v", err)
return authentication.UnauthenticatedResponse(), false, err
}
if err := authentication.CheckPassword(user.HashedPassword, password); err != nil {
klog.Errorf("check password error: %v", err)
return authentication.UnauthenticatedResponse(), false, errors.New(authentication.DataUnauthorized)
}
token, err := jwt.GenerateToken(username, user.HashedPassword)
if err != nil {
klog.Errorf("generate token error: %v", err)
return nil, false, err
}
if authentication.IsDefaultUser(username, password) {
return authentication.SuccessResetPasswordResponse(username, token), true, nil
}
return authentication.SuccessTokenResponse(username, token), true, nil
}
func MiddlewareRequest(ctx *gin.Context) (*authentication.Response, bool, error) {
a, err := authentication.GetAuthenticatorProvider(authenticator.ProviderName, &authentication.AuthenticatorContext{})
if err != nil {
klog.Errorf("get authenticator error: %v", err)
return authentication.InternalServerErrorResponse(authentication.UserUnknown, err.Error()), false, err
}
return a.AuthenticateRequest(ctx)
}
func UserListRequest(ctx *gin.Context) (*authentication.Response, error) {
var usernames []string
store := authentication.GetDefaultStoreInstance()
users, err := store.UserList()
if err != nil {
klog.Errorf("list store users error: %v", err)
return authentication.UnauthenticatedResponse(), err
}
for _, u := range users {
usernames = append(usernames, u.Name)
}
return authentication.SuccessResponse("", strings.Join(usernames, ",")), nil
}
func UserUpdateRequest(ctx *gin.Context) (*authentication.Response, error) {
username, password, err := getUser(ctx)
if err != nil {
klog.Errorf("get user error: %v", err)
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
store := authentication.GetDefaultStoreInstance()
passwordHash, err := authentication.GeneratePasswordHash(password)
if err != nil {
klog.Errorf("generate password hash error: %v", err)
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
if err := store.UserChangePassword(username, passwordHash); err != nil {
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
return authentication.SuccessResponse(username, authentication.DataSuccess), nil
}
func UserAddRequest(ctx *gin.Context) (*authentication.Response, error) {
username, password, err := getUser(ctx)
if err != nil {
klog.Errorf("get user error: %v", err)
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
store := authentication.GetDefaultStoreInstance()
hashedPassword, err := authentication.GeneratePasswordHash(password)
if err != nil {
klog.Errorf("generate password hash error: %v", err)
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
if err := store.UserAdd(authentication.User{Name: username, HashedPassword: hashedPassword}); err != nil {
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
return authentication.SuccessResponse(username, authentication.DataSuccess), nil
}
func UserDeleteRequest(ctx *gin.Context) (*authentication.Response, error) {
username, _, err := getUser(ctx)
if err != nil {
klog.Errorf("get user error: %v", err)
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
store := authentication.GetDefaultStoreInstance()
if err := store.UserDelete(username); err != nil {
return authentication.InternalServerErrorResponse(username, err.Error()), err
}
return authentication.SuccessResponse(username, authentication.DataSuccess), nil
}
func getUser(ctx *gin.Context) (username string, password string, err error) {
body, err := ioutil.ReadAll(ctx.Request.Body)
if err != nil {
return "", "", err
}
requestMap := make(map[string]string)
if err := json.Unmarshal(body, &requestMap); err != nil {
return "", "", err
}
if requestMap["username"] == "" {
return "", "", errors.New("username is empty")
}
return requestMap["username"], requestMap["password"], nil
}
================================================
FILE: pkg/authentication/store.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package authentication
import (
"context"
"fmt"
"k8s.io/client-go/kubernetes"
"sync"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"tkestack.io/kstone/pkg/controllers/util"
)
var (
once sync.Once
instance *DefaultStore
)
// Store gets and updates users
type Store interface {
// UserGet gets a user
UserGet(username string) (*User, error)
// UserAdd adds a user
UserAdd(user User) error
// UserDelete deletes a user
UserDelete(username string) error
// UserList lists users
UserList() ([]*User, error)
// UserChangePassword changes a password of a user
UserChangePassword(username, password string) error
}
type User struct {
Name string
HashedPassword string
ExtraInfo map[string]interface{}
}
type DefaultStore struct {
kubeCli kubernetes.Interface
}
func GetDefaultStoreInstance() *DefaultStore {
once.Do(func() {
instance = &DefaultStore{
kubeCli: util.NewSimpleClientBuilder("").ClientOrDie(),
}
})
return instance
}
func (s *DefaultStore) UserGet(username string) (*User, error) {
cm, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Get(context.TODO(), DefaultConfigMapName, metav1.GetOptions{})
if err != nil {
return nil, err
}
hashedPassword, ok := cm.Data[username]
if !ok {
return nil, fmt.Errorf("failed to get user %s, user not exists", username)
}
return &User{
Name: username,
HashedPassword: hashedPassword,
}, err
}
func (s *DefaultStore) UserAdd(user User) error {
cm, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Get(context.TODO(), DefaultConfigMapName, metav1.GetOptions{})
if err != nil {
return err
}
_, ok := cm.Data[user.Name]
if ok {
return fmt.Errorf("failed to add user %s, user already exists", user.Name)
}
cm.Data[user.Name] = user.HashedPassword
if _, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Update(context.TODO(), cm, metav1.UpdateOptions{}); err != nil {
return err
}
return nil
}
func (s *DefaultStore) UserDelete(username string) error {
cm, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Get(context.TODO(), DefaultConfigMapName, metav1.GetOptions{})
if err != nil {
return err
}
_, ok := cm.Data[username]
if !ok {
return fmt.Errorf("failed to delete user %s, user not exists", username)
}
if len(cm.Data) == 1 {
return fmt.Errorf("failed to delete user %s, only one user remains", username)
}
delete(cm.Data, username)
if _, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Update(context.TODO(), cm, metav1.UpdateOptions{}); err != nil {
return err
}
return nil
}
func (s *DefaultStore) UserList() ([]*User, error) {
var userList []*User
cm, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Get(context.TODO(), DefaultConfigMapName, metav1.GetOptions{})
if err != nil {
return nil, err
}
for u, p := range cm.Data {
userList = append(userList, &User{
Name: u,
HashedPassword: p,
})
}
return userList, nil
}
func (s *DefaultStore) UserChangePassword(username, password string) error {
cm, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Get(context.TODO(), DefaultConfigMapName, metav1.GetOptions{})
if err != nil {
return err
}
_, ok := cm.Data[username]
if !ok {
return fmt.Errorf("failed to change password for user %s, user not exists", username)
}
cm.Data[username] = password
if _, err := s.kubeCli.CoreV1().ConfigMaps(DefaultKstoneNamespace).Update(context.TODO(), cm, metav1.UpdateOptions{}); err != nil {
return err
}
return nil
}
================================================
FILE: pkg/authentication/token/jwt/generator.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package jwt
import (
"context"
"crypto/rsa"
"sync"
"time"
"github.com/golang-jwt/jwt"
"k8s.io/klog/v2"
)
var (
tokenOnce sync.Once
tokenGenerator *TokenGenerator
)
type TokenGenerator struct {
signMethod jwt.SigningMethod
key interface{}
ttl time.Duration
}
func NewTokenGenerator(ttl, privateKey, signMethod string) (*TokenGenerator, error) {
var err error
tokenOnce.Do(func() {
var duration time.Duration
var key *rsa.PrivateKey
if ttl == "" {
duration = defaultTTL
} else {
duration, err = time.ParseDuration(ttl)
}
key, err = jwt.ParseRSAPrivateKeyFromPEM([]byte(privateKey))
tokenGenerator = &TokenGenerator{
signMethod: jwt.GetSigningMethod(signMethod),
ttl: duration,
key: key,
}
})
if err != nil {
return nil, err
}
return tokenGenerator, nil
}
func (t *TokenGenerator) GenerateToken(ctx context.Context, username string, password string) (string, error) {
tk := jwt.NewWithClaims(t.signMethod,
jwt.MapClaims{
"username": username,
"password": password,
"exp": time.Now().Add(t.ttl).Unix(),
})
token, err := tk.SignedString(t.key)
if err != nil {
klog.Infof("failed to sign a JWT token for user %s, error is: %v", username, err)
return "", err
}
return token, err
}
================================================
FILE: pkg/authentication/token/jwt/jwt.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package jwt
import (
"context"
"crypto/rsa"
"errors"
"fmt"
"sync"
"time"
"github.com/golang-jwt/jwt"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/authentication"
)
const (
ProviderName = "jwt"
)
var (
// defaultTTL will be used when a 'ttl' is not specified
defaultTTL = 24 * time.Hour
once sync.Once
instance *TokenAuthenticator
)
type TokenAuthenticator struct {
signMethod jwt.SigningMethod
key interface{}
ttl time.Duration
}
type authInfo struct {
username string
password string
}
func init() {
authentication.RegisterTokenFactory(ProviderName,
func(ctx *authentication.TokenContext) (authentication.Token, error) {
return initTokenInstance(ctx)
},
)
}
func initTokenInstance(ctx *authentication.TokenContext) (*TokenAuthenticator, error) {
var err error
once.Do(func() {
var duration time.Duration
var key *rsa.PrivateKey
if ctx.TTL == "" {
duration = defaultTTL
} else {
duration, err = time.ParseDuration(ctx.TTL)
}
key, err = jwt.ParseRSAPrivateKeyFromPEM([]byte(ctx.PrivateKey))
instance = &TokenAuthenticator{
signMethod: jwt.GetSigningMethod(ctx.SignMethod),
ttl: duration,
key: key,
}
})
if err != nil {
return nil, err
}
return instance, nil
}
func (a *TokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authentication.Response, bool, error) {
info, err := a.info(token)
if err != nil {
return authentication.UnauthenticatedResponse(), false, err
}
store := authentication.GetDefaultStoreInstance()
user, err := store.UserGet(info.username)
if err != nil {
klog.Errorf("get user error: %v", err)
return authentication.UnauthenticatedResponse(), false, errors.New(authentication.DataUnauthorized)
}
if info.username != user.Name || info.password != user.HashedPassword {
return authentication.UnauthenticatedResponse(), false, fmt.Errorf("incorrect username or password")
}
return authentication.SuccessResponse(info.username, authentication.DataSuccess), true, nil
}
func (a *TokenAuthenticator) info(token string) (*authInfo, error) {
parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
if token.Method.Alg() != a.signMethod.Alg() {
return nil, errors.New("invalid signing method")
}
switch k := a.key.(type) {
case *rsa.PrivateKey:
return &k.PublicKey, nil
default:
return nil, errors.New("invalid private key")
}
})
if err != nil {
klog.Errorf("failed to parse a JWT token: %s, error: %v", token, err)
return nil, err
}
claims, ok := parsed.Claims.(jwt.MapClaims)
if !parsed.Valid || !ok || claims["username"] == nil || claims["password"] == nil {
klog.Errorf("invalid JWT token: %s", token)
return nil, fmt.Errorf("invalid JWT token: %s", token)
}
return &authInfo{
username: claims["username"].(string),
password: claims["password"].(string),
}, err
}
func GenerateToken(username, hashedPassword string) (string, error) {
key, err := authentication.GetPrivateKey()
if err != nil {
return "", err
}
t, err := NewTokenGenerator("", key, authentication.SignMethodRS256)
if err != nil {
klog.Errorf("new token generator error: %v", err)
return "", err
}
return t.GenerateToken(context.TODO(), username, hashedPassword)
}
================================================
FILE: pkg/backup/backup.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package backup
import (
"context"
"encoding/json"
"errors"
"fmt"
"reflect"
"strings"
backupapiv2 "github.com/coreos/etcd-operator/pkg/apis/etcd/v1beta2"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
apiYaml "k8s.io/apimachinery/pkg/runtime/serializer/yaml"
"k8s.io/client-go/dynamic"
"k8s.io/client-go/kubernetes"
"k8s.io/klog/v2"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"sigs.k8s.io/yaml"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
platformscheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
type Config struct {
StorageType backupapiv2.BackupStorageType `json:"storageType"`
StoragePolicy *backupapiv2.BackupPolicy `json:"backupPolicy,omitempty"`
backupapiv2.BackupSource `json:",inline"`
}
type Server struct {
cli dynamic.Interface
kubeCli kubernetes.Interface
}
const (
AnnoBackupConfig = "backup"
BackupGroup = "etcd.database.coreos.com"
BackupVersion = "v1beta2"
BackupResource = "etcdbackups"
BackupKind = "EtcdBackup"
)
var (
BackupSchema = schema.GroupVersionResource{
Group: BackupGroup,
Version: BackupVersion,
Resource: BackupResource,
}
backupSchemaKind = schema.GroupVersionKind{
Group: BackupGroup,
Version: BackupVersion,
Kind: BackupKind,
}
)
// NewBackupServer generates backup provider
func NewBackupServer(clientBuilder util.ClientBuilder) (*Server, error) {
cli, err := dynamic.NewForConfig(clientBuilder.ConfigOrDie())
if err != nil {
klog.Errorf("failed to init backup client,err is %v", err)
return nil, err
}
return &Server{
cli: cli,
kubeCli: clientBuilder.ClientOrDie(),
}, err
}
// encodeBackupObj encodes backup object
func (bak *Server) encodeBackupObj(obj *unstructured.Unstructured) (*backupapiv2.EtcdBackup, error) {
data, err := obj.MarshalJSON()
if err != nil {
return nil, err
}
var newBackup backupapiv2.EtcdBackup
if err := json.Unmarshal(data, &newBackup); err != nil {
return nil, err
}
return &newBackup, nil
}
// decodeBackupObj decodes backup object
func (bak *Server) decodeBackupObj(backup *backupapiv2.EtcdBackup) (*unstructured.Unstructured, error) {
data, err := json.Marshal(backup)
if err != nil {
return nil, fmt.Errorf("transfer json failed, err is %v", err)
}
yml, er := yaml.JSONToYAML(data)
if er != nil {
return nil, fmt.Errorf("transfer yaml failed, err is %v", err)
}
decoder := apiYaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme)
obj := &unstructured.Unstructured{}
if _, _, err := decoder.Decode(yml, &backupSchemaKind, obj); err != nil {
return nil, err
}
return obj, nil
}
// CreateEtcdBackupByYaml creates etcd backup by yaml
func (bak *Server) CreateEtcdBackupByYaml(backup *backupapiv2.EtcdBackup) error {
obj, err := bak.decodeBackupObj(backup)
if err != nil {
return fmt.Errorf("decode backup failed, err is %v", err)
}
_, err = bak.cli.Resource(BackupSchema).
Namespace(backup.Namespace).
Create(context.TODO(), obj, metav1.CreateOptions{})
if err != nil && !apierrors.IsAlreadyExists(err) {
return fmt.Errorf("create etcdbackup failed, err is %v", err)
}
return nil
}
// GetEtcdBackup gets etcd backup
func (bak *Server) GetEtcdBackup(name, namespace string) (*backupapiv2.EtcdBackup, error) {
obj, err := bak.cli.Resource(BackupSchema).Namespace(namespace).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
return nil, err
}
return bak.encodeBackupObj(obj)
}
// DeleteEtcdBackup deletes etcd backup
func (bak *Server) DeleteEtcdBackup(name, namespace string) error {
err := bak.cli.Resource(BackupSchema).Namespace(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
if err != nil && !apierrors.IsNotFound(err) {
return err
}
return nil
}
// UpdateEtcdBackup updates etcd backup
func (bak *Server) UpdateEtcdBackup(backup *backupapiv2.EtcdBackup) (*backupapiv2.EtcdBackup, error) {
obj, err := bak.decodeBackupObj(backup)
if err != nil {
return nil, fmt.Errorf("decode backup failed, err is %v", err)
}
oldObj, err := bak.cli.Resource(BackupSchema).
Namespace(backup.Namespace).
Get(context.TODO(), backup.GetName(), metav1.GetOptions{})
if err != nil {
return nil, err
}
obj.SetResourceVersion(oldObj.GetResourceVersion())
obj, err = bak.cli.Resource(BackupSchema).
Namespace(backup.Namespace).
Update(context.TODO(), obj, metav1.UpdateOptions{})
if err != nil {
return nil, err
}
return bak.encodeBackupObj(obj)
}
// parseBackupConfig parses backup config
func (bak *Server) parseBackupConfig(cluster *kstonev1alpha2.EtcdCluster) (*Config, string, error) {
annotations := cluster.ObjectMeta.Annotations
if annotations == nil {
annotations = make(map[string]string)
}
strCfg, found := annotations[AnnoBackupConfig]
if !found {
klog.Errorf(
"not found backup config, annotation key %s not exists, namespace is %s, name is %s",
AnnoBackupConfig,
cluster.Namespace,
cluster.Name,
)
return nil, "", errors.New("backup config not found")
}
secretName := ""
secretName, found = annotations[util.ClusterTLSSecretName]
if strings.Contains(secretName, "/") {
secretName = strings.Split(secretName, "/")[1]
}
// If enables tls and secretName cannot be empty
authConfig := cluster.Spec.AuthConfig
if authConfig.EnableTLS && !found {
klog.Errorf("tlsEnabled cluster no secret, namespace is %s, name is %s", cluster.Namespace, cluster.Name)
return nil, "", errors.New("secretName not found")
}
cfg := &Config{}
err := json.Unmarshal([]byte(strCfg), cfg)
if err != nil {
klog.Errorf(
"failed to parse backup config, namespace is %s, name is %s, err is %v",
cluster.Namespace,
cluster.Name,
err,
)
return nil, "", errors.New("backup config parse failed")
}
return cfg, secretName, nil
}
// initEtcdBackup generates etcd backup
func (bak *Server) initEtcdBackup(cluster *kstonev1alpha2.EtcdCluster) (*backupapiv2.EtcdBackup, error) {
backupCfg, secretName, err := bak.parseBackupConfig(cluster)
if err != nil {
return nil, err
}
backup := &backupapiv2.EtcdBackup{
TypeMeta: metav1.TypeMeta{
Kind: BackupKind,
APIVersion: BackupGroup + "/" + BackupVersion,
},
ObjectMeta: metav1.ObjectMeta{
Name: cluster.Name,
Namespace: cluster.Namespace,
Labels: cluster.ObjectMeta.Labels,
},
Spec: backupapiv2.BackupSpec{
EtcdEndpoints: []string{cluster.Status.ServiceName},
StorageType: backupCfg.StorageType,
//ClientTLSSecret: secretName,
//InsecureSkipVerify: true,
BackupPolicy: backupCfg.StoragePolicy,
BackupSource: backupCfg.BackupSource,
//BasicAuthSecret: secretName,
},
}
//load secretConfig
clientConfigGetter := etcd.NewClientConfigSecretGetter(util.NewSimpleClientBuilder(""))
klog.Infof("secretName: %s", secretName)
path := fmt.Sprintf("%s/%s", cluster.Namespace, cluster.Name)
config, err := clientConfigGetter.New(path, secretName)
if err != nil {
klog.Errorf("failed to get cluster, namespace is %s, name is %s, err is %v", cluster.Namespace, cluster.Name, err)
return nil, err
}
if config.Username != "" {
backup.Spec.BasicAuthSecret = secretName
}
if config.CaCert != "" {
backup.Spec.ClientTLSSecret = secretName
backup.Spec.InsecureSkipVerify = true
}
return backup, nil
}
// Equal checks whether the backup resource needs to be updated
func (bak *Server) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
namespace, name := cluster.Namespace, cluster.Name
backup, err := bak.GetEtcdBackup(name, namespace)
if err != nil {
return apierrors.IsNotFound(err)
}
newBackup, err := bak.initEtcdBackup(cluster)
if err != nil {
klog.Errorf("init etcd backup failed, namespace is %s, name is %s, err is %v", namespace, name, err)
return false
}
return !reflect.DeepEqual(backup, &newBackup)
}
// CheckEqualIfDisabled checks whether the backup resource is not found if it is disabled
func (bak *Server) CheckEqualIfDisabled(cluster *kstonev1alpha2.EtcdCluster) bool {
if _, err := bak.GetEtcdBackup(cluster.Name, cluster.Namespace); apierrors.IsNotFound(err) {
return true
}
return false
}
// CheckEqualIfEnabled checks whether the backup resource is equal if it is enabled
func (bak *Server) CheckEqualIfEnabled(cluster *kstonev1alpha2.EtcdCluster) bool {
namespace, name := cluster.Namespace, cluster.Name
backup, err := bak.GetEtcdBackup(name, namespace)
if err != nil && apierrors.IsNotFound(err) {
return false
}
newBackup, err := bak.initEtcdBackup(cluster)
if err != nil {
klog.Errorf("init etcd backup failed, namespace is %s, name is %s, err is %v", namespace, name, err)
return false
}
return reflect.DeepEqual(backup, &newBackup)
}
// CleanBackup cleans the etcdbackup if it is disabled.
func (bak *Server) CleanBackup(cluster *kstonev1alpha2.EtcdCluster) error {
err := bak.DeleteEtcdBackup(cluster.Name, cluster.Namespace)
if err != nil {
klog.Errorf("failed to delete etcd backup, namespace is %s, name is %s, err is %v", cluster.Namespace, cluster.Name, err)
}
return err
}
// SyncBackup synchronizes the etcdbackup if it is enabled.
func (bak *Server) SyncBackup(cluster *kstonev1alpha2.EtcdCluster) error {
namespace, name := cluster.Namespace, cluster.Name
newBackup, err := bak.initEtcdBackup(cluster)
if err != nil {
klog.Errorf("failed to init etcd backup, namespace is %s, name is %s, err is %v", namespace, name, err)
return err
}
err = controllerutil.SetOwnerReference(cluster, newBackup, platformscheme.Scheme)
if err != nil {
klog.Errorf("set reference failed, err is %s, backup is %s", newBackup.Name)
return err
}
_, err = bak.GetEtcdBackup(name, namespace)
if err != nil && !apierrors.IsNotFound(err) {
klog.Errorf("failed to get etcd backup, namespace is %s, name is %s, err is %v", namespace, name, err)
return err
}
if apierrors.IsNotFound(err) {
err = bak.CreateEtcdBackupByYaml(newBackup)
if err != nil {
klog.Errorf("failed to create etcd backup, namespace is %s, name is %s, err is %v", namespace, name, err)
}
return err
}
_, err = bak.UpdateEtcdBackup(newBackup)
if err != nil {
klog.Errorf("failed to update etcd backup, namespace is %s, name is %s, err is %v", namespace, name, err)
}
return err
}
================================================
FILE: pkg/backup/plugins.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package backup
import (
"errors"
"sync"
klog "k8s.io/klog/v2"
)
var (
mutex sync.Mutex
Providers = make(map[string]Factory)
)
type Factory func(cfg *StorageConfig) (Storage, error)
// RegisterBackupStorageFactory registers the specified backup storage provider
func RegisterBackupStorageFactory(name string, factory Factory) {
mutex.Lock()
defer mutex.Unlock()
if _, found := Providers[name]; found {
klog.V(2).Infof("backup storage provider:%s was registered twice", name)
}
klog.V(2).Infof("register backup storage provider:%s", name)
Providers[name] = factory
}
// GetBackupStorageProvider gets the specified backup storage provider
func GetBackupStorageProvider(name string, config *StorageConfig) (Storage, error) {
mutex.Lock()
defer mutex.Unlock()
f, found := Providers[name]
klog.V(1).Infof("get provider name %s,status:%t", name, found)
if !found {
return nil, errors.New("fatal error,backup storage provider not found")
}
return f(config)
}
================================================
FILE: pkg/backup/providers/cos/cos.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package cos
import (
"context"
"errors"
"fmt"
"net/http"
"net/url"
"strings"
"time"
"github.com/coreos/etcd-operator/pkg/apis/etcd/v1beta2"
tencentCOS "github.com/tencentyun/cos-go-sdk-v5"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/backup"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
)
const (
ProviderName = string(v1beta2.BackupStorageTypeCOS)
)
type StorageCOS struct {
kubeCli kubernetes.Interface
}
func init() {
backup.RegisterBackupStorageFactory(ProviderName, func(config *backup.StorageConfig) (backup.Storage, error) {
return NewCOSBackupProvider(config), nil
})
}
func NewCOSBackupProvider(config *backup.StorageConfig) backup.Storage {
return &StorageCOS{
kubeCli: config.KubeCli,
}
}
func (c *StorageCOS) List(cluster *v1alpha2.EtcdCluster) (interface{}, error) {
// get backup config
backupConfig, err := backup.GetBackupConfig(cluster)
if err != nil {
klog.Errorf("failed to get backup config,cluster %s,err is %v", cluster.Name, err)
return nil, err
}
klog.V(3).Infof("backup config is %v", backupConfig)
secret, err := c.kubeCli.CoreV1().Secrets(cluster.Namespace).Get(context.TODO(), backupConfig.COS.COSSecret, v1.GetOptions{})
if err != nil {
klog.Errorf(err.Error())
return nil, err
}
secretID := string(secret.Data["secret-id"])
secretKey := string(secret.Data["secret-key"])
klog.Info(secretID)
klog.Info(secretKey)
cosPath := backupConfig.COS.Path
if !strings.Contains(cosPath, "https://") {
cosPath = fmt.Sprintf("https://%s", cosPath)
}
u, _ := url.Parse(cosPath)
b := &tencentCOS.BaseURL{BucketURL: u}
client := tencentCOS.NewClient(b, &http.Client{
Transport: &tencentCOS.AuthorizationTransport{
SecretID: secretID,
SecretKey: secretKey,
},
})
result, _, err := client.Bucket.Get(context.Background(), &tencentCOS.BucketGetOptions{
Prefix: strings.TrimLeft(b.BucketURL.Path, "/"),
})
if err != nil {
klog.Errorf(err.Error())
return nil, err
}
return result.Contents, nil
}
func (c *StorageCOS) Stat(objects interface{}) (int, error) {
cosObjects, ok := objects.([]tencentCOS.Object)
if !ok {
return 0, errors.New("can not decode objects to COS objects")
}
backupFiles := 0
for i := len(cosObjects) - 1; i >= 0; i-- {
lastModifiedTime, err := time.Parse("2006-01-02T15:04:05Z", cosObjects[i].LastModified)
if err != nil {
return 0, errors.New("can not parse COS time")
}
timeElapse := int64(time.Since(lastModifiedTime).Seconds())
if timeElapse > featureutil.OneDaySeconds {
break
}
backupFiles++
}
return backupFiles, nil
}
================================================
FILE: pkg/backup/providers/providers.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package providers
import (
// import cos provider
_ "tkestack.io/kstone/pkg/backup/providers/cos"
// import s3 provider
_ "tkestack.io/kstone/pkg/backup/providers/s3"
)
================================================
FILE: pkg/backup/providers/s3/clientwrapper.go
================================================
package s3
import (
"context"
"fmt"
"io/ioutil"
"os"
"path"
"github.com/aws/aws-sdk-go/aws/session"
awsS3 "github.com/aws/aws-sdk-go/service/s3"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)
const (
tmpdir = "/tmp"
)
// ClientS3Wrapper is a wrapper for S3 client that provides cleanup functionality.
type ClientS3Wrapper struct {
S3 *awsS3.S3
configDir string
}
// NewClientFromSecret returns a S3 client based on given k8s secret containing aws credentials.
func NewClientFromSecret(kubecli kubernetes.Interface, namespace, endpoint, awsSecret string, forcePathStyle bool) (w *ClientS3Wrapper, err error) {
defer func() {
if err != nil {
err = fmt.Errorf("new S3 client failed: %v", err)
}
}()
w = &ClientS3Wrapper{}
w.configDir, err = ioutil.TempDir(tmpdir, "")
if err != nil {
return nil, fmt.Errorf("failed to create aws config dir: (%v)", err)
}
so, err := setupAWSConfig(kubecli, namespace, awsSecret, endpoint, w.configDir, forcePathStyle)
if err != nil {
return nil, fmt.Errorf("failed to setup aws config: (%v)", err)
}
sess, err := session.NewSessionWithOptions(*so)
if err != nil {
return nil, fmt.Errorf("new AWS session failed: %v", err)
}
w.S3 = awsS3.New(sess)
return w, nil
}
// Close cleans up all intermediate resources for creating S3 client.
func (w *ClientS3Wrapper) Close() {
os.RemoveAll(w.configDir)
}
// setupAWSConfig setup local AWS config/credential files from Kubernetes aws secret.
func setupAWSConfig(kubecli kubernetes.Interface, ns, secret, endpoint, configDir string, forcePathStyle bool) (*session.Options, error) {
options := &session.Options{}
options.SharedConfigState = session.SharedConfigEnable
// empty string defaults to aws
options.Config.Endpoint = &endpoint
options.Config.S3ForcePathStyle = &forcePathStyle
se, err := kubecli.CoreV1().Secrets(ns).Get(context.TODO(), secret, metav1.GetOptions{})
if err != nil {
return nil, fmt.Errorf("setup AWS config failed: get k8s secret failed: %v", err)
}
creds := se.Data["credentials"]
if len(creds) != 0 {
credsFile := path.Join(configDir, "credentials")
err = ioutil.WriteFile(credsFile, creds, 0600)
if err != nil {
return nil, fmt.Errorf("setup AWS config failed: write credentials file failed: %v", err)
}
options.SharedConfigFiles = append(options.SharedConfigFiles, credsFile)
}
config := se.Data["config"]
if len(config) != 0 {
configFile := path.Join(configDir, "config")
err = ioutil.WriteFile(configFile, config, 0600)
if err != nil {
return nil, fmt.Errorf("setup AWS config failed: write config file failed: %v", err)
}
options.SharedConfigFiles = append(options.SharedConfigFiles, configFile)
}
return options, nil
}
================================================
FILE: pkg/backup/providers/s3/s3.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package s3
import (
"context"
"errors"
"fmt"
"strings"
"time"
awsS3 "github.com/aws/aws-sdk-go/service/s3"
"github.com/coreos/etcd-operator/pkg/apis/etcd/v1beta2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/backup"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
)
const (
ProviderName = string(v1beta2.BackupStorageTypeS3)
)
type StorageS3 struct {
kubeCli kubernetes.Interface
}
func init() {
backup.RegisterBackupStorageFactory(ProviderName, func(config *backup.StorageConfig) (backup.Storage, error) {
return NewS3BackupProvider(config), nil
})
}
func NewS3BackupProvider(config *backup.StorageConfig) backup.Storage {
return &StorageS3{
kubeCli: config.KubeCli,
}
}
func (c *StorageS3) List(cluster *v1alpha2.EtcdCluster) (interface{}, error) {
// get backup config
backupConfig, err := backup.GetBackupConfig(cluster)
if err != nil {
klog.Errorf("failed to get backup config,cluster %s,err is %v", cluster.Name, err)
return nil, err
}
klog.V(3).Infof("backup config is %v", backupConfig)
secret, err := c.kubeCli.CoreV1().Secrets(cluster.Namespace).Get(context.TODO(), backupConfig.S3.AWSSecret, v1.GetOptions{})
if err != nil {
klog.Errorf(err.Error())
return nil, err
}
bucket := strings.Split(backupConfig.S3.Path, "/")
if len(bucket) < 1 {
err = fmt.Errorf("s3.path=%s, not valid, bucket not set", backupConfig.S3.Path)
klog.Errorf(err.Error())
return nil, err
}
cli, err := NewClientFromSecret(c.kubeCli, cluster.Namespace, backupConfig.S3.Endpoint, backupConfig.S3.AWSSecret, backupConfig.S3.ForcePathStyle)
if err != nil {
klog.Errorf(err.Error())
return nil, err
}
defer cli.Close()
klog.Info(fmt.Sprintf("secret name: %s, data: %v", secret.Name, secret.Data))
i := 0
var resultObjs []*awsS3.Object
err = cli.S3.ListObjectsPages(&awsS3.ListObjectsInput{
Bucket: &bucket[0],
}, func(p *awsS3.ListObjectsOutput, last bool) (shouldContinue bool) {
i++
resultObjs = append(resultObjs, p.Contents...)
return true
})
if err != nil {
klog.Errorf("failed to list objects, error: %s", err.Error())
return nil, err
}
klog.Infof("Total Page %d", i)
return resultObjs, nil
}
func (c *StorageS3) Stat(objects interface{}) (int, error) {
s3Objects, ok := objects.([]*awsS3.Object)
if !ok {
return 0, errors.New("can not decode objects to S3 objects")
}
backupFiles := 0
for i := len(s3Objects) - 1; i >= 0; i-- {
lastModifiedTime := *s3Objects[i].LastModified
timeElapse := int64(time.Since(lastModifiedTime).Seconds())
if timeElapse > featureutil.OneDaySeconds {
break
}
backupFiles++
}
return backupFiles, nil
}
================================================
FILE: pkg/backup/storage.go
================================================
package backup
import (
"k8s.io/client-go/kubernetes"
"tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
// Storage is an abstract, pluggable interface for etcd backup storage.
type Storage interface {
// List gets all backup files from object storage.
List(cluster *v1alpha2.EtcdCluster) (interface{}, error)
// Stat counts the number of backup file in the last day.
Stat(objects interface{}) (int, error)
}
type StorageConfig struct {
KubeCli kubernetes.Interface
}
================================================
FILE: pkg/backup/util.go
================================================
package backup
import (
"encoding/json"
"fmt"
klog "k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
func GetBackupConfig(cluster *kstonev1alpha2.EtcdCluster) (*Config, error) {
var err error
cfg, found := cluster.Annotations[AnnoBackupConfig]
if !found {
err = fmt.Errorf(
"backup config not found, annotation key %s not exists, namespace is %s, name is %s",
AnnoBackupConfig,
cluster.Namespace,
cluster.Name,
)
klog.Errorf("failed to get backup config,cluster %s,err is %v", cluster.Name, err)
return nil, err
}
backupConfig := &Config{}
err = json.Unmarshal([]byte(cfg), backupConfig)
if err != nil {
klog.Errorf(err.Error())
return nil, err
}
return backupConfig, nil
}
================================================
FILE: pkg/clusterprovider/etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package clusterprovider
import (
"k8s.io/client-go/dynamic"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
)
// Cluster is an abstract, pluggable interface for etcd clusters.
type Cluster interface {
// BeforeCreate does some things before creating the cluster
BeforeCreate(cluster *kstonev1alpha2.EtcdCluster) error
// Create creates the cluster
Create(cluster *kstonev1alpha2.EtcdCluster) error
// AfterCreate does some things after creating the cluster
AfterCreate(cluster *kstonev1alpha2.EtcdCluster) error
// BeforeUpdate does some things before updating the cluster
BeforeUpdate(cluster *kstonev1alpha2.EtcdCluster) error
// Update updates the cluster
Update(cluster *kstonev1alpha2.EtcdCluster) error
// AfterUpdate does some things after updating the cluster
AfterUpdate(cluster *kstonev1alpha2.EtcdCluster) error
// BeforeDelete does some things before deleting the cluster
BeforeDelete(cluster *kstonev1alpha2.EtcdCluster) error
// Delete deletes the cluster
Delete(cluster *kstonev1alpha2.EtcdCluster) error
// AfterDelete does some things after deleting the cluster
AfterDelete(cluster *kstonev1alpha2.EtcdCluster) error
// Equal checks whether the cluster needs to be updated
Equal(cluster *kstonev1alpha2.EtcdCluster) (bool, error)
// Status gets the cluster status
Status(config *etcd.ClientConfig, cluster *kstonev1alpha2.EtcdCluster) (kstonev1alpha2.EtcdClusterStatus, error)
}
type ClusterContext struct {
Clientbuilder util.ClientBuilder
Client dynamic.Interface
}
================================================
FILE: pkg/clusterprovider/helper.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package clusterprovider
import (
"fmt"
"strings"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/etcd"
versionClient "tkestack.io/kstone/pkg/etcd/client"
_ "tkestack.io/kstone/pkg/etcd/client/versions" // import etcd client including v2 and v3
)
type EtcdAlarm struct {
MemberID uint64
AlarmType string
}
// GetStorageMemberEndpoints get member of cluster status
func GetStorageMemberEndpoints(cluster *kstonev1alpha2.EtcdCluster) []string {
members := cluster.Status.Members
endpoints := make([]string, 0)
if len(members) == 0 {
return endpoints
}
for _, m := range members {
endpoints = append(endpoints, m.ExtensionClientUrl)
}
return endpoints
}
// populateExtensionCientURLMap generate extensionClientURLs map
func populateExtensionCientURLMap(extensionClientURLs string) (map[string]string, error) {
urlMap := make(map[string]string)
if extensionClientURLs == "" {
return nil, nil
}
items := strings.Split(extensionClientURLs, ",")
for i := 0; i < len(items); i++ {
eps := strings.Split(items[i], "->")
if len(eps) == 2 {
urlMap[eps[0]] = eps[1]
} else {
return urlMap, fmt.Errorf("invalid extensionClientURLs %s", items[i])
}
}
return urlMap, nil
}
// GetRuntimeEtcdMembers get members of etcd
func GetRuntimeEtcdMembers(
storageBackend string,
endpoints []string,
extensionClientURLs string,
config *etcd.ClientConfig) ([]kstonev1alpha2.MemberStatus, error) {
etcdMembers := make([]kstonev1alpha2.MemberStatus, 0)
config.Endpoints = endpoints
versioned, err := versionClient.GetEtcdClientProvider(kstonev1alpha2.EtcdStorageBackend(storageBackend),
&versionClient.VersionContext{Config: config})
if err != nil {
klog.Errorf("failed get etcd version, err is %v", err)
return etcdMembers, err
}
defer versioned.Close()
memberRsp, err := versioned.MemberList()
if err != nil {
klog.Errorf("failed to get member list, endpoints is %s,err is %v", endpoints, err)
return etcdMembers, err
}
extensionClientURLMap, err := populateExtensionCientURLMap(extensionClientURLs)
if err != nil {
klog.Errorf("failed to populate extension clientURL,err is %v", err)
return etcdMembers, err
}
for _, m := range memberRsp {
// parse url
if m.ClientURLs == nil {
continue
}
items := strings.Split(m.ClientURLs[0], ":")
endPoint := strings.TrimPrefix(items[1], "//")
extensionClientURL := m.ClientURLs[0]
if extensionClientURLs != "" {
var ep string
if strings.HasPrefix(m.ClientURLs[0], "https://") {
ep = strings.TrimPrefix(m.ClientURLs[0], "https://")
if _, ok := extensionClientURLMap[ep]; ok {
extensionClientURL = "https://" + extensionClientURLMap[ep]
}
} else {
ep = strings.TrimPrefix(m.ClientURLs[0], "http://")
if _, ok := extensionClientURLMap[ep]; ok {
extensionClientURL = "http://" + extensionClientURLMap[ep]
}
}
}
// default info
memberVersion, memberStatus, memberRole := "", kstonev1alpha2.MemberPhaseUnStarted, kstonev1alpha2.EtcdMemberUnKnown
var errors []string
statusRsp, err := versioned.Status(extensionClientURL)
if err == nil && statusRsp != nil {
memberStatus = kstonev1alpha2.MemberPhaseRunning
memberVersion = statusRsp.Version
if statusRsp.IsLearner {
memberRole = kstonev1alpha2.EtcdMemberLearner
} else if statusRsp.Leader == m.ID {
memberRole = kstonev1alpha2.EtcdMemberLeader
} else {
memberRole = kstonev1alpha2.EtcdMemberFollower
}
} else {
klog.Errorf("failed to get member %s status,err is %v", extensionClientURL, err)
errors = append(errors, err.Error())
}
etcdMembers = append(etcdMembers, kstonev1alpha2.MemberStatus{
Name: m.Name,
MemberId: m.ID,
ClientUrl: m.ClientURLs[0],
ExtensionClientUrl: extensionClientURL,
Role: memberRole,
Status: memberStatus,
Endpoint: endPoint,
Port: items[2],
Version: memberVersion,
Errors: errors,
})
}
return etcdMembers, nil
}
// GetEtcdClusterMemberStatus check healthy of cluster and member
func GetEtcdClusterMemberStatus(
members []kstonev1alpha2.MemberStatus,
config *etcd.ClientConfig) ([]kstonev1alpha2.MemberStatus, kstonev1alpha2.EtcdClusterPhase) {
clusterStatus := kstonev1alpha2.EtcdClusterRunning
newMembers := make([]kstonev1alpha2.MemberStatus, 0)
for _, m := range members {
healthy, err := etcd.MemberHealthy(m.ExtensionClientUrl, config)
if err != nil {
m.Status = kstonev1alpha2.MemberPhaseUnKnown
} else {
if healthy {
m.Status = kstonev1alpha2.MemberPhaseRunning
} else {
m.Status = kstonev1alpha2.MemberPhaseUnHealthy
}
}
if m.Status != kstonev1alpha2.MemberPhaseRunning && clusterStatus == kstonev1alpha2.EtcdClusterRunning {
clusterStatus = kstonev1alpha2.EtcdClusterUnhealthy
}
newMembers = append(newMembers, m)
}
return newMembers, clusterStatus
}
// GetEtcdAlarms get alarm list of etcd
func GetEtcdAlarms(
endpoints []string,
config *etcd.ClientConfig) ([]EtcdAlarm, error) {
etcdAlarms := make([]EtcdAlarm, 0)
config.Endpoints = endpoints
client, err := etcd.NewClientv3(config)
if err != nil {
klog.Errorf("failed to get new etcd clientv3, err is %v ", err)
return etcdAlarms, err
}
defer client.Close()
alarmRsp, err := etcd.AlarmList(client)
if err != nil {
klog.Errorf("failed to get alarm list, err is %v", err)
return etcdAlarms, err
}
for _, a := range alarmRsp.Alarms {
etcdAlarms = append(etcdAlarms, EtcdAlarm{
MemberID: a.MemberID,
AlarmType: a.Alarm.String(),
})
}
return etcdAlarms, nil
}
================================================
FILE: pkg/clusterprovider/plugins.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package clusterprovider
import (
"errors"
"sync"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
type EtcdFactory func(cluster *ClusterContext) (Cluster, error)
var (
mutex sync.Mutex
providers = make(map[kstonev1alpha2.EtcdClusterType]EtcdFactory)
)
// RegisterEtcdClusterFactory registers the specified cluster provider
func RegisterEtcdClusterFactory(name kstonev1alpha2.EtcdClusterType, factory EtcdFactory) {
mutex.Lock()
defer mutex.Unlock()
if _, found := providers[name]; found {
klog.V(2).Infof("etcdcluster provider %s was registered twice", name)
}
klog.V(2).Infof("register etcdCluster provider %s", name)
providers[name] = factory
}
// GetEtcdClusterProvider gets the specified cluster provider
func GetEtcdClusterProvider(
name kstonev1alpha2.EtcdClusterType,
ctx *ClusterContext,
) (Cluster, error) {
mutex.Lock()
defer mutex.Unlock()
f, found := providers[name]
klog.V(1).Infof("get provider name %s,status:%t", name, found)
if !found {
return nil, errors.New("fatal error,etcd cluster provider not found")
}
return f(ctx)
}
================================================
FILE: pkg/clusterprovider/providers/imported/cluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package imported
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/clusterprovider"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
)
const (
AnnoImportedURI = "importedAddr"
)
var (
once sync.Once
instance *EtcdClusterImported
)
// EtcdClusterImported is the etcd cluster imported from kstone-dashboard
type EtcdClusterImported struct {
name kstonev1alpha2.EtcdClusterType
ctx *clusterprovider.ClusterContext
}
// init registers an imported etcd cluster provider
func init() {
clusterprovider.RegisterEtcdClusterFactory(
kstonev1alpha2.EtcdClusterImported,
func(ctx *clusterprovider.ClusterContext) (clusterprovider.Cluster, error) {
return initEtcdClusterImportedInstance(ctx)
},
)
}
func initEtcdClusterImportedInstance(ctx *clusterprovider.ClusterContext) (clusterprovider.Cluster, error) {
once.Do(func() {
instance = &EtcdClusterImported{
name: kstonev1alpha2.EtcdClusterImported,
ctx: &clusterprovider.ClusterContext{
Clientbuilder: ctx.Clientbuilder,
Client: ctx.Clientbuilder.DynamicClientOrDie(),
},
}
})
return instance, nil
}
func (c *EtcdClusterImported) BeforeCreate(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) Create(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) AfterCreate(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) BeforeUpdate(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) Update(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) AfterUpdate(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) BeforeDelete(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) Delete(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) AfterDelete(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
func (c *EtcdClusterImported) Equal(cluster *kstonev1alpha2.EtcdCluster) (bool, error) {
return true, nil
}
// Status gets the imported etcd cluster status
func (c *EtcdClusterImported) Status(config *etcd.ClientConfig, cluster *kstonev1alpha2.EtcdCluster) (kstonev1alpha2.EtcdClusterStatus, error) {
status := cluster.Status
annotations := cluster.ObjectMeta.Annotations
if annotations == nil {
annotations = make(map[string]string)
}
endpoints := clusterprovider.GetStorageMemberEndpoints(cluster)
if len(endpoints) == 0 {
if addr, found := annotations[AnnoImportedURI]; found {
endpoints = append(endpoints, addr)
status.ServiceName = addr
} else {
status.Phase = kstonev1alpha2.EtcdClusterUnknown
return status, nil
}
}
members, err := clusterprovider.GetRuntimeEtcdMembers(
cluster.Spec.StorageBackend,
endpoints,
cluster.Annotations[util.ClusterExtensionClientURL],
config,
)
if err != nil && len(members) == 0 {
status.Phase = kstonev1alpha2.EtcdClusterUnknown
return status, err
}
status.Members, status.Phase = clusterprovider.GetEtcdClusterMemberStatus(members, config)
return status, err
}
================================================
FILE: pkg/clusterprovider/providers/kstone/kstone.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package kstone
import (
"context"
"encoding/json"
"fmt"
"reflect"
"strconv"
"strings"
"sync"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/klog/v2"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/clusterprovider"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
platformscheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
const (
providerName = kstonev1alpha2.EtcdClusterKstone
AnnoImportedURI = "importedAddr"
defaultEmptyResourceValue = "0"
)
var (
once sync.Once
instance *EtcdClusterKstone
)
// EtcdClusterKstone is responsible for synchronizing kstone.tkestack.io/etcdcluster to kstone-etcd-operator
type EtcdClusterKstone struct {
name kstonev1alpha2.EtcdClusterType
ctx *clusterprovider.ClusterContext
}
// init registers a kstone etcd cluster(generated by kstone-etcd-provider) provider
func init() {
clusterprovider.RegisterEtcdClusterFactory(
providerName,
func(cluster *clusterprovider.ClusterContext) (clusterprovider.Cluster, error) {
return initEtcdClusterKstoneInstance(cluster)
},
)
}
func initEtcdClusterKstoneInstance(ctx *clusterprovider.ClusterContext) (clusterprovider.Cluster, error) {
once.Do(func() {
instance = &EtcdClusterKstone{
name: kstonev1alpha2.EtcdClusterKstone,
ctx: &clusterprovider.ClusterContext{
Clientbuilder: ctx.Clientbuilder,
Client: ctx.Clientbuilder.DynamicClientOrDie(),
},
}
})
return instance, nil
}
func (c *EtcdClusterKstone) BeforeCreate(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
// Create creates an etcd cluster
func (c *EtcdClusterKstone) Create(cluster *kstonev1alpha2.EtcdCluster) error {
etcdRes := schema.GroupVersionResource{Group: "etcd.tkestack.io", Version: "v1alpha1", Resource: "etcdclusters"}
etcdcluster := map[string]interface{}{
"apiVersion": "etcd.tkestack.io/v1alpha1",
"kind": "EtcdCluster",
"metadata": map[string]interface{}{
"name": cluster.Name,
"namespace": cluster.Namespace,
"annotations": cluster.Annotations,
},
"spec": c.generateEtcdSpec(cluster),
}
etcdclusterRequest := &unstructured.Unstructured{
Object: etcdcluster,
}
err := controllerutil.SetOwnerReference(cluster, etcdclusterRequest, platformscheme.Scheme)
if err != nil {
return err
}
_, err = c.ctx.Client.Resource(etcdRes).
Namespace(cluster.Namespace).
Create(context.TODO(), etcdclusterRequest, metav1.CreateOptions{})
if err != nil && !errors.IsAlreadyExists(err) {
return err
}
return nil
}
// AfterCreate handles etcdcluster after created
func (c *EtcdClusterKstone) AfterCreate(cluster *kstonev1alpha2.EtcdCluster) error {
if cluster.Annotations["scheme"] == "https" {
cluster.Annotations["certName"] = fmt.Sprintf("%s/%s-etcd-client-cert", cluster.Namespace, cluster.Name)
}
cluster.Annotations["importedAddr"] = fmt.Sprintf(
"%s://%s-etcd.%s.svc.cluster.local:2379",
cluster.Annotations["scheme"],
cluster.Name,
cluster.Namespace,
)
// update extClientURL
extClientURL := ""
for i := 0; i < int(cluster.Spec.Size); i++ {
key := fmt.Sprintf("%s-etcd-%d:2379", cluster.Name, i)
value := fmt.Sprintf(
"%s-etcd-%d.%s-etcd-headless.%s.svc.cluster.local:2379",
cluster.Name,
i,
cluster.Name,
cluster.Namespace,
)
if i < int(cluster.Spec.Size)-1 {
extClientURL += fmt.Sprintf("%s->%s,", key, value)
} else {
extClientURL += fmt.Sprintf("%s->%s", key, value)
}
}
cluster.Annotations["extClientURL"] = extClientURL
return nil
}
// BeforeUpdate handles etcdcluster before updated
func (c *EtcdClusterKstone) BeforeUpdate(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
// Update updates cluster of kstone-etcd-operator
func (c *EtcdClusterKstone) Update(cluster *kstonev1alpha2.EtcdCluster) error {
etcdRes := schema.GroupVersionResource{Group: "etcd.tkestack.io", Version: "v1alpha1", Resource: "etcdclusters"}
etcd, err := c.ctx.Client.Resource(etcdRes).
Namespace(cluster.Namespace).
Get(context.TODO(), cluster.Name, metav1.GetOptions{})
if err != nil {
return err
}
err = c.updateEtcdSpec(etcd, cluster)
if err != nil {
return err
}
_, updateErr := c.ctx.Client.Resource(etcdRes).
Namespace(cluster.Namespace).
Update(context.TODO(), etcd, metav1.UpdateOptions{})
if updateErr != nil {
klog.Error(updateErr.Error())
return updateErr
}
return nil
}
// Equal checks etcdcluster, if not equal, sync etcdclusters.etcd.tkestack.io
// if equal, nothing to do
func (c *EtcdClusterKstone) Equal(cluster *kstonev1alpha2.EtcdCluster) (bool, error) {
etcdRes := schema.GroupVersionResource{Group: "etcd.tkestack.io", Version: "v1alpha1", Resource: "etcdclusters"}
etcd, err := c.ctx.Client.Resource(etcdRes).
Namespace(cluster.Namespace).
Get(context.TODO(), cluster.Name, metav1.GetOptions{})
if err != nil {
return true, err
}
oldSize, _, _ := unstructured.NestedInt64(etcd.Object, "spec", "size")
if int64(cluster.Spec.Size) != oldSize {
klog.Info("size is different")
return false, nil
}
oldVersion, _, _ := unstructured.NestedString(etcd.Object, "spec", "version")
if strings.TrimLeft(oldVersion, "v") != strings.TrimLeft(cluster.Spec.Version, "v") {
klog.Info("version is different")
return false, nil
}
oldStorage, _, _ := unstructured.NestedString(
etcd.Object,
"spec",
"template",
"persistentVolumeClaimSpec",
"resources",
"requests",
"storage",
)
if strings.TrimRight(oldStorage, "Gi") != strconv.Itoa(int(cluster.Spec.DiskSize)) {
klog.Info("storage is different")
return false, nil
}
if !c.resourceEqual(cluster, etcd) {
return false, nil
}
oldEnvObject, _, _ := unstructured.NestedSlice(etcd.Object, "spec", "template", "env")
oldEnv := make([]corev1.EnvVar, 0)
oldEnvBytes, err := json.Marshal(oldEnvObject)
if err != nil {
return true, err
}
err = json.Unmarshal(oldEnvBytes, &oldEnv)
if err != nil {
return true, err
}
if len(oldEnv) == 0 && len(cluster.Spec.Env) == 0 {
return true, nil
}
if !reflect.DeepEqual(oldEnv, cluster.Spec.Env) {
klog.Info("env is different")
return false, nil
}
return true, nil
}
// AfterUpdate handles etcdcluster after updated
func (c *EtcdClusterKstone) AfterUpdate(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
// BeforeDelete handles etcdcluster before deleted
func (c *EtcdClusterKstone) BeforeDelete(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
// Delete handles delete
func (c *EtcdClusterKstone) Delete(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
// AfterDelete handles etcdcluster after deleted
func (c *EtcdClusterKstone) AfterDelete(cluster *kstonev1alpha2.EtcdCluster) error {
return nil
}
// Status checks etcd member and returns new status
func (c *EtcdClusterKstone) Status(config *etcd.ClientConfig, cluster *kstonev1alpha2.EtcdCluster) (kstonev1alpha2.EtcdClusterStatus, error) {
var phase kstonev1alpha2.EtcdClusterPhase
status := cluster.Status
annotations := cluster.Annotations
if annotations == nil {
annotations = make(map[string]string)
}
// endpoints
endpoints := clusterprovider.GetStorageMemberEndpoints(cluster)
if len(endpoints) == 0 {
if addr, found := annotations[AnnoImportedURI]; found {
endpoints = append(endpoints, addr)
status.ServiceName = addr
} else {
status.Phase = kstonev1alpha2.EtcdCluterCreating
return status, nil
}
}
members, err := clusterprovider.GetRuntimeEtcdMembers(
cluster.Spec.StorageBackend,
endpoints,
cluster.Annotations[util.ClusterExtensionClientURL],
config,
)
if err != nil || len(members) == 0 || int(cluster.Spec.Size) != len(members) {
if status.Phase == kstonev1alpha2.EtcdClusterRunning {
status.Phase = kstonev1alpha2.EtcdClusterUnknown
}
return status, err
}
status.Members, phase = clusterprovider.GetEtcdClusterMemberStatus(members, config)
if status.Phase == kstonev1alpha2.EtcdClusterRunning || phase != kstonev1alpha2.EtcdClusterUnknown {
status.Phase = phase
}
return status, err
}
// updateEtcdSpec update spec
func (c *EtcdClusterKstone) updateEtcdSpec(etcd *unstructured.Unstructured, cluster *kstonev1alpha2.EtcdCluster) error {
newSpec := c.generateEtcdSpec(cluster)
spec, found, err := unstructured.NestedMap(etcd.Object, "spec")
if err != nil || !found || spec == nil {
return fmt.Errorf("get spec error")
}
if err = unstructured.SetNestedField(etcd.Object, newSpec, "spec"); err != nil {
klog.Error(err.Error())
return err
}
return nil
}
// generateEtcdSpec generate spec with etcdcluster
func (c *EtcdClusterKstone) generateEtcdSpec(cluster *kstonev1alpha2.EtcdCluster) map[string]interface{} {
extraServerCertSANsStr := cluster.Annotations["extraServerCertSANs"]
extraServerCertSANList := make([]interface{}, 0)
for _, certSAN := range strings.Split(extraServerCertSANsStr, ",") {
temp := strings.TrimSpace(certSAN)
if temp == "" {
continue
}
extraServerCertSANList = append(extraServerCertSANList, temp)
}
if len(extraServerCertSANList) == 0 {
extraServerCertSANList = nil
}
labels := make(map[string]interface{}, len(cluster.Labels))
for k, v := range cluster.Labels {
labels[k] = v
}
annotations := make(map[string]interface{}, len(cluster.Annotations))
for k, v := range cluster.Annotations {
annotations[k] = v
}
env := make([]interface{}, 0)
envBytes, _ := json.Marshal(cluster.Spec.Env)
_ = json.Unmarshal(envBytes, &env)
persistentVolumeClaimSpec := map[string]interface{}{
"accessModes": []interface{}{
"ReadWriteOnce",
},
"resources": map[string]interface{}{
"requests": map[string]interface{}{
"storage": fmt.Sprintf("%dGi", cluster.Spec.DiskSize),
},
},
}
if cluster.Spec.DiskType != "" {
persistentVolumeClaimSpec["storageClassName"] = cluster.Spec.DiskType
}
spec := map[string]interface{}{
"size": int64(cluster.Spec.Size),
"version": cluster.Spec.Version,
"template": map[string]interface{}{
"extraArgs": []interface{}{
"logger=zap",
},
"labels": labels,
"annotations": annotations,
"env": env,
"persistentVolumeClaimSpec": persistentVolumeClaimSpec,
},
}
resources := make(map[string]interface{})
if cluster.Spec.Resources.Limits != nil {
resources["limits"] = map[string]interface{}{
"cpu": cluster.Spec.Resources.Limits.Cpu().String(),
"memory": cluster.Spec.Resources.Limits.Memory().String(),
}
}
if cluster.Spec.Resources.Requests != nil {
resources["requests"] = map[string]interface{}{
"cpu": cluster.Spec.Resources.Requests.Cpu().String(),
"memory": cluster.Spec.Resources.Requests.Memory().String(),
}
}
spec["template"].(map[string]interface{})["resources"] = resources
if cluster.Annotations["scheme"] == "https" {
autoTLSCert := map[string]interface{}{
"autoGenerateClientCert": true,
"autoGeneratePeerCert": true,
"autoGenerateServerCert": true,
"extraServerCertSANs": extraServerCertSANList,
}
if cluster.Spec.AuthConfig.TLSSecret != "" {
autoTLSCert["externalCASecret"] = cluster.Spec.AuthConfig.TLSSecret
}
spec["secure"] = map[string]interface{}{
"tls": map[string]interface{}{
"autoTLSCert": autoTLSCert,
},
}
spec["template"].(map[string]interface{})["extraArgs"] = []interface{}{
"logger=zap",
"client-cert-auth=true",
}
}
if cluster.Annotations["repository"] != "" {
spec["repository"] = cluster.Annotations["repository"]
}
// TODO: Use struct to replace
affinity := make(map[string]interface{})
affinityBytes, _ := json.Marshal(cluster.Spec.Affinity)
_ = json.Unmarshal(affinityBytes, &affinity)
if affinity != nil {
spec["template"].(map[string]interface{})["affinity"] = affinity
}
if cluster.Spec.Tolerations != nil && len(cluster.Spec.Tolerations) > 0 {
tolerations := make([]interface{}, 0)
tolerationsBytes, _ := json.Marshal(cluster.Spec.Tolerations)
_ = json.Unmarshal(tolerationsBytes, &tolerations)
spec["template"].(map[string]interface{})["tolerations"] = tolerations
}
return spec
}
// resourceEqual checks if old resource is equal to desired resource
// Note that if Resources.Limits.Cpu or other resource is not exists,
// kubernetes will check and return a default Quantity Object
// So there will be no nil pointer panic
func (c *EtcdClusterKstone) resourceEqual(cluster *kstonev1alpha2.EtcdCluster, etcd *unstructured.Unstructured) bool {
resourceTypeNames := []corev1.ResourceName{corev1.ResourceRequestsCPU, corev1.ResourceRequestsMemory, corev1.ResourceLimitsCPU, corev1.ResourceLimitsMemory}
for _, resourceTypeName := range resourceTypeNames {
r := strings.Split(string(resourceTypeName), ".")
resourceType, resourceName := r[0], r[1]
oldResource := c.getOldResource(etcd, resourceType, resourceName)
desiredResource := c.getDesiredResource(cluster, resourceTypeName)
if oldResource != desiredResource {
info := fmt.Sprintf("%s %s is different", resourceName, resourceType)
klog.Info(info)
return false
}
}
return true
}
func (c *EtcdClusterKstone) getOldResource(etcd *unstructured.Unstructured, resourceType, resourceName string) string {
resource, _, _ := unstructured.NestedString(etcd.Object, "spec", "template", "resources", resourceType, resourceName)
if resource == "" {
resource = defaultEmptyResourceValue
}
return resource
}
func (c *EtcdClusterKstone) getDesiredResource(cluster *kstonev1alpha2.EtcdCluster, resourceTypeName corev1.ResourceName) string {
switch resourceTypeName {
case corev1.ResourceLimitsCPU:
return cluster.Spec.Resources.Limits.Cpu().String()
case corev1.ResourceLimitsMemory:
return cluster.Spec.Resources.Limits.Memory().String()
case corev1.ResourceRequestsCPU:
return cluster.Spec.Resources.Requests.Cpu().String()
case corev1.ResourceRequestsMemory:
return cluster.Spec.Resources.Requests.Memory().String()
}
return ""
}
================================================
FILE: pkg/clusterprovider/providers/providers.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package providers
import (
_ "tkestack.io/kstone/pkg/clusterprovider/providers/imported" // import imported provider
_ "tkestack.io/kstone/pkg/clusterprovider/providers/kstone" // import kstone provider
)
================================================
FILE: pkg/controllers/etcdcluster/etcdclusters_controller.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcdcluster
import (
"context"
"fmt"
"reflect"
"strconv"
"time"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
informerscorev1 "k8s.io/client-go/informers/core/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/scheme"
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
listerscorev1 "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/tools/record"
"k8s.io/client-go/util/workqueue"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/clusterprovider"
_ "tkestack.io/kstone/pkg/clusterprovider/providers" // register cluster provider
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
"tkestack.io/kstone/pkg/featureprovider"
_ "tkestack.io/kstone/pkg/featureprovider/providers" // register feature provider
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
clientset "tkestack.io/kstone/pkg/generated/clientset/versioned"
platformscheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
informers "tkestack.io/kstone/pkg/generated/informers/externalversions/kstone/v1alpha2"
listers "tkestack.io/kstone/pkg/generated/listers/kstone/v1alpha2"
)
// ClusterController is the controller implementation for EtcdCluster resources
type ClusterController struct {
// kubeclientset is a standard kubernetes clientset
kubeclientset kubernetes.Interface
// platformclientset is a clientset for our own API group
platformclientset clientset.Interface
secretLister listerscorev1.SecretLister
secretSynced cache.InformerSynced
etcdclusterLister listers.EtcdClusterLister
etcdclusterSynced cache.InformerSynced
// To allow injection of syncEtcdCluster for testing.
syncHandler func(eKey string) error
// workqueue is a rate limited work queue. This is used to queue work to be
// processed instead of performing it as soon as a change happens. This
// means we can ensure we only process a fixed amount of resources at a
// time, and makes it easy to ensure we are never processing the same item
// simultaneously in two different workers.
workqueue workqueue.RateLimitingInterface
// recorder is an event recorder for recording Event resources to the
// Kubernetes API.
recorder record.EventRecorder
clientbuilder util.ClientBuilder
clientConfigGetter etcd.ClientConfigGetter
}
// NewEtcdclusterController returns a new etcdcluster controller
func NewEtcdclusterController(
clientbuilder util.ClientBuilder,
kubeclientset kubernetes.Interface,
platformclientset clientset.Interface,
secretInformer informerscorev1.SecretInformer,
etcdclusterInformer informers.EtcdClusterInformer) *ClusterController {
// Create event broadcaster
// Add kstone types to the default Kubernetes Scheme so Events can be
// logged for kstone types.
utilruntime.Must(platformscheme.AddToScheme(scheme.Scheme))
klog.V(4).Info("Creating event broadcaster")
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartStructuredLogging(0)
eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: kubeclientset.CoreV1().Events("")})
recorder := eventBroadcaster.NewRecorder(
scheme.Scheme,
corev1.EventSource{Component: util.ComponentEtcdClusterController},
)
controller := &ClusterController{
clientbuilder: clientbuilder,
kubeclientset: kubeclientset,
platformclientset: platformclientset,
secretLister: secretInformer.Lister(),
secretSynced: secretInformer.Informer().HasSynced,
etcdclusterLister: etcdclusterInformer.Lister(),
etcdclusterSynced: etcdclusterInformer.Informer().HasSynced,
workqueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "EtcdClusters"),
recorder: recorder,
}
controller.syncHandler = controller.syncEtcdCluster
controller.clientConfigGetter = etcd.NewClientConfigSecretCacheGetter(controller.secretLister)
klog.Info("Setting up event handlers")
// Set up an event handler for when EtcdCluster resources change
etcdclusterInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: controller.enqueueEtcdcluster,
UpdateFunc: func(old, new interface{}) {
controller.enqueueEtcdcluster(new)
},
})
return controller
}
// Run will set up the event handlers for types we are interested in, as well
// as syncing informer caches and starting workers. It will block until stopCh
// is closed, at which point it will shutdown the workqueue and wait for
// workers to finish processing their current work items.
func (c *ClusterController) Run(threadiness int, stopCh <-chan struct{}) error {
defer utilruntime.HandleCrash()
defer c.workqueue.ShutDown()
// Start the informer factories to begin populating the informer caches
klog.Info("Starting EtcdCluster controller")
// Wait for the caches to be synced before starting workers
klog.Info("Waiting for informer caches to sync")
if ok := cache.WaitForCacheSync(stopCh, c.secretSynced, c.etcdclusterSynced); !ok {
return fmt.Errorf("failed to wait for caches to sync")
}
klog.Info("Starting workers")
// Launch two workers to process EtcdCluster resources
for i := 0; i < threadiness; i++ {
go wait.Until(c.runWorker, time.Second, stopCh)
}
klog.Info("Started workers")
<-stopCh
klog.Info("Shutting down workers")
return nil
}
// runWorker is a long-running function that will continually call the
// processNextWorkItem function in order to read and process a message on the
// workqueue.
func (c *ClusterController) runWorker() {
for c.processNextWorkItem() {
}
}
// processNextWorkItem will read a single work item off the workqueue and
// attempt to process it, by calling the syncHandler.
func (c *ClusterController) processNextWorkItem() bool {
obj, shutdown := c.workqueue.Get()
if shutdown {
return false
}
// We wrap this block in a func so we can defer c.workqueue.Done.
err := util.ProcessWorkQueue(c.workqueue, c.syncHandler, obj)
if err != nil {
utilruntime.HandleError(err)
return true
}
return true
}
// syncEtcdCluster compares the actual state with the desired, and attempts to
// converge the two. It then updates the Status block of the EtcdCluster resource
// with the current status of the resource.
func (c *ClusterController) syncEtcdCluster(key string) error {
// Convert the namespace/name string into a distinct namespace and name
namespace, name, err := cache.SplitMetaNamespaceKey(key)
if err != nil {
utilruntime.HandleError(fmt.Errorf("invalid resource key: %s", key))
return nil
}
// Get the EtcdCluster resource with this namespace/name
etcdcluster, err := c.etcdclusterLister.EtcdClusters(namespace).Get(name)
if err != nil {
// The EtcdCluster resource may no longer exist, in which case we stop
// processing.
if errors.IsNotFound(err) {
utilruntime.HandleError(fmt.Errorf("EtcdCluster '%s' in work queue no longer exists", key))
return nil
}
return err
}
return c.reconcileEtcdCluster(etcdcluster.DeepCopy())
}
// updateEtcdClusterStatus
func (c *ClusterController) updateEtcdClusterStatus(cluster *kstonev1alpha2.EtcdCluster) (
*kstonev1alpha2.EtcdCluster,
error,
) {
// NEVER modify objects from the store. It's a read-only, local cache.
// You can use DeepCopy() to make a deep copy of original object and modify this copy
// Or create a copy manually for better performance
// clusterCopy := cluster.DeepCopy()
// If the CustomResourceSubresources feature gate is not enabled,
// we must use Update instead of UpdateStatus to update the Status block of the EtcdCluster resource.
// UpdateStatus will not allow changes to the Spec of the resource,
// which is ideal for ensuring nothing other than resource status has been updated.
etcdcluster, err := c.platformclientset.KstoneV1alpha2().EtcdClusters(cluster.Namespace).
Update(context.TODO(), cluster, metav1.UpdateOptions{})
if err != nil {
return cluster, err
}
return etcdcluster, nil
}
// enqueueEtcdcluster takes a EtcdCluster resource and converts it into a namespace/name
// string which is then put onto the work queue. This method should *not* be
// passed resources of any type other than EtcdCluster.
func (c *ClusterController) enqueueEtcdcluster(obj interface{}) {
var key string
var err error
if key, err = cache.MetaNamespaceKeyFunc(obj); err != nil {
utilruntime.HandleError(err)
return
}
c.workqueue.Add(key)
}
func (c *ClusterController) handleClusterManagement(cluster *kstonev1alpha2.EtcdCluster) (
*kstonev1alpha2.EtcdCluster,
error,
) {
// Get cluster provider
provider, err := c.GetEtcdClusterProvider(cluster.Spec.ClusterType)
if err != nil {
klog.Errorf("failed to get cluster provider %s, err is %v, cluster is %s",
cluster.Spec.ClusterType, err, cluster.Name)
return cluster, err
}
nextAction, err := c.getDesiredAction(cluster, provider)
if err != nil {
return cluster, err
}
switch nextAction {
case kstonev1alpha2.EtcdCluterCreating:
cluster, err = c.handleClusterCreate(cluster, provider)
case kstonev1alpha2.EtcdClusterUpdating:
cluster, err = c.handleClusterUpdate(cluster, provider)
default:
cluster, err = c.handleClusterStatus(cluster, provider)
}
_, _ = c.updateEtcdClusterStatus(cluster)
if err != nil {
c.recorder.Eventf(
cluster,
corev1.EventTypeWarning,
string(nextAction),
"failed to set cluster %s, err is %v, cluster is %s",
string(nextAction),
err,
cluster.ClusterName,
)
return cluster, err
}
return cluster, nil
}
func (c *ClusterController) enabledFeatureGate(annotations map[string]string, name kstonev1alpha2.KStoneFeature) bool {
return featureutil.IsFeatureGateEnabled(annotations, name)
}
// handleClusterLabels updates EtcdCluster Resource labels.
func (c *ClusterController) handleClusterLabels(
cluster *kstonev1alpha2.EtcdCluster) (*kstonev1alpha2.EtcdCluster, error) {
annotations := cluster.ObjectMeta.Annotations
if annotations == nil {
annotations = make(map[string]string)
}
labels := cluster.ObjectMeta.Labels
if labels == nil {
labels = make(map[string]string)
}
for featureName := range featureprovider.EtcdFeatureProviders {
labels[featureName] = strconv.FormatBool(c.enabledFeatureGate(annotations, kstonev1alpha2.KStoneFeature(featureName)))
}
labels["clusterType"] = string(cluster.Spec.ClusterType)
labels["version"] = cluster.Spec.Version
if !reflect.DeepEqual(cluster.ObjectMeta.Labels, labels) {
cluster.ObjectMeta.Labels = labels
return c.updateEtcdClusterStatus(cluster)
}
return cluster, nil
}
func (c *ClusterController) handleClusterFeature(cluster *kstonev1alpha2.EtcdCluster) (
*kstonev1alpha2.EtcdCluster,
error) {
// Check cluster status, ensure cluster is running
if cluster.Status.Phase != kstonev1alpha2.EtcdClusterRunning || len(cluster.Status.Members) == 0 {
klog.V(3).Infof("cluster status is not running, waiting")
return cluster, nil
}
annotations := cluster.ObjectMeta.Annotations
if annotations == nil {
annotations = make(map[string]string)
}
if cluster.Status.FeatureGatesStatus == nil {
cluster.Status.FeatureGatesStatus = make(map[kstonev1alpha2.KStoneFeature]string)
}
for name := range featureprovider.EtcdFeatureProviders {
featureName := kstonev1alpha2.KStoneFeature(name)
feature, err := c.GetFeatureProvider(name)
if err != nil {
klog.Errorf("failed to get feature %s provider,err is %v", name, err)
continue
}
if feature.Equal(cluster) {
klog.V(4).Infof("skip feature %s,no changed, cluster is %s", name, cluster.Name)
continue
}
err = feature.Sync(cluster)
if err != nil {
klog.Errorf("failed to sync %s feature, err is %v, cluster is %s", name, err, cluster.Name)
cluster.Status.FeatureGatesStatus[featureName] = fmt.Sprintf("failed to sync %s feature, err is %v", name, err)
continue
}
if c.enabledFeatureGate(annotations, featureName) {
cluster.Status.FeatureGatesStatus[featureName] = featureutil.FeatureStatusEnabled
} else {
cluster.Status.FeatureGatesStatus[featureName] = featureutil.FeatureStatusDisabled
}
}
return c.updateEtcdClusterStatus(cluster)
}
func (c *ClusterController) reconcileEtcdCluster(cluster *kstonev1alpha2.EtcdCluster) error {
// Handle cluster Creation,Update operations
cluster, err := c.handleClusterManagement(cluster)
if err != nil {
klog.Errorf("failed to handle cluster management operations, err is %v, cluster is %s", err, cluster.Name)
return err
}
// If cluster is not running, do not proceed to the next step
if cluster.Status.Phase != kstonev1alpha2.EtcdClusterRunning {
klog.Warningf("cluster %s is not ready", cluster.Name)
return nil
}
// Handle cluster labels
cluster, err = c.handleClusterLabels(cluster)
if err != nil {
klog.Errorf("failed to handle cluster labels, err is %v, cluster is %s", err, cluster.Name)
return err
}
// Handle cluster feature
cluster, err = c.handleClusterFeature(cluster)
if err != nil {
klog.Errorf("failed to handle cluster feature, err is %v, cluster is %s", err, cluster.Name)
return err
}
return nil
}
func (c *ClusterController) GetFeatureProvider(name string) (featureprovider.Feature, error) {
ctx := &featureprovider.FeatureContext{
ClientBuilder: c.clientbuilder,
ClientConfigGetter: c.clientConfigGetter,
}
feature, err := featureprovider.GetFeatureProvider(name, ctx)
if err != nil {
return nil, err
}
return feature, nil
}
func (c *ClusterController) GetEtcdClusterProvider(name kstonev1alpha2.EtcdClusterType) (clusterprovider.Cluster, error) {
ctx := &clusterprovider.ClusterContext{
Clientbuilder: c.clientbuilder,
}
cluster, err := clusterprovider.GetEtcdClusterProvider(name, ctx)
if err != nil {
return nil, err
}
return cluster, nil
}
func (c *ClusterController) getDesiredAction(
cluster *kstonev1alpha2.EtcdCluster,
provider clusterprovider.Cluster,
) (kstonev1alpha2.EtcdClusterPhase, error) {
if len(cluster.Status.Conditions) == 0 {
return kstonev1alpha2.EtcdCluterCreating, nil
}
conditionIndex := len(cluster.Status.Conditions) - 1
lastCondition := cluster.Status.Conditions[conditionIndex]
switch lastCondition.Type {
case kstonev1alpha2.EtcdClusterConditionCreate:
if lastCondition.Status == corev1.ConditionFalse {
return kstonev1alpha2.EtcdCluterCreating, nil
}
case kstonev1alpha2.EtcdClusterConditionUpdate:
if lastCondition.Status == corev1.ConditionFalse {
return kstonev1alpha2.EtcdClusterUpdating, nil
}
}
equal, err := provider.Equal(cluster)
if err != nil {
klog.Errorf("failed to check if the cluster is equal, err is %v,cluster is %s", err, cluster.Name)
return kstonev1alpha2.EtcdClusterUnknown, err
}
if !equal {
klog.Infof("spec is different, need to update etcd, cluster is %s", cluster.Name)
return kstonev1alpha2.EtcdClusterUpdating, nil
}
return kstonev1alpha2.EtcdClusterRunning, nil
}
func (c *ClusterController) generateConditions(
conditions []kstonev1alpha2.EtcdClusterCondition,
phase kstonev1alpha2.EtcdClusterPhase,
nextConditionType kstonev1alpha2.EtcdClusterConditionType,
) []kstonev1alpha2.EtcdClusterCondition {
conditionIndex := len(conditions) - 1
if conditionIndex >= 0 {
lastCondition := conditions[conditionIndex]
if lastCondition.Status != corev1.ConditionTrue {
return conditions
}
if lastCondition.Type == nextConditionType {
conditions = conditions[:conditionIndex]
}
}
conditions = append(conditions, kstonev1alpha2.EtcdClusterCondition{
Type: nextConditionType,
Status: corev1.ConditionFalse,
StartTime: metav1.Now(),
})
return conditions
}
func (c *ClusterController) handleClusterCreate(
cluster *kstonev1alpha2.EtcdCluster,
provider clusterprovider.Cluster,
) (*kstonev1alpha2.EtcdCluster, error) {
cluster.Status.Conditions = c.generateConditions(
cluster.Status.Conditions,
cluster.Status.Phase,
kstonev1alpha2.EtcdClusterConditionCreate,
)
cluster.Status.Phase = kstonev1alpha2.EtcdCluterCreating
conditionIndex := len(cluster.Status.Conditions) - 1
err := provider.BeforeCreate(cluster)
if err != nil {
klog.Errorf("failed to do something before create, err is %v, cluster is %s", err, cluster.Name)
cluster.Status.Conditions[conditionIndex].Reason = err.Error()
return cluster, err
}
err = provider.Create(cluster)
if err != nil {
klog.Errorf("failed to create, err is %v, cluster is %s", err, cluster.Name)
cluster.Status.Conditions[conditionIndex].Reason = err.Error()
return cluster, err
}
err = provider.AfterCreate(cluster)
if err != nil {
klog.Errorf("failed to do something after create, err is %v, cluster is %s", err, cluster.Name)
cluster.Status.Conditions[conditionIndex].Reason = err.Error()
return cluster, err
}
cluster.Status.Conditions[conditionIndex].Reason = ""
cluster.Status.Conditions[conditionIndex].EndTime = metav1.Now()
cluster.Status.Conditions[conditionIndex].Status = corev1.ConditionTrue
return cluster, nil
}
func (c *ClusterController) handleClusterUpdate(
cluster *kstonev1alpha2.EtcdCluster,
provider clusterprovider.Cluster,
) (*kstonev1alpha2.EtcdCluster, error) {
cluster.Status.Conditions = c.generateConditions(
cluster.Status.Conditions,
cluster.Status.Phase,
kstonev1alpha2.EtcdClusterConditionUpdate,
)
cluster.Status.Phase = kstonev1alpha2.EtcdClusterUpdating
conditionIndex := len(cluster.Status.Conditions) - 1
err := provider.BeforeUpdate(cluster)
if err != nil {
klog.Errorf("failed to do something before update, err is %v, cluster is %s", err, cluster.Name)
cluster.Status.Conditions[conditionIndex].Reason = err.Error()
return cluster, err
}
err = provider.Update(cluster)
if err != nil {
klog.Errorf("failed to update, err is %v, cluster is %s", err, cluster.Name)
cluster.Status.Conditions[conditionIndex].Reason = err.Error()
return cluster, err
}
err = provider.AfterUpdate(cluster)
if err != nil {
klog.Errorf("failed to do something after update, err is %v, cluster is %s", err, cluster.Name)
cluster.Status.Conditions[conditionIndex].Reason = err.Error()
return cluster, err
}
cluster.Status.Conditions[conditionIndex].Reason = ""
cluster.Status.Conditions[conditionIndex].EndTime = metav1.Now()
cluster.Status.Conditions[conditionIndex].Status = corev1.ConditionTrue
return cluster, nil
}
// handleClusterStatus checks the status, if equal, updates status
// if not equal, updates etcdclusters.etcd.tkestack.io
func (c *ClusterController) handleClusterStatus(
cluster *kstonev1alpha2.EtcdCluster,
provider clusterprovider.Cluster,
) (*kstonev1alpha2.EtcdCluster, error) {
// Check and update Cluster Status
annotations := cluster.ObjectMeta.Annotations
secretName := ""
if annotations != nil {
if _, found := annotations[util.ClusterTLSSecretName]; found {
secretName = annotations[util.ClusterTLSSecretName]
}
}
path := fmt.Sprintf("%s/%s", cluster.Namespace, cluster.Name)
clientConfig, err := c.clientConfigGetter.New(path, secretName)
if err != nil {
return cluster, err
}
status, err := provider.Status(clientConfig, cluster)
if err != nil {
c.recorder.Eventf(
cluster,
corev1.EventTypeWarning,
string(util.EtcdClusterUpdateStatus),
"failed to get cluster status %v",
err,
)
}
cluster.Status = status
return cluster, nil
}
================================================
FILE: pkg/controllers/etcdinspection/etcdinspection_controller.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcdinspection
import (
"fmt"
"net/http"
"time"
"github.com/go-martini/martini"
"github.com/prometheus/client_golang/prometheus/promhttp"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
informerscorev1 "k8s.io/client-go/informers/core/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/scheme"
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
listerscorev1 "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/tools/cache"
"k8s.io/client-go/tools/record"
"k8s.io/client-go/util/workqueue"
klog "k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/etcd"
// register etcd cluster providers
_ "tkestack.io/kstone/pkg/clusterprovider/providers"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/featureprovider"
// register etcd feature providers
_ "tkestack.io/kstone/pkg/featureprovider/providers"
clientset "tkestack.io/kstone/pkg/generated/clientset/versioned"
platformscheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
informers "tkestack.io/kstone/pkg/generated/informers/externalversions/kstone/v1alpha2"
listers "tkestack.io/kstone/pkg/generated/listers/kstone/v1alpha2"
)
// InspectionController is the controller implementation for etcdinspection resources
type InspectionController struct {
// kubeclientset is a standard kubernetes clientset
kubeclientset kubernetes.Interface
// platformclientset is a clientset for our own API group
platformclientset clientset.Interface
secretLister listerscorev1.SecretLister
secretSynced cache.InformerSynced
etcdinspectionLister listers.EtcdInspectionLister
etcdinspectionSynced cache.InformerSynced
// To allow injection of doClusterInspection for testing.
syncHandler func(eKey string) error
// workqueue is a rate limited work queue. This is used to queue work to be
// processed instead of performing it as soon as a change happens. This
// means we can ensure we only process a fixed amount of resources at a
// time, and makes it easy to ensure we are never processing the same item
// simultaneously in two different workers.
workqueue workqueue.RateLimitingInterface
// recorder is an event recorder for recording Event resources to the
// Kubernetes API.
recorder record.EventRecorder
clientbuilder util.ClientBuilder
clientConfigGetter etcd.ClientConfigGetter
}
func NewInspectionControllerMetric() http.Handler {
m := martini.New()
r := martini.NewRouter()
r.Get("/health", func() (int, string) {
return 200, "ok"
})
r.Get("/metrics", promhttp.Handler())
m.MapTo(r, (*martini.Routes)(nil))
m.Action(r.Handle)
return m
}
// NewEtcdInspectionController returns a new etcdinspection controller
func NewEtcdInspectionController(
clientbuilder util.ClientBuilder,
kubeclientset kubernetes.Interface,
platformclientset clientset.Interface,
secretInformer informerscorev1.SecretInformer,
etcdinspectionInformer informers.EtcdInspectionInformer) *InspectionController {
// Create event broadcaster
// Add kstone types to the default Kubernetes Scheme so Events can be
// logged for kstone types.
utilruntime.Must(platformscheme.AddToScheme(scheme.Scheme))
klog.V(4).Info("Creating event broadcaster")
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartStructuredLogging(0)
eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: kubeclientset.CoreV1().Events("")})
recorder := eventBroadcaster.NewRecorder(
scheme.Scheme,
corev1.EventSource{Component: util.ComponentEtcdInspectionController},
)
controller := &InspectionController{
clientbuilder: clientbuilder,
kubeclientset: kubeclientset,
platformclientset: platformclientset,
secretLister: secretInformer.Lister(),
secretSynced: secretInformer.Informer().HasSynced,
etcdinspectionLister: etcdinspectionInformer.Lister(),
etcdinspectionSynced: etcdinspectionInformer.Informer().HasSynced,
workqueue: workqueue.NewNamedRateLimitingQueue(
workqueue.DefaultControllerRateLimiter(),
"etcdinspections",
),
recorder: recorder,
}
controller.syncHandler = controller.doClusterInspection
controller.clientConfigGetter = etcd.NewClientConfigSecretCacheGetter(controller.secretLister)
klog.Info("Setting up event handlers")
// Set up an event handler for when etcdinspection resources change
etcdinspectionInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: controller.enqueueEtcdInspection,
UpdateFunc: func(old, new interface{}) {
controller.enqueueEtcdInspection(new)
},
})
return controller
}
// Run will set up the event handlers for types we are interested in, as well
// as syncing informer caches and starting workers. It will block until stopCh
// is closed, at which point it will shutdown the workqueue and wait for
// workers to finish processing their current work items.
func (c *InspectionController) Run(threadiness int, stopCh <-chan struct{}) error {
defer utilruntime.HandleCrash()
defer c.workqueue.ShutDown()
// Start the informer factories to begin populating the informer caches
klog.Info("Starting etcdinspection controller")
// Wait for the caches to be synced before starting workers
klog.Info("Waiting for informer caches to sync")
if ok := cache.WaitForCacheSync(stopCh, c.secretSynced, c.etcdinspectionSynced); !ok {
return fmt.Errorf("failed to wait for caches to sync")
}
klog.Info("Starting workers")
// Launch two workers to process etcdinspection resources
for i := 0; i < threadiness; i++ {
go wait.Until(c.runWorker, time.Second, stopCh)
}
go func() {
err := http.ListenAndServe(":9090", NewInspectionControllerMetric())
if err != nil {
klog.Errorf("listenAndServer error is %v", err)
}
}()
klog.Info("Started workers")
<-stopCh
klog.Info("Shutting down workers")
return nil
}
// runWorker is a long-running function that will continually call the
// processNextWorkItem function in order to read and process a message on the
// workqueue.
func (c *InspectionController) runWorker() {
for c.processNextWorkItem() {
}
}
// processNextWorkItem will read a single work item off the workqueue and
// attempt to process it, by calling the syncHandler.
func (c *InspectionController) processNextWorkItem() bool {
obj, shutdown := c.workqueue.Get()
if shutdown {
return false
}
// We wrap this block in a func so we can defer c.workqueue.Done.
err := util.ProcessWorkQueue(c.workqueue, c.syncHandler, obj)
if err != nil {
utilruntime.HandleError(err)
return true
}
return true
}
func (c *InspectionController) doClusterInspection(key string) error {
// Convert the namespace/name string into a distinct namespace and name
namespace, name, err := cache.SplitMetaNamespaceKey(key)
if err != nil {
utilruntime.HandleError(fmt.Errorf("invalid resource key: %s", key))
return nil
}
// Get the etcdinspection resource with this namespace/name
etcdinspection, err := c.etcdinspectionLister.EtcdInspections(namespace).Get(name)
if err != nil {
// The etcdinspection resource may no longer exist, in which case we stop
// processing.
if errors.IsNotFound(err) {
utilruntime.HandleError(fmt.Errorf("etcdinspection '%s' in work queue no longer exists", key))
return nil
}
return err
}
return c.doInspectionTask(etcdinspection)
}
// enqueueEtcdInspection takes a etcdinspection resource and converts it into a namespace/name
// string which is then put onto the work queue. This method should *not* be
// passed resources of any type other than etcdinspection.
func (c *InspectionController) enqueueEtcdInspection(obj interface{}) {
var key string
var err error
if key, err = cache.MetaNamespaceKeyFunc(obj); err != nil {
utilruntime.HandleError(err)
return
}
c.workqueue.Add(key)
}
func (c *InspectionController) GetInspectionFeatureProvider(name string) (featureprovider.Feature, error) {
ctx := &featureprovider.FeatureContext{
ClientBuilder: c.clientbuilder,
ClientConfigGetter: c.clientConfigGetter,
}
feature, err := featureprovider.GetFeatureProvider(name, ctx)
if err != nil {
return nil, err
}
return feature, nil
}
func (c *InspectionController) doInspectionTask(etcdinspection *kstonev1alpha2.EtcdInspection) error {
inspectionType := etcdinspection.Spec.InspectionType
feature, err := c.GetInspectionFeatureProvider(inspectionType)
if err != nil {
return err
}
return feature.Do(etcdinspection)
}
================================================
FILE: pkg/controllers/util/util.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package util
import (
"fmt"
"reflect"
"testing"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/diff"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/client-go/dynamic"
clientset "k8s.io/client-go/kubernetes"
fake "k8s.io/client-go/kubernetes/fake"
restclient "k8s.io/client-go/rest"
core "k8s.io/client-go/testing"
"k8s.io/client-go/util/workqueue"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/k8s"
)
const (
ComponentEtcdClusterController = "etcdcluster-controller"
ComponentEtcdInspectionController = "etcdinspection-controller"
)
type EtcdClusterPhase string
const (
EtcdClusterCreating EtcdClusterPhase = "EtcdClusterCreating"
EtcdClusterUpdating EtcdClusterPhase = "EtcdClusterUpdating"
EtcdClusterUpdateStatus EtcdClusterPhase = "EtcdClusterUpdateStatus"
)
const (
ClusterTLSSecretName = "certName"
ClusterExtensionClientURL = "extClientURL"
)
type ClientBuilder interface {
ConfigOrDie() *restclient.Config
ClientOrDie() clientset.Interface
DynamicClientOrDie() dynamic.Interface
}
func NewSimpleClientBuilder(kubeconfig string) ClientBuilder {
builder := &simpleClientBuilder{
kubeconfig: kubeconfig,
}
return builder
}
type simpleClientBuilder struct {
kubeconfig string
}
func (s simpleClientBuilder) ConfigOrDie() *restclient.Config {
cfg, err := k8s.GetClientConfig(s.kubeconfig)
if err != nil {
klog.Fatal(err)
}
return cfg
}
func (s simpleClientBuilder) ClientOrDie() clientset.Interface {
clientConfig := s.ConfigOrDie()
client, err := clientset.NewForConfig(clientConfig)
if err != nil {
klog.Fatal(err)
}
return client
}
func (s simpleClientBuilder) DynamicClientOrDie() dynamic.Interface {
clientConfig := s.ConfigOrDie()
client, err := dynamic.NewForConfig(clientConfig)
if err != nil {
klog.Fatal(err)
}
return client
}
func NewFakeClientBuilder() ClientBuilder {
builder := &fakeClientBuilder{
client: fake.NewSimpleClientset([]runtime.Object{}...),
}
return builder
}
type fakeClientBuilder struct {
client *fake.Clientset
}
func (f fakeClientBuilder) ConfigOrDie() *restclient.Config {
// TODO: implement it and add controllers unit test
return nil
}
func (f fakeClientBuilder) ClientOrDie() clientset.Interface {
return f.client
}
func (f fakeClientBuilder) DynamicClientOrDie() dynamic.Interface {
// TODO: implement it and add controllers unit test
return nil
}
// CheckAction verifies that expected and actual actions are equal and both have
// same attached resources
func CheckAction(expected, actual core.Action, t *testing.T) {
if !(expected.Matches(actual.GetVerb(),
actual.GetResource().Resource) && actual.GetSubresource() == expected.GetSubresource()) {
t.Errorf("Expected\n\t%#v\ngot\n\t%#v", expected, actual)
return
}
if reflect.TypeOf(actual) != reflect.TypeOf(expected) {
t.Errorf("Action has wrong type. Expected: %t. Got: %t", expected, actual)
return
}
switch a := actual.(type) {
case core.CreateActionImpl:
e, _ := expected.(core.CreateActionImpl)
expObject := e.GetObject()
object := a.GetObject()
if !reflect.DeepEqual(expObject, object) {
t.Errorf("Action %s %s has wrong object\nDiff:\n %s",
a.GetVerb(), a.GetResource().Resource, diff.ObjectGoPrintSideBySide(expObject, object))
}
case core.UpdateActionImpl:
e, _ := expected.(core.UpdateActionImpl)
expObject := e.GetObject()
object := a.GetObject()
if !reflect.DeepEqual(expObject, object) {
t.Errorf("Action %s %s has wrong object\nDiff:\n %s",
a.GetVerb(), a.GetResource().Resource, diff.ObjectGoPrintSideBySide(expObject, object))
}
case core.PatchActionImpl:
e, _ := expected.(core.PatchActionImpl)
expPatch := e.GetPatch()
patch := a.GetPatch()
if !reflect.DeepEqual(expPatch, patch) {
t.Errorf("Action %s %s has wrong patch\nDiff:\n %s",
a.GetVerb(), a.GetResource().Resource, diff.ObjectGoPrintSideBySide(expPatch, patch))
}
default:
t.Errorf("Uncaptured Action %s %s, you should explicitly add a case to capture it",
actual.GetVerb(), actual.GetResource().Resource)
}
}
// ProcessWorkQueue handle item in queue, handle the result of syncHandler
func ProcessWorkQueue(
queue workqueue.RateLimitingInterface,
syncHandler func(eKey string) error,
obj interface{}) error {
defer queue.Done(obj)
var key string
var ok bool
if key, ok = obj.(string); !ok {
queue.Forget(obj)
utilruntime.HandleError(fmt.Errorf("expected string in workqueue but got %#v", obj))
return nil
}
if err := syncHandler(key); err != nil {
queue.AddRateLimited(key)
return fmt.Errorf("error syncing '%s': %s, requeuing", key, err.Error())
}
queue.Forget(obj)
klog.V(4).Infof("Successfully synced '%s'", key)
return nil
}
// FilterInformerActions filters list and watch actions for testing resources.
// Since list and watch don't change resource state we can filter it to lower
// nose level in our tests.
func FilterInformerActions(actions []core.Action, resourceName string) []core.Action {
ret := []core.Action{}
for _, action := range actions {
if len(action.GetNamespace()) == 0 &&
(action.Matches("list", resourceName) ||
action.Matches("watch", resourceName)) {
continue
}
ret = append(ret, action)
}
return ret
}
func CompareActions(t *testing.T, actions []core.Action, filteredActions []core.Action) {
for i, action := range filteredActions {
t.Logf("client action id %d,action info %+v", i, action)
if len(actions) < i+1 {
t.Errorf("%d unexpected filteredActions: %+v", len(filteredActions)-len(actions), filteredActions[i:])
break
}
expectedAction := actions[i]
CheckAction(expectedAction, action, t)
}
if len(actions) > len(filteredActions) {
t.Errorf(
"%d additional expected filteredActions:%+v",
len(actions)-len(filteredActions),
actions[len(filteredActions):],
)
}
}
================================================
FILE: pkg/etcd/client/cleint.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package client
import (
"tkestack.io/kstone/pkg/etcd"
)
// Member contains member info including v2 and v3
type Member struct {
ID string
Name string
PeerURLs []string
ClientURLs []string
Version string
IsLearner bool
Leader string
}
type VersionClient interface {
MemberList() ([]Member, error)
Status(endpoint string) (*Member, error)
Close()
}
type VersionContext struct {
Config *etcd.ClientConfig
}
================================================
FILE: pkg/etcd/client/version.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package client
import (
"errors"
"sync"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
type Factory func(cluster *VersionContext) (VersionClient, error)
var (
mutex sync.Mutex
providers = make(map[kstonev1alpha2.EtcdStorageBackend]Factory)
)
// RegisterEtcdClientFactory registers the specified etcd client
func RegisterEtcdClientFactory(name kstonev1alpha2.EtcdStorageBackend, factory Factory) {
mutex.Lock()
defer mutex.Unlock()
if _, found := providers[name]; found {
klog.V(2).Infof("etcdcluster provider %s was registered twice", name)
}
klog.V(2).Infof("register etcdCluster provider %s", name)
providers[name] = factory
}
// GetEtcdClientProvider gets the specified etcd client
func GetEtcdClientProvider(
name kstonev1alpha2.EtcdStorageBackend,
ctx *VersionContext,
) (VersionClient, error) {
mutex.Lock()
defer mutex.Unlock()
// compatible with existing clusters
if name == "" {
name = kstonev1alpha2.EtcdStorageV3
}
f, found := providers[name]
klog.V(1).Infof("get provider name %s,status:%t", name, found)
if !found {
return nil, errors.New("fatal error,etcd cluster provider not found")
}
return f(ctx)
}
================================================
FILE: pkg/etcd/client/versions/providers.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package versions
import (
_ "tkestack.io/kstone/pkg/etcd/client/versions/v2" // import etcd client of v2
_ "tkestack.io/kstone/pkg/etcd/client/versions/v3" // import etcd client of v3
)
================================================
FILE: pkg/etcd/client/versions/v2/client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package v2
import (
"context"
"fmt"
"net"
"net/http"
"github.com/coreos/etcd/pkg/transport"
clientv2 "go.etcd.io/etcd/client/v2"
klog "k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/etcd"
"tkestack.io/kstone/pkg/etcd/client"
)
type V2 struct {
ctx *client.VersionContext
cli *clientv2.Client
}
func (c *V2) MemberList() ([]client.Member, error) {
API := clientv2.NewMembersAPI(*c.cli)
rsp, err := API.List(context.Background())
if err != nil {
return nil, fmt.Errorf("load members err of endpoints:%s err:%s",
c.ctx.Config.Endpoints, err.Error())
}
members := make([]client.Member, 0)
for _, m := range rsp {
members = append(members, client.Member{
ID: m.ID,
Name: m.Name,
PeerURLs: m.PeerURLs,
ClientURLs: m.ClientURLs,
IsLearner: false,
})
}
return members, nil
}
func (c *V2) Status(endpoint string) (*client.Member, error) {
backend, err := etcd.NewEtcdHealthCheckBackend(etcd.HealthCheckHTTP)
if err != nil {
klog.Errorf("failed to get version backend,method %s,err is %v", etcd.HealthCheckHTTP, err)
return nil, err
}
config := c.ctx.Config
err = backend.Init(config.CaCert, config.Cert, config.Key, endpoint)
if err != nil {
klog.Errorf("failed to init version client,endpoint is %s,err is %v", endpoint, err)
return nil, err
}
defer backend.Close()
var version string
version, err = backend.Version()
if err != nil {
klog.Errorf("failed to version,endpoint is %s,err is %v", endpoint, err)
return nil, err
}
//get leader & memberID
stats, err := backend.Stats()
if err != nil {
return nil, err
}
return &client.Member{
ID: stats.ID,
Name: stats.Name,
Version: version,
Leader: stats.LeaderInfo.Leader,
}, nil
}
func (c *V2) Close() {}
func init() {
client.RegisterEtcdClientFactory(kstonev1alpha2.EtcdStorageV2,
func(ctx *client.VersionContext) (client.VersionClient, error) {
return initClient(ctx)
})
}
func newClientCfg(ctx *client.VersionContext) (*clientv2.Config, error) {
config := ctx.Config
cfg := &clientv2.Config{
Endpoints: config.Endpoints,
Username: config.Username,
Password: config.Password,
}
var cfgtls *transport.TLSInfo
tlsinfo := transport.TLSInfo{}
if ctx.Config.Cert != "" {
tlsinfo.CertFile = config.Cert
cfgtls = &tlsinfo
}
if config.Key != "" {
tlsinfo.KeyFile = config.Key
cfgtls = &tlsinfo
}
if config.CaCert != "" {
tlsinfo.TrustedCAFile = config.CaCert
cfgtls = &tlsinfo
}
if cfgtls != nil {
clientTLS, err := cfgtls.ClientConfig()
if err != nil {
return nil, err
}
cfg.Transport = &http.Transport{
Dial: (&net.Dialer{
Timeout: config.DialKeepAliveTimeout,
KeepAlive: config.DialKeepAliveTime,
}).Dial,
TLSHandshakeTimeout: config.DialTimeout,
TLSClientConfig: clientTLS,
MaxIdleConnsPerHost: 1,
DisableKeepAlives: true,
}
}
return cfg, nil
}
func initClient(ctx *client.VersionContext) (client.VersionClient, error) {
client := &V2{
ctx: ctx,
cli: nil,
}
cfg, err := newClientCfg(ctx)
if err != nil {
klog.Errorf("get new clientv2 cfg failed:%s", err)
return nil, err
}
cli, err := clientv2.New(*cfg)
if err != nil {
klog.Errorf("create new clientv2 failed:%s", err)
return nil, err
}
klog.V(2).Infof("init client ready of:%s", ctx.Config.Endpoints)
client.cli = &cli
return client, nil
}
================================================
FILE: pkg/etcd/client/versions/v3/client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package v3
import (
"strconv"
clientv3 "go.etcd.io/etcd/client/v3"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/etcd"
"tkestack.io/kstone/pkg/etcd/client"
)
type V3 struct {
ctx *client.VersionContext
cli *clientv3.Client
}
func (c *V3) MemberList() ([]client.Member, error) {
members := make([]client.Member, 0)
memberRsp, err := etcd.MemberList(c.cli)
if err != nil {
klog.Errorf("failed to get member list, endpoints is %s,err is %v", c.ctx.Config.Endpoints, err)
return members, err
}
for _, m := range memberRsp.Members {
members = append(members, client.Member{
ID: strconv.FormatUint(m.ID, 10),
Name: m.Name,
PeerURLs: m.PeerURLs,
ClientURLs: m.ClientURLs,
IsLearner: m.IsLearner,
})
}
return members, nil
}
func (c *V3) Status(endpoint string) (*client.Member, error) {
statusRsp, err := etcd.Status(c.ctx.Config.Endpoints[0], c.cli)
if err != nil {
return nil, err
}
return &client.Member{
Version: statusRsp.Version,
IsLearner: statusRsp.IsLearner,
Leader: strconv.FormatUint(statusRsp.Leader, 10),
}, nil
}
func (c *V3) Close() {
c.cli.Close()
}
func init() {
client.RegisterEtcdClientFactory(kstonev1alpha2.EtcdStorageV3,
func(ctx *client.VersionContext) (client.VersionClient, error) {
return initClient(ctx)
})
}
func initClient(ctx *client.VersionContext) (client.VersionClient, error) {
client := &V3{
ctx: ctx,
cli: nil,
}
var err error
client.cli, err = etcd.NewClientv3(ctx.Config)
if err != nil {
klog.Errorf("failed to get new etcd clientv3,err is %v ", err)
return nil, err
}
return client, nil
}
================================================
FILE: pkg/etcd/client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcd
import (
"context"
"errors"
"strings"
"time"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
listerscorev1 "k8s.io/client-go/listers/core/v1"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/controllers/util"
)
type ClientConfigGetter interface {
New(path string, sc string) (*ClientConfig, error)
}
type ClientConfigSecret struct {
kubeCli kubernetes.Interface
secretLister listerscorev1.SecretLister
secretGetter func(t *ClientConfigSecret, namespace, secretName string) (*v1.Secret, error)
}
type ClientConfig struct {
// Endpoints is a list of URLs.
Endpoints []string
// DialTimeout is the timeout for failing to establish a connection.
DialTimeout time.Duration
// DialKeepAliveTime is the time after which client pings the server to see if
// transport is alive.
DialKeepAliveTime time.Duration
// DialKeepAliveTimeout is the time that the client waits for a response for the
// keep-alive probe. If the response is not received in this time, the connection is closed.
DialKeepAliveTimeout time.Duration
// SecureConfig is secure config for authentication
SecureConfig
}
type SecureConfig struct {
// Cert is a cert for authentication.
Cert string
// Key is a key for authentication.
Key string
// CaCert is a CA cert for authentication.
CaCert string
// Username is a user name for authentication.
Username string
// Password is a password for authentication.
Password string
}
func NewClientConfigSecretGetter(clientBuilder util.ClientBuilder) *ClientConfigSecret {
return &ClientConfigSecret{
kubeCli: clientBuilder.ClientOrDie(),
secretGetter: Secret,
}
}
func NewClientConfigSecretCacheGetter(secretLister listerscorev1.SecretLister) *ClientConfigSecret {
return &ClientConfigSecret{
secretLister: secretLister,
secretGetter: SecretCache,
}
}
func (t *ClientConfigSecret) New(path string, sc string) (*ClientConfig, error) {
if sc == "" {
return &ClientConfig{}, nil
}
items := strings.Split(sc, "/")
paths := strings.Split(path, "/")
namespace := "default"
if len(paths) == 2 {
namespace = paths[0]
}
secretName := sc
if len(items) > 2 {
return nil, errors.New("invalid secretname")
} else if len(items) == 2 {
namespace = items[0]
secretName = items[1]
}
var secret *v1.Secret
var err error
secret, err = t.secretGetter(t, namespace, secretName)
if err != nil {
klog.Errorf("failed to get secret, namespace is %s, secret name is %s", namespace, secretName)
return nil, err
}
cert := secret.Data[CliCertFile]
key := secret.Data[CliKeyFile]
ca := secret.Data[CliCAFile]
username := secret.Data[CliUsername]
password := secret.Data[CliPassword]
caFile, certFile, keyFile, err := GetTLSConfigPath(path, cert, key, ca)
if err != nil {
klog.Errorf("failed to get tls config path, name %s,err is %v", secretName, err)
return nil, err
}
return &ClientConfig{
SecureConfig: SecureConfig{
CaCert: caFile,
Cert: certFile,
Key: keyFile,
Username: string(username),
Password: string(password),
},
}, nil
}
func SecretCache(t *ClientConfigSecret, namespace, secretName string) (*v1.Secret, error) {
return t.secretLister.Secrets(namespace).Get(secretName)
}
func Secret(t *ClientConfigSecret, namespace, secretName string) (*v1.Secret, error) {
return t.kubeCli.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, metav1.GetOptions{})
}
================================================
FILE: pkg/etcd/encoding.go
================================================
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package etcd
import (
"bytes"
"encoding/json"
"fmt"
"go.etcd.io/etcd/api/v3/mvccpb"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
jsonserializer "k8s.io/apimachinery/pkg/runtime/serializer/json"
klog "k8s.io/klog/v2"
kubectlScheme "k8s.io/kubectl/pkg/scheme"
"sigs.k8s.io/yaml"
)
const (
StorageBinaryMediaType = "application/vnd.kubernetes.storagebinary"
ProtobufMediaType = "application/vnd.kubernetes.protobuf"
YamlMediaType = "application/yaml"
JSONMediaType = "application/json"
ProtobufShortname = "proto"
YamlShortname = "yaml"
JSONShortname = "json"
)
// ProtoEncodingPrefix ... see k8s.io/apimachinery/pkg/runtime/serializer/protobuf.go
var ProtoEncodingPrefix = []byte{0x6b, 0x38, 0x73, 0x00}
var MediaTypeList = []string{JSONMediaType, YamlMediaType}
var MediaTypeMap = map[string]string{
"raw": StorageBinaryMediaType,
ProtobufShortname: ProtobufMediaType,
YamlShortname: YamlMediaType,
JSONShortname: JSONMediaType,
StorageBinaryMediaType: "raw",
ProtobufMediaType: ProtobufShortname,
YamlMediaType: YamlShortname,
JSONMediaType: JSONShortname,
}
var Codecs = kubectlScheme.Codecs
// ConvertToData converts content input to data with inMediaType
func ConvertToData(inMediaType string, in []byte) (map[string]string, error) {
data := make(map[string]string)
for _, outMediaType := range MediaTypeList {
if inMediaType == StorageBinaryMediaType && outMediaType == ProtobufMediaType {
data[MediaTypeMap[outMediaType]] = DecodeRawToString(in)
continue
}
if inMediaType == ProtobufMediaType && outMediaType == StorageBinaryMediaType {
return nil, fmt.Errorf("unsupported conversion: protobuf to kubernetes binary storage representation")
}
typeMeta, err := decodeTypeMeta(inMediaType, in)
if err != nil {
return nil, err
}
var encoded []byte
if inMediaType == outMediaType {
// Assumes that the stored version is "correct". Primarily a short cut to allow CRDs to work.
encoded = in
if outMediaType == JSONMediaType {
encoded = append(encoded, '\n')
}
} else {
inCodec, err := newCodec(typeMeta, inMediaType)
if err != nil {
return nil, err
}
outCodec, err := newCodec(typeMeta, outMediaType)
if err != nil {
return nil, err
}
obj, err := runtime.Decode(inCodec, in)
if err != nil {
return nil, fmt.Errorf("error decoding from %s: %s", inMediaType, err)
}
encoded, err = runtime.Encode(outCodec, obj)
if err != nil {
return nil, fmt.Errorf("error encoding to %s: %s", outMediaType, err)
}
}
data[MediaTypeMap[outMediaType]] = string(encoded)
}
return data, nil
}
// DetectAndExtract searches the start of either json of protobuf data, and, if found, returns the mime type and data.
func DetectAndExtract(in []byte) (string, []byte, error) {
if pb, ok := tryFindProto(in); ok {
return StorageBinaryMediaType, pb, nil
}
if rawJs, ok := tryFindJSON(in); ok {
js, err := rawJs.MarshalJSON()
if err != nil {
return "", nil, err
}
return JSONMediaType, js, nil
}
return "", nil, fmt.Errorf("error reading input, does not appear to contain valid JSON or binary data")
}
// tryFindProto searches for the 'k8s\0' prefix, and, if found, returns the data starting with the prefix.
func tryFindProto(in []byte) ([]byte, bool) {
i := bytes.Index(in, ProtoEncodingPrefix)
if i >= 0 && i < len(in) {
return in[i:], true
}
return nil, false
}
const jsonStartChars = "{["
// tryFindJSON searches for the start of a valid json substring, and, if found, returns the json.
func tryFindJSON(in []byte) (*json.RawMessage, bool) {
var js json.RawMessage
i := bytes.IndexAny(in, jsonStartChars)
for i >= 0 && i < len(in) {
in = in[i:]
if len(in) < 2 {
break
}
err := json.Unmarshal(in, &js)
if err == nil {
return &js, true
}
in = in[1:]
i = bytes.IndexAny(in, jsonStartChars)
}
return nil, false
}
// DecodeRawToString decodes the raw payload bytes contained within the 'Unknown' protobuf envelope of
// the given storage data.
func DecodeRawToString(in []byte) string {
unknown, err := DecodeUnknown(in)
if err != nil {
return ""
}
return string(unknown.Raw)
}
// DecodeUnknown decodes the Unknown protobuf type from the given storage data.
func DecodeUnknown(in []byte) (*runtime.Unknown, error) {
if len(in) < 4 {
return nil, fmt.Errorf("input too short, expected 4 byte proto encoding prefix but got %v", in)
}
if !bytes.Equal(in[:4], ProtoEncodingPrefix) {
return nil, fmt.Errorf("first 4 bytes %v, do not match proto encoding prefix of %v", in[:4], ProtoEncodingPrefix)
}
data := in[4:]
unknown := &runtime.Unknown{}
if err := unknown.Unmarshal(data); err != nil {
return nil, err
}
return unknown, nil
}
// newCodec creates a new kubernetes storage codec for encoding and decoding persisted data.
func newCodec(typeMeta *runtime.TypeMeta, mediaType string) (runtime.Codec, error) {
// For api machinery purposes, we treat StorageBinaryMediaType as ProtobufMediaType
if mediaType == StorageBinaryMediaType {
mediaType = ProtobufMediaType
}
mediaTypes := Codecs.SupportedMediaTypes()
info, ok := runtime.SerializerInfoForMediaType(mediaTypes, mediaType)
if !ok {
if len(mediaTypes) == 0 {
return nil, fmt.Errorf("no serializers registered for %v", mediaTypes)
}
info = mediaTypes[0]
}
gv, err := schema.ParseGroupVersion(typeMeta.APIVersion)
if err != nil {
return nil, fmt.Errorf("unable to parse meta APIVersion '%s': %s", typeMeta.APIVersion, err)
}
encoder := Codecs.EncoderForVersion(info.Serializer, gv)
decoder := Codecs.DecoderToVersion(info.Serializer, gv)
codec := Codecs.CodecForVersions(encoder, decoder, gv, gv)
return codec, nil
}
// decodeTypeMeta gets the TypeMeta from the given data, either as JSON or Protobuf.
func decodeTypeMeta(inMediaType string, in []byte) (*runtime.TypeMeta, error) {
switch inMediaType {
case JSONMediaType:
return typeMetaFromJSON(in)
case StorageBinaryMediaType:
return typeMetaFromBinaryStorage(in)
case YamlMediaType:
return typeMetaFromYaml(in)
default:
return nil, fmt.Errorf("unsupported inMediaType %s", inMediaType)
}
}
// typeMetaFromJSON generates type for json
func typeMetaFromJSON(in []byte) (*runtime.TypeMeta, error) {
var meta runtime.TypeMeta
err := json.Unmarshal(in, &meta)
if err != nil {
return nil, err
}
return &meta, nil
}
// typeMetaFromBinaryStorage generates type for binary storage
func typeMetaFromBinaryStorage(in []byte) (*runtime.TypeMeta, error) {
unknown, err := DecodeUnknown(in)
if err != nil {
return nil, err
}
return &unknown.TypeMeta, nil
}
// typeMetaFromYaml generates type for yaml
func typeMetaFromYaml(in []byte) (*runtime.TypeMeta, error) {
var meta runtime.TypeMeta
err := yaml.Unmarshal(in, &meta)
if err != nil {
return nil, err
}
return &meta, nil
}
// ConvertToJSON converts kv to json string
func ConvertToJSON(kv *mvccpb.KeyValue) string {
decoder := kubectlScheme.Codecs.UniversalDeserializer()
encoder := jsonserializer.NewSerializer(
jsonserializer.DefaultMetaFactory,
kubectlScheme.Scheme,
kubectlScheme.Scheme,
false,
)
objJSON := &bytes.Buffer{}
obj, _, err := decoder.Decode(kv.Value, nil, nil)
if err != nil {
klog.Errorf("WARN: error decoding value %s: %v", string(kv.Value), err)
return string(kv.Value)
}
objJSON.Reset()
if err := encoder.Encode(obj, objJSON); err != nil {
klog.Errorf("WARN: error encoding object %#v as JSON: %v", obj, err)
return string(kv.Value)
}
return objJSON.String()
}
================================================
FILE: pkg/etcd/health.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcd
import (
"crypto/tls"
"crypto/x509"
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"net/http"
"time"
klog "k8s.io/klog/v2"
)
type Health interface {
// Init creates etcd healthcheck client
Init(ca, cert, key, endpoint string) error
// IsHealthy checks etcd health info
IsHealthy() error
// Version returns etcd version
Version() (string, error)
// Stats returns etcd status
Stats() (*Stats, error)
// Close closes etcd healthcheck client
Close() error
}
type HealthCheckMethod string
const (
HealthCheckHTTP HealthCheckMethod = "http"
HealthCheckEtcdctl HealthCheckMethod = "etcdctl"
)
// HealthCheckHTTPClient struct of etcd healthcheck client
type HealthCheckHTTPClient struct {
method HealthCheckMethod
cli *http.Client
endpoint string
}
// NewEtcdHealthCheckBackend generates etcd healthcheck client
func NewEtcdHealthCheckBackend(method HealthCheckMethod) (Health, error) {
if method == HealthCheckHTTP {
return &HealthCheckHTTPClient{method: HealthCheckHTTP}, nil
}
return nil, errors.New("invalid health check method")
}
// Init creates etcd healthcheck client
func (c *HealthCheckHTTPClient) Init(ca, cert, key, endpoint string) error {
c.endpoint = endpoint
tr := &http.Transport{}
tr.MaxIdleConns = 1
tr.DisableKeepAlives = true
if ca != "" && cert != "" && key != "" {
caCert, err := ioutil.ReadFile(ca)
if err != nil {
return err
}
keyPair, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
return err
}
caPool := x509.NewCertPool()
caPool.AppendCertsFromPEM(caCert)
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{keyPair},
RootCAs: caPool,
}
tlsConfig.BuildNameToCertificate()
tlsConfig.InsecureSkipVerify = true
tr.TLSClientConfig = tlsConfig
}
c.cli = &http.Client{Transport: tr, Timeout: time.Second * 3}
return nil
}
// etcdHealth encodes data returned from etcd /healthz handler.
type etcdHealth struct {
// Note this has to be public so the json library can modify it.
Health string `json:"health"`
}
// etcdHealthCheck decodes data returned from etcd /healthz handler.
func (c *HealthCheckHTTPClient) etcdHealthCheck(data []byte) error {
obj := etcdHealth{}
if err := json.Unmarshal(data, &obj); err != nil {
return err
}
if obj.Health != "true" {
klog.Warningf("etcd is not healthy,endpoint is %s", c.endpoint)
return fmt.Errorf("Unhealthy status: %s", obj.Health)
}
return nil
}
// IsHealthy returns etcd healthy info by access etcd endpoint
func (c *HealthCheckHTTPClient) IsHealthy() error {
target := fmt.Sprintf("%s/health", c.endpoint)
resp, err := c.cli.Get(target)
if err != nil {
klog.Errorf("failed to check etcd healthy,err is %v", err)
return err
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
return c.etcdHealthCheck(body)
}
func (c *HealthCheckHTTPClient) GetByAPI(path string) ([]byte, error) {
target := fmt.Sprintf("%s/%s", c.endpoint, path)
resp, err := c.cli.Get(target)
if err != nil {
klog.Errorf("failed to check etcd healthy,err is %v", err)
return make([]byte, 0), err
}
defer resp.Body.Close()
return ioutil.ReadAll(resp.Body)
}
type Version struct {
EtcdServer string `json:"etcdserver"`
}
func (c *HealthCheckHTTPClient) Version() (string, error) {
body, err := c.GetByAPI("version")
if err != nil {
return "", fmt.Errorf("send request failed:%s", err.Error())
}
var version Version
err = json.Unmarshal(body, &version)
if err != nil {
return "", fmt.Errorf("version result json failed:%s, body:%s", err.Error(), string(body))
}
return version.EtcdServer, nil
}
type Stats struct {
Name string `json:"name"`
ID string `json:"id"`
LeaderInfo struct {
Leader string `json:"leader"`
} `json:"leaderInfo"`
}
func (c *HealthCheckHTTPClient) Stats() (*Stats, error) {
body, err := c.GetByAPI("v2/stats/self")
if err != nil {
return nil, fmt.Errorf("send request failed:%s", err.Error())
}
var stats Stats
err = json.Unmarshal(body, &stats)
if err != nil {
return nil, fmt.Errorf("version result json failed:%s, body:%s", err.Error(), string(body))
}
return &stats, nil
}
// Close closes etcd healthcheck client
func (c *HealthCheckHTTPClient) Close() error {
return nil
}
================================================
FILE: pkg/etcd/helper.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcd
import (
"context"
"fmt"
"io/ioutil"
"net"
"net/http"
"os/exec"
"path/filepath"
"strings"
"time"
"go.etcd.io/etcd/client/pkg/v3/transport"
clientv2 "go.etcd.io/etcd/client/v2"
clientv3 "go.etcd.io/etcd/client/v3"
klog "k8s.io/klog/v2"
)
const (
DefaultDialTimeout = 3 * time.Second
DefaultCommandTimeOut = 10 * time.Second
DefaultKeepAliveTime = 10 * time.Second
DefaultKeepAliveTimeOut = 30 * time.Second
CliCertFile = "client.pem"
CliKeyFile = "client-key.pem"
CliCAFile = "ca.pem"
CliUsername = "username"
CliPassword = "password"
)
// NewClientv3 generates etcd client v3
func NewClientv3(config *ClientConfig) (*clientv3.Client, error) {
setDefaultConfig(config)
cfg, err := newClientv3Config(config)
if err != nil {
klog.Errorf("get new clientv3 cfg failed:%s", err)
return nil, err
}
client, err := clientv3.New(*cfg)
if err != nil {
klog.Errorf("create new clientv3 failed:%s", err)
return nil, err
}
return client, nil
}
func setDefaultConfig(config *ClientConfig) {
if config.DialTimeout == 0 {
config.DialTimeout = DefaultDialTimeout
}
if config.DialKeepAliveTime == 0 {
config.DialKeepAliveTime = DefaultKeepAliveTime
}
if config.DialKeepAliveTimeout == 0 {
config.DialKeepAliveTimeout = DefaultKeepAliveTimeOut
}
}
// newClientv3Config generates config of etcd client v3
func newClientv3Config(config *ClientConfig) (*clientv3.Config, error) {
cfg := &clientv3.Config{
Endpoints: config.Endpoints,
DialTimeout: config.DialTimeout,
DialKeepAliveTime: config.DialKeepAliveTime,
DialKeepAliveTimeout: config.DialKeepAliveTimeout,
Username: config.Username,
Password: config.Password,
}
// set tls if any one tls option set
var cfgtls *transport.TLSInfo
tlsinfo := transport.TLSInfo{}
if config.Cert != "" {
tlsinfo.CertFile = config.Cert
cfgtls = &tlsinfo
}
if config.Key != "" {
tlsinfo.KeyFile = config.Key
cfgtls = &tlsinfo
}
if config.CaCert != "" {
tlsinfo.TrustedCAFile = config.CaCert
cfgtls = &tlsinfo
}
if cfgtls != nil {
clientTLS, err := cfgtls.ClientConfig()
if err != nil {
return nil, err
}
cfg.TLS = clientTLS
cfg.TLS.InsecureSkipVerify = true
}
return cfg, nil
}
// MemberList gets etcd members
func MemberList(cli *clientv3.Client) (*clientv3.MemberListResponse, error) {
ctx, cancel := context.WithTimeout(context.Background(), DefaultDialTimeout)
defer cancel()
rsp, err := cli.MemberList(ctx)
if err != nil {
klog.Errorf("failed to get member list,err is %v", err)
return nil, err
}
klog.V(6).Infof("get member list succ,resp info %v", rsp)
return rsp, err
}
// Status returns new status
func Status(endpoint string, cli *clientv3.Client) (*clientv3.StatusResponse, error) {
ctx, cancel := context.WithTimeout(context.Background(), DefaultDialTimeout)
defer cancel()
return cli.Status(ctx, endpoint)
}
// writeFile writes []bytes to file
func writeFile(dir, file string, data []byte) (string, error) {
p := filepath.Join(dir, file)
return p, ioutil.WriteFile(p, data, 0600)
}
func GetTLSConfigPath(clusterName string, certData, keyData, caData []byte) (string, string, string, error) {
// empty tlsFiles, return ""
if len(certData) == 0 || len(keyData) == 0 || len(caData) == 0 {
return "", "", "", nil
}
dir, err := ioutil.TempDir("", strings.ReplaceAll(clusterName, "/", "_"))
if err != nil {
return "", "", "", err
}
certFile, err := writeFile(dir, CliCertFile, certData)
if err != nil {
return "", "", "", err
}
keyFile, err := writeFile(dir, CliKeyFile, keyData)
if err != nil {
return "", "", "", err
}
caFile, err := writeFile(dir, CliCAFile, caData)
if err != nil {
return "", "", "", err
}
return caFile, certFile, keyFile, nil
}
func AddMemberWithCmd(isLearner bool, endpoints, peerURL, ca, cert, key string) error {
args := make([]string, 0)
if ca != "" && cert != "" && key != "" {
args = append(args, fmt.Sprintf("--cacert=%s", ca))
args = append(args, fmt.Sprintf("--cert=%s", cert))
args = append(args, fmt.Sprintf("--key=%s", key))
}
endpointsStr := fmt.Sprintf("--endpoints=%s", endpoints)
peerUlrStr := fmt.Sprintf("--peer-urls=%s", peerURL)
isLearnerStr := fmt.Sprintf("--learner=%v", isLearner)
name := strings.Split(strings.Split(peerURL, ":")[1], "/")[2]
args = append(args, endpointsStr)
args = append(args, "member")
args = append(args, "add")
args = append(args, name)
args = append(args, peerUlrStr)
args = append(args, isLearnerStr)
cmd := exec.Command("etcdctl", args...)
output, err := cmd.Output()
if err != nil {
fmt.Printf("Execute Shell:%s failed with error:%s", cmd, err.Error())
return err
}
fmt.Printf("Execute Shell:%s finished with output:\n%s", cmd, string(output))
return nil
}
// MemberHealthy checks healthy of member
func MemberHealthy(endpoint string, cli *ClientConfig) (bool, error) {
backend, err := NewEtcdHealthCheckBackend(HealthCheckHTTP)
if err != nil {
klog.Errorf("failed to get healthcheck backend,method %s,err is %v", HealthCheckHTTP, err)
return false, err
}
err = backend.Init(cli.CaCert, cli.Cert, cli.Key, endpoint)
if err != nil {
klog.Errorf("failed to init healthcheck client,endpoint is %s,err is %v", endpoint, err)
return false, err
}
defer backend.Close()
err = backend.IsHealthy()
if err != nil {
klog.Errorf("unhealthy,endpoint is %s,err is %v", endpoint, err)
return false, nil
}
return true, nil
}
func NewShortConnectionClientv2(config *ClientConfig) (*clientv2.Client, error) {
setDefaultConfig(config)
cfg, err := newClientv2Config(config)
if err != nil {
klog.Errorf("get new clientv2 cfg failed:%s", err)
return nil, err
}
client, err := clientv2.New(*cfg)
if err != nil {
klog.Errorf("create new clientv2 failed:%s", err)
return nil, err
}
return &client, nil
}
// newClientv2Config generates config of etcd client v2
func newClientv2Config(config *ClientConfig) (*clientv2.Config, error) {
tr, err := getTransport(config.DialTimeout, DefaultCommandTimeOut, config.SecureConfig, true)
if err != nil {
return nil, err
}
return &clientv2.Config{
Transport: tr,
Endpoints: config.Endpoints,
HeaderTimeoutPerRequest: config.DialTimeout,
Username: config.Username,
Password: config.Password,
}, nil
}
// getTransport gets *http.Transport
func getTransport(dialTimeout, totalTimeout time.Duration, scfg SecureConfig, short bool) (*http.Transport, error) {
cafile := scfg.CaCert
certfile := scfg.Cert
keyfile := scfg.Key
tls := transport.TLSInfo{
CertFile: certfile,
KeyFile: keyfile,
TrustedCAFile: cafile,
InsecureSkipVerify: true,
}
if totalTimeout != 0 && totalTimeout < dialTimeout {
dialTimeout = totalTimeout
}
if !short {
return transport.NewTransport(tls, dialTimeout)
}
config, err := tls.ClientConfig()
if err != nil {
klog.Errorf("failed to get etcd server config,err is %v", err)
return nil, err
}
return &http.Transport{
Dial: (&net.Dialer{
Timeout: DefaultDialTimeout,
KeepAlive: DefaultKeepAliveTime,
}).Dial,
TLSHandshakeTimeout: DefaultDialTimeout,
TLSClientConfig: config,
MaxIdleConnsPerHost: 1,
DisableKeepAlives: true,
}, nil
}
// AlarmList list etcd alarm
func AlarmList(cli *clientv3.Client) (*clientv3.AlarmResponse, error) {
ctx, cancel := context.WithTimeout(context.Background(), DefaultDialTimeout)
defer cancel()
rsp, err := cli.AlarmList(ctx)
if err != nil {
klog.Errorf("failed list etcd alarm,err is %v", err)
return rsp, err
}
klog.V(6).Infof("list etcd alarm succ,resp info %v", rsp)
return rsp, err
}
================================================
FILE: pkg/etcd/stats.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package etcd
import (
"context"
"errors"
clientv2 "go.etcd.io/etcd/client/v2"
clientv3 "go.etcd.io/etcd/client/v3"
"k8s.io/klog/v2"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
)
const (
EtcdV2Backend = "v2"
EtcdV3Backend = "v3"
)
type Stat interface {
// Init create etcd client
Init(config *ClientConfig) error
// GetTotalKeyNum counts the number of total keys
GetTotalKeyNum(ctx context.Context, keyPrefix string) (uint64, error)
// GetIndex gets the etcd metadata index
GetIndex(ctx context.Context, endpoint string) (map[featureutil.ConsistencyType]uint64, error)
// Close close etcd client
Close() error
}
type StatV3 struct {
backendName string
cli *clientv3.Client
}
type StatV2 struct {
backendName string
cli *clientv2.Client
}
func NewEtcdStatBackend(storageBackend string) (Stat, error) {
if storageBackend == EtcdV2Backend {
return &StatV2{backendName: storageBackend}, nil
} else if storageBackend == EtcdV3Backend {
return &StatV3{backendName: storageBackend}, nil
} else {
return nil, errors.New("invalid storageBackend")
}
}
func (c *StatV3) Init(config *ClientConfig) error {
var err error
c.cli, err = NewClientv3(config)
if err != nil {
return err
}
return nil
}
func (c *StatV3) GetTotalKeyNum(ctx context.Context, keyPrefix string) (uint64, error) {
rsp, err := c.cli.Get(ctx, keyPrefix, clientv3.WithPrefix(), clientv3.WithCountOnly())
if err != nil {
klog.Errorf("failed to get etcdcluster total key num,err is %v", err)
return 0, err
}
totalKeyNum := rsp.Count
klog.V(2).Infof("finished to get etcdcluster total key num %d", totalKeyNum)
return uint64(totalKeyNum), nil
}
func (c *StatV3) GetIndex(ctx context.Context, endpoint string) (map[featureutil.ConsistencyType]uint64, error) {
metadata := make(map[featureutil.ConsistencyType]uint64, 4)
statusRsp, err := c.cli.Status(ctx, endpoint)
if err != nil {
klog.Errorf("failed to get etcdcluster index,err is %v", err)
return nil, err
}
metadata[featureutil.ConsistencyRevision] = uint64(statusRsp.Header.Revision)
metadata[featureutil.ConsistencyRaftRaftAppliedIndex] = statusRsp.RaftAppliedIndex
metadata[featureutil.ConsistencyRaftIndex] = statusRsp.RaftIndex
return metadata, nil
}
func (c *StatV3) Close() error {
return c.cli.Close()
}
func (c *StatV2) Init(config *ClientConfig) error {
var err error
c.cli, err = NewShortConnectionClientv2(config)
if err != nil {
return err
}
return nil
}
func (c *StatV2) GetTotalKeyNum(ctx context.Context, keyPrefix string) (uint64, error) {
api := clientv2.NewKeysAPI(*c.cli)
// Note that in order to avoid affecting performance, only some keys are counted.
rsp, err := api.Get(ctx, keyPrefix, &clientv2.GetOptions{Recursive: false, Sort: true, Quorum: true})
if err != nil {
klog.Errorf("failed to get etcdcluster total key num,err is %v", err)
return 0, err
}
totalKeyNum := uint64(len(rsp.Node.Nodes))
klog.V(2).Infof("finished to get etcdcluster total key num %d,index is %d", totalKeyNum, rsp.Index)
return totalKeyNum, nil
}
func (c *StatV2) GetIndex(ctx context.Context, endpoint string) (map[featureutil.ConsistencyType]uint64, error) {
metadata := make(map[featureutil.ConsistencyType]uint64, 4)
api := clientv2.NewKeysAPI(*c.cli)
rsp, err := api.Get(ctx, "", &clientv2.GetOptions{Recursive: false, Sort: true, Quorum: true})
if err != nil {
klog.Errorf("failed to get etcdcluster index,err is %v", err)
return nil, err
}
klog.V(2).Infof("finish to get etcdcluster index,%d", rsp.Index)
metadata[featureutil.ConsistencyIndex] = rsp.Index
metadata[featureutil.ConsistencyRaftRaftAppliedIndex] = 0
metadata[featureutil.ConsistencyRaftIndex] = 0
return metadata, nil
}
func (c *StatV2) Close() error {
return nil
}
================================================
FILE: pkg/featureprovider/feature.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package featureprovider
import (
"tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
)
// Feature is an abstract, pluggable interface for cluster features.
type Feature interface {
// Equal checks whether the feature needs to be updated
Equal(cluster *v1alpha2.EtcdCluster) bool
// Sync synchronizes the latest feature configuration
Sync(cluster *v1alpha2.EtcdCluster) error
// Do executes inspection tasks.
Do(task *v1alpha2.EtcdInspection) error
}
type FeatureContext struct {
ClientBuilder util.ClientBuilder
ClientConfigGetter etcd.ClientConfigGetter
}
================================================
FILE: pkg/featureprovider/plugins.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package featureprovider
import (
"errors"
"sync"
"k8s.io/klog/v2"
)
var (
mutex sync.Mutex
EtcdFeatureProviders = make(map[string]FeatureFactory)
)
type FeatureFactory func(cfg *FeatureContext) (Feature, error)
// RegisterFeatureFactory registers the specified feature provider
func RegisterFeatureFactory(name string, factory FeatureFactory) {
mutex.Lock()
defer mutex.Unlock()
if _, found := EtcdFeatureProviders[name]; found {
klog.V(2).Infof("feature provider:%s was registered twice", name)
}
klog.V(2).Infof("feature provider:%s", name)
EtcdFeatureProviders[name] = factory
}
// GetFeatureProvider gets the specified feature provider
func GetFeatureProvider(name string, ctx *FeatureContext) (Feature, error) {
mutex.Lock()
defer mutex.Unlock()
f, found := EtcdFeatureProviders[name]
klog.V(1).Infof("get provider name %s,status:%t", name, found)
if !found {
return nil, errors.New("fatal error,feature provider not found")
}
return f(ctx)
}
// ListFeatureProvider lists all feature provider
func ListFeatureProvider() []string {
var features []string
mutex.Lock()
defer mutex.Unlock()
for feature := range EtcdFeatureProviders {
features = append(features, feature)
}
return features
}
================================================
FILE: pkg/featureprovider/providers/alarm/alarm.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package alarm
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/featureprovider"
"tkestack.io/kstone/pkg/inspection"
)
const (
ProviderName = string(kstonev1alpha2.KStoneFeatureAlarm)
)
var (
once sync.Once
instance *FeatureAlarm
)
type FeatureAlarm struct {
name string
inspection *inspection.Server
ctx *featureprovider.FeatureContext
}
func init() {
featureprovider.RegisterFeatureFactory(
ProviderName,
func(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
return initFeatureAlarmInstance(ctx)
},
)
}
func initFeatureAlarmInstance(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
var err error
once.Do(func() {
instance = &FeatureAlarm{
name: ProviderName,
ctx: ctx,
}
instance.inspection, err = inspection.NewInspectionServer(ctx)
})
return instance, err
}
func (c *FeatureAlarm) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
return c.inspection.Equal(cluster, kstonev1alpha2.KStoneFeatureAlarm)
}
func (c *FeatureAlarm) Sync(cluster *kstonev1alpha2.EtcdCluster) error {
return c.inspection.Sync(cluster, kstonev1alpha2.KStoneFeatureAlarm)
}
func (c *FeatureAlarm) Do(inspection *kstonev1alpha2.EtcdInspection) error {
return c.inspection.CollectAlarmList(inspection)
}
================================================
FILE: pkg/featureprovider/providers/backup/backup.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package backup
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/backup"
"tkestack.io/kstone/pkg/featureprovider"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
)
const (
ProviderName = string(kstonev1alpha2.KStoneFeatureBackup)
)
var (
once sync.Once
instance *FeatureBackup
)
type FeatureBackup struct {
name string
backupSvr *backup.Server
ctx *featureprovider.FeatureContext
}
func init() {
featureprovider.RegisterFeatureFactory(
ProviderName,
func(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
return initFeatureBackupInstance(ctx)
},
)
}
func initFeatureBackupInstance(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
var err error
once.Do(func() {
instance = &FeatureBackup{
name: ProviderName,
ctx: ctx,
}
instance.backupSvr, err = backup.NewBackupServer(ctx.ClientBuilder)
})
return instance, err
}
func (bak *FeatureBackup) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
if !featureutil.IsFeatureGateEnabled(cluster.ObjectMeta.Annotations, kstonev1alpha2.KStoneFeatureBackup) {
if cluster.Status.FeatureGatesStatus[kstonev1alpha2.KStoneFeatureBackup] != featureutil.FeatureStatusDisabled {
return bak.backupSvr.CheckEqualIfDisabled(cluster)
}
return true
}
return bak.backupSvr.CheckEqualIfEnabled(cluster)
}
func (bak *FeatureBackup) Sync(cluster *kstonev1alpha2.EtcdCluster) error {
if !featureutil.IsFeatureGateEnabled(cluster.ObjectMeta.Annotations, kstonev1alpha2.KStoneFeatureBackup) {
return bak.backupSvr.CleanBackup(cluster)
}
return bak.backupSvr.SyncBackup(cluster)
}
func (bak *FeatureBackup) Do(inspection *kstonev1alpha2.EtcdInspection) error {
return nil
}
================================================
FILE: pkg/featureprovider/providers/backupcheck/backupcheck.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package backupcheck
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/featureprovider"
"tkestack.io/kstone/pkg/inspection"
)
var (
once sync.Once
instance *FeatureBackupCheck
)
type FeatureBackupCheck struct {
name string
inspection *inspection.Server
ctx *featureprovider.FeatureContext
}
const (
ProviderName = string(kstonev1alpha2.KStoneFeatureBackupCheck)
)
func init() {
featureprovider.RegisterFeatureFactory(
ProviderName,
func(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
return initFeatureBackupCheckInstance(ctx)
},
)
}
func initFeatureBackupCheckInstance(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
var err error
once.Do(func() {
instance = &FeatureBackupCheck{
name: ProviderName,
ctx: ctx,
}
instance.inspection, err = inspection.NewInspectionServer(ctx)
})
return instance, err
}
func (c *FeatureBackupCheck) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
return c.inspection.Equal(cluster, kstonev1alpha2.KStoneFeatureBackupCheck)
}
func (c *FeatureBackupCheck) Sync(cluster *kstonev1alpha2.EtcdCluster) error {
return c.inspection.Sync(cluster, kstonev1alpha2.KStoneFeatureBackupCheck)
}
func (c *FeatureBackupCheck) Do(inspection *kstonev1alpha2.EtcdInspection) error {
return c.inspection.StatBackupFiles(inspection)
}
================================================
FILE: pkg/featureprovider/providers/consistency/consistency.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package consistency
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/featureprovider"
"tkestack.io/kstone/pkg/inspection"
)
const (
ProviderName = string(kstonev1alpha2.KStoneFeatureConsistency)
)
var (
once sync.Once
instance *FeatureConsistency
)
type FeatureConsistency struct {
name string
inspection *inspection.Server
ctx *featureprovider.FeatureContext
}
func init() {
featureprovider.RegisterFeatureFactory(
ProviderName,
func(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
return initFeatureConsistencyInstance(ctx)
},
)
}
func initFeatureConsistencyInstance(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
var err error
once.Do(func() {
instance = &FeatureConsistency{
name: ProviderName,
ctx: ctx,
}
instance.inspection, err = inspection.NewInspectionServer(ctx)
})
return instance, err
}
func (c *FeatureConsistency) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
return c.inspection.Equal(cluster, kstonev1alpha2.KStoneFeatureConsistency)
}
func (c *FeatureConsistency) Sync(cluster *kstonev1alpha2.EtcdCluster) error {
return c.inspection.Sync(cluster, kstonev1alpha2.KStoneFeatureConsistency)
}
func (c *FeatureConsistency) Do(inspection *kstonev1alpha2.EtcdInspection) error {
return c.inspection.CollectClusterConsistentData(inspection)
}
================================================
FILE: pkg/featureprovider/providers/healthy/healthy.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package healthy
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/featureprovider"
"tkestack.io/kstone/pkg/inspection"
)
var (
once sync.Once
instance *FeatureHealthy
)
type FeatureHealthy struct {
name string
inspection *inspection.Server
ctx *featureprovider.FeatureContext
}
const (
ProviderName = string(kstonev1alpha2.KStoneFeatureHealthy)
)
func init() {
featureprovider.RegisterFeatureFactory(
ProviderName,
func(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
return initFeatureHealthyInstance(ctx)
},
)
}
func initFeatureHealthyInstance(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
var err error
once.Do(func() {
instance = &FeatureHealthy{
name: ProviderName,
ctx: ctx,
}
instance.inspection, err = inspection.NewInspectionServer(ctx)
})
return instance, err
}
func (c *FeatureHealthy) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
return c.inspection.Equal(cluster, kstonev1alpha2.KStoneFeatureHealthy)
}
func (c *FeatureHealthy) Sync(cluster *kstonev1alpha2.EtcdCluster) error {
return c.inspection.Sync(cluster, kstonev1alpha2.KStoneFeatureHealthy)
}
func (c *FeatureHealthy) Do(inspection *kstonev1alpha2.EtcdInspection) error {
return c.inspection.CollectMemberHealthy(inspection)
}
================================================
FILE: pkg/featureprovider/providers/monitor/monitor.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package monitor
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/featureprovider"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
"tkestack.io/kstone/pkg/monitor"
)
var (
once sync.Once
instance *FeaturePrometheus
)
type FeaturePrometheus struct {
name string
prom *monitor.PrometheusMonitor
ctx *featureprovider.FeatureContext
}
const (
ProviderName = string(kstonev1alpha2.KStoneFeatureMonitor)
)
func init() {
featureprovider.RegisterFeatureFactory(
ProviderName,
func(cfg *featureprovider.FeatureContext) (featureprovider.Feature, error) {
return initFeaturePrometheusInstance(cfg)
},
)
}
func initFeaturePrometheusInstance(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
var err error
once.Do(func() {
instance = &FeaturePrometheus{
name: ProviderName,
ctx: ctx,
}
instance.prom, err = monitor.NewPrometheusMonitor(ctx.ClientBuilder)
})
return instance, err
}
func (p *FeaturePrometheus) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
if !featureutil.IsFeatureGateEnabled(cluster.ObjectMeta.Annotations, kstonev1alpha2.KStoneFeatureMonitor) {
if cluster.Status.FeatureGatesStatus[kstonev1alpha2.KStoneFeatureMonitor] != featureutil.FeatureStatusDisabled {
return p.prom.CheckEqualIfDisabled(cluster)
}
return true
}
return p.prom.CheckEqualIfEnabled(cluster)
}
func (p *FeaturePrometheus) Sync(cluster *kstonev1alpha2.EtcdCluster) error {
if !featureutil.IsFeatureGateEnabled(cluster.ObjectMeta.Annotations, kstonev1alpha2.KStoneFeatureMonitor) {
return p.prom.CleanPrometheusMonitor(cluster)
}
return p.prom.SyncPrometheusMonitor(cluster)
}
func (p *FeaturePrometheus) Do(inspection *kstonev1alpha2.EtcdInspection) error {
return nil
}
================================================
FILE: pkg/featureprovider/providers/providers.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package providers
import (
// register backup feature
_ "tkestack.io/kstone/pkg/featureprovider/providers/backup"
// register monitor feature
_ "tkestack.io/kstone/pkg/featureprovider/providers/monitor"
// register consistency inspection feature
_ "tkestack.io/kstone/pkg/featureprovider/providers/consistency"
// register healthy inspection feature
_ "tkestack.io/kstone/pkg/featureprovider/providers/healthy"
// register request inspection feature
_ "tkestack.io/kstone/pkg/featureprovider/providers/request"
// register alarm inspection feature
_ "tkestack.io/kstone/pkg/featureprovider/providers/alarm"
// register backupcheck inspection feature
_ "tkestack.io/kstone/pkg/featureprovider/providers/backupcheck"
)
================================================
FILE: pkg/featureprovider/providers/request/request.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package request
import (
"sync"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/featureprovider"
"tkestack.io/kstone/pkg/inspection"
)
const (
ProviderName = string(kstonev1alpha2.KStoneFeatureRequest)
)
var (
once sync.Once
instance *FeatureRequest
)
type FeatureRequest struct {
name string
inspection *inspection.Server
ctx *featureprovider.FeatureContext
}
func init() {
featureprovider.RegisterFeatureFactory(
ProviderName,
func(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
return initFeatureRequestInstance(ctx)
},
)
}
func initFeatureRequestInstance(ctx *featureprovider.FeatureContext) (featureprovider.Feature, error) {
var err error
once.Do(func() {
instance = &FeatureRequest{
name: ProviderName,
ctx: ctx,
}
instance.inspection, err = inspection.NewInspectionServer(ctx)
})
return instance, err
}
func (c *FeatureRequest) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
return c.inspection.Equal(cluster, kstonev1alpha2.KStoneFeatureRequest)
}
func (c *FeatureRequest) Sync(cluster *kstonev1alpha2.EtcdCluster) error {
return c.inspection.Sync(cluster, kstonev1alpha2.KStoneFeatureRequest)
}
func (c *FeatureRequest) Do(inspection *kstonev1alpha2.EtcdInspection) error {
return c.inspection.CollectEtcdClusterRequest(inspection)
}
================================================
FILE: pkg/featureprovider/util/util.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package util
import (
"strconv"
"strings"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/inspection/metrics"
)
const (
FeatureStatusEnabled = "enabled"
FeatureStatusDisabled = "disabled"
)
type ConsistencyType string
const (
ConsistencyKeyTotal ConsistencyType = "keyTotal"
ConsistencyRevision ConsistencyType = "revision"
ConsistencyIndex ConsistencyType = "index"
ConsistencyRaftRaftAppliedIndex ConsistencyType = "raftAppliedIndex"
ConsistencyRaftIndex ConsistencyType = "raftIndex"
)
const (
OneDaySeconds = 24 * 60 * 60
)
func IsFeatureGateEnabled(annotations map[string]string, name kstonev1alpha2.KStoneFeature) bool {
if gates, found := annotations[kstonev1alpha2.KStoneFeatureAnno]; found && gates != "" {
featurelist := strings.Split(gates, ",")
for _, item := range featurelist {
features := strings.Split(item, "=")
if len(features) != 2 {
continue
}
enabled, _ := strconv.ParseBool(features[1])
if kstonev1alpha2.KStoneFeature(features[0]) == name && enabled {
return true
}
}
}
return false
}
func IncrFailedInspectionCounter(clusterName string, featureName kstonev1alpha2.KStoneFeature) {
labels := map[string]string{
"clusterName": clusterName,
"inspectionType": string(featureName),
}
metrics.EtcdInspectionFailedNum.With(labels).Inc()
}
================================================
FILE: pkg/generated/clientset/versioned/clientset.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package versioned
import (
"fmt"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol"
kstonev1alpha1 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha1"
kstonev1alpha2 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha2"
)
type Interface interface {
Discovery() discovery.DiscoveryInterface
KstoneV1alpha1() kstonev1alpha1.KstoneV1alpha1Interface
KstoneV1alpha2() kstonev1alpha2.KstoneV1alpha2Interface
}
// Clientset contains the clients for groups. Each group has exactly one
// version included in a Clientset.
type Clientset struct {
*discovery.DiscoveryClient
kstoneV1alpha1 *kstonev1alpha1.KstoneV1alpha1Client
kstoneV1alpha2 *kstonev1alpha2.KstoneV1alpha2Client
}
// KstoneV1alpha1 retrieves the KstoneV1alpha1Client
func (c *Clientset) KstoneV1alpha1() kstonev1alpha1.KstoneV1alpha1Interface {
return c.kstoneV1alpha1
}
// KstoneV1alpha2 retrieves the KstoneV1alpha2Client
func (c *Clientset) KstoneV1alpha2() kstonev1alpha2.KstoneV1alpha2Interface {
return c.kstoneV1alpha2
}
// Discovery retrieves the DiscoveryClient
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
if c == nil {
return nil
}
return c.DiscoveryClient
}
// NewForConfig creates a new Clientset for the given config.
// If config's RateLimiter is not set and QPS and Burst are acceptable,
// NewForConfig will generate a rate-limiter in configShallowCopy.
func NewForConfig(c *rest.Config) (*Clientset, error) {
configShallowCopy := *c
if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
if configShallowCopy.Burst <= 0 {
return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
}
configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
}
var cs Clientset
var err error
cs.kstoneV1alpha1, err = kstonev1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.kstoneV1alpha2, err = kstonev1alpha2.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
return &cs, nil
}
// NewForConfigOrDie creates a new Clientset for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset
cs.kstoneV1alpha1 = kstonev1alpha1.NewForConfigOrDie(c)
cs.kstoneV1alpha2 = kstonev1alpha2.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &cs
}
// New creates a new Clientset for the given RESTClient.
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.kstoneV1alpha1 = kstonev1alpha1.New(c)
cs.kstoneV1alpha2 = kstonev1alpha2.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs
}
================================================
FILE: pkg/generated/clientset/versioned/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated clientset.
package versioned
================================================
FILE: pkg/generated/clientset/versioned/fake/clientset_generated.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery"
fakediscovery "k8s.io/client-go/discovery/fake"
"k8s.io/client-go/testing"
clientset "tkestack.io/kstone/pkg/generated/clientset/versioned"
kstonev1alpha1 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha1"
fakekstonev1alpha1 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha1/fake"
kstonev1alpha2 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha2"
fakekstonev1alpha2 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha2/fake"
)
// NewSimpleClientset returns a clientset that will respond with the provided objects.
// It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
// without applying any validations and/or defaults. It shouldn't be considered a replacement
// for a real clientset and is mostly useful in simple unit tests.
func NewSimpleClientset(objects ...runtime.Object) *Clientset {
o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder())
for _, obj := range objects {
if err := o.Add(obj); err != nil {
panic(err)
}
}
cs := &Clientset{tracker: o}
cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake}
cs.AddReactor("*", "*", testing.ObjectReaction(o))
cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
gvr := action.GetResource()
ns := action.GetNamespace()
watch, err := o.Watch(gvr, ns)
if err != nil {
return false, nil, err
}
return true, watch, nil
})
return cs
}
// Clientset implements clientset.Interface. Meant to be embedded into a
// struct to get a default implementation. This makes faking out just the method
// you want to test easier.
type Clientset struct {
testing.Fake
discovery *fakediscovery.FakeDiscovery
tracker testing.ObjectTracker
}
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
return c.discovery
}
func (c *Clientset) Tracker() testing.ObjectTracker {
return c.tracker
}
var _ clientset.Interface = &Clientset{}
// KstoneV1alpha1 retrieves the KstoneV1alpha1Client
func (c *Clientset) KstoneV1alpha1() kstonev1alpha1.KstoneV1alpha1Interface {
return &fakekstonev1alpha1.FakeKstoneV1alpha1{Fake: &c.Fake}
}
// KstoneV1alpha2 retrieves the KstoneV1alpha2Client
func (c *Clientset) KstoneV1alpha2() kstonev1alpha2.KstoneV1alpha2Interface {
return &fakekstonev1alpha2.FakeKstoneV1alpha2{Fake: &c.Fake}
}
================================================
FILE: pkg/generated/clientset/versioned/fake/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated fake clientset.
package fake
================================================
FILE: pkg/generated/clientset/versioned/fake/register.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
kstonev1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
var scheme = runtime.NewScheme()
var codecs = serializer.NewCodecFactory(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kstonev1alpha1.AddToScheme,
kstonev1alpha2.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
// of clientsets, like in:
//
// import (
// "k8s.io/client-go/kubernetes"
// clientsetscheme "k8s.io/client-go/kubernetes/scheme"
// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
// )
//
// kclientset, _ := kubernetes.NewForConfig(c)
// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
//
// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
// correctly.
var AddToScheme = localSchemeBuilder.AddToScheme
func init() {
v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
utilruntime.Must(AddToScheme(scheme))
}
================================================
FILE: pkg/generated/clientset/versioned/scheme/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package contains the scheme of the automatically generated clientset.
package scheme
================================================
FILE: pkg/generated/clientset/versioned/scheme/register.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package scheme
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
kstonev1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
var Scheme = runtime.NewScheme()
var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
kstonev1alpha1.AddToScheme,
kstonev1alpha2.AddToScheme,
}
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
// of clientsets, like in:
//
// import (
// "k8s.io/client-go/kubernetes"
// clientsetscheme "k8s.io/client-go/kubernetes/scheme"
// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
// )
//
// kclientset, _ := kubernetes.NewForConfig(c)
// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
//
// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
// correctly.
var AddToScheme = localSchemeBuilder.AddToScheme
func init() {
v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"})
utilruntime.Must(AddToScheme(Scheme))
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1alpha1
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"context"
"time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
scheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
// EtcdClustersGetter has a method to return a EtcdClusterInterface.
// A group's client should implement this interface.
type EtcdClustersGetter interface {
EtcdClusters(namespace string) EtcdClusterInterface
}
// EtcdClusterInterface has methods to work with EtcdCluster resources.
type EtcdClusterInterface interface {
Create(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.CreateOptions) (*v1alpha1.EtcdCluster, error)
Update(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.UpdateOptions) (*v1alpha1.EtcdCluster, error)
UpdateStatus(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.UpdateOptions) (*v1alpha1.EtcdCluster, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.EtcdCluster, error)
List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.EtcdClusterList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.EtcdCluster, err error)
EtcdClusterExpansion
}
// etcdClusters implements EtcdClusterInterface
type etcdClusters struct {
client rest.Interface
ns string
}
// newEtcdClusters returns a EtcdClusters
func newEtcdClusters(c *KstoneV1alpha1Client, namespace string) *etcdClusters {
return &etcdClusters{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the etcdCluster, and returns the corresponding etcdCluster object, and an error if there is any.
func (c *etcdClusters) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.EtcdCluster, err error) {
result = &v1alpha1.EtcdCluster{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdclusters").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of EtcdClusters that match those selectors.
func (c *etcdClusters) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.EtcdClusterList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.EtcdClusterList{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested etcdClusters.
func (c *etcdClusters) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a etcdCluster and creates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *etcdClusters) Create(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.CreateOptions) (result *v1alpha1.EtcdCluster, err error) {
result = &v1alpha1.EtcdCluster{}
err = c.client.Post().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdCluster).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a etcdCluster and updates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *etcdClusters) Update(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.UpdateOptions) (result *v1alpha1.EtcdCluster, err error) {
result = &v1alpha1.EtcdCluster{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdclusters").
Name(etcdCluster.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdCluster).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *etcdClusters) UpdateStatus(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.UpdateOptions) (result *v1alpha1.EtcdCluster, err error) {
result = &v1alpha1.EtcdCluster{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdclusters").
Name(etcdCluster.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdCluster).
Do(ctx).
Into(result)
return
}
// Delete takes name of the etcdCluster and deletes it. Returns an error if one occurs.
func (c *etcdClusters) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("etcdclusters").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *etcdClusters) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched etcdCluster.
func (c *etcdClusters) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.EtcdCluster, err error) {
result = &v1alpha1.EtcdCluster{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("etcdclusters").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"context"
"time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
scheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
// EtcdInspectionsGetter has a method to return a EtcdInspectionInterface.
// A group's client should implement this interface.
type EtcdInspectionsGetter interface {
EtcdInspections(namespace string) EtcdInspectionInterface
}
// EtcdInspectionInterface has methods to work with EtcdInspection resources.
type EtcdInspectionInterface interface {
Create(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.CreateOptions) (*v1alpha1.EtcdInspection, error)
Update(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.UpdateOptions) (*v1alpha1.EtcdInspection, error)
UpdateStatus(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.UpdateOptions) (*v1alpha1.EtcdInspection, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.EtcdInspection, error)
List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.EtcdInspectionList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.EtcdInspection, err error)
EtcdInspectionExpansion
}
// etcdInspections implements EtcdInspectionInterface
type etcdInspections struct {
client rest.Interface
ns string
}
// newEtcdInspections returns a EtcdInspections
func newEtcdInspections(c *KstoneV1alpha1Client, namespace string) *etcdInspections {
return &etcdInspections{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the etcdInspection, and returns the corresponding etcdInspection object, and an error if there is any.
func (c *etcdInspections) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.EtcdInspection, err error) {
result = &v1alpha1.EtcdInspection{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdinspections").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of EtcdInspections that match those selectors.
func (c *etcdInspections) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.EtcdInspectionList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.EtcdInspectionList{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested etcdInspections.
func (c *etcdInspections) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a etcdInspection and creates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *etcdInspections) Create(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.CreateOptions) (result *v1alpha1.EtcdInspection, err error) {
result = &v1alpha1.EtcdInspection{}
err = c.client.Post().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdInspection).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a etcdInspection and updates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *etcdInspections) Update(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.UpdateOptions) (result *v1alpha1.EtcdInspection, err error) {
result = &v1alpha1.EtcdInspection{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdinspections").
Name(etcdInspection.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdInspection).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *etcdInspections) UpdateStatus(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.UpdateOptions) (result *v1alpha1.EtcdInspection, err error) {
result = &v1alpha1.EtcdInspection{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdinspections").
Name(etcdInspection.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdInspection).
Do(ctx).
Into(result)
return
}
// Delete takes name of the etcdInspection and deletes it. Returns an error if one occurs.
func (c *etcdInspections) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("etcdinspections").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *etcdInspections) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched etcdInspection.
func (c *etcdInspections) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.EtcdInspection, err error) {
result = &v1alpha1.EtcdInspection{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("etcdinspections").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/fake/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/fake/fake_etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
)
// FakeEtcdClusters implements EtcdClusterInterface
type FakeEtcdClusters struct {
Fake *FakeKstoneV1alpha1
ns string
}
var etcdclustersResource = schema.GroupVersionResource{Group: "kstone.tkestack.io", Version: "v1alpha1", Resource: "etcdclusters"}
var etcdclustersKind = schema.GroupVersionKind{Group: "kstone.tkestack.io", Version: "v1alpha1", Kind: "EtcdCluster"}
// Get takes name of the etcdCluster, and returns the corresponding etcdCluster object, and an error if there is any.
func (c *FakeEtcdClusters) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(etcdclustersResource, c.ns, name), &v1alpha1.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdCluster), err
}
// List takes label and field selectors, and returns the list of EtcdClusters that match those selectors.
func (c *FakeEtcdClusters) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.EtcdClusterList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(etcdclustersResource, etcdclustersKind, c.ns, opts), &v1alpha1.EtcdClusterList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.EtcdClusterList{ListMeta: obj.(*v1alpha1.EtcdClusterList).ListMeta}
for _, item := range obj.(*v1alpha1.EtcdClusterList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested etcdClusters.
func (c *FakeEtcdClusters) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(etcdclustersResource, c.ns, opts))
}
// Create takes the representation of a etcdCluster and creates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *FakeEtcdClusters) Create(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.CreateOptions) (result *v1alpha1.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(etcdclustersResource, c.ns, etcdCluster), &v1alpha1.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdCluster), err
}
// Update takes the representation of a etcdCluster and updates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *FakeEtcdClusters) Update(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.UpdateOptions) (result *v1alpha1.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(etcdclustersResource, c.ns, etcdCluster), &v1alpha1.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdCluster), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeEtcdClusters) UpdateStatus(ctx context.Context, etcdCluster *v1alpha1.EtcdCluster, opts v1.UpdateOptions) (*v1alpha1.EtcdCluster, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(etcdclustersResource, "status", c.ns, etcdCluster), &v1alpha1.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdCluster), err
}
// Delete takes name of the etcdCluster and deletes it. Returns an error if one occurs.
func (c *FakeEtcdClusters) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(etcdclustersResource, c.ns, name), &v1alpha1.EtcdCluster{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeEtcdClusters) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(etcdclustersResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.EtcdClusterList{})
return err
}
// Patch applies the patch and returns the patched etcdCluster.
func (c *FakeEtcdClusters) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(etcdclustersResource, c.ns, name, pt, data, subresources...), &v1alpha1.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdCluster), err
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/fake/fake_etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
)
// FakeEtcdInspections implements EtcdInspectionInterface
type FakeEtcdInspections struct {
Fake *FakeKstoneV1alpha1
ns string
}
var etcdinspectionsResource = schema.GroupVersionResource{Group: "kstone.tkestack.io", Version: "v1alpha1", Resource: "etcdinspections"}
var etcdinspectionsKind = schema.GroupVersionKind{Group: "kstone.tkestack.io", Version: "v1alpha1", Kind: "EtcdInspection"}
// Get takes name of the etcdInspection, and returns the corresponding etcdInspection object, and an error if there is any.
func (c *FakeEtcdInspections) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(etcdinspectionsResource, c.ns, name), &v1alpha1.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdInspection), err
}
// List takes label and field selectors, and returns the list of EtcdInspections that match those selectors.
func (c *FakeEtcdInspections) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.EtcdInspectionList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(etcdinspectionsResource, etcdinspectionsKind, c.ns, opts), &v1alpha1.EtcdInspectionList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.EtcdInspectionList{ListMeta: obj.(*v1alpha1.EtcdInspectionList).ListMeta}
for _, item := range obj.(*v1alpha1.EtcdInspectionList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested etcdInspections.
func (c *FakeEtcdInspections) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(etcdinspectionsResource, c.ns, opts))
}
// Create takes the representation of a etcdInspection and creates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *FakeEtcdInspections) Create(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.CreateOptions) (result *v1alpha1.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(etcdinspectionsResource, c.ns, etcdInspection), &v1alpha1.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdInspection), err
}
// Update takes the representation of a etcdInspection and updates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *FakeEtcdInspections) Update(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.UpdateOptions) (result *v1alpha1.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(etcdinspectionsResource, c.ns, etcdInspection), &v1alpha1.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdInspection), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeEtcdInspections) UpdateStatus(ctx context.Context, etcdInspection *v1alpha1.EtcdInspection, opts v1.UpdateOptions) (*v1alpha1.EtcdInspection, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(etcdinspectionsResource, "status", c.ns, etcdInspection), &v1alpha1.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdInspection), err
}
// Delete takes name of the etcdInspection and deletes it. Returns an error if one occurs.
func (c *FakeEtcdInspections) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(etcdinspectionsResource, c.ns, name), &v1alpha1.EtcdInspection{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeEtcdInspections) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(etcdinspectionsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.EtcdInspectionList{})
return err
}
// Patch applies the patch and returns the patched etcdInspection.
func (c *FakeEtcdInspections) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(etcdinspectionsResource, c.ns, name, pt, data, subresources...), &v1alpha1.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.EtcdInspection), err
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/fake/fake_kstone_client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
v1alpha1 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha1"
)
type FakeKstoneV1alpha1 struct {
*testing.Fake
}
func (c *FakeKstoneV1alpha1) EtcdClusters(namespace string) v1alpha1.EtcdClusterInterface {
return &FakeEtcdClusters{c, namespace}
}
func (c *FakeKstoneV1alpha1) EtcdInspections(namespace string) v1alpha1.EtcdInspectionInterface {
return &FakeEtcdInspections{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeKstoneV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/generated_expansion.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
type EtcdClusterExpansion interface{}
type EtcdInspectionExpansion interface{}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha1/kstone_client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
rest "k8s.io/client-go/rest"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
"tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
type KstoneV1alpha1Interface interface {
RESTClient() rest.Interface
EtcdClustersGetter
EtcdInspectionsGetter
}
// KstoneV1alpha1Client is used to interact with features provided by the kstone.tkestack.io group.
type KstoneV1alpha1Client struct {
restClient rest.Interface
}
func (c *KstoneV1alpha1Client) EtcdClusters(namespace string) EtcdClusterInterface {
return newEtcdClusters(c, namespace)
}
func (c *KstoneV1alpha1Client) EtcdInspections(namespace string) EtcdInspectionInterface {
return newEtcdInspections(c, namespace)
}
// NewForConfig creates a new KstoneV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*KstoneV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &KstoneV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new KstoneV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *KstoneV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new KstoneV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *KstoneV1alpha1Client {
return &KstoneV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1alpha1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *KstoneV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1alpha2
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha2
import (
"context"
"time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
scheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
// EtcdClustersGetter has a method to return a EtcdClusterInterface.
// A group's client should implement this interface.
type EtcdClustersGetter interface {
EtcdClusters(namespace string) EtcdClusterInterface
}
// EtcdClusterInterface has methods to work with EtcdCluster resources.
type EtcdClusterInterface interface {
Create(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.CreateOptions) (*v1alpha2.EtcdCluster, error)
Update(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.UpdateOptions) (*v1alpha2.EtcdCluster, error)
UpdateStatus(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.UpdateOptions) (*v1alpha2.EtcdCluster, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.EtcdCluster, error)
List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.EtcdClusterList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.EtcdCluster, err error)
EtcdClusterExpansion
}
// etcdClusters implements EtcdClusterInterface
type etcdClusters struct {
client rest.Interface
ns string
}
// newEtcdClusters returns a EtcdClusters
func newEtcdClusters(c *KstoneV1alpha2Client, namespace string) *etcdClusters {
return &etcdClusters{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the etcdCluster, and returns the corresponding etcdCluster object, and an error if there is any.
func (c *etcdClusters) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.EtcdCluster, err error) {
result = &v1alpha2.EtcdCluster{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdclusters").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of EtcdClusters that match those selectors.
func (c *etcdClusters) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.EtcdClusterList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha2.EtcdClusterList{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested etcdClusters.
func (c *etcdClusters) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a etcdCluster and creates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *etcdClusters) Create(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.CreateOptions) (result *v1alpha2.EtcdCluster, err error) {
result = &v1alpha2.EtcdCluster{}
err = c.client.Post().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdCluster).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a etcdCluster and updates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *etcdClusters) Update(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.UpdateOptions) (result *v1alpha2.EtcdCluster, err error) {
result = &v1alpha2.EtcdCluster{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdclusters").
Name(etcdCluster.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdCluster).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *etcdClusters) UpdateStatus(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.UpdateOptions) (result *v1alpha2.EtcdCluster, err error) {
result = &v1alpha2.EtcdCluster{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdclusters").
Name(etcdCluster.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdCluster).
Do(ctx).
Into(result)
return
}
// Delete takes name of the etcdCluster and deletes it. Returns an error if one occurs.
func (c *etcdClusters) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("etcdclusters").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *etcdClusters) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("etcdclusters").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched etcdCluster.
func (c *etcdClusters) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.EtcdCluster, err error) {
result = &v1alpha2.EtcdCluster{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("etcdclusters").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha2
import (
"context"
"time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
scheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
// EtcdInspectionsGetter has a method to return a EtcdInspectionInterface.
// A group's client should implement this interface.
type EtcdInspectionsGetter interface {
EtcdInspections(namespace string) EtcdInspectionInterface
}
// EtcdInspectionInterface has methods to work with EtcdInspection resources.
type EtcdInspectionInterface interface {
Create(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.CreateOptions) (*v1alpha2.EtcdInspection, error)
Update(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.UpdateOptions) (*v1alpha2.EtcdInspection, error)
UpdateStatus(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.UpdateOptions) (*v1alpha2.EtcdInspection, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.EtcdInspection, error)
List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.EtcdInspectionList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.EtcdInspection, err error)
EtcdInspectionExpansion
}
// etcdInspections implements EtcdInspectionInterface
type etcdInspections struct {
client rest.Interface
ns string
}
// newEtcdInspections returns a EtcdInspections
func newEtcdInspections(c *KstoneV1alpha2Client, namespace string) *etcdInspections {
return &etcdInspections{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the etcdInspection, and returns the corresponding etcdInspection object, and an error if there is any.
func (c *etcdInspections) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.EtcdInspection, err error) {
result = &v1alpha2.EtcdInspection{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdinspections").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of EtcdInspections that match those selectors.
func (c *etcdInspections) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.EtcdInspectionList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha2.EtcdInspectionList{}
err = c.client.Get().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested etcdInspections.
func (c *etcdInspections) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a etcdInspection and creates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *etcdInspections) Create(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.CreateOptions) (result *v1alpha2.EtcdInspection, err error) {
result = &v1alpha2.EtcdInspection{}
err = c.client.Post().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdInspection).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a etcdInspection and updates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *etcdInspections) Update(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.UpdateOptions) (result *v1alpha2.EtcdInspection, err error) {
result = &v1alpha2.EtcdInspection{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdinspections").
Name(etcdInspection.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdInspection).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *etcdInspections) UpdateStatus(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.UpdateOptions) (result *v1alpha2.EtcdInspection, err error) {
result = &v1alpha2.EtcdInspection{}
err = c.client.Put().
Namespace(c.ns).
Resource("etcdinspections").
Name(etcdInspection.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(etcdInspection).
Do(ctx).
Into(result)
return
}
// Delete takes name of the etcdInspection and deletes it. Returns an error if one occurs.
func (c *etcdInspections) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("etcdinspections").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *etcdInspections) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("etcdinspections").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched etcdInspection.
func (c *etcdInspections) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.EtcdInspection, err error) {
result = &v1alpha2.EtcdInspection{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("etcdinspections").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/fake/doc.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/fake/fake_etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
// FakeEtcdClusters implements EtcdClusterInterface
type FakeEtcdClusters struct {
Fake *FakeKstoneV1alpha2
ns string
}
var etcdclustersResource = schema.GroupVersionResource{Group: "kstone.tkestack.io", Version: "v1alpha2", Resource: "etcdclusters"}
var etcdclustersKind = schema.GroupVersionKind{Group: "kstone.tkestack.io", Version: "v1alpha2", Kind: "EtcdCluster"}
// Get takes name of the etcdCluster, and returns the corresponding etcdCluster object, and an error if there is any.
func (c *FakeEtcdClusters) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(etcdclustersResource, c.ns, name), &v1alpha2.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdCluster), err
}
// List takes label and field selectors, and returns the list of EtcdClusters that match those selectors.
func (c *FakeEtcdClusters) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.EtcdClusterList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(etcdclustersResource, etcdclustersKind, c.ns, opts), &v1alpha2.EtcdClusterList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha2.EtcdClusterList{ListMeta: obj.(*v1alpha2.EtcdClusterList).ListMeta}
for _, item := range obj.(*v1alpha2.EtcdClusterList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested etcdClusters.
func (c *FakeEtcdClusters) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(etcdclustersResource, c.ns, opts))
}
// Create takes the representation of a etcdCluster and creates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *FakeEtcdClusters) Create(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.CreateOptions) (result *v1alpha2.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(etcdclustersResource, c.ns, etcdCluster), &v1alpha2.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdCluster), err
}
// Update takes the representation of a etcdCluster and updates it. Returns the server's representation of the etcdCluster, and an error, if there is any.
func (c *FakeEtcdClusters) Update(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.UpdateOptions) (result *v1alpha2.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(etcdclustersResource, c.ns, etcdCluster), &v1alpha2.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdCluster), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeEtcdClusters) UpdateStatus(ctx context.Context, etcdCluster *v1alpha2.EtcdCluster, opts v1.UpdateOptions) (*v1alpha2.EtcdCluster, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(etcdclustersResource, "status", c.ns, etcdCluster), &v1alpha2.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdCluster), err
}
// Delete takes name of the etcdCluster and deletes it. Returns an error if one occurs.
func (c *FakeEtcdClusters) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(etcdclustersResource, c.ns, name), &v1alpha2.EtcdCluster{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeEtcdClusters) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(etcdclustersResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha2.EtcdClusterList{})
return err
}
// Patch applies the patch and returns the patched etcdCluster.
func (c *FakeEtcdClusters) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.EtcdCluster, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(etcdclustersResource, c.ns, name, pt, data, subresources...), &v1alpha2.EtcdCluster{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdCluster), err
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/fake/fake_etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
// FakeEtcdInspections implements EtcdInspectionInterface
type FakeEtcdInspections struct {
Fake *FakeKstoneV1alpha2
ns string
}
var etcdinspectionsResource = schema.GroupVersionResource{Group: "kstone.tkestack.io", Version: "v1alpha2", Resource: "etcdinspections"}
var etcdinspectionsKind = schema.GroupVersionKind{Group: "kstone.tkestack.io", Version: "v1alpha2", Kind: "EtcdInspection"}
// Get takes name of the etcdInspection, and returns the corresponding etcdInspection object, and an error if there is any.
func (c *FakeEtcdInspections) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(etcdinspectionsResource, c.ns, name), &v1alpha2.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdInspection), err
}
// List takes label and field selectors, and returns the list of EtcdInspections that match those selectors.
func (c *FakeEtcdInspections) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.EtcdInspectionList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(etcdinspectionsResource, etcdinspectionsKind, c.ns, opts), &v1alpha2.EtcdInspectionList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha2.EtcdInspectionList{ListMeta: obj.(*v1alpha2.EtcdInspectionList).ListMeta}
for _, item := range obj.(*v1alpha2.EtcdInspectionList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested etcdInspections.
func (c *FakeEtcdInspections) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(etcdinspectionsResource, c.ns, opts))
}
// Create takes the representation of a etcdInspection and creates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *FakeEtcdInspections) Create(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.CreateOptions) (result *v1alpha2.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(etcdinspectionsResource, c.ns, etcdInspection), &v1alpha2.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdInspection), err
}
// Update takes the representation of a etcdInspection and updates it. Returns the server's representation of the etcdInspection, and an error, if there is any.
func (c *FakeEtcdInspections) Update(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.UpdateOptions) (result *v1alpha2.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(etcdinspectionsResource, c.ns, etcdInspection), &v1alpha2.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdInspection), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeEtcdInspections) UpdateStatus(ctx context.Context, etcdInspection *v1alpha2.EtcdInspection, opts v1.UpdateOptions) (*v1alpha2.EtcdInspection, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(etcdinspectionsResource, "status", c.ns, etcdInspection), &v1alpha2.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdInspection), err
}
// Delete takes name of the etcdInspection and deletes it. Returns an error if one occurs.
func (c *FakeEtcdInspections) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(etcdinspectionsResource, c.ns, name), &v1alpha2.EtcdInspection{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeEtcdInspections) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(etcdinspectionsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha2.EtcdInspectionList{})
return err
}
// Patch applies the patch and returns the patched etcdInspection.
func (c *FakeEtcdInspections) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.EtcdInspection, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(etcdinspectionsResource, c.ns, name, pt, data, subresources...), &v1alpha2.EtcdInspection{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha2.EtcdInspection), err
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/fake/fake_kstone_client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
v1alpha2 "tkestack.io/kstone/pkg/generated/clientset/versioned/typed/kstone/v1alpha2"
)
type FakeKstoneV1alpha2 struct {
*testing.Fake
}
func (c *FakeKstoneV1alpha2) EtcdClusters(namespace string) v1alpha2.EtcdClusterInterface {
return &FakeEtcdClusters{c, namespace}
}
func (c *FakeKstoneV1alpha2) EtcdInspections(namespace string) v1alpha2.EtcdInspectionInterface {
return &FakeEtcdInspections{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeKstoneV1alpha2) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/generated_expansion.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha2
type EtcdClusterExpansion interface{}
type EtcdInspectionExpansion interface{}
================================================
FILE: pkg/generated/clientset/versioned/typed/kstone/v1alpha2/kstone_client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package v1alpha2
import (
rest "k8s.io/client-go/rest"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
type KstoneV1alpha2Interface interface {
RESTClient() rest.Interface
EtcdClustersGetter
EtcdInspectionsGetter
}
// KstoneV1alpha2Client is used to interact with features provided by the kstone.tkestack.io group.
type KstoneV1alpha2Client struct {
restClient rest.Interface
}
func (c *KstoneV1alpha2Client) EtcdClusters(namespace string) EtcdClusterInterface {
return newEtcdClusters(c, namespace)
}
func (c *KstoneV1alpha2Client) EtcdInspections(namespace string) EtcdInspectionInterface {
return newEtcdInspections(c, namespace)
}
// NewForConfig creates a new KstoneV1alpha2Client for the given config.
func NewForConfig(c *rest.Config) (*KstoneV1alpha2Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &KstoneV1alpha2Client{client}, nil
}
// NewForConfigOrDie creates a new KstoneV1alpha2Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *KstoneV1alpha2Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new KstoneV1alpha2Client for the given RESTClient.
func New(c rest.Interface) *KstoneV1alpha2Client {
return &KstoneV1alpha2Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1alpha2.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *KstoneV1alpha2Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}
================================================
FILE: pkg/generated/informers/externalversions/factory.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package externalversions
import (
reflect "reflect"
sync "sync"
time "time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
versioned "tkestack.io/kstone/pkg/generated/clientset/versioned"
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
kstone "tkestack.io/kstone/pkg/generated/informers/externalversions/kstone"
)
// SharedInformerOption defines the functional option type for SharedInformerFactory.
type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
type sharedInformerFactory struct {
client versioned.Interface
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
lock sync.Mutex
defaultResync time.Duration
customResync map[reflect.Type]time.Duration
informers map[reflect.Type]cache.SharedIndexInformer
// startedInformers is used for tracking which informers have been started.
// This allows Start() to be called multiple times safely.
startedInformers map[reflect.Type]bool
}
// WithCustomResyncConfig sets a custom resync period for the specified informer types.
func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
return func(factory *sharedInformerFactory) *sharedInformerFactory {
for k, v := range resyncConfig {
factory.customResync[reflect.TypeOf(k)] = v
}
return factory
}
}
// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
return func(factory *sharedInformerFactory) *sharedInformerFactory {
factory.tweakListOptions = tweakListOptions
return factory
}
}
// WithNamespace limits the SharedInformerFactory to the specified namespace.
func WithNamespace(namespace string) SharedInformerOption {
return func(factory *sharedInformerFactory) *sharedInformerFactory {
factory.namespace = namespace
return factory
}
}
// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory {
return NewSharedInformerFactoryWithOptions(client, defaultResync)
}
// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
// Listers obtained via this SharedInformerFactory will be subject to the same filters
// as specified here.
// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
}
// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
factory := &sharedInformerFactory{
client: client,
namespace: v1.NamespaceAll,
defaultResync: defaultResync,
informers: make(map[reflect.Type]cache.SharedIndexInformer),
startedInformers: make(map[reflect.Type]bool),
customResync: make(map[reflect.Type]time.Duration),
}
// Apply all options
for _, opt := range options {
factory = opt(factory)
}
return factory
}
// Start initializes all requested informers.
func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) {
f.lock.Lock()
defer f.lock.Unlock()
for informerType, informer := range f.informers {
if !f.startedInformers[informerType] {
go informer.Run(stopCh)
f.startedInformers[informerType] = true
}
}
}
// WaitForCacheSync waits for all started informers' cache were synced.
func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool {
informers := func() map[reflect.Type]cache.SharedIndexInformer {
f.lock.Lock()
defer f.lock.Unlock()
informers := map[reflect.Type]cache.SharedIndexInformer{}
for informerType, informer := range f.informers {
if f.startedInformers[informerType] {
informers[informerType] = informer
}
}
return informers
}()
res := map[reflect.Type]bool{}
for informType, informer := range informers {
res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced)
}
return res
}
// InternalInformerFor returns the SharedIndexInformer for obj using an internal
// client.
func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer {
f.lock.Lock()
defer f.lock.Unlock()
informerType := reflect.TypeOf(obj)
informer, exists := f.informers[informerType]
if exists {
return informer
}
resyncPeriod, exists := f.customResync[informerType]
if !exists {
resyncPeriod = f.defaultResync
}
informer = newFunc(f.client, resyncPeriod)
f.informers[informerType] = informer
return informer
}
// SharedInformerFactory provides shared informers for resources in all known
// API group versions.
type SharedInformerFactory interface {
internalinterfaces.SharedInformerFactory
ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
Kstone() kstone.Interface
}
func (f *sharedInformerFactory) Kstone() kstone.Interface {
return kstone.New(f, f.namespace, f.tweakListOptions)
}
================================================
FILE: pkg/generated/informers/externalversions/generic.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package externalversions
import (
"fmt"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
// GenericInformer is type of SharedIndexInformer which will locate and delegate to other
// sharedInformers based on type
type GenericInformer interface {
Informer() cache.SharedIndexInformer
Lister() cache.GenericLister
}
type genericInformer struct {
informer cache.SharedIndexInformer
resource schema.GroupResource
}
// Informer returns the SharedIndexInformer.
func (f *genericInformer) Informer() cache.SharedIndexInformer {
return f.informer
}
// Lister returns the GenericLister.
func (f *genericInformer) Lister() cache.GenericLister {
return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource)
}
// ForResource gives generic access to a shared informer of the matching type
// TODO extend this to unknown resources with a client pool
func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
switch resource {
// Group=kstone.tkestack.io, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("etcdclusters"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kstone().V1alpha1().EtcdClusters().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("etcdinspections"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kstone().V1alpha1().EtcdInspections().Informer()}, nil
// Group=kstone.tkestack.io, Version=v1alpha2
case v1alpha2.SchemeGroupVersion.WithResource("etcdclusters"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kstone().V1alpha2().EtcdClusters().Informer()}, nil
case v1alpha2.SchemeGroupVersion.WithResource("etcdinspections"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Kstone().V1alpha2().EtcdInspections().Informer()}, nil
}
return nil, fmt.Errorf("no informer found for %v", resource)
}
================================================
FILE: pkg/generated/informers/externalversions/internalinterfaces/factory_interfaces.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package internalinterfaces
import (
time "time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
cache "k8s.io/client-go/tools/cache"
versioned "tkestack.io/kstone/pkg/generated/clientset/versioned"
)
// NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer.
type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer
// SharedInformerFactory a small interface to allow for adding an informer without an import cycle
type SharedInformerFactory interface {
Start(stopCh <-chan struct{})
InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer
}
// TweakListOptionsFunc is a function that transforms a v1.ListOptions.
type TweakListOptionsFunc func(*v1.ListOptions)
================================================
FILE: pkg/generated/informers/externalversions/kstone/interface.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package kstone
import (
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
v1alpha1 "tkestack.io/kstone/pkg/generated/informers/externalversions/kstone/v1alpha1"
v1alpha2 "tkestack.io/kstone/pkg/generated/informers/externalversions/kstone/v1alpha2"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1alpha1 provides access to shared informers for resources in V1alpha1.
V1alpha1() v1alpha1.Interface
// V1alpha2 provides access to shared informers for resources in V1alpha2.
V1alpha2() v1alpha2.Interface
}
type group struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// V1alpha1 returns a new v1alpha1.Interface.
func (g *group) V1alpha1() v1alpha1.Interface {
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
}
// V1alpha2 returns a new v1alpha2.Interface.
func (g *group) V1alpha2() v1alpha2.Interface {
return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions)
}
================================================
FILE: pkg/generated/informers/externalversions/kstone/v1alpha1/etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
"context"
time "time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
kstonev1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
versioned "tkestack.io/kstone/pkg/generated/clientset/versioned"
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
v1alpha1 "tkestack.io/kstone/pkg/generated/listers/kstone/v1alpha1"
)
// EtcdClusterInformer provides access to a shared informer and lister for
// EtcdClusters.
type EtcdClusterInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.EtcdClusterLister
}
type etcdClusterInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewEtcdClusterInformer constructs a new informer for EtcdCluster type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewEtcdClusterInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredEtcdClusterInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredEtcdClusterInformer constructs a new informer for EtcdCluster type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredEtcdClusterInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha1().EtcdClusters(namespace).List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha1().EtcdClusters(namespace).Watch(context.TODO(), options)
},
},
&kstonev1alpha1.EtcdCluster{},
resyncPeriod,
indexers,
)
}
func (f *etcdClusterInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredEtcdClusterInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *etcdClusterInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kstonev1alpha1.EtcdCluster{}, f.defaultInformer)
}
func (f *etcdClusterInformer) Lister() v1alpha1.EtcdClusterLister {
return v1alpha1.NewEtcdClusterLister(f.Informer().GetIndexer())
}
================================================
FILE: pkg/generated/informers/externalversions/kstone/v1alpha1/etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
"context"
time "time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
kstonev1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
versioned "tkestack.io/kstone/pkg/generated/clientset/versioned"
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
v1alpha1 "tkestack.io/kstone/pkg/generated/listers/kstone/v1alpha1"
)
// EtcdInspectionInformer provides access to a shared informer and lister for
// EtcdInspections.
type EtcdInspectionInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.EtcdInspectionLister
}
type etcdInspectionInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewEtcdInspectionInformer constructs a new informer for EtcdInspection type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewEtcdInspectionInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredEtcdInspectionInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredEtcdInspectionInformer constructs a new informer for EtcdInspection type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredEtcdInspectionInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha1().EtcdInspections(namespace).List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha1().EtcdInspections(namespace).Watch(context.TODO(), options)
},
},
&kstonev1alpha1.EtcdInspection{},
resyncPeriod,
indexers,
)
}
func (f *etcdInspectionInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredEtcdInspectionInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *etcdInspectionInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kstonev1alpha1.EtcdInspection{}, f.defaultInformer)
}
func (f *etcdInspectionInformer) Lister() v1alpha1.EtcdInspectionLister {
return v1alpha1.NewEtcdInspectionLister(f.Informer().GetIndexer())
}
================================================
FILE: pkg/generated/informers/externalversions/kstone/v1alpha1/interface.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// EtcdClusters returns a EtcdClusterInformer.
EtcdClusters() EtcdClusterInformer
// EtcdInspections returns a EtcdInspectionInformer.
EtcdInspections() EtcdInspectionInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// EtcdClusters returns a EtcdClusterInformer.
func (v *version) EtcdClusters() EtcdClusterInformer {
return &etcdClusterInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// EtcdInspections returns a EtcdInspectionInformer.
func (v *version) EtcdInspections() EtcdInspectionInformer {
return &etcdInspectionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
================================================
FILE: pkg/generated/informers/externalversions/kstone/v1alpha2/etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha2
import (
"context"
time "time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
versioned "tkestack.io/kstone/pkg/generated/clientset/versioned"
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
v1alpha2 "tkestack.io/kstone/pkg/generated/listers/kstone/v1alpha2"
)
// EtcdClusterInformer provides access to a shared informer and lister for
// EtcdClusters.
type EtcdClusterInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha2.EtcdClusterLister
}
type etcdClusterInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewEtcdClusterInformer constructs a new informer for EtcdCluster type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewEtcdClusterInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredEtcdClusterInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredEtcdClusterInformer constructs a new informer for EtcdCluster type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredEtcdClusterInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha2().EtcdClusters(namespace).List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha2().EtcdClusters(namespace).Watch(context.TODO(), options)
},
},
&kstonev1alpha2.EtcdCluster{},
resyncPeriod,
indexers,
)
}
func (f *etcdClusterInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredEtcdClusterInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *etcdClusterInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kstonev1alpha2.EtcdCluster{}, f.defaultInformer)
}
func (f *etcdClusterInformer) Lister() v1alpha2.EtcdClusterLister {
return v1alpha2.NewEtcdClusterLister(f.Informer().GetIndexer())
}
================================================
FILE: pkg/generated/informers/externalversions/kstone/v1alpha2/etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha2
import (
"context"
time "time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
versioned "tkestack.io/kstone/pkg/generated/clientset/versioned"
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
v1alpha2 "tkestack.io/kstone/pkg/generated/listers/kstone/v1alpha2"
)
// EtcdInspectionInformer provides access to a shared informer and lister for
// EtcdInspections.
type EtcdInspectionInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha2.EtcdInspectionLister
}
type etcdInspectionInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewEtcdInspectionInformer constructs a new informer for EtcdInspection type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewEtcdInspectionInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredEtcdInspectionInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredEtcdInspectionInformer constructs a new informer for EtcdInspection type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredEtcdInspectionInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha2().EtcdInspections(namespace).List(context.TODO(), options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.KstoneV1alpha2().EtcdInspections(namespace).Watch(context.TODO(), options)
},
},
&kstonev1alpha2.EtcdInspection{},
resyncPeriod,
indexers,
)
}
func (f *etcdInspectionInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredEtcdInspectionInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *etcdInspectionInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&kstonev1alpha2.EtcdInspection{}, f.defaultInformer)
}
func (f *etcdInspectionInformer) Lister() v1alpha2.EtcdInspectionLister {
return v1alpha2.NewEtcdInspectionLister(f.Informer().GetIndexer())
}
================================================
FILE: pkg/generated/informers/externalversions/kstone/v1alpha2/interface.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha2
import (
internalinterfaces "tkestack.io/kstone/pkg/generated/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// EtcdClusters returns a EtcdClusterInformer.
EtcdClusters() EtcdClusterInformer
// EtcdInspections returns a EtcdInspectionInformer.
EtcdInspections() EtcdInspectionInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// EtcdClusters returns a EtcdClusterInformer.
func (v *version) EtcdClusters() EtcdClusterInformer {
return &etcdClusterInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// EtcdInspections returns a EtcdInspectionInformer.
func (v *version) EtcdInspections() EtcdInspectionInformer {
return &etcdInspectionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
================================================
FILE: pkg/generated/listers/kstone/v1alpha1/etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
)
// EtcdClusterLister helps list EtcdClusters.
// All objects returned here must be treated as read-only.
type EtcdClusterLister interface {
// List lists all EtcdClusters in the indexer.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha1.EtcdCluster, err error)
// EtcdClusters returns an object that can list and get EtcdClusters.
EtcdClusters(namespace string) EtcdClusterNamespaceLister
EtcdClusterListerExpansion
}
// etcdClusterLister implements the EtcdClusterLister interface.
type etcdClusterLister struct {
indexer cache.Indexer
}
// NewEtcdClusterLister returns a new EtcdClusterLister.
func NewEtcdClusterLister(indexer cache.Indexer) EtcdClusterLister {
return &etcdClusterLister{indexer: indexer}
}
// List lists all EtcdClusters in the indexer.
func (s *etcdClusterLister) List(selector labels.Selector) (ret []*v1alpha1.EtcdCluster, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.EtcdCluster))
})
return ret, err
}
// EtcdClusters returns an object that can list and get EtcdClusters.
func (s *etcdClusterLister) EtcdClusters(namespace string) EtcdClusterNamespaceLister {
return etcdClusterNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// EtcdClusterNamespaceLister helps list and get EtcdClusters.
// All objects returned here must be treated as read-only.
type EtcdClusterNamespaceLister interface {
// List lists all EtcdClusters in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha1.EtcdCluster, err error)
// Get retrieves the EtcdCluster from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
Get(name string) (*v1alpha1.EtcdCluster, error)
EtcdClusterNamespaceListerExpansion
}
// etcdClusterNamespaceLister implements the EtcdClusterNamespaceLister
// interface.
type etcdClusterNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all EtcdClusters in the indexer for a given namespace.
func (s etcdClusterNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.EtcdCluster, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.EtcdCluster))
})
return ret, err
}
// Get retrieves the EtcdCluster from the indexer for a given namespace and name.
func (s etcdClusterNamespaceLister) Get(name string) (*v1alpha1.EtcdCluster, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("etcdcluster"), name)
}
return obj.(*v1alpha1.EtcdCluster), nil
}
================================================
FILE: pkg/generated/listers/kstone/v1alpha1/etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
v1alpha1 "tkestack.io/kstone/pkg/apis/kstone/v1alpha1"
)
// EtcdInspectionLister helps list EtcdInspections.
// All objects returned here must be treated as read-only.
type EtcdInspectionLister interface {
// List lists all EtcdInspections in the indexer.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha1.EtcdInspection, err error)
// EtcdInspections returns an object that can list and get EtcdInspections.
EtcdInspections(namespace string) EtcdInspectionNamespaceLister
EtcdInspectionListerExpansion
}
// etcdInspectionLister implements the EtcdInspectionLister interface.
type etcdInspectionLister struct {
indexer cache.Indexer
}
// NewEtcdInspectionLister returns a new EtcdInspectionLister.
func NewEtcdInspectionLister(indexer cache.Indexer) EtcdInspectionLister {
return &etcdInspectionLister{indexer: indexer}
}
// List lists all EtcdInspections in the indexer.
func (s *etcdInspectionLister) List(selector labels.Selector) (ret []*v1alpha1.EtcdInspection, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.EtcdInspection))
})
return ret, err
}
// EtcdInspections returns an object that can list and get EtcdInspections.
func (s *etcdInspectionLister) EtcdInspections(namespace string) EtcdInspectionNamespaceLister {
return etcdInspectionNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// EtcdInspectionNamespaceLister helps list and get EtcdInspections.
// All objects returned here must be treated as read-only.
type EtcdInspectionNamespaceLister interface {
// List lists all EtcdInspections in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha1.EtcdInspection, err error)
// Get retrieves the EtcdInspection from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
Get(name string) (*v1alpha1.EtcdInspection, error)
EtcdInspectionNamespaceListerExpansion
}
// etcdInspectionNamespaceLister implements the EtcdInspectionNamespaceLister
// interface.
type etcdInspectionNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all EtcdInspections in the indexer for a given namespace.
func (s etcdInspectionNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.EtcdInspection, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.EtcdInspection))
})
return ret, err
}
// Get retrieves the EtcdInspection from the indexer for a given namespace and name.
func (s etcdInspectionNamespaceLister) Get(name string) (*v1alpha1.EtcdInspection, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("etcdinspection"), name)
}
return obj.(*v1alpha1.EtcdInspection), nil
}
================================================
FILE: pkg/generated/listers/kstone/v1alpha1/expansion_generated.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
// EtcdClusterListerExpansion allows custom methods to be added to
// EtcdClusterLister.
type EtcdClusterListerExpansion interface{}
// EtcdClusterNamespaceListerExpansion allows custom methods to be added to
// EtcdClusterNamespaceLister.
type EtcdClusterNamespaceListerExpansion interface{}
// EtcdInspectionListerExpansion allows custom methods to be added to
// EtcdInspectionLister.
type EtcdInspectionListerExpansion interface{}
// EtcdInspectionNamespaceListerExpansion allows custom methods to be added to
// EtcdInspectionNamespaceLister.
type EtcdInspectionNamespaceListerExpansion interface{}
================================================
FILE: pkg/generated/listers/kstone/v1alpha2/etcdcluster.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha2
import (
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
// EtcdClusterLister helps list EtcdClusters.
// All objects returned here must be treated as read-only.
type EtcdClusterLister interface {
// List lists all EtcdClusters in the indexer.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha2.EtcdCluster, err error)
// EtcdClusters returns an object that can list and get EtcdClusters.
EtcdClusters(namespace string) EtcdClusterNamespaceLister
EtcdClusterListerExpansion
}
// etcdClusterLister implements the EtcdClusterLister interface.
type etcdClusterLister struct {
indexer cache.Indexer
}
// NewEtcdClusterLister returns a new EtcdClusterLister.
func NewEtcdClusterLister(indexer cache.Indexer) EtcdClusterLister {
return &etcdClusterLister{indexer: indexer}
}
// List lists all EtcdClusters in the indexer.
func (s *etcdClusterLister) List(selector labels.Selector) (ret []*v1alpha2.EtcdCluster, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha2.EtcdCluster))
})
return ret, err
}
// EtcdClusters returns an object that can list and get EtcdClusters.
func (s *etcdClusterLister) EtcdClusters(namespace string) EtcdClusterNamespaceLister {
return etcdClusterNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// EtcdClusterNamespaceLister helps list and get EtcdClusters.
// All objects returned here must be treated as read-only.
type EtcdClusterNamespaceLister interface {
// List lists all EtcdClusters in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha2.EtcdCluster, err error)
// Get retrieves the EtcdCluster from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
Get(name string) (*v1alpha2.EtcdCluster, error)
EtcdClusterNamespaceListerExpansion
}
// etcdClusterNamespaceLister implements the EtcdClusterNamespaceLister
// interface.
type etcdClusterNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all EtcdClusters in the indexer for a given namespace.
func (s etcdClusterNamespaceLister) List(selector labels.Selector) (ret []*v1alpha2.EtcdCluster, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha2.EtcdCluster))
})
return ret, err
}
// Get retrieves the EtcdCluster from the indexer for a given namespace and name.
func (s etcdClusterNamespaceLister) Get(name string) (*v1alpha2.EtcdCluster, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha2.Resource("etcdcluster"), name)
}
return obj.(*v1alpha2.EtcdCluster), nil
}
================================================
FILE: pkg/generated/listers/kstone/v1alpha2/etcdinspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha2
import (
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
v1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
)
// EtcdInspectionLister helps list EtcdInspections.
// All objects returned here must be treated as read-only.
type EtcdInspectionLister interface {
// List lists all EtcdInspections in the indexer.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha2.EtcdInspection, err error)
// EtcdInspections returns an object that can list and get EtcdInspections.
EtcdInspections(namespace string) EtcdInspectionNamespaceLister
EtcdInspectionListerExpansion
}
// etcdInspectionLister implements the EtcdInspectionLister interface.
type etcdInspectionLister struct {
indexer cache.Indexer
}
// NewEtcdInspectionLister returns a new EtcdInspectionLister.
func NewEtcdInspectionLister(indexer cache.Indexer) EtcdInspectionLister {
return &etcdInspectionLister{indexer: indexer}
}
// List lists all EtcdInspections in the indexer.
func (s *etcdInspectionLister) List(selector labels.Selector) (ret []*v1alpha2.EtcdInspection, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha2.EtcdInspection))
})
return ret, err
}
// EtcdInspections returns an object that can list and get EtcdInspections.
func (s *etcdInspectionLister) EtcdInspections(namespace string) EtcdInspectionNamespaceLister {
return etcdInspectionNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// EtcdInspectionNamespaceLister helps list and get EtcdInspections.
// All objects returned here must be treated as read-only.
type EtcdInspectionNamespaceLister interface {
// List lists all EtcdInspections in the indexer for a given namespace.
// Objects returned here must be treated as read-only.
List(selector labels.Selector) (ret []*v1alpha2.EtcdInspection, err error)
// Get retrieves the EtcdInspection from the indexer for a given namespace and name.
// Objects returned here must be treated as read-only.
Get(name string) (*v1alpha2.EtcdInspection, error)
EtcdInspectionNamespaceListerExpansion
}
// etcdInspectionNamespaceLister implements the EtcdInspectionNamespaceLister
// interface.
type etcdInspectionNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all EtcdInspections in the indexer for a given namespace.
func (s etcdInspectionNamespaceLister) List(selector labels.Selector) (ret []*v1alpha2.EtcdInspection, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha2.EtcdInspection))
})
return ret, err
}
// Get retrieves the EtcdInspection from the indexer for a given namespace and name.
func (s etcdInspectionNamespaceLister) Get(name string) (*v1alpha2.EtcdInspection, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha2.Resource("etcdinspection"), name)
}
return obj.(*v1alpha2.EtcdInspection), nil
}
================================================
FILE: pkg/generated/listers/kstone/v1alpha2/expansion_generated.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha2
// EtcdClusterListerExpansion allows custom methods to be added to
// EtcdClusterLister.
type EtcdClusterListerExpansion interface{}
// EtcdClusterNamespaceListerExpansion allows custom methods to be added to
// EtcdClusterNamespaceLister.
type EtcdClusterNamespaceListerExpansion interface{}
// EtcdInspectionListerExpansion allows custom methods to be added to
// EtcdInspectionLister.
type EtcdInspectionListerExpansion interface{}
// EtcdInspectionNamespaceListerExpansion allows custom methods to be added to
// EtcdInspectionNamespaceLister.
type EtcdInspectionNamespaceListerExpansion interface{}
================================================
FILE: pkg/inspection/alarm.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package inspection
import (
"strconv"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/clusterprovider"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
"tkestack.io/kstone/pkg/inspection/metrics"
)
var alarmTypeList = []string{"NOSPACE", "CORRUPT"}
// CollectAlarmList collects the alarms of etcd, and
// transfer them to prometheus metrics
func (c *Server) CollectAlarmList(inspection *kstonev1alpha2.EtcdInspection) error {
namespace, name := inspection.Namespace, inspection.Spec.ClusterName
cluster, clientConfig, err := c.GetEtcdClusterInfo(namespace, name)
defer func() {
if err != nil {
featureutil.IncrFailedInspectionCounter(name, kstonev1alpha2.KStoneFeatureAlarm)
}
}()
if err != nil {
klog.Errorf("load tlsConfig failed, namespace is %s, name is %s, err is %v", namespace, name, err)
return err
}
alarms, err := clusterprovider.GetEtcdAlarms([]string{cluster.Status.ServiceName}, clientConfig)
if err != nil {
return err
}
for _, m := range cluster.Status.Members {
if len(alarms) == 0 {
cleanAllAlarmMetrics(cluster.Name, m.Endpoint)
}
for _, a := range alarms {
if m.MemberId == strconv.FormatUint(a.MemberID, 10) {
labels := map[string]string{
"clusterName": cluster.Name,
"endpoint": m.Endpoint,
"alarmType": a.AlarmType,
}
metrics.EtcdEndpointAlarm.With(labels).Set(1)
}
}
}
return nil
}
// cleanAllAlarmMetrics clear all alarm metrics by cluster
func cleanAllAlarmMetrics(clusterName, endpoint string) {
for _, t := range alarmTypeList {
metrics.EtcdEndpointAlarm.With(map[string]string{
"clusterName": clusterName,
"endpoint": endpoint,
"alarmType": t,
}).Set(0)
}
}
================================================
FILE: pkg/inspection/backupcheck.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package inspection
import (
"context"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/klog/v2"
"tkestack.io/kstone/pkg/backup"
_ "tkestack.io/kstone/pkg/backup/providers" // import backup provider
"tkestack.io/kstone/pkg/inspection/metrics"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
)
// StatBackupFiles counts the number of backup files in the last day and
// transfer it to prometheus metrics
func (c *Server) StatBackupFiles(inspection *kstonev1alpha2.EtcdInspection) error {
namespace, name := inspection.Namespace, inspection.Spec.ClusterName
labels := map[string]string{
"clusterName": name,
}
cluster, err := c.cli.KstoneV1alpha2().EtcdClusters(namespace).Get(context.TODO(), name, metav1.GetOptions{})
defer func() {
if err != nil {
featureutil.IncrFailedInspectionCounter(name, kstonev1alpha2.KStoneFeatureBackupCheck)
}
}()
if err != nil {
if apierrors.IsNotFound(err) {
return nil
}
return err
}
// get backup config
backupConfig, err := backup.GetBackupConfig(cluster)
if err != nil {
klog.Errorf("failed to get backup config,cluster %s,err is %v", cluster.Name, err)
return err
}
// get specified backup storage provider
storage, err := backup.GetBackupStorageProvider(string(backupConfig.StorageType), &backup.StorageConfig{
KubeCli: c.kubeCli,
})
if err != nil {
klog.Errorf("failed to get backup provider,cluster %s,err is %v", inspection.ClusterName, err)
return err
}
objects, err := storage.List(cluster)
if err != nil {
klog.Errorf("failed to list backup files,cluster %s,err is %v", inspection.ClusterName, err)
return err
}
actualFiles, err := storage.Stat(objects)
if err != nil {
klog.Errorf("failed to stat backup files,cluster %s,err is %v", inspection.ClusterName, err)
return err
}
DesiredFiles := int(featureutil.OneDaySeconds / backupConfig.StoragePolicy.BackupIntervalInSecond)
if DesiredFiles > backupConfig.StoragePolicy.MaxBackups {
DesiredFiles = backupConfig.StoragePolicy.MaxBackups
}
failedFiles := DesiredFiles - actualFiles
if failedFiles < 0 {
failedFiles = 0
}
metrics.EtcdBackupFiles.With(labels).Set(float64(actualFiles))
metrics.EtcdFailedBackupFiles.With(labels).Set(float64(failedFiles))
return nil
}
================================================
FILE: pkg/inspection/consistency.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package inspection
import (
"context"
"sort"
"strings"
"sync"
"golang.org/x/sync/errgroup"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/etcd"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
"tkestack.io/kstone/pkg/inspection/metrics"
)
type ConsistencyInfo struct {
Path string `json:"path,omitempty"`
Interval int `json:"interval,omitempty"`
}
// getEtcdConsistentMetadata gets the etcd consistent metadata.
func (c *Server) getEtcdConsistentMetadata(
cluster *kstonev1alpha2.EtcdCluster,
keyPrefix string,
cli *etcd.ClientConfig,
) (map[featureutil.ConsistencyType][]uint64, error) {
var mu sync.Mutex
endpointMetadata := make(map[featureutil.ConsistencyType][]uint64)
ctx, cancel := context.WithTimeout(context.Background(), etcd.DefaultDialTimeout)
g, ctx := errgroup.WithContext(ctx)
defer cancel()
for _, member := range cluster.Status.Members {
member := member
g.Go(func() error {
backendStorage, extensionClientURL := etcd.EtcdV3Backend, member.ExtensionClientUrl
if strings.HasPrefix(member.Version, "2") {
backendStorage = etcd.EtcdV2Backend
}
backend, err := etcd.NewEtcdStatBackend(backendStorage)
if err != nil {
klog.Errorf("failed to get etcd stat backend,backend %s,err is %v", extensionClientURL, err)
return err
}
cli.Endpoints = []string{extensionClientURL}
err = backend.Init(cli)
if err != nil {
klog.Errorf(
"failed to get new etcd clientv3,cluster name is %s,endpoint is %s,err is %v",
cluster.Name,
extensionClientURL,
err,
)
return err
}
defer backend.Close()
metadata, err := backend.GetIndex(ctx, extensionClientURL)
if err != nil {
return err
}
totalKey, err := backend.GetTotalKeyNum(ctx, keyPrefix)
if err != nil {
return err
}
metadata[featureutil.ConsistencyKeyTotal] = totalKey
mu.Lock()
for t, v := range metadata {
endpointMetadata[t] = append(endpointMetadata[t], v)
}
mu.Unlock()
return nil
})
}
if err := g.Wait(); err != nil {
return endpointMetadata, err
}
return endpointMetadata, nil
}
// CollectClusterConsistentData collects the etcd metadata info, calculate the difference, and
// transfer them to prometheus metrics
func (c *Server) CollectClusterConsistentData(inspection *kstonev1alpha2.EtcdInspection) error {
namespace, name := inspection.Namespace, inspection.Spec.ClusterName
cluster, clientConfig, err := c.GetEtcdClusterInfo(namespace, name)
defer func() {
if err != nil {
featureutil.IncrFailedInspectionCounter(name, kstonev1alpha2.KStoneFeatureConsistency)
}
}()
if err != nil {
klog.Errorf("failed to load tls config, namespace is %s, name is %s, err is %v", namespace, name, err)
return err
}
endpointMetadataDiff := make(map[featureutil.ConsistencyType]uint64)
endpointMetadata, err := c.getEtcdConsistentMetadata(cluster, DefaultInspectionPath, clientConfig)
if err != nil {
klog.Errorf("failed to getEtcdConsistentMetadata, etcd cluster %s, err is %v", cluster.Name, err)
} else {
for t, values := range endpointMetadata {
sort.Slice(values, func(i, j int) bool { return values[i] < values[j] })
endpointMetadataDiff[t] = values[len(values)-1] - values[0]
}
}
labels := map[string]string{
"clusterName": cluster.Name,
}
for t, v := range endpointMetadataDiff {
switch t {
case featureutil.ConsistencyKeyTotal:
metrics.EtcdNodeDiffTotal.With(labels).Set(float64(v))
case featureutil.ConsistencyRevision:
metrics.EtcdNodeRevisionDiff.With(labels).Set(float64(v))
case featureutil.ConsistencyIndex:
metrics.EtcdNodeIndexDiff.With(labels).Set(float64(v))
case featureutil.ConsistencyRaftRaftAppliedIndex:
metrics.EtcdNodeRaftAppliedIndexDiff.With(labels).Set(float64(v))
case featureutil.ConsistencyRaftIndex:
metrics.EtcdNodeRaftIndexDiff.With(labels).Set(float64(v))
}
}
return nil
}
================================================
FILE: pkg/inspection/healthy.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package inspection
import (
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/etcd"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
"tkestack.io/kstone/pkg/inspection/metrics"
)
// CollectMemberHealthy collects the health of etcd, and
// transfer them to prometheus metrics
func (c *Server) CollectMemberHealthy(inspection *kstonev1alpha2.EtcdInspection) error {
namespace, name := inspection.Namespace, inspection.Spec.ClusterName
cluster, clientConfig, err := c.GetEtcdClusterInfo(namespace, name)
defer func() {
if err != nil {
featureutil.IncrFailedInspectionCounter(name, kstonev1alpha2.KStoneFeatureHealthy)
}
}()
if err != nil {
klog.Errorf("load tlsConfig failed, namespace is %s, name is %s, err is %v", namespace, name, err)
return err
}
for _, m := range cluster.Status.Members {
healthy, hErr := etcd.MemberHealthy(m.ExtensionClientUrl, clientConfig)
labels := map[string]string{
"clusterName": cluster.Name,
"endpoint": m.Endpoint,
}
if hErr != nil || !healthy {
metrics.EtcdEndpointHealthy.With(labels).Set(0)
} else {
metrics.EtcdEndpointHealthy.With(labels).Set(1)
}
}
return nil
}
================================================
FILE: pkg/inspection/inspection.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package inspection
import (
"context"
"fmt"
"sync"
"time"
clientv3 "go.etcd.io/etcd/client/v3"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/klog/v2"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
"tkestack.io/kstone/pkg/featureprovider"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
clientset "tkestack.io/kstone/pkg/generated/clientset/versioned"
platformscheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
const (
DefaultInspectionInterval = 300 * time.Second
DefaultInspectionPath = ""
)
type Server struct {
cli *clientset.Clientset
kubeCli kubernetes.Interface
client map[string]*clientv3.Client
wchan map[string]clientv3.WatchChan
watcher map[string]clientv3.Watcher
eventCh map[string]chan *clientv3.Event
mux sync.Mutex
clientConfigGetter etcd.ClientConfigGetter
}
// NewInspectionServer generates the server of inspection
func NewInspectionServer(ctx *featureprovider.FeatureContext) (*Server, error) {
cli, err := clientset.NewForConfig(ctx.ClientBuilder.ConfigOrDie())
if err != nil {
klog.Errorf("failed to init etcdinspection client, err is %v", err)
return nil, err
}
return &Server{
kubeCli: ctx.ClientBuilder.ClientOrDie(),
cli: cli,
client: make(map[string]*clientv3.Client),
wchan: make(map[string]clientv3.WatchChan),
watcher: make(map[string]clientv3.Watcher),
eventCh: make(map[string]chan *clientv3.Event),
clientConfigGetter: ctx.ClientConfigGetter,
}, nil
}
// GetEtcdCluster gets etcdcluster
func (c *Server) GetEtcdCluster(namespace, name string) (*kstonev1alpha2.EtcdCluster, error) {
return c.cli.KstoneV1alpha2().EtcdClusters(namespace).Get(context.TODO(), name, metav1.GetOptions{})
}
// GetEtcdInspection gets etcdinspection
func (c *Server) GetEtcdInspection(namespace, name string) (*kstonev1alpha2.EtcdInspection, error) {
inspectionTask, err := c.cli.KstoneV1alpha2().EtcdInspections(namespace).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
if !apierrors.IsNotFound(err) {
klog.Errorf("failed to get etcdinspection, err: %v, namespace is %s, name is %s", err, namespace, name)
}
return nil, err
}
return inspectionTask, nil
}
// DeleteEtcdInspection deletes etcdinspection
func (c *Server) DeleteEtcdInspection(namespace, name string) error {
err := c.cli.KstoneV1alpha2().EtcdInspections(namespace).
Delete(context.TODO(), name, metav1.DeleteOptions{})
if err != nil && !apierrors.IsNotFound(err) {
klog.Errorf(
"failed to delete etcdinspection, namespace is %s, name is %s, err is %v",
namespace,
name,
err,
)
return err
}
return nil
}
// CreateEtcdInspection creates etcdinspection
func (c *Server) CreateEtcdInspection(inspection *kstonev1alpha2.EtcdInspection) (*kstonev1alpha2.EtcdInspection, error) {
newinspectionTask, err := c.cli.KstoneV1alpha2().EtcdInspections(inspection.Namespace).
Create(context.TODO(), inspection, metav1.CreateOptions{})
if err != nil && !apierrors.IsAlreadyExists(err) {
klog.Errorf(
"failed to create etcdinspection, namespace is %s, name is %s, err is %v",
inspection.Namespace,
inspection.Name,
err,
)
return newinspectionTask, err
}
return newinspectionTask, nil
}
func (c *Server) initInspectionTask(
cluster *kstonev1alpha2.EtcdCluster,
inspectionFeatureName kstonev1alpha2.KStoneFeature,
) (*kstonev1alpha2.EtcdInspection, error) {
name := cluster.Name + "-" + string(inspectionFeatureName)
inspectionTask := &kstonev1alpha2.EtcdInspection{}
inspectionTask.ObjectMeta = metav1.ObjectMeta{
Name: name,
Namespace: cluster.Namespace,
Labels: cluster.Labels,
}
inspectionTask.Spec = kstonev1alpha2.EtcdInspectionSpec{
InspectionType: string(inspectionFeatureName),
ClusterName: cluster.Name,
}
inspectionTask.Status = kstonev1alpha2.EtcdInspectionStatus{
LastUpdatedTime: metav1.Time{
Time: time.Now(),
},
}
err := controllerutil.SetOwnerReference(cluster, inspectionTask, platformscheme.Scheme)
if err != nil {
klog.Errorf("set inspection task's owner failed, err is %v", err)
return inspectionTask, err
}
return inspectionTask, nil
}
func (c *Server) GetEtcdClusterInfo(namespace, name string) (*kstonev1alpha2.EtcdCluster, *etcd.ClientConfig, error) {
cluster, err := c.GetEtcdCluster(namespace, name)
if err != nil {
klog.Errorf("failed to get cluster info, namespace is %s, name is %s, err is %v", namespace, name, err)
return nil, nil, err
}
annotations := cluster.ObjectMeta.Annotations
secretName := ""
if annotations != nil {
if _, found := annotations[util.ClusterTLSSecretName]; found {
secretName = annotations[util.ClusterTLSSecretName]
}
}
path := fmt.Sprintf("%s/%s", cluster.Namespace, cluster.Name)
clientConfig, err := c.clientConfigGetter.New(path, secretName)
if err != nil {
klog.Errorf("failed to get cluster, namespace is %s, name is %s, err is %v", namespace, name, err)
return nil, nil, err
}
return cluster, clientConfig, nil
}
func (c *Server) Equal(cluster *kstonev1alpha2.EtcdCluster, inspectionFeatureName kstonev1alpha2.KStoneFeature) bool {
if !featureutil.IsFeatureGateEnabled(cluster.ObjectMeta.Annotations, inspectionFeatureName) {
if cluster.Status.FeatureGatesStatus[inspectionFeatureName] != featureutil.FeatureStatusDisabled {
return c.checkEqualIfDisabled(cluster, inspectionFeatureName)
}
return true
}
return c.checkEqualIfEnabled(cluster, inspectionFeatureName)
}
func (c *Server) Sync(cluster *kstonev1alpha2.EtcdCluster, inspectionFeatureName kstonev1alpha2.KStoneFeature) error {
if !featureutil.IsFeatureGateEnabled(cluster.ObjectMeta.Annotations, inspectionFeatureName) {
return c.cleanInspectionTask(cluster, inspectionFeatureName)
}
return c.syncInspectionTask(cluster, inspectionFeatureName)
}
// CheckEqualIfDisabled Checks whether the inspection task has been deleted if the inspection feature is disabled.
func (c *Server) checkEqualIfDisabled(cluster *kstonev1alpha2.EtcdCluster, inspectionFeatureName kstonev1alpha2.KStoneFeature) bool {
name := cluster.Name + "-" + string(inspectionFeatureName)
if _, err := c.GetEtcdInspection(cluster.Namespace, name); apierrors.IsNotFound(err) {
return true
}
return false
}
// CheckEqualIfEnabled check whether the desired inspection task are consistent with the actual task,
// if the inspection feature is enabled.
func (c *Server) checkEqualIfEnabled(cluster *kstonev1alpha2.EtcdCluster, inspectionFeatureName kstonev1alpha2.KStoneFeature) bool {
name := cluster.Name + "-" + string(inspectionFeatureName)
if _, err := c.GetEtcdInspection(cluster.Namespace, name); err == nil {
return true
}
return false
}
// CleanInspectionTask cleans inspection task
func (c *Server) cleanInspectionTask(cluster *kstonev1alpha2.EtcdCluster, inspectionFeatureName kstonev1alpha2.KStoneFeature) error {
name := cluster.Name + "-" + string(inspectionFeatureName)
return c.DeleteEtcdInspection(cluster.Namespace, name)
}
// SyncInspectionTask syncs inspection task
func (c *Server) syncInspectionTask(cluster *kstonev1alpha2.EtcdCluster, inspectionFeatureName kstonev1alpha2.KStoneFeature) error {
task, err := c.initInspectionTask(cluster, inspectionFeatureName)
if err != nil {
return err
}
_, err = c.CreateEtcdInspection(task)
if err != nil {
return err
}
return nil
}
================================================
FILE: pkg/inspection/metrics/metrics.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package metrics
import (
"github.com/prometheus/client_golang/prometheus"
)
var (
EtcdNodeDiffTotal = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_node_diff_total",
Help: "total etcd node diff key",
}, []string{"clusterName"})
EtcdEndpointHealthy = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_endpoint_healthy",
Help: "The healthy of etcd member",
}, []string{"clusterName", "endpoint"})
EtcdRequestTotal = prometheus.NewCounterVec(prometheus.CounterOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_request_total",
Help: "The total number of etcd requests",
}, []string{"clusterName", "grpcMethod", "etcdPrefix", "resourceName"})
EtcdKeyTotal = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_key_total",
Help: "The total number of etcd key",
}, []string{"clusterName", "etcdPrefix", "resourceName"})
EtcdEndpointAlarm = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_endpoint_alarm",
Help: "The alarm of etcd member",
}, []string{"clusterName", "endpoint", "alarmType"})
EtcdNodeRevisionDiff = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_node_revision_diff_total",
Help: "The revision difference between all member",
}, []string{"clusterName"})
EtcdNodeIndexDiff = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_node_index_diff_total",
Help: "The index difference between all member",
}, []string{"clusterName"})
EtcdNodeRaftAppliedIndexDiff = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_node_raft_applied_index_diff_total",
Help: "The raft applied index difference between all member",
}, []string{"clusterName"})
EtcdNodeRaftIndexDiff = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_node_raft_index_diff_total",
Help: "The raft index difference between all member",
}, []string{"clusterName"})
EtcdBackupFiles = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_backup_files",
Help: "The Number of backup files in the last day",
}, []string{"clusterName"})
EtcdFailedBackupFiles = prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "etcd_failed_backup_files",
Help: "The Number of failed backup files in the last day",
}, []string{"clusterName"})
EtcdInspectionFailedNum = prometheus.NewCounterVec(prometheus.CounterOpts{
Namespace: "kstone",
Subsystem: "inspection",
Name: "failed_num",
Help: "The total Number of failed inspection",
}, []string{"clusterName", "inspectionType"})
)
func init() {
prometheus.MustRegister(EtcdNodeDiffTotal)
prometheus.MustRegister(EtcdEndpointHealthy)
prometheus.MustRegister(EtcdRequestTotal)
prometheus.MustRegister(EtcdKeyTotal)
prometheus.MustRegister(EtcdEndpointAlarm)
prometheus.MustRegister(EtcdNodeRevisionDiff)
prometheus.MustRegister(EtcdNodeIndexDiff)
prometheus.MustRegister(EtcdNodeRaftAppliedIndexDiff)
prometheus.MustRegister(EtcdNodeRaftIndexDiff)
prometheus.MustRegister(EtcdBackupFiles)
prometheus.MustRegister(EtcdFailedBackupFiles)
prometheus.MustRegister(EtcdInspectionFailedNum)
}
================================================
FILE: pkg/inspection/request.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package inspection
import (
"context"
"encoding/json"
"errors"
"strings"
"time"
"go.etcd.io/etcd/api/v3/mvccpb"
clientv3 "go.etcd.io/etcd/client/v3"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/clusterprovider"
"tkestack.io/kstone/pkg/etcd"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
"tkestack.io/kstone/pkg/inspection/metrics"
)
const (
inspectionRequestAnno = "request"
eventBuffer = 40960
)
type RequestInfo struct {
Path string `json:"path,omitempty"`
Interval int `json:"interval,omitempty"`
Prefix bool `json:"prefix,omitempty"`
}
// CollectEtcdClusterRequest collects request of etcd
func (c *Server) CollectEtcdClusterRequest(inspection *kstonev1alpha2.EtcdInspection) error {
namespace, name := inspection.Namespace, inspection.Spec.ClusterName
cluster, config, err := c.GetEtcdClusterInfo(namespace, name)
defer func() {
if err != nil {
featureutil.IncrFailedInspectionCounter(name, kstonev1alpha2.KStoneFeatureRequest)
}
}()
if err != nil {
klog.Errorf("failed to get cluster info, namespace is %s, name is %s, err is %v", namespace, name, err)
return err
}
_, ok := c.watcher[cluster.Name]
if ok {
return nil
}
annotations := cluster.ObjectMeta.Annotations
watchKey := DefaultInspectionPath
if annotations != nil {
if infoStr, found := annotations[inspectionRequestAnno]; found {
info := &RequestInfo{}
err = json.Unmarshal([]byte(infoStr), info)
if err == nil {
watchKey = info.Path
}
}
}
config.Endpoints = clusterprovider.GetStorageMemberEndpoints(cluster)
client, err := etcd.NewClientv3(config)
if err != nil {
klog.Errorf("failed to get new etcd clientv3,err is %v", err)
return err
}
timeoutCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
rsp, rErr := client.Get(
timeoutCtx,
watchKey,
clientv3.WithPrefix(),
clientv3.WithSort(clientv3.SortByKey, clientv3.SortAscend),
clientv3.WithKeysOnly(),
)
if rErr != nil {
klog.Errorf("failed to get all etcd cluster keys,err is %v", rErr)
return rErr
}
c.populateClusterTotalKeyMetrics(cluster, rsp.Kvs)
c.client[cluster.Name] = client
eventCh := make(chan *clientv3.Event, eventBuffer)
c.setEventCh(eventCh, cluster.Name)
err = c.Watch(cluster, client, watchKey)
if err != nil {
klog.Errorf("failed to get watch etcdcluster,err is %v", err)
return err
}
go c.processWatchEvent(cluster)
return err
}
// populateClusterTotalKeyMetrics generates prometheus metrics of the etcd key
func (c *Server) populateClusterTotalKeyMetrics(cluster *kstonev1alpha2.EtcdCluster, nodes []*mvccpb.KeyValue) {
klog.V(2).Infof("cluster name %s,total node:%d", cluster.Name, len(nodes))
labels := map[string]string{
"clusterName": cluster.Name,
}
for i := 0; i < len(nodes); i++ {
c.setEtcdPrefixAndResourceName(labels, string(nodes[i].Key))
metrics.EtcdKeyTotal.With(labels).Inc()
}
}
// setEtcdPrefixAndResourceName sets prefix and resource name of metric
func (c *Server) setEtcdPrefixAndResourceName(labels map[string]string, key string) {
labels["etcdPrefix"] = ""
labels["resourceName"] = ""
keys := strings.Split(key, "/")
if len(keys) < 2 {
return
}
labels["etcdPrefix"] = keys[1]
if len(keys) > 2 {
labels["resourceName"] = keys[2]
}
}
// setEventCh sets event chan
func (c *Server) setEventCh(ch chan *clientv3.Event, clusterName string) {
c.mux.Lock()
defer c.mux.Unlock()
c.eventCh[clusterName] = ch
}
// getEventCh gets event chan
func (c *Server) getEventCh(clusterName string) chan *clientv3.Event {
c.mux.Lock()
defer c.mux.Unlock()
ch, ok := c.eventCh[clusterName]
if !ok {
klog.Fatalf("failed to get event ch,cluster name is %s", clusterName)
}
return ch
}
// Watch watches etcd event
func (c *Server) Watch(cluster *kstonev1alpha2.EtcdCluster, client *clientv3.Client, keyPrefix string) error {
watcher := clientv3.NewWatcher(client)
c.watcher[cluster.Name] = watcher
go func() {
for {
klog.V(2).Infof("cluster name:%s,prefix:%s,start to watch key change", cluster.Name, keyPrefix)
ch := watcher.Watch(context.Background(), keyPrefix, clientv3.WithPrefix())
err := c.watch(cluster, ch)
if err == nil {
return
}
//if failed to watch,just retry
time.Sleep(time.Second)
}
}()
return nil
}
func (c *Server) watch(cluster *kstonev1alpha2.EtcdCluster, wchan clientv3.WatchChan) error {
ch := c.getEventCh(cluster.Name)
for wresp := range wchan {
if wresp.Canceled {
klog.V(3).Infof("cluster:%s,watcher is closed", cluster.Name)
return errors.New("watch failure")
}
for _, ev := range wresp.Events {
switch ev.Type {
case mvccpb.PUT:
klog.V(3).Infof("type: put,key:%s,lease:%d,mod version:%d", ev.Kv.Key, ev.Kv.Lease, ev.Kv.ModRevision)
ch <- ev
case mvccpb.DELETE:
klog.V(3).Infof("type: delete,key:%s", ev.Kv.Key)
ch <- ev
}
}
}
return nil
}
// processWatchEvent prcoesses the event watched
func (c *Server) processWatchEvent(cluster *kstonev1alpha2.EtcdCluster) {
ch := c.getEventCh(cluster.Name)
labels := map[string]string{
"clusterName": cluster.Name,
}
for ev := range ch {
//fix inconsistent label cardinality,etcdKeyTotal metrics does not have label grpcMethod
delete(labels, "grpcMethod")
switch ev.Type {
case mvccpb.PUT:
c.setEtcdPrefixAndResourceName(labels, string(ev.Kv.Key))
if ev.IsCreate() {
metrics.EtcdKeyTotal.With(labels).Inc()
}
labels["grpcMethod"] = "PUT"
klog.V(3).Infof("cluster:%s,type: PUT,key:%s,lease:%d", cluster.Name, ev.Kv.Key, ev.Kv.Lease)
metrics.EtcdRequestTotal.With(labels).Inc()
case mvccpb.DELETE:
c.setEtcdPrefixAndResourceName(labels, string(ev.Kv.Key))
metrics.EtcdKeyTotal.With(labels).Dec()
labels["grpcMethod"] = "Delete"
metrics.EtcdRequestTotal.With(labels).Inc()
klog.V(3).Infof("cluster:%s,type: delete,key:%s,lease:%d", cluster.Name, ev.Kv.Key, ev.Kv.Lease)
}
}
}
================================================
FILE: pkg/k8s/client.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package k8s
import (
"time"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kubeinformers "k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/klog/v2"
clientset "tkestack.io/kstone/pkg/generated/clientset/versioned"
informers "tkestack.io/kstone/pkg/generated/informers/externalversions"
)
// GetClientConfig gets *rest.Config with the kube config
func GetClientConfig(kubeconfig string) (*rest.Config, error) {
var cfg *rest.Config
var err error
if kubeconfig != "" {
cfg, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
if err != nil {
return nil, err
}
} else {
cfg, err = rest.InClusterConfig()
if err != nil {
return nil, err
}
}
return cfg, nil
}
// GenerateInformer generates informer and client for controller
func GenerateInformer(config *rest.Config, labelSelector string) (
*kubernetes.Clientset,
*clientset.Clientset,
kubeinformers.SharedInformerFactory,
informers.SharedInformerFactory,
error,
) {
kubeClient, err := kubernetes.NewForConfig(config)
if err != nil {
klog.Fatalf("Error building kubernetes clientset: %s", err.Error())
return nil, nil, nil, nil, err
}
clustetClient, err := clientset.NewForConfig(config)
if err != nil {
klog.Fatalf("Error building example clientset: %s", err.Error())
return nil, nil, nil, nil, err
}
informerFactory := informers.NewSharedInformerFactory(clustetClient, time.Second*30)
if labelSelector != "" {
optionsFunc := func(options *metav1.ListOptions) {
options.LabelSelector = labelSelector
}
informerFactory = informers.NewSharedInformerFactoryWithOptions(
clustetClient,
time.Second*30,
informers.WithTweakListOptions(optionsFunc),
)
}
kubeInformerFactory := kubeinformers.NewSharedInformerFactory(kubeClient, time.Second*30)
return kubeClient, clustetClient, kubeInformerFactory, informerFactory, nil
}
================================================
FILE: pkg/middlewares/auth.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package middlewares
import (
"net/http"
"github.com/gin-gonic/gin"
"tkestack.io/kstone/pkg/authentication/request"
)
// Auth authenticates requests
func Auth() gin.HandlerFunc {
return func(c *gin.Context) {
rsp, ok, err := request.MiddlewareRequest(c)
if !ok || err != nil {
c.JSON(http.StatusUnauthorized, *rsp)
c.Abort()
}
c.Next()
}
}
================================================
FILE: pkg/middlewares/cors.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package middlewares
import (
"net/http"
"github.com/gin-gonic/gin"
)
const (
AccessControlExposeHeadersValue = "Content-Length, " +
"Access-Control-Allow-Origin, " +
"Access-Control-Allow-Headers, " +
"Cache-Control, " +
"Content-Language, " +
"Content-Type"
)
// Cors return middleware of cors
func Cors() gin.HandlerFunc {
return func(c *gin.Context) {
method := c.Request.Method
c.Header("Access-Control-Allow-Origin", "*")
c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE")
c.Header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization")
c.Header(
"Access-Control-Expose-Headers",
AccessControlExposeHeadersValue,
)
c.Header("Access-Control-Allow-Credentials", "true")
if method == "OPTIONS" {
c.AbortWithStatus(http.StatusNoContent)
}
c.Next()
}
}
================================================
FILE: pkg/monitor/prometheus.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package monitor
import (
"context"
"os"
"reflect"
"sort"
"strconv"
"strings"
promapiv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/typed/monitoring/v1"
corev1 "k8s.io/api/core/v1"
k8sV1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/client-go/kubernetes"
klog "k8s.io/klog/v2"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
featureutil "tkestack.io/kstone/pkg/featureprovider/util"
platformscheme "tkestack.io/kstone/pkg/generated/clientset/versioned/scheme"
)
const (
DefaultEtcdV3SecretName = "etcd-v3-certs"
EtcdTLSPrefix = "/etc/prometheus/secrets/"
DefaultEtcdPromNamespace = "kstone"
)
var EtcdPromNamespace = os.Getenv("PROM_NAMESPACE")
type PrometheusMonitor struct {
kubeCli kubernetes.Interface
promCli *monitoringv1.MonitoringV1Client
}
// NewPrometheusMonitor generates prometheus provider
func NewPrometheusMonitor(clientBuilder util.ClientBuilder) (*PrometheusMonitor, error) {
// init prom cli
promCli, err := monitoringv1.NewForConfig(clientBuilder.ConfigOrDie())
if err != nil {
klog.Errorf("failed to init prom client, err is %v", err)
return nil, err
}
return &PrometheusMonitor{
kubeCli: clientBuilder.ClientOrDie(),
promCli: promCli,
}, nil
}
// GetEtcdService gets service
func (prom *PrometheusMonitor) GetEtcdService(namespace, name string) (*corev1.Service, error) {
svr, err := prom.kubeCli.CoreV1().Services(namespace).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
klog.Errorf("get etcd service ,namespaces is %s,name is %s,error is %v", namespace, name, err)
return nil, err
}
return svr, err
}
// CreateEtcdService creates service
func (prom *PrometheusMonitor) CreateEtcdService(service *corev1.Service) (*corev1.Service, error) {
svr, err := prom.kubeCli.CoreV1().Services(service.Namespace).Create(context.TODO(), service, metav1.CreateOptions{})
if err != nil {
klog.Errorf("create etcd service ,namespaces is %s,name is %s,error is %v", service.Namespace, service.Name, err)
return nil, err
}
return svr, err
}
// UpdateEtcdService updates service
func (prom *PrometheusMonitor) UpdateEtcdService(service *corev1.Service) (*corev1.Service, error) {
svr, err := prom.kubeCli.CoreV1().Services(service.Namespace).Update(context.TODO(), service, metav1.UpdateOptions{})
if err != nil {
klog.Errorf("update etcd service ,namespaces is %s,name is %s,error is %v", service.Namespace, service.Name, err)
return nil, err
}
return svr, err
}
// DeleteEtcdService deletes service
func (prom *PrometheusMonitor) DeleteEtcdService(namespace, name string) error {
err := prom.kubeCli.CoreV1().Services(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
if err != nil {
klog.Errorf("delete etcd service, namespace is %s, name is %s,error is %v", namespace, name, err)
}
return err
}
// GetEtcdEndpoint gets endpoints
func (prom *PrometheusMonitor) GetEtcdEndpoint(namespace, name string) (*corev1.Endpoints, error) {
ep, err := prom.kubeCli.CoreV1().Endpoints(namespace).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
klog.Errorf("get etcd ep ,namespaces is %s,name is %s,error is %v", namespace, name, err)
return nil, err
}
return ep, err
}
// UpdateEtcdEndpoint updates endpoints
func (prom *PrometheusMonitor) UpdateEtcdEndpoint(ep *corev1.Endpoints) (*corev1.Endpoints, error) {
ep, err := prom.kubeCli.CoreV1().Endpoints(ep.Namespace).Update(context.TODO(), ep, metav1.UpdateOptions{})
if err != nil {
klog.Errorf("failed to update etcd ep ,namespaces is %s,name is %s,error is %v", ep.Namespace, ep.Name, err)
return nil, err
}
return ep, err
}
// CreateEtcdEndpoint creates endpoints
func (prom *PrometheusMonitor) CreateEtcdEndpoint(ep *corev1.Endpoints) (*corev1.Endpoints, error) {
newEp, err := prom.kubeCli.CoreV1().Endpoints(ep.Namespace).Create(context.TODO(), ep, metav1.CreateOptions{})
if err != nil {
klog.Errorf("create etcd endpoint ,namespaces is %s,name is %s,error is %v", ep.Namespace, ep.Name, err)
return nil, err
}
return newEp, err
}
// GetServiceMonitorTask gets service monitor by namespace and name
func (prom *PrometheusMonitor) GetServiceMonitorTask(namespace, name string) (*promapiv1.ServiceMonitor, error) {
task, err := prom.promCli.ServiceMonitors(namespace).Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
klog.Errorf("get service monitor,namespaces is %s,name is %s,error is %v", namespace, name, err)
return nil, err
}
return task, err
}
// UpdateServiceMonitorSpec updates spec of service monitor
func (prom *PrometheusMonitor) UpdateServiceMonitorSpec(task *promapiv1.ServiceMonitor) (
*promapiv1.ServiceMonitor,
error) {
newTask, err := prom.promCli.ServiceMonitors(task.Namespace).Update(context.TODO(), task, metav1.UpdateOptions{})
if err != nil {
klog.Errorf("update service monitor,namespaces is %s,name is %s,error is %v", task.Namespace, task.Name, err)
return nil, err
}
klog.V(6).Infof("update task %v spec succ", newTask)
return newTask, err
}
// CreateServiceMonitor creates service monitor
func (prom *PrometheusMonitor) CreateServiceMonitor(task *promapiv1.ServiceMonitor) (*promapiv1.ServiceMonitor, error) {
newTask, err := prom.promCli.ServiceMonitors(task.Namespace).Create(context.TODO(), task, metav1.CreateOptions{})
if err != nil {
klog.Errorf("create service monitor,namespaces is %s,name is %s,error is %v", task.Namespace, task.Name, err)
return nil, err
}
klog.V(6).Infof("update task %v spec succ", newTask)
return newTask, err
}
// UpdateServiceMonitor updates service monitor
func (prom *PrometheusMonitor) UpdateServiceMonitor(task *promapiv1.ServiceMonitor) (*promapiv1.ServiceMonitor, error) {
newTask, err := prom.promCli.ServiceMonitors(task.Namespace).Update(context.TODO(), task, metav1.UpdateOptions{})
if err != nil {
klog.Errorf("update service monitor,namespaces is %s,name is %s,error is %v", task.Namespace, task.Name, err)
return nil, err
}
klog.V(6).Infof("update task %v spec succ", newTask)
return newTask, err
}
// DeleteServiceMonitor deletes service monitor
func (prom *PrometheusMonitor) DeleteServiceMonitor(namespace, name string) error {
err := prom.promCli.ServiceMonitors(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
if err != nil {
klog.Errorf("delete service monitor,namespaces is %s,name is %s,error is %v", namespace, name, err)
return err
}
klog.V(6).Infof("delete service monitor %s succ", name)
return err
}
// ServiceMonitorIsEquivalent compares old service monitor with new service monitor
func (prom *PrometheusMonitor) ServiceMonitorIsEquivalent(old, new *promapiv1.ServiceMonitor) bool {
if !reflect.DeepEqual(old.Labels, new.Labels) {
return false
}
if !reflect.DeepEqual(old.Spec, new.Spec) {
return false
}
return true
}
// EndpointIsEquivalent compares old endpoints with new endpoints
func (prom *PrometheusMonitor) EndpointIsEquivalent(old, new *corev1.Endpoints) bool {
if !reflect.DeepEqual(old.Labels, new.Labels) {
return false
}
if !reflect.DeepEqual(old.Subsets, new.Subsets) {
return false
}
return true
}
// ServiceIsEquivalent compares old service with old service
func (prom *PrometheusMonitor) ServiceIsEquivalent(old, new *corev1.Service) bool {
if !reflect.DeepEqual(old.Labels, new.Labels) {
return false
}
if !reflect.DeepEqual(old.Spec, new.Spec) {
return false
}
return true
}
// UnpackEndPointSubsets unpacks endpoint subnets
func (prom *PrometheusMonitor) UnpackEndPointSubsets(endpoint *corev1.Endpoints) ([]string, error) {
var addrs []string
for _, subset := range endpoint.Subsets {
for _, ipAddr := range subset.Addresses {
for _, port := range subset.Ports {
s := ipAddr.IP + ":" + strconv.Itoa(int(port.Port))
addrs = append(addrs, s)
}
}
}
sort.Strings(addrs)
return addrs, nil
}
func (prom *PrometheusMonitor) IsMonitorEnabled(cluster *kstonev1alpha2.EtcdCluster) bool {
return featureutil.IsFeatureGateEnabled(cluster.ObjectMeta.Annotations, kstonev1alpha2.KStoneFeatureMonitor)
}
// Equal checks to Update ServiceMonitor & svc & ep, when label & memberIp change, update
func (prom *PrometheusMonitor) Equal(cluster *kstonev1alpha2.EtcdCluster) bool {
var epAddrs []string
epLabels := make(map[string]string)
var clusterEndpoints []string
for _, m := range cluster.Status.Members {
items := strings.Split(m.ExtensionClientUrl, ":")
endPoint := strings.TrimPrefix(items[1], "//")
clusterEndpoints = append(clusterEndpoints, endPoint+":"+items[2])
}
endpoints, err := prom.GetEtcdEndpoint(cluster.GetNamespace(), cluster.Name)
if err != nil {
if !apierrors.IsNotFound(err) {
klog.Errorf("get endpoint failed, err is %v", err)
return false
}
} else {
epAddrs, err = prom.UnpackEndPointSubsets(endpoints)
if err != nil {
klog.Errorf("unpack endpoint failed, err is %v", err)
return false
}
}
if reflect.DeepEqual(epLabels, cluster.ObjectMeta.Labels) &&
reflect.DeepEqual(epAddrs, clusterEndpoints) {
return false
}
return true
}
// initEtcdServiceMonitor inits cluster serviceMonitor
func (prom *PrometheusMonitor) initEtcdServiceMonitor(cluster *kstonev1alpha2.EtcdCluster) (
*promapiv1.ServiceMonitor,
error) {
certName := cluster.ObjectMeta.Annotations[util.ClusterTLSSecretName]
endpointList := make([]promapiv1.Endpoint, 0)
if certName == "" {
certName = DefaultEtcdV3SecretName
}
relabel := &promapiv1.RelabelConfig{
Action: "labelmap",
Regex: "__meta_kubernetes_service_label_(.+)",
}
replaceRelabel := &promapiv1.RelabelConfig{
Action: "replace",
Regex: "(.*)-(.*)-(.*)-(.*)",
Replacement: "$1.$2.$3.$4",
SourceLabels: []string{
"endpoint",
},
TargetLabel: "endpoint",
}
scheme := "http"
if strings.HasPrefix(cluster.Status.ServiceName, "https") {
scheme = "https"
}
secretName := certName
if strings.Contains(secretName, "/") {
secretName = strings.Split(secretName, "/")[1]
}
for _, memberStatus := range cluster.Status.Members {
endpoint := promapiv1.Endpoint{
Port: strings.ReplaceAll(memberStatus.Endpoint, ".", "-"),
Scheme: scheme,
Interval: "30s",
RelabelConfigs: []*promapiv1.RelabelConfig{
relabel,
replaceRelabel,
},
ProxyURL: nil,
}
if scheme == "https" {
endpoint.TLSConfig = &promapiv1.TLSConfig{
SafeTLSConfig: promapiv1.SafeTLSConfig{
CA: promapiv1.SecretOrConfigMap{
Secret: &k8sV1.SecretKeySelector{
LocalObjectReference: k8sV1.LocalObjectReference{
Name: secretName,
},
Key: etcd.CliCAFile,
},
},
Cert: promapiv1.SecretOrConfigMap{
Secret: &k8sV1.SecretKeySelector{
LocalObjectReference: k8sV1.LocalObjectReference{
Name: secretName,
},
Key: etcd.CliCertFile,
},
},
KeySecret: &k8sV1.SecretKeySelector{
LocalObjectReference: k8sV1.LocalObjectReference{
Name: secretName,
},
Key: etcd.CliKeyFile,
},
InsecureSkipVerify: true,
},
}
}
endpointList = append(endpointList, endpoint)
}
labels := cluster.ObjectMeta.Labels
labels["etcdName"] = cluster.Name
servicemonitor := &promapiv1.ServiceMonitor{
ObjectMeta: metav1.ObjectMeta{
Name: cluster.Name,
Namespace: cluster.GetNamespace(),
Labels: labels,
},
Spec: promapiv1.ServiceMonitorSpec{
Endpoints: endpointList,
NamespaceSelector: promapiv1.NamespaceSelector{MatchNames: []string{cluster.GetNamespace()}},
Selector: metav1.LabelSelector{MatchLabels: map[string]string{
"etcdName": cluster.Name,
}},
},
}
err := controllerutil.SetOwnerReference(cluster, servicemonitor, platformscheme.Scheme)
if err != nil {
return nil, err
}
return servicemonitor, nil
}
// initEtcdSvc inits cluster svc
func (prom *PrometheusMonitor) initEtcdSvc(cluster *kstonev1alpha2.EtcdCluster) (*corev1.Service, error) {
portList := make([]corev1.ServicePort, 0)
count := 0
for _, m := range cluster.Status.Members {
addr := strings.Split(m.ExtensionClientUrl, ":")
port, _ := strconv.Atoi(addr[2])
portName := strings.ReplaceAll(m.Endpoint, ".", "-")
if len(portList) > 0 {
if portName == portList[len(portList)-1].Name {
continue
}
}
servicePort := corev1.ServicePort{
Name: portName,
Protocol: corev1.ProtocolTCP,
Port: int32(2379 + count),
TargetPort: intstr.FromInt(port),
}
portList = append(portList, servicePort)
count++
}
labelMap := cluster.ObjectMeta.Labels
labelMap["etcdName"] = cluster.Name
svr := &corev1.Service{
ObjectMeta: metav1.ObjectMeta{
Name: cluster.Name,
Namespace: cluster.GetNamespace(),
Labels: labelMap,
},
Spec: corev1.ServiceSpec{
Ports: portList,
Type: corev1.ServiceTypeClusterIP,
},
}
if cluster.Spec.ClusterType == kstonev1alpha2.EtcdClusterKstone {
svr.Spec.Selector = map[string]string{
"etcdcluster.etcd.tkestack.io/cluster-name": cluster.Name,
}
}
err := controllerutil.SetOwnerReference(cluster, svr, platformscheme.Scheme)
if err != nil {
klog.Errorf("set reference failed, err is %s, service is %s", svr.Name)
return nil, err
}
return svr, nil
}
// initEtcdEndpoint inits cluster ep
func (prom *PrometheusMonitor) initEtcdEndpoint(cluster *kstonev1alpha2.EtcdCluster) (*corev1.Endpoints, error) {
subsets := make([]corev1.EndpointSubset, 0)
if cluster.Spec.ClusterType == kstonev1alpha2.EtcdClusterImported {
for _, m := range cluster.Status.Members {
addr := strings.Split(m.ExtensionClientUrl, ":")
port, err := strconv.Atoi(addr[2])
if err != nil {
klog.Errorf("failed to convert port string to int: %v", err)
return nil, err
}
s := corev1.EndpointSubset{
Addresses: []corev1.EndpointAddress{
{
IP: strings.TrimPrefix(addr[1], "//"),
},
},
Ports: []corev1.EndpointPort{
{
Name: strings.ReplaceAll(m.Endpoint, ".", "-"),
Protocol: corev1.ProtocolTCP,
Port: int32(port),
},
},
}
subsets = append(subsets, s)
}
}
ep := &corev1.Endpoints{
ObjectMeta: metav1.ObjectMeta{
Name: cluster.Name,
Namespace: cluster.GetNamespace(),
Labels: cluster.ObjectMeta.Labels,
},
Subsets: subsets,
}
return ep, nil
}
// CheckEqualIfDisabled Checks whether the monitoring resource has been deleted if monitor feature is disabled.
func (prom *PrometheusMonitor) CheckEqualIfDisabled(cluster *kstonev1alpha2.EtcdCluster) bool {
_, err := prom.GetServiceMonitorTask(cluster.Namespace, cluster.Name)
if err != nil && apierrors.IsNotFound(err) {
_, err = prom.GetEtcdService(cluster.Namespace, cluster.Name)
if err != nil && apierrors.IsNotFound(err) {
return true
}
}
return false
}
// CheckEqualIfEnabled check whether the desired monitoring resources are consistent with the actual resources,
// if monitor feature is enabled.
func (prom *PrometheusMonitor) CheckEqualIfEnabled(cluster *kstonev1alpha2.EtcdCluster) bool {
var epAddrs []string
epLabels := make(map[string]string)
var clusterEndpoints []string
for _, m := range cluster.Status.Members {
items := strings.Split(m.ExtensionClientUrl, ":")
endPoint := strings.TrimPrefix(items[1], "//")
clusterEndpoints = append(clusterEndpoints, endPoint+":"+items[2])
}
endpoints, err := prom.GetEtcdEndpoint(cluster.GetNamespace(), cluster.Name)
if err != nil {
klog.Errorf("get endpoint failed, cluster name %s,err is %v", cluster.Name, err)
return false
}
if epAddrs, err = prom.UnpackEndPointSubsets(endpoints); err != nil {
klog.Errorf("unpack endpoint failed, err is %v", err)
return false
}
if reflect.DeepEqual(epLabels, cluster.ObjectMeta.Labels) &&
reflect.DeepEqual(epAddrs, clusterEndpoints) {
return true
}
return false
}
// CleanPrometheusMonitor cleans prometheus monitor for etcdcluster if it is disabled
func (prom *PrometheusMonitor) CleanPrometheusMonitor(cluster *kstonev1alpha2.EtcdCluster) error {
if err := prom.DeleteServiceMonitor(cluster.Namespace, cluster.Name); err != nil && !apierrors.IsNotFound(err) {
return err
}
if err := prom.DeleteEtcdService(cluster.Namespace, cluster.Name); err != nil && !apierrors.IsNotFound(err) {
return err
}
return nil
}
// SyncPrometheusMonitor syncs prometheus monitor for etcdcluster if it is enabled
func (prom *PrometheusMonitor) SyncPrometheusMonitor(cluster *kstonev1alpha2.EtcdCluster) error {
taskName := cluster.Name
// 1 init service
newSvc, nErr := prom.initEtcdSvc(cluster)
if nErr != nil {
klog.Errorf("init etcdSvc failed, err is %v, cluster is %s", nErr, taskName)
return nErr
}
curSvc, err := prom.GetEtcdService(cluster.GetNamespace(), taskName)
if apierrors.IsNotFound(err) {
_, err = prom.CreateEtcdService(newSvc)
if err != nil {
klog.Errorf("create etcd %s svr failed:%v", taskName, err)
return err
}
} else if err != nil {
klog.Errorf("get etcd %s svr failed:%v", taskName, err)
return err
} else if !prom.ServiceIsEquivalent(curSvc, newSvc) {
newSvc.Spec.ClusterIP = curSvc.Spec.ClusterIP
newSvc.ResourceVersion = curSvc.ResourceVersion
_, err = prom.UpdateEtcdService(newSvc)
if err != nil {
klog.Errorf("failed to update etcd %s svr failed:%v", taskName, err)
return err
}
}
// 2 init ep
if cluster.Spec.ClusterType == kstonev1alpha2.EtcdClusterImported {
newEp, err := prom.initEtcdEndpoint(cluster)
if err != nil {
return err
}
curEp, err := prom.GetEtcdEndpoint(cluster.GetNamespace(), taskName)
if apierrors.IsNotFound(err) {
_, err = prom.CreateEtcdEndpoint(newEp)
if err != nil {
klog.Errorf("create etcd %s ep failed:%v", taskName, err)
return err
}
} else if err != nil {
klog.Errorf("get etcd %s ep failed:%v", taskName, err)
return err
} else if !prom.EndpointIsEquivalent(curEp, newEp) {
newEp.ResourceVersion = curEp.ResourceVersion
_, err = prom.UpdateEtcdEndpoint(newEp)
if err != nil {
klog.Errorf("failed to update etcd %s ep,err is %v", taskName, err)
return err
}
}
}
// 3 init servicemonitor
newServiceMonitor, err := prom.initEtcdServiceMonitor(cluster)
if err != nil {
return err
}
curServiceMonitor, err := prom.GetServiceMonitorTask(cluster.GetNamespace(), taskName)
if apierrors.IsNotFound(err) {
_, err = prom.CreateServiceMonitor(newServiceMonitor)
if err != nil {
klog.Errorf("create etcd %s service monitor failed:%v", taskName, err)
return err
}
} else if err != nil {
klog.Errorf("get etcd %s service monitor failed:%v", taskName, err)
return err
} else if !prom.ServiceMonitorIsEquivalent(curServiceMonitor, newServiceMonitor) {
newServiceMonitor.ResourceVersion = curServiceMonitor.ResourceVersion
_, err = prom.UpdateServiceMonitor(newServiceMonitor)
if err != nil {
klog.Errorf("failed to update etcd %s service monitor,err is %v", taskName, err)
return err
}
}
klog.V(2).Infof("add etcd task %s succ", taskName)
return err
}
================================================
FILE: pkg/router/router.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package router
import (
"context"
"crypto/tls"
"fmt"
"net/http"
"net/http/httputil"
"os"
"time"
"github.com/gin-contrib/pprof"
"github.com/gin-gonic/gin"
clientv3 "go.etcd.io/etcd/client/v3"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/tools/clientcmd"
klog "k8s.io/klog/v2"
"tkestack.io/kstone/cmd/kstone-api/config"
"tkestack.io/kstone/pkg/authentication/request"
"tkestack.io/kstone/pkg/backup"
"tkestack.io/kstone/pkg/controllers/util"
"tkestack.io/kstone/pkg/etcd"
"tkestack.io/kstone/pkg/featureprovider"
"tkestack.io/kstone/pkg/middlewares"
_ "tkestack.io/kstone/pkg/authentication/providers" // import token and authenticator provider
_ "tkestack.io/kstone/pkg/backup/providers" // import backup provider
_ "tkestack.io/kstone/pkg/featureprovider/providers" // import feature provider
clientset "tkestack.io/kstone/pkg/generated/clientset/versioned"
)
var (
KubeScheme = "https"
KubeTarget = os.Getenv("KUBE_TARGET")
KubeToken = os.Getenv("KUBE_TOKEN")
WorkNamespace = "kstone"
)
const (
GroupName = "kstone.tkestack.io"
VersionName = "v1alpha2"
apiPrefix = "/apis"
)
// SetWorkNamespace sets work namespace
func SetWorkNamespace(namespace string) {
WorkNamespace = namespace
}
// NewRouter generates router
func NewRouter() *gin.Engine {
r := gin.Default()
if config.Cfg.EnableProfiling {
pprof.Register(r, fmt.Sprintf("%s/debug/pprof", apiPrefix))
}
public := r.Group(apiPrefix)
private := r.Group(apiPrefix)
private.Use(middlewares.Auth())
public.POST("/login", Login)
private.GET("/:resource", ReverseProxy())
private.POST("/:resource", ReverseProxy())
private.GET("/:resource/:name", ReverseProxy())
private.PUT("/:resource/:name", ReverseProxy())
private.PATCH("/:resource/:name", ReverseProxy())
private.DELETE("/:resource/:name", ReverseProxy())
private.GET("/etcd/:etcdName", EtcdKeyList)
private.GET("/backup/:etcdName", BackupList)
private.GET("/features", FeatureList)
private.GET("/users", UserList)
private.PUT("/user", UserUpdate)
private.POST("/user", UserAdd)
private.DELETE("/user", UserDelete)
return r
}
// ReverseProxy reverses proxy to kubernetes api
func ReverseProxy() gin.HandlerFunc {
target := KubeTarget
return func(c *gin.Context) {
resource := c.Param("resource")
name := c.Param("name")
director := func(req *http.Request) {
req.URL.Scheme = KubeScheme
req.URL.Host = target
req.Host = target
// set Authorization to add k8s token
req.Header = map[string][]string{
"Authorization": {
fmt.Sprintf("Bearer %s", KubeToken),
},
}
var path string
// handle different resource according to the resource type
switch resource {
case "etcdclusters":
if name == "" {
path = fmt.Sprintf("/apis/%s/%s/namespaces/%s/%s", GroupName, VersionName, WorkNamespace, resource)
} else {
path = fmt.Sprintf("/apis/%s/%s/namespaces/%s/%s/%s", GroupName, VersionName, WorkNamespace, resource, name)
}
case "secrets":
if name == "" {
if req.Method == http.MethodPost || req.Method == http.MethodGet {
path = fmt.Sprintf("/api/v1/namespaces/%s/%s", WorkNamespace, resource)
}
} else {
path = fmt.Sprintf("/api/v1/namespaces/%s/%s/%s", WorkNamespace, resource, name)
}
case "configmaps":
if name == "" {
if req.Method == http.MethodPost || req.Method == http.MethodGet {
path = fmt.Sprintf("/api/v1/namespaces/%s/%s", WorkNamespace, resource)
}
} else {
path = fmt.Sprintf("/api/v1/namespaces/%s/%s/%s", WorkNamespace, resource, name)
}
}
req.URL.Path = path
req.RequestURI = path
}
proxy := &httputil.ReverseProxy{Director: director}
proxy.Transport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
proxy.ServeHTTP(c.Writer, c.Request)
}
}
// EtcdKeyList returns etcd key list
func EtcdKeyList(ctx *gin.Context) {
etcdName := ctx.Param("etcdName")
etcdKey := ctx.DefaultQuery("key", "")
// generate etcd client
cfg, err := clientcmd.BuildConfigFromFlags("", "")
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
clusterClient, err := clientset.NewForConfig(cfg)
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
cluster, err := clusterClient.KstoneV1alpha2().EtcdClusters(WorkNamespace).
Get(context.TODO(), etcdName, metav1.GetOptions{})
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
annotations := cluster.Annotations
secretName := ""
if annotations != nil {
if _, found := annotations["certName"]; found {
secretName = annotations["certName"]
}
}
clientConfigGetter := etcd.NewClientConfigSecretGetter(util.NewSimpleClientBuilder(""))
klog.Infof("secretName: %s", secretName)
path := fmt.Sprintf("%s/%s", cluster.Namespace, cluster.Name)
config, err := clientConfigGetter.New(path, secretName)
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
config.Endpoints = []string{cluster.Status.ServiceName}
klog.Infof("endpoint: %s, ca: %s, cert: %s, key: %s", cluster.Status.ServiceName, config.CaCert, config.Cert, config.Key)
client, err := etcd.NewClientv3(config)
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
defer client.Close()
if etcdKey == "" {
resp, err := client.Get(context.TODO(), "", clientv3.WithPrefix(), clientv3.WithKeysOnly())
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
data := make([]string, 0)
for _, value := range resp.Kvs {
data = append(data, string(value.Key))
}
ctx.JSON(http.StatusOK, map[string]interface{}{
"code": 0,
"data": data,
})
return
}
klog.Infof("get value by key: %s", etcdKey)
resp, err := client.Get(context.TODO(), etcdKey, clientv3.WithPrefix())
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
if resp.Count == 0 {
ctx.JSON(http.StatusNotFound, map[string]interface{}{
"code": 1,
"data": "",
})
} else {
result := map[string]interface{}{
"code": 0,
"err": "",
}
if cluster.Annotations["kubernetes"] == "true" && etcdKey != "compact_rev_key" {
jsonValue := etcd.ConvertToJSON(resp.Kvs[0])
inMediaType, in, err := etcd.DetectAndExtract(resp.Kvs[0].Value)
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
respData, err := etcd.ConvertToData(inMediaType, in)
if err != nil {
klog.Errorf(err.Error())
if respData == nil {
respData = make(map[string]string)
}
result["err"] = err.Error()
}
respData["json"] = jsonValue
respDataList := make([]map[string]string, 0)
for dataType, value := range respData {
respDataList = append(respDataList, map[string]string{
"type": dataType,
"data": value,
})
}
result["data"] = respDataList
} else {
result["data"] = []map[string]string{
{
"type": "javascript",
"data": string(resp.Kvs[0].Value),
},
}
}
ctx.JSON(http.StatusOK, result)
}
}
// BackupList returns backup list
func BackupList(ctx *gin.Context) {
etcdName := ctx.Param("etcdName")
clientBuilder := util.NewSimpleClientBuilder("")
// generate k8s client
clusterClient, err := clientset.NewForConfig(clientBuilder.ConfigOrDie())
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
// get cluster
cluster, err := clusterClient.KstoneV1alpha2().EtcdClusters(WorkNamespace).
Get(context.TODO(), etcdName, metav1.GetOptions{})
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
// get backup config
backupConfig, err := backup.GetBackupConfig(cluster)
if err != nil {
klog.Errorf("failed to get backup config,cluster %s,err is %v", cluster.Name, err)
ctx.JSON(http.StatusInternalServerError, err)
}
// get specified backup storage provider
storage, err := backup.GetBackupStorageProvider(string(backupConfig.StorageType), &backup.StorageConfig{
KubeCli: clientBuilder.ClientOrDie(),
})
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
resp, err := storage.List(cluster)
if err != nil {
klog.Errorf(err.Error())
ctx.JSON(http.StatusInternalServerError, err)
return
}
ctx.JSON(http.StatusOK, resp)
}
// FeatureList returns all features
func FeatureList(ctx *gin.Context) {
features := featureprovider.ListFeatureProvider()
ctx.JSON(http.StatusOK, features)
}
// UserList list all users
func UserList(ctx *gin.Context) {
rsp, err := request.UserListRequest(ctx)
if err != nil {
ctx.JSON(http.StatusInternalServerError, *rsp)
return
}
ctx.JSON(http.StatusOK, *rsp)
}
// UserUpdate updates users info
func UserUpdate(ctx *gin.Context) {
rsp, err := request.UserUpdateRequest(ctx)
if err != nil {
ctx.JSON(http.StatusInternalServerError, *rsp)
return
}
ctx.JSON(http.StatusOK, *rsp)
}
// UserAdd adds user
func UserAdd(ctx *gin.Context) {
rsp, err := request.UserAddRequest(ctx)
if err != nil {
ctx.JSON(http.StatusInternalServerError, *rsp)
return
}
ctx.JSON(http.StatusOK, *rsp)
}
// UserDelete deletes user
func UserDelete(ctx *gin.Context) {
rsp, err := request.UserDeleteRequest(ctx)
if err != nil {
ctx.JSON(http.StatusInternalServerError, *rsp)
return
}
ctx.JSON(http.StatusOK, *rsp)
}
// Login returns login info
func Login(ctx *gin.Context) {
rsp, ok, err := request.LoginRequest(ctx)
if !ok || err != nil {
ctx.JSON(http.StatusUnauthorized, *rsp)
return
}
ctx.JSON(http.StatusOK, *rsp)
}
================================================
FILE: pkg/signals/signal.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package signals
import (
"os"
"os/signal"
)
var onlyOneSignalHandler = make(chan struct{})
// SetupSignalHandler registered for SIGTERM and SIGINT. A stop channel is returned
// which is closed on one of these signals. If a second signal is caught, the program
// is terminated with exit code 1.
func SetupSignalHandler() (stopCh <-chan struct{}) {
close(onlyOneSignalHandler) // panics when called twice
stop := make(chan struct{})
c := make(chan os.Signal, 2)
signal.Notify(c, shutdownSignals...)
go func() {
<-c
close(stop)
<-c
os.Exit(1) // second signal. Exit directly.
}()
return stop
}
================================================
FILE: pkg/signals/signal_posix.go
================================================
//go:build !windows
// +build !windows
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package signals
import (
"os"
"syscall"
)
var shutdownSignals = []os.Signal{os.Interrupt, syscall.SIGTERM}
================================================
FILE: pkg/signals/signal_windows.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package signals
import (
"os"
)
var shutdownSignals = []os.Signal{os.Interrupt}
================================================
FILE: test/e2e/e2e_test.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package e2e
import (
"context"
"fmt"
"os"
"testing"
"time"
"github.com/onsi/ginkgo"
"github.com/onsi/gomega"
monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned/typed/monitoring/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/dynamic"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
clientset "tkestack.io/kstone/pkg/generated/clientset/versioned"
"tkestack.io/kstone/test/fixtures"
"tkestack.io/kstone/test/testfiles"
)
const (
// TestSuiteSetupTimeOut defines the time after which the suite setup times out.
TestSuiteSetupTimeOut = 300 * time.Second
// TestSuiteTeardownTimeOut defines the time after which the suite tear down times out.
TestSuiteTeardownTimeOut = 300 * time.Second
// pollInterval defines the interval time for a poll operation.
pollInterval = 1 * time.Second
// pollTimeout defines the time after which the poll operation times out.
pollTimeout = 180 * time.Second
)
var (
kubeconfig string
fixturesDir string
restConfig *rest.Config
kubeClient kubernetes.Interface
etcdClusterClient clientset.Interface
dynamicCli dynamic.Interface
promCli *monitoringv1.MonitoringV1Client
)
func TestE2E(t *testing.T) {
gomega.RegisterFailHandler(ginkgo.Fail)
ginkgo.RunSpecs(t, "e2e suite")
}
var _ = ginkgo.BeforeSuite(func() {
// KUBECONFIG=/Users/etcd/.kube/config
workspace := os.Getenv("GITHUB_WORKSPACE")
gomega.Expect(workspace).ShouldNot(gomega.BeEmpty())
kubeconfig = workspace + "/" + os.Getenv("E2E_KUBECONFIG_PATH")
gomega.Expect(kubeconfig).ShouldNot(gomega.BeEmpty())
// FIXTURESDIR=/Users/etcd/go/src/tkestack.io/kstone/test/fixtures/manifests
fixturesDir = workspace + "/" + os.Getenv("FIXTURES_DIR")
gomega.Expect(fixturesDir).ShouldNot(gomega.BeEmpty())
var err error
restConfig, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
kubeClient, err = kubernetes.NewForConfig(restConfig)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
dynamicCli, err = dynamic.NewForConfig(restConfig)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
etcdClusterClient, err = clientset.NewForConfig(restConfig)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
promCli, err = monitoringv1.NewForConfig(restConfig)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
testfiles.AddFileSource(testfiles.RootFileSource{Root: fixturesDir})
err = CreateTmpTestEtcdCluster()
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
err = createEtcdCluster(fixtures.DefaultHTTPKstoneEtcdOperatorClusterName, 1, kstonev1alpha2.EtcdClusterKstone, fixtures.DefaultFeatureGate, "", "http")
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
err = createEtcdCluster(fixtures.DefaultHTTPSKstoneEtcdOperatorClusterName, 1, kstonev1alpha2.EtcdClusterKstone, fixtures.DefaultFeatureGate, "", "https")
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
podIP, err := getEtcdPodIP()
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
err = createEtcdCluster(fixtures.DefaultImportedClusterName, 3, kstonev1alpha2.EtcdClusterImported, fixtures.DefaultFeatureGate, podIP+":2379", "")
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
}, TestSuiteSetupTimeOut.Seconds())
var _ = ginkgo.AfterSuite(func() {
err := DeleteTmpTestEtcdCluster()
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
err = cleanAllEtcdCluster()
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
}, TestSuiteTeardownTimeOut.Seconds())
func CreateTmpTestEtcdCluster() error {
sts, err := fixtures.StatefulSetFromManifest(fixtures.DefaultTestClusterStatefulsetYaml, fixtures.DefaultKstoneNamespace)
if err != nil {
return err
}
_, err = kubeClient.AppsV1().StatefulSets(fixtures.DefaultKstoneNamespace).Create(context.TODO(), sts, metav1.CreateOptions{})
if err != nil {
return err
}
svc, err := fixtures.SvcFromManifest(fixtures.DefaultTestClusterSvcYaml)
if err != nil {
return err
}
_, err = kubeClient.CoreV1().Services(fixtures.DefaultKstoneNamespace).Create(context.TODO(), svc, metav1.CreateOptions{})
if err != nil {
return err
}
return nil
}
func GetTmpTestEtcdClusterPodIP() (string, error) {
var podIP string
podList, err := kubeClient.CoreV1().Pods(fixtures.DefaultKstoneNamespace).List(context.TODO(), metav1.ListOptions{LabelSelector: "app=etcd-test"})
if err != nil {
return "", err
}
for i := 0; i < len(podList.Items); i++ {
if podList.Items[i].Status.Phase == v1.PodRunning &&
len(podList.Items[i].Status.Conditions) > 0 &&
podList.Items[i].Status.Conditions[0].Status == v1.ConditionTrue &&
podList.Items[i].Status.PodIP != "" {
podIP = podList.Items[i].Status.PodIP
return podIP, nil
}
}
return podIP, fmt.Errorf("etcd pod ip is invalid")
}
func DeleteTmpTestEtcdCluster() error {
sts, err := fixtures.StatefulSetFromManifest(fixtures.DefaultTestClusterStatefulsetYaml, fixtures.DefaultKstoneNamespace)
if err != nil {
return err
}
err = kubeClient.AppsV1().StatefulSets(fixtures.DefaultKstoneNamespace).Delete(context.TODO(), sts.Name, metav1.DeleteOptions{})
if err != nil {
return err
}
svc, err := fixtures.SvcFromManifest(fixtures.DefaultTestClusterSvcYaml)
if err != nil {
return err
}
err = kubeClient.CoreV1().Services(fixtures.DefaultKstoneNamespace).Delete(context.TODO(), svc.Name, metav1.DeleteOptions{})
if err != nil {
return err
}
return nil
}
================================================
FILE: test/e2e/etcdcluster_test.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package e2e
import (
"context"
"errors"
"os"
"os/exec"
"strconv"
"strings"
"github.com/onsi/ginkgo"
"github.com/onsi/gomega"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/klog/v2"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
"tkestack.io/kstone/pkg/backup"
"tkestack.io/kstone/test/fixtures"
)
var _ = ginkgo.Describe("imported etcdcluster", getGinkgoFunc(fixtures.DefaultImportedClusterName, fixtures.DefaultImportedPodName))
var _ = ginkgo.Describe("kstone-etcd-operator http etcdcluster", getGinkgoFunc(fixtures.DefaultHTTPKstoneEtcdOperatorClusterName, fixtures.DefaultHTTPKstoneEtcdOperatorPodName))
var _ = ginkgo.Describe("kstone-etcd-operator https etcdcluster", getGinkgoFunc(fixtures.DefaultHTTPSKstoneEtcdOperatorClusterName, fixtures.DefaultHTTPSKstoneEtcdOperatorPodName))
func getGinkgoFunc(clusterName, podName string) func() {
return func() {
ginkgo.Describe("create an etcdcluster and enable monitor,backup,healthy,request,consistency,alarm,backupcheck features", func() {
ginkgo.It("ensure cluster status to be running", func() {
err := waitClusterStatusToRunning(clusterName)
if err != nil {
PrintTraceInfo(clusterName, podName)
}
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should generate etcdinspection/consistency resources", func() {
err := CheckInspectionEnabled(clusterName, kstonev1alpha2.KStoneFeatureConsistency)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should generate etcdinspection/healthy resources", func() {
err := CheckInspectionEnabled(clusterName, kstonev1alpha2.KStoneFeatureHealthy)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should generate etcdinspection/request resources", func() {
err := CheckInspectionEnabled(clusterName, kstonev1alpha2.KStoneFeatureRequest)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should generate etcdinspection/alarm resources", func() {
err := CheckInspectionEnabled(clusterName, kstonev1alpha2.KStoneFeatureAlarm)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should generate etcdinspection/backupcheck resources", func() {
err := CheckInspectionEnabled(clusterName, kstonev1alpha2.KStoneFeatureBackupCheck)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should generate prometheus servicemonitor resources", func() {
err := CheckServiceMonitorEnabled(clusterName)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should generate etcdbackup resources", func() {
err := CheckBackupEnabled(clusterName)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should be able to disable etcdinspection/consistency feature", func() {
err := EnsureInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureConsistency)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should be able to disable etcdinspection/healthy feature", func() {
err := EnsureInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureHealthy)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should be able to disable etcdinspection/request feature", func() {
err := EnsureInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureRequest)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should be able to disable etcdinspection/alarm feature", func() {
err := EnsureInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureAlarm)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should be able to disable etcdinspection/backupcheck feature", func() {
err := EnsureInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureBackupCheck)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should be able to disable prometheus servicemonitor feature", func() {
err := EnsureServiceMonitorDisabled(clusterName)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should be able to disable etcdbackup feature", func() {
err := EnsureBackupDisabled(clusterName)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
})
ginkgo.Describe("delete an existed etcdcluster", func() {
ginkgo.It("kstone should delete etcd cluster", func() {
err := deleteEtcdCluster(clusterName)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should delete servicemonitor resources", func() {
err := CheckServiceMonitorDisabled(clusterName)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should delete etcdinspection/healthy resources", func() {
err := CheckInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureHealthy)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should delete etcdinspection/request resources", func() {
err := CheckInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureRequest)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should delete etcdinspection/consistency resources", func() {
err := CheckInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureConsistency)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should delete etcdinspection/alarm resources", func() {
err := CheckInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureAlarm)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should delete etcdinspection/backupcheck resources", func() {
err := CheckInspectionDisabled(clusterName, kstonev1alpha2.KStoneFeatureBackupCheck)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
ginkgo.It("kstone should delete etcdbackup resources", func() {
err := CheckBackupDisabled(clusterName)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
})
})
}
}
func createEtcdCluster(name string, replicas uint, clusterType kstonev1alpha2.EtcdClusterType, featureGate, clusterAddr, scheme string) error {
etcdcluster := fixtures.NewEtcdCluster(name, replicas, clusterType, featureGate, clusterAddr, scheme)
_, err := etcdClusterClient.KstoneV1alpha2().EtcdClusters(fixtures.DefaultKstoneNamespace).Create(context.TODO(), etcdcluster, metav1.CreateOptions{})
return err
}
func deleteEtcdCluster(name string) error {
err := etcdClusterClient.KstoneV1alpha2().EtcdClusters(fixtures.DefaultKstoneNamespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
return err
}
func cleanAllEtcdCluster() error {
clusters, err := etcdClusterClient.KstoneV1alpha2().EtcdClusters(fixtures.DefaultKstoneNamespace).List(context.TODO(), metav1.ListOptions{})
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
for i := 0; i < len(clusters.Items); i++ {
if clusters.Items[i].Annotations["autoTest"] == "true" {
err = deleteEtcdCluster(clusters.Items[i].Name)
gomega.Expect(err).ShouldNot(gomega.HaveOccurred())
}
}
return err
}
func getEtcdPodIP() (string, error) {
var podIP string
err := wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
podIP, err = GetTmpTestEtcdClusterPodIP()
if err != nil {
return false, nil
}
return true, nil
})
return podIP, err
}
func waitClusterStatusToRunning(clusterName string) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
cluster, err := etcdClusterClient.KstoneV1alpha2().EtcdClusters(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return false, nil
}
return false, err
}
if cluster.Status.Phase == kstonev1alpha2.EtcdClusterRunning {
return true, nil
}
return false, nil
})
}
func EnsureBackupDisabled(clusterName string) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
err = DisableFeature(clusterName, kstonev1alpha2.KStoneFeatureBackup)
if err != nil {
return false, err
}
err = CheckBackupDisabled(clusterName)
if err != nil {
return false, err
}
return true, nil
})
}
func CheckBackupEnabled(clusterName string) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
_, err = dynamicCli.Resource(backup.BackupSchema).Namespace(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return false, nil
}
return false, err
}
return true, nil
})
}
func CheckBackupDisabled(clusterName string) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
_, err = dynamicCli.Resource(backup.BackupSchema).Namespace(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return true, nil
}
return false, err
}
return false, nil
})
}
func EnsureServiceMonitorDisabled(clusterName string) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
err = DisableFeature(clusterName, kstonev1alpha2.KStoneFeatureMonitor)
if err != nil {
return false, err
}
err = CheckServiceMonitorDisabled(clusterName)
if err != nil {
return false, err
}
return true, nil
})
}
func CheckServiceMonitorEnabled(clusterName string) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
_, err = promCli.ServiceMonitors(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return false, nil
}
return false, err
}
return true, nil
})
}
func CheckServiceMonitorDisabled(clusterName string) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
_, err = promCli.ServiceMonitors(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName, metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return true, nil
}
return false, err
}
return false, nil
})
}
func EnsureInspectionDisabled(clusterName string, feature kstonev1alpha2.KStoneFeature) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
err = DisableFeature(clusterName, feature)
if err != nil {
return false, err
}
err = CheckInspectionDisabled(clusterName, feature)
if err != nil {
return false, err
}
return true, nil
})
}
func CheckInspectionEnabled(clusterName string, feature kstonev1alpha2.KStoneFeature) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
_, err = etcdClusterClient.KstoneV1alpha2().EtcdInspections(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName+"-"+string(feature), metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return false, nil
}
return false, err
}
return true, nil
})
}
func CheckInspectionDisabled(clusterName string, feature kstonev1alpha2.KStoneFeature) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
_, err = etcdClusterClient.KstoneV1alpha2().EtcdInspections(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName+"-"+string(feature), metav1.GetOptions{})
if err != nil {
if apierrors.IsNotFound(err) {
return true, nil
}
return false, err
}
return false, nil
})
}
func DisableFeature(clusterName string, feature kstonev1alpha2.KStoneFeature) error {
return wait.PollImmediate(pollInterval, pollTimeout, func() (done bool, err error) {
cluster, err := etcdClusterClient.KstoneV1alpha2().EtcdClusters(fixtures.DefaultKstoneNamespace).Get(context.TODO(), clusterName, metav1.GetOptions{})
if err != nil {
return false, err
}
annotations := cluster.ObjectMeta.Annotations
annotations = UpdateAnnotationFeature(annotations, feature, false)
if annotations == nil {
return false, errors.New("can't change annotation")
}
_, err = etcdClusterClient.KstoneV1alpha2().EtcdClusters(fixtures.DefaultKstoneNamespace).Update(context.TODO(), cluster, metav1.UpdateOptions{})
if err != nil {
if apierrors.IsConflict(err) {
return false, nil
}
return false, err
}
return true, nil
})
}
func UpdateAnnotationFeature(annotations map[string]string, name kstonev1alpha2.KStoneFeature, open bool) map[string]string {
if gates, found := annotations[kstonev1alpha2.KStoneFeatureAnno]; found && gates != "" {
featurelist := strings.Split(gates, ",")
feature := string(name)
newItem := feature + "=" + strconv.FormatBool(open)
for _, item := range featurelist {
if strings.Contains(item, feature) {
annotations[kstonev1alpha2.KStoneFeatureAnno] = strings.Replace(gates, item, newItem, 1)
return annotations
}
}
}
return nil
}
func PrintTraceInfo(clusterName, podName string) {
cmd1 := "kubectl describe po " + podName + " -n " + fixtures.DefaultKstoneNamespace
cmd2 := "kubectl describe cluster " + clusterName + " -n " + fixtures.DefaultKstoneNamespace
cmd3 := "kubectl describe etcd " + clusterName + " -n " + fixtures.DefaultKstoneNamespace
cmd4 := "kubectl logs " + podName + " -n " + fixtures.DefaultKstoneNamespace
cmds := []string{cmd1, cmd2, cmd3, cmd4}
nodeName, err := os.Hostname()
if err != nil {
klog.Errorf("unable to get hostname")
} else {
cmd5 := "kubectl describe no " + nodeName
cmds = append(cmds, cmd5)
}
for _, cmd := range cmds {
cmnd, err := exec.Command("sh", "-c", cmd).Output()
if err != nil {
klog.Errorf("failed to exec command, command is %s, err is %s", cmd, err)
} else {
klog.Info(string(cmnd))
}
}
}
================================================
FILE: test/fixtures/fixtures.go
================================================
/*
* Tencent is pleased to support the open source community by making TKEStack
* available.
*
* Copyright (C) 2012-2023 Tencent. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the
* License at
*
* https://opensource.org/licenses/Apache-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package fixtures
import (
"fmt"
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
utilyaml "k8s.io/apimachinery/pkg/util/yaml"
scheme "k8s.io/client-go/kubernetes/scheme"
kstonev1alpha2 "tkestack.io/kstone/pkg/apis/kstone/v1alpha2"
testfiles2 "tkestack.io/kstone/test/testfiles"
)
const (
DefaultFeatureGate = "monitor=true,consistency=true,healthy=true,request=true,backup=true,alarm=true,backupcheck=true"
DefaultTestClusterAddr = "etcd-test-headless.default.svc.cluster.local:2379"
DefaultTestClusterStatefulsetYaml = "etcd_statefulset.yaml"
DefaultTestClusterSvcYaml = "etcd_service.yaml"
DefaultKstoneNamespace = "kstone"
DefaultImportedClusterName = "kstone-test"
DefaultImportedPodName = "etcd-test-0"
DefaultNamespace = "default"
DefaultHTTPKstoneEtcdOperatorClusterName = "kstone-etcd-operator-http-test"
DefaultHTTPKstoneEtcdOperatorPodName = "kstone-etcd-operator-http-test-etcd-0"
DefaultHTTPSKstoneEtcdOperatorClusterName = "kstone-etcd-operator-https-test"
DefaultHTTPSKstoneEtcdOperatorPodName = "kstone-etcd-operator-https-test-etcd-0"
)
func NewEtcdCluster(
name string,
replicas uint,
clusterType kstonev1alpha2.EtcdClusterType,
featureGate,
clusterAddr,
scheme string) *kstonev1alpha2.EtcdCluster {
cluster := &kstonev1alpha2.EtcdCluster{
TypeMeta: metav1.TypeMeta{APIVersion: kstonev1alpha2.SchemeGroupVersion.String()},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: DefaultKstoneNamespace,
Labels: map[string]string{},
Annotations: map[string]string{
"autoTest": "true",
"featureGates": featureGate,
"backup": `
{
"backupPolicy": {
"backupIntervalInSecond": 600,
"maxBackups": 20,
"timeoutInSecond": 10000
},
"cos": {
"cosSecret": "kstone-test",
"path": "kstone-test.cos.ap-nanjing.myqcloud.com/kstone-test"
},
"storageType": "COS"
}
`,
},
},
Spec: kstonev1alpha2.EtcdClusterSpec{
ClusterType: clusterType,
Size: replicas,
DiskSize: 1,
Version: "3.4.13",
StorageBackend: "v3",
},
}
switch clusterType {
case kstonev1alpha2.EtcdClusterImported:
cluster.ObjectMeta.Annotations["importedAddr"] = clusterAddr
cluster.ObjectMeta.Annotations["extClientURL"] = fmt.Sprintf("127.0.0.1:2379->%s", clusterAddr)
case kstonev1alpha2.EtcdClusterKstone:
cluster.ObjectMeta.Annotations["scheme"] = scheme
}
return cluster
}
func NewEtcdInspection(name string, inspectionType kstonev1alpha2.KStoneFeature) *kstonev1alpha2.EtcdInspection {
return &kstonev1alpha2.EtcdInspection{
TypeMeta: metav1.TypeMeta{APIVersion: kstonev1alpha2.SchemeGroupVersion.String()},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: metav1.NamespaceDefault,
Labels: map[string]string{},
},
Spec: kstonev1alpha2.EtcdInspectionSpec{
InspectionType: string(inspectionType),
},
}
}
// SvcFromManifest reads a .json/yaml file and returns the service in it.
func SvcFromManifest(fileName string) (*v1.Service, error) {
var svc v1.Service
data, err := testfiles2.Read(fileName)
if err != nil {
return nil, err
}
json, err := utilyaml.ToJSON(data)
if err != nil {
return nil, err
}
if err := runtime.DecodeInto(scheme.Codecs.UniversalDecoder(), json, &svc); err != nil {
return nil, err
}
return &svc, nil
}
// StatefulSetFromManifest returns a StatefulSet from a manifest stored in fileName in the Namespace indicated by ns.
func StatefulSetFromManifest(fileName, ns string) (*appsv1.StatefulSet, error) {
var ss appsv1.StatefulSet
data, err := testfiles2.Read(fileName)
if err != nil {
return nil, err
}
json, err := utilyaml.ToJSON(data)
if err != nil {
return nil, err
}
if err := runtime.DecodeInto(scheme.Codecs.UniversalDecoder(), json, &ss); err != nil {
return nil, err
}
ss.Namespace = ns
if ss.Spec.Selector == nil {
ss.Spec.Selector = &metav1.LabelSelector{
MatchLabels: ss.Spec.Template.Labels,
}
}
return &ss, nil
}
================================================
FILE: test/fixtures/manifests/etcd_service.yaml
================================================
apiVersion: v1
kind: Service
metadata:
labels:
app: etcd-test
name: etcd-test-headless
namespace: kstone
spec:
clusterIP: None
ports:
- name: client
port: 2379
protocol: TCP
targetPort: client
- name: peer
port: 2380
protocol: TCP
targetPort: peer
selector:
app: etcd-test
sessionAffinity: None
type: ClusterIP
================================================
FILE: test/fixtures/manifests/etcd_statefulset.yaml
================================================
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: etcd-test
labels:
app: etcd-test
spec:
serviceName: etcd-test
replicas: 1
selector:
matchLabels:
app: etcd-test
template:
metadata:
name: etcd-test
labels:
app: etcd-test
spec:
containers:
- name: etcd
image: bitnami/etcd:latest
imagePullPolicy: Always
ports:
- containerPort: 2380
name: peer
- containerPort: 2379
name: client
resources:
requests:
cpu: 100m
memory: 512Mi
env:
- name: ALLOW_NONE_AUTHENTICATION
value: "yes"
- name: INITIAL_CLUSTER_SIZE
value: "3"
- name: SET_NAME
value: etcd
================================================
FILE: test/fixtures/manifests/etcdcluster_imported.yaml
================================================
apiVersion: kstone.tkestack.io/v1alpha2
kind: EtcdCluster
metadata:
annotations:
certName: kstone/cls-test
extClientURL: >-
10.206.16.63:2379->10.1.2.3:12861,10.206.16.86:2379->10.1.2.3:12730,10.206.16.140:2379->10.1.2.3:12105
featureGates: monitor=true,consistency=true,healthy=true,request=true,backup=false
importedAddr: https://10.1.2.3:12846
kubernetes: 'true'
creationTimestamp: '2021-08-12T08:18:10Z'
generation: 152228
labels:
backup: 'false'
clusterType: imported
consistency: 'true'
etcdName: cls-test
healthy: 'true'
monitor: 'true'
request: 'true'
name: cls-test
namespace: kstone
resourceVersion: '31278498'
uid: 9e9ddd34-9c92-4aee-bc3d-68d1a223cd13
spec:
affinity: {}
authConfig: {}
clusterType: imported
description: cls-test
diskSize: 50
diskType: ssd
name: cls-test
size: 3
version: ''
status:
featureGatesStatus:
consistency: done
healthy: done
monitor: done
request: done
members:
- clientUrl: https://10.206.16.86:2379
endpoint: 10.206.16.86
extensionClientUrl: https://10.1.2.3:12730
memberId: '71412298143718490'
name: 10.206.16.86
port: '2379'
role: Follower
status: Running
version: 3.4.9
- clientUrl: https://10.206.16.63:2379
endpoint: 10.206.16.63
extensionClientUrl: https://10.1.2.3:12861
memberId: '8991984052334821064'
name: 10.206.16.63
port: '2379'
role: Leader
status: Running
version: 3.4.9
- clientUrl: https://10.206.16.140:2379
endpoint: 10.206.16.140
extensionClientUrl: https://10.1.2.3:12105
memberId: '17985372337265212585'
name: 10.206.16.140
port: '2379'
role: Follower
status: Running
version: 3.4.9
phase: Running
serviceName: https://10.1.2.3:12846
================================================
FILE: test/scripts/kstone.sh
================================================
#!/usr/bin/env bash
set -ex
kubectl create ns kstone
cd charts && helm install kstone . -n kstone -f values.test.yaml --set global.kstone.tag=$VERSION
echo "kstone component images:"
kubectl get deployment -n kstone -o yaml | grep image: | grep -v "f:image:"
================================================
FILE: test/scripts/minikube.sh
================================================
#!/usr/bin/env bash
# This script is copied from github.com/aeraki-framework/aeraki
# ----------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# ----------------------------------------------------------------------------
set -x
K8S_VER=${K8S_VER:-'k8s-v1.20.11'}
function waitMinikube() {
set +e
kubectl cluster-info
# This for loop waits until kubectl can access the api server that Minikube has created.
for _ in {1..24}; do # Timeout for 240 seconds.
kubectl get po --all-namespaces
if [ $? -ne 1 ]; then
break
fi
sleep 10
done
if ! kubectl get all --all-namespaces; then
echo "Kubernetes failed to start"
ps ax
netstat -an
docker images
cat /var/lib/localkube/localkube.err
printf '\n\n\n'
kubectl cluster-info dump
exit 1
fi
echo "Minikube is running"
for _ in {1..6}; do # Timeout for 60 seconds.
echo "$(sudo -E minikube ip) minikube.local" | sudo tee -a /etc/hosts
ip=$(cat /etc/hosts | grep minikube.local | cut -d' ' -f1 | xargs)
if [ -n "$ip" ]; then
break
fi
sleep 10
done
ip=$(cat /etc/hosts | grep minikube.local | cut -d' ' -f1 | xargs)
if [ -n "$ip" ]; then
echo "minikube.local is mapped to $ip"
else
exit 1
fi
}
# startMinikubeNone starts real kubernetes minikube with none driver. This requires `sudo`.
function startMinikubeNone() {
export MINIKUBE_WANTUPDATENOTIFICATION=false
export MINIKUBE_WANTREPORTERRORPROMPT=false
export MINIKUBE_HOME=$HOME
export CHANGE_MINIKUBE_NONE_USER=true
sudo -E minikube config set WantUpdateNotification false
sudo -E minikube config set WantReportErrorPrompt false
sudo -E minikube start --kubernetes-version=${K8S_VER#k8s-} --driver=none
echo $GITHUB_WORKSPACE
echo $E2E_KUBECONFIG_PATH
kubectl config view > ${GITHUB_WORKSPACE}"/"${E2E_KUBECONFIG_PATH}
cat ${GITHUB_WORKSPACE}"/"${E2E_KUBECONFIG_PATH}
}
function stopMinikube() {
sudo minikube stop
}
case "$1" in
start) startMinikubeNone ;;
stop) stopMinikube ;;
wait) waitMinikube ;;
esac
================================================
FILE: test/scripts/pre.sh
================================================
#!/usr/bin/env bash
# This file is copied from github.com/aeraki-framework/aeraki
# ----------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# ----------------------------------------------------------------------------
set -ex
HELMVERSION=${HELMVERSION:-'helm-v3.0.0'}
MINIKUBEVERESION=${MINIKUBEVERESION:-'minikube-v1.23.1'}
K8SVERSION=${K8SVERSION:-'k8s-v1.20.11'}
curl -sSL https://get.helm.sh/${HELMVERSION}-linux-amd64.tar.gz | \
sudo tar xz -C /usr/local/bin --strip-components=1 linux-amd64/helm
sudo mkdir -p /usr/local/bin
curl -sSL "https://storage.googleapis.com/minikube/releases/${MINIKUBEVERESION#minikube-}/minikube-linux-amd64" -o /tmp/minikube
chmod +x /tmp/minikube
sudo mv /tmp/minikube /usr/local/bin/minikube
curl -sSL "https://storage.googleapis.com/kubernetes-release/release/${K8SVERSION#k8s-}/bin/linux/amd64/kubectl" -o /tmp/kubectl
chmod +x /tmp/kubectl
sudo mv /tmp/kubectl /usr/local/bin/kubectl
sudo apt-get install -y socat conntrack
================================================
FILE: test/testfiles/testfiles.go
================================================
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package testfiles provides a wrapper around various optional ways
// of retrieving additional files needed during a test run:
// - builtin bindata
// - filesystem access
//
// Because it is a is self-contained package, it can be used by
// test/e2e/framework and test/e2e/manifest without creating
// a circular dependency.
package testfiles
import (
"errors"
"fmt"
"io/ioutil"
"os"
"path"
"path/filepath"
"sort"
"strings"
)
var filesources []FileSource
// AddFileSource registers another provider for files that may be
// needed at runtime. Should be called during initialization of a test
// binary.
func AddFileSource(filesource FileSource) {
filesources = append(filesources, filesource)
}
// FileSource implements one way of retrieving test file content. For
// example, one file source could read from the original source code
// file tree, another from bindata compiled into a test executable.
type FileSource interface {
// ReadTestFile retrieves the content of a file that gets maintained
// alongside a test's source code. Files are identified by the
// relative path inside the repository containing the tests, for
// example "cluster/gce/upgrade.sh" inside kubernetes/kubernetes.
//
// When the file is not found, a nil slice is returned. An error is
// returned for all fatal errors.
ReadTestFile(filePath string) ([]byte, error)
// DescribeFiles returns a multi-line description of which
// files are available via this source. It is meant to be
// used as part of the error message when a file cannot be
// found.
DescribeFiles() string
}
// ReadOrDie tries to retrieve the desired file content from
// one of the registered file sources. In contrast to FileSource, it
// will either return a valid slice or abort the test by calling the fatal function,
// i.e. the caller doesn't have to implement error checking.
func ReadOrDie(filePath string) []byte {
data, err := Read(filePath)
if err != nil {
return nil
}
return data
}
// Read tries to retrieve the desired file content from
// one of the registered file sources.
func Read(filePath string) ([]byte, error) {
if len(filesources) == 0 {
return nil, fmt.Errorf("no file sources registered (yet?), cannot retrieve test file %s", filePath)
}
for _, filesource := range filesources {
data, err := filesource.ReadTestFile(filePath)
if err != nil {
return nil, fmt.Errorf("fatal error retrieving test file %s: %s", filePath, err)
}
if data != nil {
return data, nil
}
}
// Here we try to generate an error that points test authors
// or users in the right direction for resolving the problem.
error := fmt.Sprintf("Test file %q was not found.\n", filePath)
for _, filesource := range filesources {
error += filesource.DescribeFiles()
error += "\n"
}
return nil, errors.New(error)
}
// Exists checks whether a file could be read. Unexpected errors
// are handled by calling the fail function, which then should
// abort the current test.
func Exists(filePath string) bool {
for _, filesource := range filesources {
data, err := filesource.ReadTestFile(filePath)
if err != nil {
return false
}
if data != nil {
return true
}
}
return false
}
// RootFileSource looks for files relative to a root directory.
type RootFileSource struct {
Root string
}
// ReadTestFile looks for the file relative to the configured
// root directory. If the path is already absolute, for example
// in a test that has its own method of determining where
// files are, then the path will be used directly.
func (r RootFileSource) ReadTestFile(filePath string) ([]byte, error) {
var fullPath string
if path.IsAbs(filePath) {
fullPath = filePath
} else {
fullPath = filepath.Join(r.Root, filePath)
}
data, err := ioutil.ReadFile(fullPath)
if os.IsNotExist(err) {
// Not an error (yet), some other provider may have the file.
return nil, nil
}
return data, err
}
// DescribeFiles explains that it looks for files inside a certain
// root directory.
func (r RootFileSource) DescribeFiles() string {
description := fmt.Sprintf("Test files are expected in %q", r.Root)
if !path.IsAbs(r.Root) {
// The default in test_context.go is the relative path
// ../../, which doesn't really help locating the
// actual location. Therefore we add also the absolute
// path if necessary.
abs, err := filepath.Abs(r.Root)
if err == nil {
description += fmt.Sprintf(" = %q", abs)
}
}
description += "."
return description
}
// BindataFileSource handles files stored in a package generated with bindata.
type BindataFileSource struct {
Asset func(string) ([]byte, error)
AssetNames func() []string
}
// ReadTestFile looks for an asset with the given path.
func (b BindataFileSource) ReadTestFile(filePath string) ([]byte, error) {
fileBytes, err := b.Asset(filePath)
if err != nil {
// It would be nice to have a better way to detect
// "not found" errors :-/
if strings.HasSuffix(err.Error(), "not found") {
return nil, nil
}
}
return fileBytes, nil
}
// DescribeFiles explains about gobindata and then lists all available files.
func (b BindataFileSource) DescribeFiles() string {
var lines []string
lines = append(
lines,
"The following files are built into the test executable via gobindata. "+
"For questions on maintaining gobindata, contact the sig-testing group.",
)
assets := b.AssetNames()
sort.Strings(assets)
lines = append(lines, assets...)
description := strings.Join(lines, "\n ")
return description
}
================================================
FILE: third_party/etcd-operator/.github/PULL_REQUEST_TEMPLATE.md
================================================
Please read https://github.com/coreos/etcd-operator/blob/master/CONTRIBUTING.md#contribution-flow
================================================
FILE: third_party/etcd-operator/.gitignore
================================================
# Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o
*.a
*.so
# Folders
_obj
_test
_output
.kube
.vscode
.idea
# Architecture specific extensions/prefixes
*.[568vq]
[568vq].out
*.cgo1.go
*.cgo2.c
_cgo_defun.c
_cgo_gotypes.go
_cgo_export.*
_testmain.go
*.exe
*.test
*.prof
# vendor
vendor/
================================================
FILE: third_party/etcd-operator/CHANGELOG.md
================================================
## [Unreleased]
### Added
- Added `spec.Pod.ClusterDomain` to explicitly set the cluster domain used for the etcd member URLs. [#2082](https://github.com/coreos/etcd-operator/pull/2082)
### Changed
### Removed
### Fixed
- Don't expose unready nodes via client service. [#2063](https://github.com/coreos/etcd-operator/pull/2063)
- Azure blob storage: use correct list prefix [#2071](https://github.com/coreos/etcd-operator/pull/2071)
### Deprecated
### Security
## [Release 0.9.4]
### Added
- Added `spec.BackupSource.S3.ForcePathStyle` to `EtcdBackup` to force path style s3 uploads. [#2036](https://github.com/coreos/etcd-operator/pull/2036)
- Added `spec.RestoreSource.S3.ForcePathStyle` to `EtcdRestore` to force path style s3 downloads. [#2036](https://github.com/coreos/etcd-operator/pull/2036)
### Changed
- Update Go version to 1.11.5
- Update k8s to 1.12.6
- EtcdBackup: Support periodic backups. This change added 3 new fields to EtcdBackup schema, 2 variables in spec, 1 variables in status.
- in spec.backupPolicy
- maxBackup: maximum number of backups to keep.
- backupIntervalInSecond: how often to perform backup operation.
- in status
- LastSuccessDate: last time to succeed in taking backup
### Fixed
- Fixed a bug where `same CR names` in different namespaces with cluster-wide operator were not working as expected [#2026](https://github.com/coreos/etcd-operator/pull/2026)
- Fixed a bug where cluster names could exceed 63 octets the maximum defined by [RFC 1035 section 2.3.4](https://tools.ietf.org/html/rfc1035) resulting in hanging pods [2027](https://github.com/coreos/etcd-operator/pull/2027).
## [Release 0.9.3]
### Added
- Added `spec.pod.DNSTimeoutInSecond` to `EtcdCluster` that allows setting a maximum allowed time for the init container of the etcd pod to reverse DNS lookup its IP given the hostname.
### Changed
- Update Go version to 1.11.2
- Update k8s to 1.11.4
- k8s codegen updates are longer performed via container. Go dependencies are now vendored
and updates are performed with shell script locally.
### Fixed
- Fixed leaking http connections while verifying backup snapshots. [#1976](https://github.com/coreos/etcd-operator/pull/1976)
## [Release 0.9.2]
### Added
- Added the field `spec.pod.securityContext` to `EtcdCluster` that allows setting a specific [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the etcd pods. [#1949](https://github.com/coreos/etcd-operator/pull/1949)
### Changed
- Update Go version to 1.10
- Build `gcr.io/coreos-k8s-scale-testing/etcd-operator-builder:0.4.1-2` container
with Go 1.10 and dep 0.4.1
- etcd pod containers no longer run with a non-root security context by default. This setting can be configured per cluster via the PodPolicy.
## [Release 0.9.1]
### Added
- Added optional flag `--cluster-wide` to etcd-operator to allow it to manage etcd clusters across all namespaces. [#1777](https://github.com/coreos/etcd-operator/pull/1777)
- Added support for annotation `etcd.database.coreos.com/scope: clusterwide` in `EtcdCluster` to allow it to be managed by a cluster wide operator. [#1777](https://github.com/coreos/etcd-operator/pull/1777)
- Added the field `spec.pod.busyboxImage` to the `PodPolicy` of the `EtcdCluster` to allow overriding the default busybox image used for the etcd pod's init container. [#1928](https://github.com/coreos/etcd-operator/pull/1928)
### Fixed
- Fixed a bug where the informer watch stream would timeout after 30s of not receiving an event. [#1936](https://github.com/coreos/etcd-operator/pull/1936)
## [Release 0.9.0]
Same as v0.8.4. The version is bumping to 0.9.0 due to adding a new ABS backup API into etcd-backup-operator.
## [Release 0.8.4]
### Added
- Added ABS support for backup and restore
- Added tag to initContainer to enable offline deploys
- Enabled configurable backup timeout in backup operator
### Changed
- Set 30s default request timeout for kube client
- Change check-dns init container image to busybox:1.28.0-glibc to fix nslookup failure in some environment.
### Removed
- Removed self-hosted code
## [Release 0.8.3]
### Added
- Added the option to use PersistentVolume as non-stable storage for etcd pods. This feature is still alpha and subject to change in future releases [#1861](https://github.com/coreos/etcd-operator/pull/1861)
### Changed
- Changed etcd pod member names to be unique by having a random suffix instead of a sequence number. This change is backward compatible and should not affect operator upgrade.
Previously the etcd pod names would look like:
```
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-0000 1/1 Running 0 1m
example-etcd-cluster-0001 1/1 Running 0 1m
example-etcd-cluster-0002 1/1 Running 0 1m
```
After this change:
```
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-2885zjw9he 1/1 Running 0 1m
example-etcd-cluster-gghrmbeid4 1/1 Running 0 1m
example-etcd-cluster-w5q9sn37fd 1/1 Running 0 1m
```
### Fixed
- Fixed a bug where the restore operator would fail to restore the seed member because recreating an etcd pod with the same name as a recently deleted one would conflict as the older pod and its resources, like the DNS name, might still not be deleted. [#1825](https://github.com/coreos/etcd-operator/issues/1825)
## [Release 0.8.2]
### Added
- Add support for backup and restore from custom S3 endpoint.
### Changed
- All etcd pod containers now run as non-root.
## [Release 0.8.1]
### Changed
- etcd-restore-operator will create a service for itself as the backup storage proxy. Delete the service in deployment yaml.
### Fixed
- Fix etcd-restore-operator wouldn't report error and keep looping if EtcdRestore name is different than EtcdCluster name.
## [Release 0.8.0]
**Important Changes**
Both etcd backup operator and etcd restore operator have changed their CR definition.
Please follow the latest backup/restore CR definition for future backup and restore.
### Added
- Add readiness probe to etcd pod. The readiness state will be reflected on `status.members.ready/unready`.
- TLS etcd cluster support in backup/restore-operator.
- Add spec validation in restore operator.
- Add BackupStorageType to EtcdRestore.RestoreSpec to indicate type of the backup storage which is used as RestoreSource and validation of BackupStorageType in restore operator.
- Add EtcdClusterRef to EtcdRestore.RestoreSpec to reference an EtcdCluster resource whose metadata and spec will be used to create the new restored EtcdCluster CR.
- Add create-crd flag to etcd backup operator allowing user to disable automatic backup CRD creation.
- Add create-crd flag to etcd restore operator allowing user to disable automatic restore CRD creation.
- Add EtcdVersion and EtcdRevision to EtcdBackup.BackupStatus.
- BackupStatus: Add detailed error when backup fails.
### Changed
- Rename BackupCRStatus to BackupStatus.
- EtcdBackup: BackupSpec passes in S3BackupSource.Path as the S3 path to save the backup.
- EtcdBackup: BackupSpec spec uses etcd endpoints to retrieve snapshot.
- Change default etcd version to `3.2.13`.
### Removed
- EtcdBackup: BackupSpec removed ClusterName field in favor of etcd endpoints.
- EtcdCluster: ClusterSpec removed deprecated BaseImage field.
## [Release 0.7.2]
> Note: This is a bug fix release.
When we bump the etcd version to 3.2, the images were only available on gcr.io . But now it is added on quay.io .
We'd better use quay.io and keep it compatible to work for 3.1 versions of etcd.
## [Release 0.7.1]
### Added
- TLS etcd cluster feature for EtcdBackup
- Log collector program for collecting logs in e2e test.
- ClusterSpec: In PodPolicy, add generic `Affinity` field to substitute bool `AntiAffinity` field.
- ClusterSpec: Add `Repository` field to substitute `BaseImage` field.
### Changed
- Default base image is changed to `gcr.io/etcd-development/etcd`, default etcd version is `3.2.11`.
- Migrate dependency management tooling from glide to dep.
- Containerize e2e test in a pod instead of running on raw jenkin slave.
### Removed
- ClusterSpec: Remove `PodPolicy.AutomountServiceAccountToken` field.
No etcd pod will have service account token mounted.
### Fixed
- Ignore Terminating pods when polling etcd pods.
### Deprecated
- ClusterSpec: `BaseImage` is deprecated. It will be automatically converted to `Repository` in this release.
- ClusterSpec: In PodPolicy, `AntiAffinity` is deprecated. It will be automatically converted to `Affinity.PodAntiAffinity`
terms with label selector on given cluster name and topology key on node in this release.
### Security
- All operator images by default uses user `etcd-operator` instead of root.
## [Release 0.7.0]
Existing backup and restore features in EtcdCluster API won’t be supported after 0.7.0 release.
See [Decoupling Backup and Restore Logic from Etcd Operator](https://github.com/coreos/etcd-operator/issues/1626) for more detail.
If applicable then see the [upgrade guide](./doc/user/upgrade/upgrade_guide.md) on how to upgrade from `v0.6.1` to `v0.7.0` .
### Added
- Add `ServiceName` and `ClientPort` into ClusterStatus.
- Add etcd backup operator for backing up an etcd cluster.
- Add etcd restore operator for restoring an etcd cluster.
### Removed
- Remove `pv-provisioner` flag from etcd operator.
- Remove etcd cluster Backup feature from etcd operator.
- Remove etcd cluster Restore from etcd operator.
## [Release 0.6.1]
The operator will no longer create a storage class specified by `--pv-provisioner` by default. If applicable then see the [upgrade guide](./doc/user/upgrade/upgrade_guide.md) on how to upgrade from `v0.6.0` to `v0.6.1` .
### Added
- backup binary supports serving backup defined by backupSpec. In addition, when backupSpec
is specified, backup binary changes to serve http backup requests only mode.
- Add operator flag `--create-crd`. By default it is `true` and operator will create EtcdCluster CRD.
It can be set to `false` and operator won't create EtcdCluster CRD.
- Add operator flag `--create-storage-class`. By default it is `false` and operator won't create default storage class.
It can be set to `true` and operator will create default storage class.
### Changed
- An EtcdCluster CR with an invalid spec will not be marked as failed. Any changes that result in an invalid spec will be ignored and logged by the operator.
### Fixed
- Fix the problem that operator might keep failing on version conflict updating CR status.
### Deprecated
- The operator flag `--pv-provisioner` is depercated. We recommend to use per cluster storageClass.
## [Release 0.6.0]
**BREAKING CHANGE**: operator level S3 backup is removed. See [upgrade](./doc/user/upgrade/upgrade_guide.md) on how to upgrade from 0.5.x to 0.6.0.
### Added
- Add cluster events into EtcdCluster custom resource. See `doc/user/conditions_and_events.md` .
### Changed
- Redefine status.conditions. See `doc/user/conditions_and_events.md` .
### Removed
- Remove operator level S3 flag.
- Remove analytics flag. Disable Google analytics.
## [Release 0.5.2]
### Added
- Expose `/metrics` endpoint at port 8080
- Add cluster S3 spec `prefix` feature. Let user choose a prefix under the bucket.
- Add `automountServiceAccountToken` to pod policy. Let users disable automounting of the Kubernetes access token into etcd-operator controlled pods.
- Cluster backups can now be saved using Azure Blob Storage (ABS).
### Deprecated
- Deprecate operator S3 flag. Add warning note for using it in this release. The flag will be removed in 0.6.0 release.
## [Release 0.5.1]
Upgrade notice for TLS cluster users:
If you are using TLS-enabled etcd cluster, the SAN domain has been changed. See [TLS docs](./doc/user/cluster_tls.md).
Before upgrading operator, you need to rotate certs on each secrets to allow both the old and new domains.
Then restart each etcd pod -- the simplest way is to "upgrade" cluster version.
Finally, it is safe to upgrade operator. It's highly recommended to save a backup before upgrade.
### Added
- A new `StorageClass` spec field, allowing more granular control over how etcd clusters are backed up to PVs.
### Changed
- Default timeout for snapshots done by backup sidecar increased from 5 seconds to 1 minute
### Fixed
- Fix periodFullGC only executed once problem.
- [GH-1021] Use the cluster domain provided by kubelet instead of hardcoded `.cluster.local` .
## [Release 0.5.0]
**BREAKING CHANGE**: The cluster object will now be defined via a [Custom Resource Definition(CRD)](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/) instead of a [Third Party Resource(TPR)](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-third-party-resource/). See the `Changed` section below for details.
### Changed
- With k8s 1.7 and onwards TPRs have been deprecated and are replaced with CRD. See the k8s 1.7 [blogpost](http://blog.kubernetes.io/2017/06/kubernetes-1.7-security-hardening-stateful-application-extensibility-updates.html) or [release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md#major-themes) for more details. For this release a live migration of the cluster spec from TPR to CRD is not supported. To preserve the cluster state during the upgrade you will need to create a backup of the cluster and recreate the cluster from the backup after upgrading the operator. See the [upgrade guide](https://github.com/coreos/etcd-operator/blob/master/doc/user/upgrade/upgrade_guide.md) for more detailed steps on how to do that.
- Changes in the cluster object's type metadata:
- The `apiVersion` field has been changed from `etcd.coreos.com/v1beta1` to `etcd.database.coreos.com/v1beta2`
- The `kind` field has been changed from `Cluster` to `EtcdCluster`
## [Release 0.4.2]
### Added
- [GH-1232](https://github.com/coreos/etcd-operator/pull/1232) the operator can now log critical actions like pod creation/deletion to a user specified path via the optional flag `debug-logfile-path`. The logs will only be generated if the cluster is self hosted and the flag is set. This can be used in conjunction with a persistent volume to persist the critical actions to disk for later inspection.
### Changed
- enable alpha feature "tolerate unready endpoints" on etcd client and peer service
### Fixed
- Fix append-hosts init-container not run on some restart cases.
## [Release 0.4.1]
This is a bug-fix release. We have done a lot of testing against k8s 1.7
and making it stable on 1.7 .
### Added
- New self-hosted field `SkipBootMemberRemoval` allows users to skip the
auto-deletion of the boot etcd member.
### Fixed
- Make sure etcd pod's FQDN is resolvable before running etcd commands .
## [Release 0.4.0]
**BREAKING CHANGE**: Re-naming of TLS spec and TLS secrets' fields.
TLS spec:
- member's `clientSecret` is changed to `serverSecret`
TLS secrets:
- member's `peerSecret`'s fields change:
- peer-crt.pem -> peer.crt
- peer-key.pem -> peer.key
- peer-ca-crt.pem -> peer-ca.crt
- member's `clientSecret` is changed to `serverSecret`, its fields change:
- client-crt.pem -> server.crt
- client-key.pem -> server.key
- client-ca-crt.pem -> server-ca.crt
- `operatorSecret`'s fields change:
- etcd-crt.pem -> etcd-client.crt
- etcd-key.pem -> etcd-client.key
- etcd-ca-crt.pem -> etcd-client-ca.crt
**BREAKING CHANGE**: Backup spec: `CleanupBackupsOnClusterDelete` field is renamed to `AutoDelete`.
Previous spec like this one
```yaml
spec:
backup:
storageType: "PersistentVolume"
...
cleanupBackupsOnClusterDelete: true
```
should be changed to
```yaml
spec:
backup:
storageType: "PersistentVolume"
...
autoDelete: true
```
## [Release 0.3.3]
### Added
- Adds ability for users to specify base image for etcd pods in a cluster.
Default base image is `quay.io/coreos/etcd-operator`.
### Fixed
- [GH-1138] Fixed operator stucks in managing selfhosted cluster when there are not enough nodes to start new etcd member.
- [GH-1196] Fixed etcd operator could not start S3 backup sidecar if given non-root user.
## [Release 0.3.2]
Bug fix release to fix self-hosted etcd issue [GH-1171] .
## [Release 0.3.1]
**Notes for self-hosted etcd**:
The newly introduced TLS feature for self hosted etcd is a breaking change.
Existing self hosted etcd cluster MUST be recreated for updating to this release.
### Added
- Self-hosted etcd: if `etcd-hosts.checkpoint` file exists under `${datadir}/`,
etcd pod will restore the hosts mapping from it before etcd bootstraps.
- Add static TLS support for self-hosted etcd mode.
- The operator will now post Kubernetes [events](https://kubernetes.io/docs/resources-reference/v1.6/#event-v1-core). To allow this the necessary RBAC rule for the resource `events` must be added to the clusterrole. See the [rbac guide](https://github.com/coreos/etcd-operator/blob/master/doc/user/rbac.md#create-clusterrole) to see how to set up RBAC rules for the operator. If the rbac rule for 'events' is not present then the operator will continue to function normally but will also print out an error message on the failure to post an event.
- Add revision field in backup status.
- Support getting a specific backup with version and revision from the backup service.
### Changed
- Self-hosted etcd: use FQDN for client/peer URL.
- Updated RBAC rules for resources `thirdpartyresources` and `storageclasses` to all verbs `*` . We loose granularity early so that we have more flexibility to use other methods (e.g. Get) later.
### Removed
- Update default etcd version to 3.1.8
### Fixed
- [GH-1108] selfHosted: fix backup unable to talk to etcd pods
### Deprecated
### Security
## [Release 0.3.0]
### Upgrade Notice
Check https://github.com/coreos/etcd-operator/blob/master/doc/user/upgrade/upgrade_guide.md#v02x-to-v03x
### Added
- Added support for backup policy to be dynamically added, updated
- Added per cluster policy support for S3.
### Changed
- Backup sidecar deployment created with `Recreate` strategy.
- Spec.Backup.MaxBackups meaning change: 0 means unlimited backups; < 0 will be rejected.
### Removed
### Fixed
- [GH-1068] Backup sidecar deployment stuck at upgrading
### Deprecated
### Security
## [Release 0.2.6]
### Upgrade Notice
- Once operator is upgraded, all backup-enabled cluster will go through an upgrade process that
deletes backup sidecar's ReplicaSet and creates new Deployment for sidecar.
If upgrading failed for any reason, cluster TPR's `status.phase` will be FAILED.
Recreate of the cluster TPR is needed on failure case.
### Added
- PodPolicy provides `EtcdEnv` option to add custom env to the etcd process.
- PodPolicy provides `Labels` option to add custom labels to the etcd pod.
- TLS feature: user can now create TLS-secured cluster via operator.
See [TLS guide](https://github.com/coreos/etcd-operator/blob/master/doc/user/cluster_tls.md).
### Changed
- Self-hosted etcd pod's anti-affinity label selector is changed to select `{"app": "etcd"}`.
That is, no two etcd pods should sit on the same node, even if they belongs to different clusters.
- Using Deployment to manage backup sidecar instead of ReplicaSet.
- S3 backup path is changed to `${BUCKET_NAME}/v1/${NAMESPACE}/${CLUSTER_NAME}/`.
### Removed
### Fixed
- Fixed an issue where liveness probes failed when authentication was enabled. [#1957](https://github.com/coreos/etcd-operator/issues/1957)
### Deprecated
### Security
## [Release 0.2.5]
### Added
- Add "none" PV provisioner option. If operator flag "pv-provisioner" is set to "none",
operator won’t create any storage class and users couldn’t make use of operator’s PV backup feature.
- Add headless service `${clusterName}` which selects etcd pods of given cluster.
- Pod Tolerations.
### Changed
- TLSSpec json tag changed as `omitempty`
- Time related fields in spec, i.e. TransitionTime and CreationTime, is changed to type `string`.
This should be backward compatible and no effect on operator upgrade.
- Update default etcd version to 3.1.4
- Self-hosted etcd pod is started with "--metrics extensive" flag.
This is only available in etcd 3.1+.
- Change client LB service name to `${clusterName}-client`.
- Add hostname and subdomain to etcd pods, which makes them have A records formatted in `${memberName}.${clusterName}.${namespace}.svc.cluster.local` .
For more info, see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ .
We also change PeerURL of etcd members to use such hostnames.
### Removed
- Individual etcd member's services were removed. Use hostname and subdomain of etcd pod instead.
### Fixed
- [GH-910] Operator keeps updating status even if there is no change.
### Deprecated
### Security
## [Release 0.2.4]
### Added
### Changed
### Removed
### Fixed
- [GH-900] Fix looping of reconcile skip due to unready members
### Deprecated
### Security
## [Release 0.2.3]
### Added
### Changed
### Removed
### Fixed
- [GH-890] Fix a race that when majority of members went down cluster couldn't recover
- Fix self-hosted cluster reboot case
### Deprecated
### Security
## [Release 0.2.2]
### Added
- Backup creation time is added in backup status.
- Total size of backups time is added in backup service status.
- Cluster members that are ready and unready to serve requests are tracked via the ClusterStatus fields `Members.Ready` and `Members.Unready`
### Changed
- PodPolicy `resourceRequirements` field is renamed to `resources`
- Default etcd version is changed to `3.1.2`
- Self-hosted etcd pod uses hostPath with path `/var/etcd/$ns-$member`
### Removed
### Fixed
- [GH-851] Fixed a race that caused nil pointer access panic
- [GH-823] Fixed backup service status not shown in TPR status
### Deprecated
### Security
## [Release 0.2.1]
### Added
- Experimental client for interacting with backup service
- The operator panics itself when it gets stuck unexpectedly. It relies on Kubernetes to
get restarted.
- Add resource requirements field in `Spec.Pod` . Users can specify resource requirements for the
etcd container with this new field.
- Add status endpoint to backup sidecar service.
- Service account of the etcd operator pod is passed to backup pod.
- Add backup service status into cluster status.
### Changed
- Example deployments pin to the released version of the operator image
- Downward API of pod's namespace and name is required to start etcd operator pod.
See `example/deployment.yaml` .
### Removed
- Drop etcd operator command line flags: "masterHost", "cert-file", "key-file", "ca-file".
### Fixed
### Deprecated
### Security
================================================
FILE: third_party/etcd-operator/CONTRIBUTING.md
================================================
# How to Contribute
CoreOS projects are [Apache 2.0 licensed](LICENSE) and accept contributions via
GitHub pull requests. This document outlines some of the conventions on
development workflow, commit message formatting, contact points and other
resources to make it easier to get your contribution accepted.
# Certificate of Origin
By contributing to this project you agree to the Developer Certificate of
Origin (DCO). This document was created by the Linux Kernel community and is a
simple statement that you, as a contributor, have the legal right to make the
contribution. See the [DCO](DCO) file for details.
# Email and Chat
The project currently uses the general CoreOS email list and IRC channel:
- Email: [coreos-dev](https://groups.google.com/forum/#!forum/coreos-dev)
- IRC: #[coreos](irc://irc.freenode.org:6667/#coreos) IRC channel on freenode.org
Please avoid emailing maintainers found in the MAINTAINERS file directly. They
are very busy and read the mailing lists.
## Getting Started
- Fork the repository on GitHub
- Read the [README](README.md) for build and test instructions
- Play with the project, submit bugs, submit patches!
## Contribution Flow
This is a rough outline of what a contributor's workflow looks like:
- Create a topic branch from where you want to base your work (usually master).
- Make commits of logical units.
- Make sure your commit messages are in the proper format (see below).
- Push your changes to a topic branch in your fork of the repository.
- Make sure the tests pass, and add any new tests as appropriate.
- Submit a pull request to the original repository.
Thanks for your contributions!
### Coding Style
CoreOS projects written in Go follow a set of style guidelines that we've documented
[here](https://github.com/coreos/docs/tree/master/golang). Please follow them when
working on your contributions.
### Format of the Commit Message
We follow a rough convention for commit messages that is designed to answer two
questions: what changed and why. The subject line should feature the what and
the body of the commit should describe the why.
```
scripts: add the test-cluster command
this uses tmux to setup a test cluster that you can easily kill and
start for debugging.
Fixes #38
```
The format can be described more formally as follows:
```
:
```
The first line is the subject and should be no longer than 70 characters, the
second line is always blank, and other lines should be wrapped at 80 characters.
This allows the message to be easier to read on GitHub as well as in various
git tools.
================================================
FILE: third_party/etcd-operator/DCO
================================================
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
660 York Street, Suite 102,
San Francisco, CA 94110 USA
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
================================================
FILE: third_party/etcd-operator/Dockerfile
================================================
FROM golang:1.12 as builder
MAINTAINER simotang "simotang@tencent.com"
ENV TZ=Asia/Shanghai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
Add . /go/src/github.com/kstone/etcd-operator
WORKDIR /go/src/github.com/coreos/etcd-operator
RUN make
FROM alpine:3.6
COPY --from=builder /usr/share/zoneinfo/ /usr/share/zoneinfo/
ENV TZ=Asia/Shanghai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN apk add --no-cache ca-certificates
COPY --from=builder /go/src/github.com/coreos/etcd-operator/_output/bin/ /usr/local/bin/
RUN adduser -D etcd-operator
USER etcd-operator
================================================
FILE: third_party/etcd-operator/Gopkg.toml
================================================
# Force dep to vendor the code generators, which aren't imported just used at dev time.
required = [
"k8s.io/code-generator/cmd/defaulter-gen",
"k8s.io/code-generator/cmd/deepcopy-gen",
"k8s.io/code-generator/cmd/conversion-gen",
"k8s.io/code-generator/cmd/client-gen",
"k8s.io/code-generator/cmd/lister-gen",
"k8s.io/code-generator/cmd/informer-gen",
"k8s.io/code-generator/cmd/openapi-gen",
"k8s.io/gengo/args",
]
[[override]]
name = "k8s.io/code-generator"
version = "kubernetes-1.12.6"
[[override]]
name = "k8s.io/api"
version = "kubernetes-1.12.6"
[[override]]
name = "k8s.io/apiextensions-apiserver"
version = "kubernetes-1.12.6"
[[override]]
name = "k8s.io/apimachinery"
version = "kubernetes-1.12.6"
[[override]]
name = "k8s.io/client-go"
version = "kubernetes-1.12.6"
[[constraint]]
name = "github.com/coreos/etcd"
version = "=3.2.13"
[[override]]
name = "google.golang.org/grpc"
version = "=1.14.0"
[[constraint]]
name = "github.com/aws/aws-sdk-go"
version = "=1.13.8"
[[constraint]]
name = "github.com/pborman/uuid"
version = "=1.1"
[[constraint]]
name = "github.com/pkg/errors"
version = "=0.8.0"
[[constraint]]
name = "github.com/prometheus/client_golang"
version = "=0.8.0"
[[constraint]]
name = "github.com/sirupsen/logrus"
version = "=1.0.4"
[[constraint]]
name = "github.com/Azure/azure-sdk-for-go"
version = "=11.3.0-beta"
[[constraint]]
name = "cloud.google.com/go"
version = "0.19.0"
[prune]
go-tests = true
non-go = true
[[prune.project]]
name = "k8s.io/code-generator"
non-go = false
[[constraint]]
name = "github.com/aliyun/aliyun-oss-go-sdk"
version = "=1.9.4"
[[constraint]]
name = "github.com/tencentyun/cos-go-sdk-v5"
version = "=0.7.31"
================================================
FILE: third_party/etcd-operator/LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: third_party/etcd-operator/MAINTAINERS
================================================
Hongchao Deng (@hongchaodeng)
Xiang Li (@xiang90)
Haseeb Tariq (@hasbro17)
Fanmin Shi (@fanminshi)
Jingtao Ren (@rjtsdl): Azure ABS backup and restore
================================================
FILE: third_party/etcd-operator/Makefile
================================================
DEFAULT_GOAL := build-all
build-all:
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
./hack/update_vendor.sh
./hack/build/operator/build
./hack/build/backup-operator/build
./hack/build/restore-operator/build
dev:
@docker build --network=host -t ccr.ccs.tencentyun.com/ccs-dev/etcd-operator:dev .
@docker push ccr.ccs.tencentyun.com/ccs-dev/etcd-operator:dev
================================================
FILE: third_party/etcd-operator/NOTICE
================================================
CoreOS Project
Copyright 2015 CoreOS, Inc
This product includes software developed at CoreOS, Inc.
(http://www.coreos.com/).
================================================
FILE: third_party/etcd-operator/README.md
================================================
# etcd operator
unit/integration:
[](https://jenkins-etcd-public.prod.coreos.systems/job/etcd-operator-unit-master/lastBuild/)
e2e (Kubernetes stable):
[](https://jenkins-etcd-public.prod.coreos.systems/job/etcd-operator-master/)
e2e (upgrade):
[](https://jenkins-etcd.prod.coreos.systems/job/etcd-operator-upgrade/)
### Project status: beta
Major planned features have been completed, and while no breaking API changes are currently planned, we reserve the right to address bugs and API changes in a backwards incompatible way before the project is declared stable. See [upgrade guide](./doc/user/upgrade/upgrade_guide.md) for a safe upgrade process.
Currently user facing etcd cluster objects are created as [Kubernetes Custom Resources](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/), however, taking advantage of [User Aggregated API Servers](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/aggregated-api-servers.md) to improve reliability, validation and versioning is planned. The use of Aggregated API should be minimally disruptive to existing users but may change what Kubernetes objects are created or how users deploy the etcd operator.
We expect to consider the etcd operator stable soon; backwards incompatible changes will not be made once the project reaches stability.
### Overview
The etcd operator manages etcd clusters deployed to [Kubernetes][k8s-home] and automates tasks related to operating an etcd cluster.
- [Create and Destroy](#create-and-destroy-an-etcd-cluster)
- [Resize](#resize-an-etcd-cluster)
- [Failover](#failover)
- [Rolling upgrade](#upgrade-an-etcd-cluster)
- [Backup and Restore](#backup-and-restore-an-etcd-cluster)
There are [more spec examples](./doc/user/spec_examples.md) on setting up clusters with different configurations
Read [Best Practices](./doc/best_practices.md) for more information on how to better use etcd operator.
Read [RBAC docs](./doc/user/rbac.md) for how to setup RBAC rules for etcd operator if RBAC is in place.
Read [Developer Guide](./doc/dev/developer_guide.md) for setting up a development environment if you want to contribute.
See the [Resources and Labels](./doc/user/resource_labels.md) doc for an overview of the resources created by the etcd-operator.
## Requirements
- Kubernetes 1.8+
- etcd 3.2.13+
## Demo
## Getting started
### Deploy etcd operator
See [instructions on how to install/uninstall etcd operator](doc/user/install_guide.md) .
### Create and destroy an etcd cluster
```bash
$ kubectl create -f example/example-etcd-cluster.yaml
```
A 3 member etcd cluster will be created.
```bash
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-gxkmr9ql7z 1/1 Running 0 1m
example-etcd-cluster-m6g62x6mwc 1/1 Running 0 1m
example-etcd-cluster-rqk62l46kw 1/1 Running 0 1m
```
See [client service](doc/user/client_service.md) for how to access etcd clusters created by the operator.
If you are working with [minikube locally](https://github.com/kubernetes/minikube#minikube), create a nodePort service and test that etcd is responding:
```bash
$ kubectl create -f example/example-etcd-cluster-nodeport-service.json
$ export ETCDCTL_API=3
$ export ETCDCTL_ENDPOINTS=$(minikube service example-etcd-cluster-client-service --url)
$ etcdctl put foo bar
```
Destroy the etcd cluster:
```bash
$ kubectl delete -f example/example-etcd-cluster.yaml
```
### Resize an etcd cluster
Create an etcd cluster:
```
$ kubectl apply -f example/example-etcd-cluster.yaml
```
In `example/example-etcd-cluster.yaml` the initial cluster size is 3.
Modify the file and change `size` from 3 to 5.
```
$ cat example/example-etcd-cluster.yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "example-etcd-cluster"
spec:
size: 5
version: "3.2.13"
```
Apply the size change to the cluster CR:
```
$ kubectl apply -f example/example-etcd-cluster.yaml
```
The etcd cluster will scale to 5 members (5 pods):
```
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-cl2gpqsmsw 1/1 Running 0 5m
example-etcd-cluster-cx2t6v8w78 1/1 Running 0 5m
example-etcd-cluster-gxkmr9ql7z 1/1 Running 0 7m
example-etcd-cluster-m6g62x6mwc 1/1 Running 0 7m
example-etcd-cluster-rqk62l46kw 1/1 Running 0 7m
```
Similarly we can decrease the size of the cluster from 5 back to 3 by changing the size field again and reapplying the change.
```
$ cat example/example-etcd-cluster.yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "example-etcd-cluster"
spec:
size: 3
version: "3.2.13"
```
```
$ kubectl apply -f example/example-etcd-cluster.yaml
```
We should see that etcd cluster will eventually reduce to 3 pods:
```
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-cl2gpqsmsw 1/1 Running 0 6m
example-etcd-cluster-gxkmr9ql7z 1/1 Running 0 8m
example-etcd-cluster-rqk62l46kw 1/1 Running 0 9mp
```
### Failover
If the minority of etcd members crash, the etcd operator will automatically recover the failure.
Let's walk through this in the following steps.
Create an etcd cluster:
```
$ kubectl create -f example/example-etcd-cluster.yaml
```
Wait until all three members are up. Simulate a member failure by deleting a pod:
```bash
$ kubectl delete pod example-etcd-cluster-cl2gpqsmsw --now
```
The etcd operator will recover the failure by creating a new pod `example-etcd-cluster-n4h66wtjrg`:
```bash
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-gxkmr9ql7z 1/1 Running 0 10m
example-etcd-cluster-n4h66wtjrg 1/1 Running 0 26s
example-etcd-cluster-rqk62l46kw 1/1 Running 0 10m
```
Destroy etcd cluster:
```bash
$ kubectl delete -f example/example-etcd-cluster.yaml
```
### etcd operator recovery
Let's walk through operator recovery in the following steps.
Create an etcd cluster:
```
$ kubectl create -f example/example-etcd-cluster.yaml
```
Wait until all three members are up. Then stop the etcd operator and delete one of the etcd pods:
```bash
$ kubectl delete -f example/deployment.yaml
deployment "etcd-operator" deleted
$ kubectl delete pod example-etcd-cluster-8gttjl679c --now
pod "example-etcd-cluster-8gttjl679c" deleted
```
Next restart the etcd operator. It should recover itself and the etcd clusters it manages.
```bash
$ kubectl create -f example/deployment.yaml
deployment "etcd-operator" created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-m8gk76l4ns 1/1 Running 0 3m
example-etcd-cluster-q6mff85hml 1/1 Running 0 3m
example-etcd-cluster-xnfvm7lg66 1/1 Running 0 11s
```
### Upgrade an etcd cluster
Create and have the following yaml file ready:
```
$ cat upgrade-example.yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "example-etcd-cluster"
spec:
size: 3
version: "3.1.10"
repository: "quay.io/coreos/etcd"
```
Create an etcd cluster with the version specified (3.1.10) in the yaml file:
```
$ kubectl apply -f upgrade-example.yaml
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-795649v9kq 1/1 Running 1 3m
example-etcd-cluster-jtp447ggnq 1/1 Running 1 4m
example-etcd-cluster-psw7sf2hhr 1/1 Running 1 4m
```
The container image version should be 3.1.10:
```
$ kubectl get pod example-etcd-cluster-795649v9kq -o yaml | grep "image:" | uniq
image: quay.io/coreos/etcd:v3.1.10
```
Now modify the file `upgrade-example` and change the `version` from 3.1.10 to 3.2.13:
```
$ cat upgrade-example
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "example-etcd-cluster"
spec:
size: 3
version: "3.2.13"
```
Apply the version change to the cluster CR:
```
$ kubectl apply -f upgrade-example
```
Wait ~30 seconds. The container image version should be updated to v3.2.13:
```
$ kubectl get pod example-etcd-cluster-795649v9kq -o yaml | grep "image:" | uniq
image: gcr.io/etcd-development/etcd:v3.2.13
```
Check the other two pods and you should see the same result.
### Backup and Restore an etcd cluster
> Note: The provided etcd backup/restore operators are example implementations.
Follow the [etcd backup operator walkthrough](./doc/user/walkthrough/backup-operator.md) to backup an etcd cluster.
Follow the [etcd restore operator walkthrough](./doc/user/walkthrough/restore-operator.md) to restore an etcd cluster on Kubernetes from backup.
### Manage etcd clusters in all namespaces
See [instructions on clusterwide feature](doc/user/clusterwide.md).
[k8s-home]: http://kubernetes.io
================================================
FILE: third_party/etcd-operator/ROADMAP.md
================================================
# Roadmap
This document defines a high level roadmap for the etcd cluster operator development.
The dates below should not be considered authoritative, but rather indicative of the projected timeline of the project.
### 2017 Q1
#### Features
- Backup and recovery
- Recover an etcd cluster from a PV backup -> finished
- Backup an etcd cluster to S3 -> finished
- Recover an etcd cluster from a S3 backup -> finished
- Operationality
- Pause/Resume the control for an etcd cluster -> finished
- Metrics and logging
- More structured logging
- Add prefix for different clusters -> finished
- Use infof, warningf, errorf consistently -> finished
- Expose operator metrics
- How many clusters it manages
- How many actions it does
- Expose the running status of the etcd cluster
- cluster size, version
- Expose errors
- bad version, bad cluster size, dead cluster
- Security
- Server side TLS support
#### Stability/Reliability
- Verify user inputs
- desired version
- cluster size (do not stupidly increase cluster size to an unreasonable number)
- More soak testing
- 60%+ unit tests coverage
================================================
FILE: third_party/etcd-operator/cmd/backup-operator/doc.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// backup-operator is an example implementation of backing up an etcd cluster to S3.
// user must not depend backup-operator for production usage and should
// follow the design principle of backup-operator to create his/her own backup
// mechanism.
package main
================================================
FILE: third_party/etcd-operator/cmd/backup-operator/main.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"context"
"flag"
"net/http"
_ "net/http/pprof"
"os"
"runtime"
"time"
controller "github.com/coreos/etcd-operator/pkg/controller/backup-operator"
"github.com/coreos/etcd-operator/pkg/util/constants"
"github.com/coreos/etcd-operator/pkg/util/etcdutil"
"github.com/coreos/etcd-operator/pkg/util/k8sutil"
version "github.com/coreos/etcd-operator/version"
"github.com/sirupsen/logrus"
v1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/scheme"
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
"k8s.io/client-go/tools/record"
)
var (
createCRD bool
)
// etcd client tls configuration
var (
etcdClientCertFile = flag.String("etcd-client-cert-file", etcdutil.DefaultCliCertFile, `The name of etcd client cert file`)
etcdClientKeyFile = flag.String("etcd-client-key-file", etcdutil.DefaultCliKeyFile, `The name of etcd client key file`)
etcdClientCaFile = flag.String("etcd-client-ca-file", etcdutil.DefaultCliCAFile, `The name of etcd client trusted CA File`)
)
func init() {
flag.BoolVar(&createCRD, "create-crd", true, "The backup operator will not create the EtcdBackup CRD when this flag is set to false.")
flag.Parse()
}
func main() {
etcdutil.InitEtcdTLSConfig(*etcdClientCertFile,*etcdClientKeyFile,*etcdClientCaFile)
namespace := os.Getenv(constants.EnvOperatorPodNamespace)
if len(namespace) == 0 {
logrus.Fatalf("must set env %s", constants.EnvOperatorPodNamespace)
}
name := os.Getenv(constants.EnvOperatorPodName)
if len(name) == 0 {
logrus.Fatalf("must set env %s", constants.EnvOperatorPodName)
}
id, err := os.Hostname()
if err != nil {
logrus.Fatalf("failed to get hostname: %v", err)
}
logrus.Infof("Go Version: %s", runtime.Version())
logrus.Infof("Go OS/Arch: %s/%s", runtime.GOOS, runtime.GOARCH)
logrus.Infof("etcd-backup-operator Version: %v", version.Version)
logrus.Infof("Git SHA: %s", version.GitSHA)
if len(os.Getenv(constants.EnvOperatorWatchNamespace)) > 0 {
logrus.Infof("operator watch namespace: %s", os.Getenv(constants.EnvOperatorWatchNamespace))
} else {
logrus.Infof("operator watch namespace: all")
}
go func() {
logrus.Info(http.ListenAndServe(":6060", nil))
}()
kubecli := k8sutil.MustNewKubeClient()
rl, err := resourcelock.New(
resourcelock.EndpointsResourceLock,
namespace,
"etcd-backup-operator",
kubecli.Core(),
resourcelock.ResourceLockConfig{
Identity: id,
EventRecorder: createRecorder(kubecli, name, namespace),
},
)
if err != nil {
logrus.Fatalf("error creating lock: %v", err)
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
leaderelection.RunOrDie(ctx, leaderelection.LeaderElectionConfig{
Lock: rl,
LeaseDuration: 15 * time.Second,
RenewDeadline: 10 * time.Second,
RetryPeriod: 2 * time.Second,
Callbacks: leaderelection.LeaderCallbacks{
OnStartedLeading: run,
OnStoppedLeading: func() {
logrus.Fatalf("leader election lost")
},
},
})
}
func createRecorder(kubecli kubernetes.Interface, name, namespace string) record.EventRecorder {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(logrus.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubecli.Core().RESTClient()).Events(namespace)})
return eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: name})
}
func run(ctx context.Context) {
ctx, cancel := context.WithCancel(ctx)
defer cancel()
c := controller.New(createCRD)
err := c.Start(ctx)
if err != nil {
logrus.Fatalf("operator stopped with error: %v", err)
}
}
================================================
FILE: third_party/etcd-operator/cmd/operator/main.go
================================================
// Copyright 2016 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"context"
"flag"
"fmt"
"net/http"
"os"
"runtime"
"time"
"github.com/coreos/etcd-operator/pkg/chaos"
"github.com/coreos/etcd-operator/pkg/client"
"github.com/coreos/etcd-operator/pkg/controller"
"github.com/coreos/etcd-operator/pkg/util/constants"
"github.com/coreos/etcd-operator/pkg/util/k8sutil"
"github.com/coreos/etcd-operator/pkg/util/probe"
"github.com/coreos/etcd-operator/pkg/util/retryutil"
"github.com/coreos/etcd-operator/version"
"github.com/prometheus/client_golang/prometheus"
"github.com/sirupsen/logrus"
"golang.org/x/time/rate"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/scheme"
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
"k8s.io/client-go/tools/record"
)
var (
namespace string
name string
listenAddr string
gcInterval time.Duration
chaosLevel int
printVersion bool
createCRD bool
clusterWide bool
)
func init() {
flag.StringVar(&listenAddr, "listen-addr", "0.0.0.0:8080", "The address on which the HTTP server will listen to")
// chaos level will be removed once we have a formal tool to inject failures.
flag.IntVar(&chaosLevel, "chaos-level", -1, "DO NOT USE IN PRODUCTION - level of chaos injected into the etcd clusters created by the operator.")
flag.BoolVar(&printVersion, "version", false, "Show version and quit")
flag.BoolVar(&createCRD, "create-crd", true, "The operator will not create the EtcdCluster CRD when this flag is set to false.")
flag.DurationVar(&gcInterval, "gc-interval", 10*time.Minute, "GC interval")
flag.BoolVar(&clusterWide, "cluster-wide", false, "Enable operator to watch clusters in all namespaces")
flag.Parse()
}
func main() {
namespace = os.Getenv(constants.EnvOperatorPodNamespace)
if len(namespace) == 0 {
logrus.Fatalf("must set env (%s)", constants.EnvOperatorPodNamespace)
}
name = os.Getenv(constants.EnvOperatorPodName)
if len(name) == 0 {
logrus.Fatalf("must set env (%s)", constants.EnvOperatorPodName)
}
if printVersion {
fmt.Println("etcd-operator Version:", version.Version)
fmt.Println("Git SHA:", version.GitSHA)
fmt.Println("Go Version:", runtime.Version())
fmt.Printf("Go OS/Arch: %s/%s\n", runtime.GOOS, runtime.GOARCH)
os.Exit(0)
}
logrus.Infof("etcd-operator Version: %v", version.Version)
logrus.Infof("Git SHA: %s", version.GitSHA)
logrus.Infof("Go Version: %s", runtime.Version())
logrus.Infof("Go OS/Arch: %s/%s", runtime.GOOS, runtime.GOARCH)
id, err := os.Hostname()
if err != nil {
logrus.Fatalf("failed to get hostname: %v", err)
}
kubecli := k8sutil.MustNewKubeClient()
http.HandleFunc(probe.HTTPReadyzEndpoint, probe.ReadyzHandler)
http.Handle("/metrics", prometheus.Handler())
go http.ListenAndServe(listenAddr, nil)
rl, err := resourcelock.New(resourcelock.EndpointsResourceLock,
namespace,
"etcd-operator",
kubecli.CoreV1(),
resourcelock.ResourceLockConfig{
Identity: id,
EventRecorder: createRecorder(kubecli, name, namespace),
})
if err != nil {
logrus.Fatalf("error creating lock: %v", err)
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
leaderelection.RunOrDie(ctx, leaderelection.LeaderElectionConfig{
Lock: rl,
LeaseDuration: 15 * time.Second,
RenewDeadline: 10 * time.Second,
RetryPeriod: 2 * time.Second,
Callbacks: leaderelection.LeaderCallbacks{
OnStartedLeading: run,
OnStoppedLeading: func() {
logrus.Fatalf("leader election lost")
},
},
})
panic("unreachable")
}
func run(ctx context.Context) {
ctx, cancel := context.WithCancel(ctx)
defer cancel()
cfg := newControllerConfig()
startChaos(context.Background(), cfg.KubeCli, cfg.Namespace, chaosLevel)
c := controller.New(cfg)
err := c.Start()
logrus.Fatalf("controller Start() failed: %v", err)
}
func newControllerConfig() controller.Config {
kubecli := k8sutil.MustNewKubeClient()
serviceAccount, err := getMyPodServiceAccount(kubecli)
if err != nil {
logrus.Fatalf("fail to get my pod's service account: %v", err)
}
cfg := controller.Config{
Namespace: namespace,
ClusterWide: clusterWide,
ServiceAccount: serviceAccount,
KubeCli: kubecli,
KubeExtCli: k8sutil.MustNewKubeExtClient(),
EtcdCRCli: client.MustNewInCluster(),
CreateCRD: createCRD,
}
return cfg
}
func getMyPodServiceAccount(kubecli kubernetes.Interface) (string, error) {
var sa string
err := retryutil.Retry(5*time.Second, 100, func() (bool, error) {
pod, err := kubecli.CoreV1().Pods(namespace).Get(name, metav1.GetOptions{})
if err != nil {
logrus.Errorf("fail to get operator pod (%s): %v", name, err)
return false, nil
}
sa = pod.Spec.ServiceAccountName
return true, nil
})
return sa, err
}
func startChaos(ctx context.Context, kubecli kubernetes.Interface, ns string, chaosLevel int) {
m := chaos.NewMonkeys(kubecli)
ls := labels.SelectorFromSet(map[string]string{"app": "etcd"})
switch chaosLevel {
case 1:
logrus.Info("chaos level = 1: randomly kill one etcd pod every 30 seconds at 50%")
c := &chaos.CrashConfig{
Namespace: ns,
Selector: ls,
KillRate: rate.Every(30 * time.Second),
KillProbability: 0.5,
KillMax: 1,
}
go func() {
time.Sleep(60 * time.Second) // don't start until quorum up
m.CrushPods(ctx, c)
}()
case 2:
logrus.Info("chaos level = 2: randomly kill at most five etcd pods every 30 seconds at 50%")
c := &chaos.CrashConfig{
Namespace: ns,
Selector: ls,
KillRate: rate.Every(30 * time.Second),
KillProbability: 0.5,
KillMax: 5,
}
go m.CrushPods(ctx, c)
default:
}
}
func createRecorder(kubecli kubernetes.Interface, name, namespace string) record.EventRecorder {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(logrus.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubecli.Core().RESTClient()).Events(namespace)})
return eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: name})
}
================================================
FILE: third_party/etcd-operator/cmd/restore-operator/doc.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// restore-operator is an example implementation of restoring etcd cluster from S3.
// user must not depend restore-operator for production usage and should
// follow the design principle of restore-operator to create their own restore
// mechanism.
package main
================================================
FILE: third_party/etcd-operator/cmd/restore-operator/main.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"context"
"flag"
"fmt"
"os"
"runtime"
"time"
controller "github.com/coreos/etcd-operator/pkg/controller/restore-operator"
"github.com/coreos/etcd-operator/pkg/util/constants"
"github.com/coreos/etcd-operator/pkg/util/k8sutil"
version "github.com/coreos/etcd-operator/version"
"github.com/sirupsen/logrus"
v1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/scheme"
v1core "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/leaderelection"
"k8s.io/client-go/tools/leaderelection/resourcelock"
"k8s.io/client-go/tools/record"
)
var (
namespace string
createCRD bool
)
const (
serviceNameForMyself = "etcd-restore-operator"
servicePortForMyself = 19999
)
func init() {
flag.BoolVar(&createCRD, "create-crd", true, "The restore operator will not create the EtcdRestore CRD when this flag is set to false.")
flag.Parse()
}
func main() {
namespace = os.Getenv(constants.EnvOperatorPodNamespace)
if len(namespace) == 0 {
logrus.Fatalf("must set env %s", constants.EnvOperatorPodNamespace)
}
name := os.Getenv(constants.EnvOperatorPodName)
if len(name) == 0 {
logrus.Fatalf("must set env %s", constants.EnvOperatorPodName)
}
id, err := os.Hostname()
if err != nil {
logrus.Fatalf("failed to get hostname: %v", err)
}
logrus.Infof("Go Version: %s", runtime.Version())
logrus.Infof("Go OS/Arch: %s/%s", runtime.GOOS, runtime.GOARCH)
logrus.Infof("etcd-restore-operator Version: %v", version.Version)
logrus.Infof("Git SHA: %s", version.GitSHA)
kubecli := k8sutil.MustNewKubeClient()
err = createServiceForMyself(kubecli, name, namespace)
if err != nil {
logrus.Fatalf("create service failed: %+v", err)
}
rl, err := resourcelock.New(
resourcelock.EndpointsResourceLock,
namespace,
"etcd-restore-operator",
kubecli.Core(),
resourcelock.ResourceLockConfig{
Identity: id,
EventRecorder: createRecorder(kubecli, name, namespace),
},
)
if err != nil {
logrus.Fatalf("error creating lock: %v", err)
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
leaderelection.RunOrDie(ctx, leaderelection.LeaderElectionConfig{
Lock: rl,
LeaseDuration: 15 * time.Second,
RenewDeadline: 10 * time.Second,
RetryPeriod: 2 * time.Second,
Callbacks: leaderelection.LeaderCallbacks{
OnStartedLeading: run,
OnStoppedLeading: func() {
logrus.Fatalf("leader election lost")
},
},
})
}
func createRecorder(kubecli kubernetes.Interface, name, namespace string) record.EventRecorder {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(logrus.Infof)
eventBroadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: v1core.New(kubecli.Core().RESTClient()).Events(namespace)})
return eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: name})
}
func run(ctx context.Context) {
ctx, cancel := context.WithCancel(ctx)
defer cancel()
c := controller.New(createCRD, namespace, fmt.Sprintf("%s:%d", serviceNameForMyself, servicePortForMyself))
err := c.Start(ctx)
if err != nil {
logrus.Fatalf("etcd restore operator stopped with error: %v", err)
}
}
================================================
FILE: third_party/etcd-operator/cmd/restore-operator/service.go
================================================
// Copyright 2018 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"github.com/coreos/etcd-operator/pkg/util/k8sutil"
"github.com/pkg/errors"
"k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/client-go/kubernetes"
)
// createServiceForMyself gets restore-operator pod labels, strip away "pod-template-hash",
// and then use it as selector to create a service for current restore-operator.
func createServiceForMyself(kubecli kubernetes.Interface, name, namespace string) error {
pod, err := kubecli.CoreV1().Pods(namespace).Get(name, metav1.GetOptions{})
if err != nil {
return errors.WithStack(err)
}
// strip away replicaset-specific label added by deployment.
delete(pod.Labels, "pod-template-hash")
svc := &v1.Service{
ObjectMeta: metav1.ObjectMeta{
Name: serviceNameForMyself,
Namespace: namespace,
Labels: pod.Labels,
},
Spec: v1.ServiceSpec{
Ports: []v1.ServicePort{{
Port: int32(servicePortForMyself),
TargetPort: intstr.FromInt(servicePortForMyself),
Protocol: v1.ProtocolTCP,
}},
Selector: pod.Labels,
},
}
_, err = kubecli.CoreV1().Services(namespace).Create(svc)
if err != nil && !k8sutil.IsKubernetesResourceAlreadyExistError(err) {
return errors.WithStack(err)
}
return nil
}
================================================
FILE: third_party/etcd-operator/code-of-conduct.md
================================================
## CoreOS Community Code of Conduct
### Contributor Code of Conduct
As contributors and maintainers of this project, and in the interest of
fostering an open and welcoming community, we pledge to respect all people who
contribute through reporting issues, posting feature requests, updating
documentation, submitting pull requests or patches, and other activities.
We are committed to making participation in this project a harassment-free
experience for everyone, regardless of level of experience, gender, gender
identity and expression, sexual orientation, disability, personal appearance,
body size, race, ethnicity, age, religion, or nationality.
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery
* Personal attacks
* Trolling or insulting/derogatory comments
* Public or private harassment
* Publishing others' private information, such as physical or electronic addresses, without explicit permission
* Other unethical or unprofessional conduct.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct. By adopting this Code of Conduct,
project maintainers commit themselves to fairly and consistently applying these
principles to every aspect of managing this project. Project maintainers who do
not follow or enforce the Code of Conduct may be permanently removed from the
project team.
This code of conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting a project maintainer, Brandon Philips
, and/or Rithu John .
This Code of Conduct is adapted from the Contributor Covenant
(http://contributor-covenant.org), version 1.2.0, available at
http://contributor-covenant.org/version/1/2/0/
### CoreOS Events Code of Conduct
CoreOS events are working conferences intended for professional networking and
collaboration in the CoreOS community. Attendees are expected to behave
according to professional standards and in accordance with their employer’s
policies on appropriate workplace behavior.
While at CoreOS events or related social networking opportunities, attendees
should not engage in discriminatory or offensive speech or actions including
but not limited to gender, sexuality, race, age, disability, or religion.
Speakers should be especially aware of these concerns.
CoreOS does not condone any statements by speakers contrary to these standards.
CoreOS reserves the right to deny entrance and/or eject from an event (without
refund) any individual found to be engaging in discriminatory or offensive
speech or actions.
Please bring any concerns to the immediate attention of designated on-site
staff, Brandon Philips , and/or Rithu John .
================================================
FILE: third_party/etcd-operator/codecov.yaml
================================================
# Pull Request comment report
comment: off
================================================
FILE: third_party/etcd-operator/doc/alpha-features.md
================================================
# Alpha Features
Tracking document for alpha features of Kubernetes that etcd operator makes use of.
We track these alpha features as their behavior may change or be deprecated between Kubernetes versions.
Therefore clusters that use these features need to keep track of any potential changes in upstream releases.
See the upstream [api versioning documentation](https://github.com/kubernetes/community/blob/master/contributors/devel/api_changes.md#alpha-beta-and-stable-versions) for more information.
### TolerateUnreadyEndpointsAnnotation
Used by the etcd client and peer service object.
This alpha annotation will retain the endpoints even if the etcd pod isn't ready.
This feature is always enabled in endpoint controller in k8s even it is alpha.
References:
- https://github.com/coreos/etcd-operator/issues/622
- https://github.com/coreos/etcd-operator/issues/1257
================================================
FILE: third_party/etcd-operator/doc/best_practices.md
================================================
# Best practices
## Large-scale deployment
To run etcd cluster at large-scale, it is important to assign etcd pods to nodes with desired resources, such as SSD, high performance network.
### Assign to nodes with desired resources
Kubernetes nodes can be attached with labels. Users can [assign pods to nodes with given labels](http://kubernetes.io/docs/user-guide/node-selection/). Similarly for the etcd-operator, users can specify `Node Selector` in the pod policy to select nodes for etcd pods. For example, users can label a set of nodes with SSD with label `"disk"="SSD"`. To assign etcd pods to these node, users can specify `"disk"="SSD"` node selector in the cluster spec.
### Assign to dedicated node
Even with container isolation, not all resources are isolated. Thus, performance interference can still affect etcd clusters' performance unexpectedly. We recommend dedicating nodes for each etcd pod to achieve predictable performance.
Kubernetes node can be [tainted](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/scheduling/taint-toleration-dedicated.md) with keys. Together with node selector feature, users can create nodes that are dedicated for only running etcd clusters. This is the **suggested way** to run high performance large scale etcd clusters.
Use kubectl to taint the node with kubectl taint nodes etcd dedicated. Then only etcd pods, which tolerate this taint will be assigned to the nodes.
================================================
FILE: third_party/etcd-operator/doc/design/abs_backup.md
================================================
# Backups using Azure Blob Service (ABS)
## Cluster configured with ABS backup
To create a cluster with backups to ABS, set `backup.storageType` to `"ABS"`, supply the name of the ABS container to `abs.absContainer` and provide the Kubernetes secret storing the Azure Storage account credentials to `abs.absSecret`. The latter two resources must exist prior to cluster creation.
An example cluster manifest would look like:
```bash
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "etcd-cluster-with-abs-backup"
spec:
...
backup:
...
storageType: "ABS"
abs:
absContainer: "myabscontainer"
absSecret: "abs-credentials"
```
### In Detail:
- `"absSecret"` represents the name of the Kubernetes secret object that stores the environment variables needed for ABS storage account authorization, namely, the storage account name and the storage account key.
The Kubernetes secret manifest looks like:
```
apiVersion: v1
kind: Secret
metadata:
name: abs-credentials
type: Opaque
stringData:
storage-account:
storage-key:
```
To create the secret object from the manifest above:
```bash
$ kubectl create -f secret-abs-credentials.yaml
```
- `"absContainer"` represents the name of the ABS container in which the operator will store backups.
The backups of each cluster are saved in individual directories under the given container.
As a reminder, to create a container via Azure's `az` command line, one may do the following:
```bash
$ az storage container create -n etcd-backups
```
The full directory/file format looks like: `*container_name//cluster_name/`, where `` includes version (`v1`) and the Kubernetes namespace the cluster lies in (`etcd-ns`) and `` represents the backup filename.
For example, given container "etcd-backups" and cluster "etcd-a", we should see the backup files after running the following command:
```bash
$ az storage blob list -c etcd-backups
Name Blob Type Length Content Type Last Modified
-------------------------------------------------- ----------- -------- ------------------------ -------------------------
v1/etcd-ns/etcd-a/3.1.8_0000000000000326_etcd.backup BlockBlob 647200 application/octet-stream 2017-06-29T20:19:32+00:00
...
```
Alternatively, one many login into the Azure Portal to view these backups.
================================================
FILE: third_party/etcd-operator/doc/design/backup_operator.md
================================================
# etcd Backup Operator Design Document
## Problem
Currently, etcd-operator supports various backup strategies such as PV, S3, and Azure Blob Store. However, those strategies are embedded into the etcd operator code itself. Support for new backup strategy are required to be pushed into etcd-operator codebase. As more backup strategies are added, the etcd-operator code base would be hard to maintain. In Addition, users may want to implement their backup strategy without confining to the current etcd-operator’s backup spec and may not want to dependent on etcd-operator codebase for backup.
## Solution
To give user the flexibility of handling etcd backup his/her own way and to decouple backup logic out of etcd operator, a standalone etcd-backup operator can be used to manage the backup.
## A Proposed Architecture
In order to control backup of etcd clusters, a standalone etcd backup operator can be used to listen for a customized backup CRD:
First, User creates a backup CRD that etcd backup operator will be watching on:
```yaml
apiVersion: apiextentions.k8s.io/v1beta2
kind: CustomResourceDefiniton
metadata:
name: etcdbackups.etcd.database.coreos.com
spec:
group: etcd.database.coreos.com
version: v1beta2
Scope: Namespaced
names:
kind: EtcdBackup
plural: etcdbackups
```
Then, start the etcd-backup-operator where it does the following:
* checks if CRD exists.
* watches for new backup CR.
* manages backup according to `EtcdBackupSpec`.
* reports backup status.
`EtcdBackupSpec` definition:
```go
type EtcdBackupSpec struct {
// clusterName is the etcd cluster name that needs backup.
ClusterName string `json:"clusterName,omitempty"`
// StorageType is the type of backup storage.
StorageType string `json:"storageType"`
// StorageSource details storage sources.
StorageSource `json:",inline"`
// Any additional backup configs.
}
type StorageSource struct {
// S3 contains resources that operator needs to store backup on S3.
S3 *S3Source
}
type S3Source struct {
// The name of the AWS S3 bucket to store backups in.
// S3Bucket overwrites the default etcd operator wide bucket.
S3Bucket string `json:"s3Bucket,omitempty"`
// Prefix is the S3 prefix used to prefix the bucket path.
// It's the prefix at the beginning.
// After that, it will have version and cluster specific paths.
Prefix string `json:"prefix,omitempty"`
// The name of the secret object that stores the AWS credential and config files.
// The file name of the credential MUST be 'credentials'.
// The file name of the config MUST be 'config'.
// The profile to use in both files will be 'default'.
//
// AWSSecret overwrites the default etcd operator wide AWS credential and config.
AWSSecret string `json:"awsSecret,omitempty"`
}
```
================================================
FILE: third_party/etcd-operator/doc/design/cluster_creation.md
================================================
# Cluster creation
The create a cluster when it receives an `added` event.
To initialize a cluster, we first need to create a seed etcd member. Then we can rely on resize to increase the cluster size to the desired number of members.
1. receive added event
2. create a member with setting --initial-cluster-state to new with a random cluster token
3. END.
## Failure recovery
If operator fails before creating the first member, we will end up with a cluster with no running pods.
Recovery can be challenging if this happens. It is impossible for us to differentiate a dead cluster from a uninitialized cluster.
We choose the simplest solution here. We always consider a cluster with no running pods a failed cluster. The operator will
try to recover it from existing backups. If there is no backup, we mark the cluster dead.
================================================
FILE: third_party/etcd-operator/doc/design/cluster_lifecycle.md
================================================
# etcd cluster lifecycle in etcd operator
Let's talk about the lifecycle of etcd cluster "A".
- Initially, "A" doesn't exist. Operator considers this cluster has 0 members.
Any cluster with 0 members would be considered as non-existed.
- At some point of time, a user creates an object for "A".
Operator would receive "ADDED" event and create this cluster.
For the entire lifecycle, an etcd cluster could be created only once.
- Then user might update 0 or more times on the spec of "A".
Operator would receive "MODIFIED" events and reconcile actual state gradually to desired state of given spec.
- Finally, a user deletes the object of "A". Operator will delete and recycle all resources of "A".
For the entire lifecycle, an etcd cluster could be deleted only once.
================================================
FILE: third_party/etcd-operator/doc/design/cluster_restore.md
================================================
# Restore Cluster From Existing Backup
We want to restore an etcd cluster from existing backup that operator has saved before.
We add a field in ClusterSpec:
```Go
type ClusterSpec struct {
...
// RestorePolicy defines the policy to restore cluster form existing backup if not nil.
RestorePolicy *RestorePolicy
}
type RestorePolicy struct {
// BackupClusterName is the cluster name of the backup to recover from.
BackupClusterName string
// StorageType specifies the type of storage device to store backup files.
// If it's not set by user, the default is "PersistentVolume".
StorageType BackupStorageType
}
```
For example, let's say, a user has a cluster "etcd-A" running. For some reason, it stops working.
At the end, the cluster is killed by user or dead by itself. Fortunately, the cluster was run with
valid BackupPolicy and saved with backup. Now, user can restore the cluster by adding "restorePolicy"
to previous yaml file:
```yaml
apiVersion: "etcd.coreos.com/v1beta1"
kind: "Cluster"
metadata:
name: "etcd-A"
spec:
...
restorePolicy:
backupClusterName: "etcd-A"
storageType: "PersistentVolume"
```
It is not necessary to restore the exact same cluster as before.
User can restore a new cluster "etcd-B" from "etcd-A", with different size, backup policy, etc.
================================================
FILE: third_party/etcd-operator/doc/design/cluster_status.md
================================================
## Cluster status reporting
An etcd cluster permanently fails when all its members are dead and no backup is available. A user might update etcd cluster TPR with invalid input or format. The operator needs to notify users about these bad events.
A common way to do this in the Kubernetes world is through status field, like pod.status. The etcd operator will write out cluster status similar to pod status.
```go
type EtcdCluster struct {
unversioned.TypeMeta `json:",inline"`
api.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterSpec `json:"spec"`
Status ClusterStatus `json:"status"`
}
Type ClusterStatus struct {
Paused bool `json:"paused"`
...
}
```
The etcd operator keeps the truth of the cluster status, and update the TPR item after each cluster reconciliation atomically. Note that users can:
- modify TPR item concurrently with the operator.
- update TPR and overwrite the status filed with empty or bad input
The operator MUST handle these two cases gracefully. Thus, the operator MUST NOT overwrite the user input on spec field. The operator CANNOT trust the existing status filed in TPR.
To not overwrite the user input, the etcd operator will set resource version, and do a compare and swap on resource version to update the status. If the compare and swap fails, the operator knows that the user updated the spec concurrently, and it will retry later after get the new spec.
To not be affected by the potential empty or broken status accidentally written by the user, the etcd operator will never read the status from TPR. It always keeps the source of truth in memory.
In summary, the TPR:
- receive spec update (or initialize spec) with a resource version
- collect cluster status during reconciliation
- atomically update cluster status with known resource version after reconciliation if there is a status change
- retry if resource version does not match
================================================
FILE: third_party/etcd-operator/doc/design/cluster_tls.md
================================================
# etcd cluster TLS
## Abstract
The primary goals etcd-operator cluster TLS:
* Encrypt etcd client/peer communication
* Cryptographically attestable identities for following components:
* etcd operator
* etcd cluster TPR objects
* backup sidecar pods
* etcd pods
* Cryptographically enforced cluster isolation (backup pod from cluster A CANNOT possibly talk to etcd pod in cluster B)
## Intra-Cluster PKI overview
Here is the overview for etcd-operator TLS flow, which should set us up well for integrating with pre-existing external PKI.
### Trust delegation diagram:
```
-----------------
| external PKI | (something that can sign the operator's CSRs)
-----------------
| |
| | /|\ CERT
| | | |
| | | |
| | CSR \|/
| |
| |
| |
| |---> [ operator client-interface CA ]
| |
| | --------------> [ etcd-cluster-A client-interface CLIENT CERT ]
| | |
| | DIRECT | SIGN
| | |
| |--------> [ etcd-cluster-A client-interface CERTIFICATE AUTHORITY ]
| | |
| D | | etcd-cluster-A-0000
| I | |-------------> [ client-interface SERVER CERT ]
| R | /|\ CERT |
| E | | | | etcd-cluster-A-0001
| C | CSR \|/ |-------------> [ client-interface SERVER CERT ]
| T | |
| | | etcd-cluster-A-0002
| S | |-------------> [ client-interface SERVER CERT ]
| I | |
| G | | cluster-A-backup-sidecar
| N | |-------------> [ client-interface CLIENT CERT ]
| | |
| | |
| | |
| | --------------> [ etcd-cluster-B client-interface CLIENT CERT ]
| | |
| | DIRECT | SIGN
| | |
| | |--------> [ etcd-cluster-B client-interface CERTIFICATE AUTHORITY ]
/|\ | CERT | |
| | | | | etcd-cluster-B-0000
| | | |------> ...
CSR | \|/ |
| | ...
|
|
|------> [ operator peer-interface CA ]
|
|
|--------> [ etcd-cluster-A peer interface CERTIFICATE AUTHORITY ]
| |
D | | etcd-cluster-A-0000
I | |-------------> [ peer-interface SERVER CERT ]
R | /|\ CERT |
E | | | | etcd-cluster-A-0001
C | CSR \|/ |-------------> [ peer-interface SERVER CERT ]
T | |
| | etcd-cluster-A-0002
S | |-------------> [ peer-interface SERVER CERT ]
I |
G |
N |
|--------> [ etcd-cluster-B peer interface CERTIFICATE AUTHORITY ]
| |
| | etcd-cluster-B-0000
| |------> ...
|
| ...
```
### Certificate signing procedure
1. etcd-operator pod startup:
* generate `operator CA` private key
* generate `operator CA` certificate (peer and client) (select one of following)
* generate self-signed cert (default for now, useful for development mode)
* generate CSR, wait for external entity to sign it and return cert via Kubernetes API (production mode, allows integration with arbitrary external PKI systems)
2. etcd cluster creation (in operator pod):
* generate private key
* generate `operator CA` as a subordinate CA of `cluster CA` using parameter from cluster spec
3. etcd node pod startup (in the etcd pod, prior to etcd application starting):
* generate private key
* generate a CSR for `CN=etcd-cluster-xxxx`, submit for signing via annotation (peer and client)
4. etcd node enrollment (in operator pod) (peer and client)
* observe new CSR annotation on `pod/etcd-cluster-xxxx`
* sign CSR with the `cluster CA` for `pod/etcd-cluster-xxxx`
* --> return certificate via annotation to `pod/etcd-cluster-xxxx`
5. etcd node startup (in etcd pod)
* observe new signed certificate in annotation on `pod/etcd-cluster-xxxx` (peer and client)
* bring up etcd application with private key, peer cert, client cert, and `cluster CA` certificate
### Signing Mechanisms
#### Direct Sign (intra-component)
```
[ signer ]
|
|
DIRECT | SIGN
|
|
-----> [ signee ]
```
In the case that the _signer_ and _signee_ are within the same component, we have the _signer's_ private key material immediately available to produce a signed certificate for the _signee_. No need for CSR exchange.
#### CSR/Cert exchange (inter-component)
```
[ signer ]
|
/|\ CERT |
| | |
| | |
CSR \|/ |
-----> [ signee ]
```
This is a symbol for a _signee_ submitting a CSR to a _signer_, and receiving back a signed certificate back.
In the case of etcd-operator, this will be coordinated via the Kubernetes API server.
-----
Here are the steps:
1. _signer_ schedules _signee_ pod to the Kubernetes cluster
2. _signer_ sets up a watch on _signee_
3. _singee_ sets up a watch on _signer_
4. _signee_ generates a private key and then a CSR, containing desired metadata
5. _signee_ annotates itself with `kubeEtcdCSR=`
6. _singer_ sees `kubeEtcdCSR` annotation, verifies metadata, and generates a signed certificate from the incoming CSR
7. _signer_ annotates _signee_ pod with `kubeEtcdCert=operator peer CA operator client CA | CERTIFICATE AUTHORITY |
| operator | clusterA peer CA | etcd-xxxx | etcd-xxxx-peer-interface | SERVER CERTIFICATE |
| operator | clusterA client CA | etcd-xxxx | etcd-xxxx, client-interface | SERVER CERTIFICATE |
| operator | clusterA client CA | clusterA-backup-sidecar | clusterA-backup-sidecar, client CA | CLIENT CERTIFICATE |
## Things to note:
* **Private Keys Stay Put:** If a private key is needed, is its generated on and never leaves the component that uses it. The business of shuffling around private key material across networks is a dangerous business.
Most importantly, the external PKI component must be allowed to sign the operator's CSR _without_ divulging it's CA private key to the cluster.
* **Separate peer and client cert chains:** The motivation is to provide the ability to isolate the etcd peer (data) plane from the etcd client (control) plane.
The client interface CA will be expected to sign CSRs for any new entity that wants to "talk to" the cluster- this includes entirely external components like backup operators, load-balancers, etc.
The peer interface CA, on the other hand, will sign CSRs only for new entities that want to join the cluster.
* **CSR attestation:** As of now, there has been discussion (but no planning done) towards providing a discrete mechanism for a _signer_ to verify that an incoming CSR is actually from the claimed _signee_ before producing a certificate.
It's unclear what the role or scope of such a mechanism should be, in light of the fact that the CSR metadata is already tied to a Kubernetes object.
In theory, Kubernetes-provided isolation mechanisms alone should allow a _signer_ to:
* create a _signee_ pod
* observe an `kubeEtcdCSR` annotation on that _signee_ pod
* be guaranteed that the _signee_ pod itself annotated that CSR.
================================================
FILE: third_party/etcd-operator/doc/design/cluster_upgrade.md
================================================
# Cluster upgrade
## etcd upgrade story
- A user “kubectl apply” a new version in EtcdCluster object
- etcd operator detects the version and
- if the targeted version is allowed, does rolling upgrade
- otherwise, rejects it in admission control; We will write an admission plug-in to verify EtcdCluster object.
## Diagram
## Rolling upgrade
- We have an annotation key for the version of etcd cluster
- During upgrade, we will list pods of this cluster, and differentiate them by two versions. Then do
- if num(old) + num(new) == total, try to update "old" pod to new version.
- otherwise, falls to normal reconcile path.
## Support notes
- Upgrade path: We only support one minor version upgrade, e.g. 3.0 -> 3.1, no 3.0 -> 3.2. Only support 3.0+
- Rollback: We relies on etcd operator to do periodic backup.
For alpha release, we will provide features to do manual rollback.
In the future, we might consider support automatic rollback.
## etcd upgrade policy
- etcd supports rolling upgrade from one minor release version to its next minor release version. For example, we can directly upgrade etcd 3.0.7 to 3.1.0.
- etcd supports rolling upgrade within one minor release. For example, we can upgrade etcd 3.0.1 to 3.0.7.
- etcd supports minor version upgrade unconcerned with patch version, e.g. from 3.0.1 to 3.1.0. Nonetheless it's recommended to upgrade from 3.0.1 to 3.0.n (n is latest) and then from 3.0.n to 3.1.0.
================================================
FILE: third_party/etcd-operator/doc/design/disaster_recovery.md
================================================
# Disaster Recovery
## Overview
If a cluster has less than majority of members alive, operator considers it disastrous failure. There might be other disastrous failures. Operator will do disaster recovery on such cases and try to recover entire cluster from snapshot.
We have a backup pod to save checkpoints of the cluster.
If disastrous failure happened but no checkpoint is found, operator would consider the cluster dead.
## Technical details
We have a backup pod as sidecar:
- We use Kubernetes replication set to manage the backup pod to achieve highly availability.
- It periodically pull snapshots from the etcd cluster.
- It persists the pulled snapshot into attached stable storage like Persistent Volume or cloud storage like GCS/S3.
- It serves latest snapshot to etcd members for disaster recovery.
## Disaster recovery process
Recovery process of entire cluster:
- If there is any running members, we first save snapshot of the member with the highest storage revision.
Then we kill all running members.
- Restart the cluster as a one member cluster. The seed member will do recovery process described below.
- Then the reconciliation will start to bring the etcd cluster back to the desired number of members.
Recovery process of an etcd emember:
- pull the latest snapshot from its backup pod, and use etcdctl recovery to prepare initial state.
- start etcd process.
Note that this could happen not only in disaster recovery, but also in partial recovery.
## Architecture diagram
================================================
FILE: third_party/etcd-operator/doc/design/dynamic_tls.md
================================================
# Dynamic TLS Certs
Authors: Eric Chiang(eric.chiang@coreos.com), Hongchao Deng(hongchao.deng@coreos.com)
## Background
Motivations:
- Simplify TLS cert generation for etcd cluster.
- Self-hosted etcd wants to depend on Node IP, not hostnames.
Requirements:
- Dynamically generate certs per etcd pod
- Able to use host IP in self hosted.
## Proposed solution
### Design
> For initial design, we focus on self-hosted etcd use case, although the same methodology applies to app etcd.
[Kubernetes certificates API][k8s_csr] provides the ability to send and approve CSR.
Each etcd pod will request certs via CSR API based on its hostname/IP.
There is a [ongoing effort][auto_tls] on upstream to develop an auto-approver for self-hosted k8s components.
We can make use of that instead of creating our own.
Workflow:
- etcd operator creates an etcd pod.
A service account that has access to CSR API should be assigned to each etcd pod.
- etcd pod first runs an init container to send a CSR and wait for approval.
- An external process should verify the CSR and approve it if correct.
- Once approved, etcd pod gets the certs and bootstraps.
Pros:
- Hooks into existing k8s.
- Delegates CA signing cert management. Not touching the signing certs and keys directly.
Cons:
- Share the same CA signing cert + key as k8s.
- Requires etcd to be trusted by k8s cluster CA (probably only appropriate for self-hosted etcd).
- Requires additional approver setup.
### API Changes
Add DynamicTLS into existing TLSPolicy:
```Go
type TLSPolicy struct {
// DynamicTLS sets how to generate TLS certs dynamically.
Dynamic *DynamicTLS
}
type DynamicTLS struct {
// EtcdPodServiceAccount is the service account used by each etcd pod to send CSR to APIServer.
EtcdPodServiceAccount string
}
```
### Implementation and testing plan
We will first implement self-hosted case, and then normal app case.
Because we will have self-hosted user scenario.
For self-hosted case, we will implement dynamic peer TLS first.
Then dependence on hostnames should be gone and kubeadm can be unblocked in prototyping.
Implementation plan:
1. Change self-hosted etcd to use pod IP for server and peer URL.
2. Implement dynamic peer TLS for self-hosted etcd.
We will still use static TLS for client, server certs initially.
TODO: We focus on self-hosted use case initially. We will add more on normal app case later.
Testing plan:
- Once step 2 is finished, add a test for self-hosted case.
## Alternatives
### Option 2: CA signing cert + key, etcd operator generates certs
etcd operator generates certs for a new member and puts them into a secret.
Then etcd operator creates an etcd pod mounted with the secret.
Workflow:
- CA signing cert + key are provided by user in a secret.
- Before creating etcd pod, etcd operator generates etcd server + peer certs, stores the certs in a secret.
When creating etcd pod, the TLS secret is mounted as a volume.
Pros:
- Each etcd cluster has its own CA.
Cons:
- Hard for self-hosted etcd because the etcd-operator doesn't schedule pods directly onto nodes,
so it doesn't know what serving address to sign ahead of time.
This might be good for application etcd which uses hostnames known for each member.
## Appendix
- [Support using Kubernetes CA for certificates](https://github.com/coreos/etcd-operator/issues/1465)
- [Allow members to advertise using IPs ](https://github.com/coreos/etcd-operator/issues/1617)
- [etcd: Require a specific cert CN from peer client certificate](https://github.com/coreos/etcd/issues/8262)
- [bootkube: auto-approval for kubelet](https://github.com/kubernetes-incubator/bootkube/pull/663)
[k8s_csr]:https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/#requesting-a-certificate
[auto_tls]:https://docs.google.com/document/d/1POXVGyEoySvSnx_OftQ2CIWM0HCk27j2VZSOR4XVCDg/edit#heading=h.e742mn9kyevr
================================================
FILE: third_party/etcd-operator/doc/design/gcs_backup.md
================================================
# Backups using Google Cloud Storage (GCS)
## Cluster configured with GCS backup
To create a cluster with backups to GCS, set `backup.storageType` to `"GCS"`, supply the path (in the format "/") in `gcs.path` and provide the Kubernetes secret storing the Google Cloud Platform account credentials to `gcs.gcpSecret`. The bucket and secret must exist prior to backup creation.
An example cluster manifest would look like:
```bash
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdCluster
metadata:
name: etcd-cluster-with-gcs-backup
spec:
...
backup:
...
storageType: GCS
gcs:
path: my-etcd-backups-bucket/my-etcd-backup-object
gcpSecret: gcp-credentials
```
### In Detail:
- `"gcpSecret"` represents the name of the Kubernetes secret object that stores the credentials needed for GCP authorization, namely an authorization token or JSON credentials.
The Kubernetes secret manifest looks like either:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gcp-credentials
type: Opaque
stringData:
access-token:
```
Or:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gcp-credentials
type: Opaque
stringData:
credentials.json:
```
Example of the latter:
```bash
# create account
BACKUP_ACCOUNT='backup-creator'
BACKUP_ACCOUNT_EMAIL="${BACKUP_ACCOUNT}@$(gcloud config get-value project).iam.gserviceaccount.com"
gcloud iam service-accounts create "$BACKUP_ACCOUNT" --display-name='Backup creator service account'
# set permissions
BACKUP_BUCKET='my-etcd-backups-bucket'
gsutil mb "$BACKUP_BUCKET"
gsutil iam ch "serviceAccount:${BACKUP_ACCOUNT_EMAIL}:objectCreator" "$BACKUP_BUCKET"
# create secret
kubectl create secret generic gcp-credentials \
--from-literal="credentials.json=$(gcloud iam service-accounts keys create - --iam-account="$BACKUP_ACCOUNT_EMAIL")"
```
================================================
FILE: third_party/etcd-operator/doc/design/operator_recovery.md
================================================
# Operator recovery
- Create TPR
- If the creation succeed, then the operator is a new one and does not require recovery. END.
- Find all existing clusters
- loop over the third part resource items to get all created clusters
- Reconstruct clusters
- for each cluster, find running pods that belong to it by label selection
- recover the membership by issuing member list call
- recover nextID by finding the etcd member with the largest ID in its name
================================================
FILE: third_party/etcd-operator/doc/design/oss_backup.md
================================================
# Backups using Alibaba Cloud Object Storage Service (OSS)
## Cluster configured with OSS backup
To create a backup in OSS, set `backup.storageType` to `"OSS"`, supply the path (in the format `/`) in `oss.path` and provide the Kubernetes secret storing the Alibaba Cloud account credentials to `oss.ossSecret`. The secret must exist prior to backup creation. Etcd backup operator will create the bucket and object if not found. The field `oss.endpoint` is the target OSS service endpoint where the data is backed up. By default, `http://oss-cn-hangzhou.aliyuncs.com` will be used. If you want to back up the data to other regions, please specify another endpoint from [the list of region endpoints](https://www.alibabacloud.com/help/doc-detail/31837.htm).
An example backup manifest would look like:
```yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
metadata:
name: etcd-cluster-with-oss-backup
namespace: my-namespace
spec:
backupPolicy:
...
etcdEndpoints:
- "http://example-etcd-cluster-client:2379"
storageType: OSS
oss:
endpoint: http://oss-cn-hangzhou.aliyuncs.com
ossSecret: my-oss-credentials
path: my-etcd-backups-bucket/etcd.backup
```
### In Detail:
- `"ossSecret"` represents the name of the Kubernetes secret object that stores the credentials needed for Alibaba Cloud authorization, namely an authorization token.
The Kubernetes secret manifest must have the following format:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: my-oss-credentials
type: Opaque
data:
accessKeyID:
accessKeySecret:
```
================================================
FILE: third_party/etcd-operator/doc/design/persistent_volumes_etcd_data.md
================================================
# Use Persistent Volumes for etcd data
## Proposal and Motivation
Today etcd-operator creates ephemeral etcd members: in their pods the etcd data is stored inside a volume of type emptyDir and the pod restart policy is set to `Never`.
This has the following failure cases.
### Failure cases
Assume a N members etcd cluster with all members healthy
#### Case A
##### Event
One of these events happens:
* one etcd member process exits (processes crashes, killed etc...)
* a k8s node executing one etcd member pod reboots and comes back before node controller pod eviction triggers
##### Effect
The pod will go in failed state, the etcd cluster remains quorate. Etcd-operator will remove the member from the etcd cluster and add a new member to the cluster and creates a new pod with a new name.
#### Case B
##### Event
* a k8s node executing one etcd member pod becomes partitioned (network partitioning, goes down, etc...) and cannot talk to the api server, after some time the node controller will evict its pods.
##### Effect
The pod will go in an unknown/failed state, the etcd cluster remains quorate. Etcd-operator will remove the member from the etcd cluster and add a new member to the cluster and creates a new pod with a new name.
#### Case C
##### Event
One of these events happens:
* a majority of etcd processes exits (processes crashes, killed etc...)
* k8s nodes scheduling a majority of etcd members pods reboots and come back before node controller pod eviction triggers
##### Effect
The pods will go in failed state, the etcd cluster becomes unquorate. Etcd-operator can only restore the cluster from a backup.
#### Case D
##### Event
* k8s nodes executing a majority of etcd members pods becomes partitioned (network partitioning, goes down, etc...) and cannot talk to the api server, after some time the node controller will evict their pods.
##### Effect
The pods will go in an unknown/failed state and eventually be removed from the API server, the etcd cluster becomes unquorate. Etcd-operator can only restore the cluster from a backup.
### Current failure handling
Currently etcd operator handles cases A and B but when a cluster becomes unquorate (cases C and D) the current option is to restore the cluster from a backup.
User may desire consistency over availability and prefer to wait for the cluster the return in a quorate state instead of restoring from a backup (that will contain old data).
This proposal aims to fix cases C and D permitting to the cluster the return in a quorate state without the need to restore from a backup.
## Proposed Changes
The design to be effective is split in two parts.
### Part 1
These changes will put the basis for initial persistent volume management
This first part won't fix case C and D.
- Add to the cluster spec PodPolicy an option to enable putting etcd data inside a Persistent Volume
- If podPolicy has persistent volumes enabled, when creating a new member also create a Persistent Volume Claim and use it as the volume source for etcd-data
- Handle etcd data persistent volume claims cleanup:
- set PVC ownerRef to EtcdCluster object, which enables GC to clean up if cluster is deleted.
- PVC lifecycle is bound to etcd member's lifecycle. PVC is added/removed when etcd member is added/removed (in the implementation we could choose to remove PVC only if there's not pod referencing them to avoid strange behaviors)
#### Pod name to Persistent Volume Claim name mapping
The pod and related PVC are mapped 1 to 1 so their names be easily generated and deducted. I.E. if the pod is called `etcd-0000` its related PVC name will be `etcd-0000-pvc`
### Part 2
Using persistent volumes to store etcd data will add additional failure cases:
- volume failure (failing to bind PV to pod).
- corrupted data (filesystem ok but missing/corrupted files) that will cause etcd to exit. Previously an etcd member with corrupted data will be deleted and a new member added, using a persistent volume we have to avoid reusing the same corrupted data volume.
This parts will fix cases C and D and the above corrupted data case.
It's a change to the reconcile logic to handle deleted pods from the k8s API server that had a persistent volume. To handle corrupted data failures, the reconcile logic change defined below will be used only if the cluster is unquorate. Instead, if the cluster is quorate, the current logic of deleting the member and adding a new member will be used.
- If the cluster is unquorate and a pod of an etcd cluster member is deleted from the API server and it had a persistent volume claim associated, instead of removing the etcd member from the etcd cluster and adding a new member just recreate it (keeping its pod name) binding the existing persistent volume claim. The pod recreation will happen only if the pod doesn't exists anymore in the API because we'll keep the same pod name. This also enable a MANDATORY property: at most once pod existence logic to avoid having in the API at the same time two pods with associated the same PVC.
### Future enhancements
Handle failures introduced by this design and not covered with the previous parts:
- volume failure (failing to bind PV to pod).
## Related issues
- [Explore Local PV](https://github.com/coreos/etcd-operator/issues/1201)
- [Persistent/Durable etcd cluster](https://github.com/coreos/etcd-operator/issues/1323)
- [Pod Safety, Consistency Guarantees, and Storage Implications](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/pod-safety.md)
================================================
FILE: third_party/etcd-operator/doc/design/reconciliation.md
================================================
# Cluster Membership Reconciliation
## Reconciliation
Given a desired size S, we have two membership states:
- running pods P in k8s cluster
- membership M in operator knowledge
Reconciliation is the process to make these two states consistent with the desired size S.
For each reconciling cycle, we get P from k8s API. Comparing M and P, we have the following steps:
1. Remove all pods from set P that does not belong to set M
2. P’ consist of remaining pods of P
3. If P’ = M, the current state matches the membership state. GOTO Resize.
4. If len(P’) < len(M)/2 + 1, quorum lost. Go to recovery process (TODO).
5. Remove one member that in M but does not in P's. GOTO Resize.
### Resize
Given a desired size S, membership M and current running pods P:
1. If len(P) != len(M), then END.
2. If S = len(M), then END.
3. If S > len(M), add one member. END.
4. If S < len(M), remove one member. END
================================================
FILE: third_party/etcd-operator/doc/design/resource_ownership_and_GC.md
================================================
# Resource Ownership and GC
## Resource Ownership
An etcd cluster creates and manages pods, services and replica set. Those resources are owned by the cluster.
Two cluster owns completely disjoint set of resources, even if they have the same name.
For example, etcd cluster "A" was deleted and later etcd cluster "A" was created again; we think these are two different clusters.
Thus, the new cluster should not mange the resources from the old one. The old resources should be treated as garbage and to be collected.
As discussed in https://github.com/coreos/etcd-operator/issues/517,
we correlate owner (i.e. cluster) and its resources by making use of `ObjectMeta.OwnerReferences` field.
For etcd pods and services, they will have only one owner -- its managing cluster.
## GC
Github issue: https://github.com/coreos/etcd-operator/issues/518
We will talk about two strategies to do GC in the following.
We are only covering etcd pods, services, although the algorithm applies to more resources.
### Lazy deletion
We should remove resources when deleting or creating a cluster.
We remove them via label convention:
- remove pods with selector label{"etcd_cluster": $cluster_name, "app": "etcd"}
- remove services with selector label{"etcd_cluster": $cluster_name}
As a side note on creating a cluster:
Right before creating a cluster, if a pod or svc was selected out, then it must hangs around as garbage.
This could lead to confusing, even harmful cases.
So we must delete all related garbage resources before we start the new cluster.
### Periodic full GC
Every interval (10 mins or so), we find out orphaned pods/svcs.
Initially, our use case would be O(10) clusters, and thus total selected items would be at most O(100).
A simple full scanning algorithm:
- List pods, services.
- Controller have the knowledge of etcd clusters.
- Find out pods, services whose OwnerRef-ed cluster doesn't exist in controller knowledge.
================================================
FILE: third_party/etcd-operator/doc/design/restore_operator.md
================================================
# Restore Operator Design
Restore operator restores an etcd cluster from existing backup.
## General design
The new design will assume EtcdCluster have three phases:
- **Creating**: etcd operator will create a seed member.
- **Running**: etcd operator will keep reconciling cluster membership,
actual running pods, and desired size.
- **Failed**: Encountered unrecoverable failure, e.g. lose majority of the cluster.
For this design, restore operator is going to restore an etcd seed member that
etcd operator understands. etcd operator will skip Creating phase and jump directly
into Running phase.
## Restore operator API
Restore operator API will be exposed as CRD:
```yaml
apiVersion: apiextentions.k8s.io/v1beta2
kind: CustomResourceDefiniton
metadata:
name: etcdrestores.etcd.database.coreos.com
spec:
group: etcd.database.coreos.com
version: v1beta2
Scope: Namespaced
names:
kind: EtcdRestore
plural: etcdrestores
```
Restore Spec defined as:
```Go
// RestoreSpec defines how to restore an etcd cluster from existing backup.
type RestoreSpec struct {
// EtcdCluster defines the same spec that etcd operator will run later.
// Using this spec, restore operator will prepare the seed that
// etcd operator will pick up later.
EtcdCluster ClusterSpec
// EtcdBackup defines the same spec that backup operator uses to save the backup.
// Restore operator will have the same logic as backup operator to discover
// any existing backups and find the one with largest revision.
EtcdBackup EtcdBackupSpec
}
// RestoreStatus reports the status of this restore operation.
type RestoreStatus struct {
// Succeeded indicates if the restore has Succeeded.
Succeeded bool
// Reason indicates the reason for any restore related failures.
Reason string
}
```
================================================
FILE: third_party/etcd-operator/doc/design/s3_backup.md
================================================
# Store Backup in S3
We want to have an option to store backup in S3.
## Flags of etcd operator
When staring etcd operator, we need to provide flags in order to access aws:
```bash
$ etcd-operator --backup-aws-secret ${secret_name} --backup-aws-config ${configmap_name} --backup-s3-bucket ${bucket_name} ...
```
Let's explain them one by one:
- "backup-aws-secret" takes the name of the kube secret object that stores the aws credential file.
We can create a secret object by doing:
```bash
$ kubectl create secret generic aws-credential --from-file=${aws_credential_file}
```
"aws-credential" is the ${secret_name}.
The "aws_credential_file" file is documented [here](http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#aws-credentials-file-format).
We only use "default" profile.
An example credential file:
```
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
```
- "backup-aws-config" takes the name of the kube configmap object that presents the aws config file.
We can create a configmap by doing:
```bash
$ kubectl create configmap aws-config --from-file=${aws_config_file}
```
"aws-config" is the ${configmap_name}.
The "aws_config_file" file is described [here](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files).
We only use "default" profile. Note that "region" must be set.
An example config file:
```
[default]
region=us-west-1
```
- "backup-s3-bucket" takes the name of the s3 bucket in which the operator stores backup.
The backups of each cluster are saved in individual directories under given bucket.
The format would look like: *bucket_name/cluster_name/* .
For example, given bucket "etcd-backups" and if operator has saved backups of cluster "etcd-A", we should see backup files running commands:
```bash
$ aws s3 ls s3://etcd-backups/etcd-A/
```
Or just login into aws console to view it.
## How to create a cluster with backup in S3
When we create a cluster with backup, we set the backup.storageType to "S3".
For example, a yaml file would look like:
```
apiVersion: "etcd.coreos.com/v1beta1"
kind: "Cluster"
metadata:
name: "etcd-cluster-with-backup"
spec:
...
backup:
...
storageType: "S3"
```
================================================
FILE: third_party/etcd-operator/doc/dev/debug_e2e_flake.md
================================================
# Debug E2E Test Flake
E2E flakes will cost more and more effort and bring more and more trouble as time passes by.
It is better to solve them as early as possible.
Rules when a flake happened:
- Do not hide the failure.
If test flake happened, don't just rerun the test.
Comment or create an issue to track the problem.
- Figure out why the failure happened.
The end goal should be either a code fix or some docs explaining the limitatons.
## How to debug
Figuring out the root cause of failures is usually easier and less time-consuming than it's assumed to.
Here is one process to help start the debugging process:
- Have a automated script to reproduce the test consistently. For example, a script to run locally:
```shell
go test -c ./test/e2e
for ((n=0;n<30;n++))
do
echo "${n} round..."
./e2e.test --kubeconfig=${HOME}/.kube/config \
--operator-image=${IMAGE} \
--test.run=${TEST_SELECTOR}
sleep 15 # LE lock expiration
done
```
Note that there might be additional setup before running the test.
- Narrow down the root cause.
In this phase, observability is the key. Add more logs, metrics.
- Once a bug is hunt down, follow up on the issue with detailed report.
================================================
FILE: third_party/etcd-operator/doc/dev/developer_guide.md
================================================
# Developer guide
This document explains how to setup your dev environment.
## Fetch dependency
We use [dep](https://github.com/golang/dep) to manage dependency.
Install dependency if you haven't:
```
./hack/update_vendor.sh
```
## How to build
Requirement:
- Go 1.10+
Build in project root dir:
```
./hack/build/operator/build
./hack/build/backup-operator/build
./hack/build/restore-operator/build
```
================================================
FILE: third_party/etcd-operator/doc/dev/release.md
================================================
# Release Workflow
**NOTE**: During release, don't merge any PR other than bumping the version.
Let's say we are releasing $VERSION (e.g. `v1.2.3`) .
## Create git tag
- Bump up version (e.g. 0.8.0 -> 0.8.1):
```bash
./hack/release/bump_version.sh 0.8.0 0.8.1
```
- Update CHANGELOG.md.
- Send a PR. After it's merged, cut a tag:
```bash
git tag $VERSION
git push ${upstream_remote} tags/$VERSION
```
## Push Image to Quay
- Login to quay.io using docker if haven't:
```bash
docker login quay.io
```
Follow the prompts.
- git checkout tag (created above)
- Follow [developer_guide.md](./developer_guide.md) for build instructions.
- After build, push image:
```bash
$ IMAGE=quay.io/coreos/etcd-operator:$VERSION hack/build/docker_push
```
- Retag "latest":
```bash
$ docker tag quay.io/coreos/etcd-operator:$VERSION quay.io/coreos/etcd-operator:latest
$ docker push quay.io/coreos/etcd-operator:latest
```
## Github release
- Click "releases" in the top bar.
- Click "$VERSION" tag.
- Click "Edit Tag".
- Fill in title and release notes.
- If it's not stable release, click "This is a pre-release".
## Bump version
In version/version.go, bump version again:
```go
// Version = "0.2.2+git" (without "v" prefix)
Version = "$VERSION+git"
```
Send another PR and merge it.
================================================
FILE: third_party/etcd-operator/doc/user/abs_backup.md
================================================
# Backups using Azure Blob Service (ABS)
Etcd backup operator backups the data of an etcd cluster running on Kubernetes to a remote storage such as Azure Blob Service (ABS). If it is not deployed yet, please follow [here](walkthrough/backup-operator.md#deploy-etcd-backup-operator) to deploy it, e.g. by running
```sh
kubectl apply -f example/etcd-backup-operator/deployment.yaml
```
## Setup Azure Secret
Create a secret file `abs-secret.yaml`:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: abs-credentials
namespace: etcd
type: Opaque
stringData:
storage-account: ""
storage-key: ""
cloud: ""
```
In above secret, following data should be provided:
- `storage-account`: the name of Azure storage account.
- `storage-key`: the storage key of storage account.
- `cloud`: the name of cloud environment, e.g. `AzurePublicCloud` or `AzureChinaCloud`. Optional. If not specified, it is defaulted to `AzurePublicCloud`.
And then create the secret:
```sh
kubectl apply -f abs-secret.yaml
```
## Create EtcdBackup CR
First, create a container in the storage account:
```sh
az storage container create -n etcd-backups --account-name --account-key
```
Then create a `EtcdBackup` CR file `etcdbackup.yaml` which uses secret `abs-credentials`:
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: example-etcd-cluster-backup
namespace: etcd
spec:
etcdEndpoints: ["http://example-etcd-cluster-client:2379"]
storageType: ABS
abs:
# The format of the path must be: "/"
path: etcd-backups/etcd.backup
absSecret: abs-credentials
```
Finally apply it to kubernetes cluster:
```sh
kubectl apply -f etcdbackup.yaml
```
Check the `status` section of the `EtcdBackup` CR:
```sh
$ kubectl get EtcdBackup example-etcd-cluster-backup -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
...
spec:
abs:
absSecret: abs-credentials
path: etcd-backups/etcd.backup
etcdEndpoints:
- http://example-etcd-cluster-client:2379
storageType: ABS
status:
etcdRevision: 1
etcdVersion: 3.2.13
succeeded: true
```
We should see the backup files after running the following command:
```bash
$ az storage blob list -c etcd-backups --account-name --account-key
Name Blob Type Blob Tier Length Content Type Last Modified Snapshot
----------- ----------- ----------- -------- ------------------------ ------------------------- ----------
etcd.backup BlockBlob 24608 application/octet-stream 2018-08-13T05:42:03+00:00
```
Alternatively, you can also login into the Azure Portal to view these backups.
## Create EtcdRestore CR
Etcd restore operator is in charge of restoring etcd cluster from backup. If it is not deployed, please deploy by following command:
```yaml
kubectl apply -f example/etcd-restore-operator/deployment.yaml
```
Now kill all the etcd pods to simulate disaster failure:
```sh
kubectl delete pod -l app=etcd,etcd_cluster=example-etcd-cluster --force --grace-period=0
```
Create EtcdRestore CR:
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore"
metadata:
# The restore CR name must be the same as spec.etcdCluster.name
name: example-etcd-cluster
spec:
etcdCluster:
# The namespace is the same as this EtcdRestore CR
name: example-etcd-cluster
backupStorageType: ABS
abs:
# The format of the path must be: "/"
path: etcd-backups/etcd.backup
absSecret: abs-credentials
```
Check the `status` section of the `EtcdRestore` CR:
```sh
$ kubectl get etcdrestore example-etcd-cluster -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdRestore
...
spec:
abs:
absSecret: abs-credentials
path: etcd-backups/etcd.backup
backupStorageType: ABS
etcdCluster:
name: example-etcd-cluster
status:
succeeded: true
```
Verify the `EtcdCluster` CR and restored pods for the restored cluster:
```sh
$ kubectl get etcdcluster
NAME AGE
example-etcd-cluster 1m
$ kubectl get pods -l app=etcd,etcd_cluster=example-etcd-cluster
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-795649v9kq 1/1 Running 1 3m
example-etcd-cluster-jtp447ggnq 1/1 Running 1 4m
example-etcd-cluster-psw7sf2hhr 1/1 Running 1 4m
```
================================================
FILE: third_party/etcd-operator/doc/user/backup_cronjob/README.md
================================================
# Periodic etcd Backup using CronJob
This doc talks about how to use Kubernetes [CronJob][k8s_cronjob] to make periodic etcd backups.
Prerequisites:
- Kubernetes cluster and kubectl ready
- etcd-operator, etcd-backup-operator deployed
- `example-etcd-cluster` EtcdCluster CR is created and the cluster is running
All commands assume the current working directory to be the root directory of etcd-operator repo.
We are also following the example configurations in [backup-operator walkthrough][backup-operator-walkthrough].
## Backup ConfigMap
First we create a [ConfigMap](./configmap.yaml) containing the Backup CR template for the CronJob container to mount and reuse it.
```
kubectl create -f ./doc/user/backup_cronjob/configmap.yaml
```
## Backup CronJob
Then we create a [CronJob](./cronjob.yaml) which every 30 minutes would make a backup with name suffixed with the current timestamp.
```
kubectl create -f ./doc/user/backup_cronjob/cronjob.yaml
```
This example has the following limitations:
- **Backups and EtcdBackup CRs will keep being created**. Clean up/GC old resources properly.
- The CronJob pods use "default" namespace service account.
In production case, replace it with a dedicated service account and restrict the permissions via RBAC.
[k8s_cronjob]:https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
[backup-operator-walkthrough]:../walkthrough/backup-operator.md
================================================
FILE: third_party/etcd-operator/doc/user/backup_cronjob/configmap.yaml
================================================
apiVersion: v1
kind: ConfigMap
metadata:
name: backup-config
data:
backup_cr.yaml: |
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
generateName: example-etcd-backup-
spec:
etcdEndpoints: ["http://example-etcd-cluster-client:2379"]
storageType: S3
s3:
path: mybucket/etcd.backup.
awsSecret: aws
================================================
FILE: third_party/etcd-operator/doc/user/backup_cronjob/cronjob.yaml
================================================
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: etcd-backup
spec:
schedule: "*/30 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: etcd-backup
image: lachlanevenson/k8s-kubectl
command:
- /bin/sh
- "-ec"
- |
sed -e "s||$(date '+%Y-%m-%d_%H:%M:%S')|g" /var/etcd_backup/backup_cr.yaml | kubectl create -f -
volumeMounts:
- name: backup-config
mountPath: /var/etcd_backup
restartPolicy: OnFailure
volumes:
- name: backup-config
configMap:
name: backup-config
================================================
FILE: third_party/etcd-operator/doc/user/client_service.md
================================================
# etcd client service
For every etcd cluster created, the etcd operator will create an etcd client service in the same namespace with the name `-client`.
```
$ kubectl create -f example/example-etcd-cluster.yaml
$ kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
example-etcd-cluster None 2380/TCP 1m
example-etcd-cluster-client 10.0.222.115 2379/TCP 1m
```
The client service is of type `ClusterIP` and accessible only from within the Kubernetes overlay network.
For example, access the service from a pod in the cluster:
```
$ kubectl run --rm -i --tty fun --image quay.io/coreos/etcd --restart=Never -- /bin/sh
/ # ETCDCTL_API=3 etcdctl --endpoints http://example-etcd-cluster-client:2379 put foo bar
OK
(ctrl-D to exit)
```
If accessing this service from a different namespace than that of the etcd cluster, use the fully qualified domain name (FQDN) `http://-client..svc.cluster.local:2379`.
## Accessing the service from outside the cluster
To access the client API of the etcd cluster from outside the Kubernetes cluster, expose a new client service of type `LoadBalancer`. If using a cloud provider like GKE/GCE or AWS, setting the type to `LoadBalancer` will automatically create the load balancer with a publicly accessible IP.
The spec for this service will use the label selector `etcd_cluster: ` to load balance the client requests over the etcd pods in the cluster.
For example, create a service for the cluster described above:
```
$ cat example-etcd-client-service-lb.yaml
apiVersion: v1
kind: Service
metadata:
name: example-etcd-client-service-lb
namespace: default
spec:
ports:
- name: client
port: 2379
protocol: TCP
targetPort: 2379
selector:
etcd_cluster: example-etcd-cluster
type: LoadBalancer
$ kubectl create -f example-etcd-client-service-lb.yaml
```
Wait until the load balancer is created and the service is assigned an `EXTERNAL-IP`:
```
$ kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
example-etcd-cluster None 2380/TCP 5m
example-etcd-cluster-client 10.0.222.115 2379/TCP 5m
example-etcd-cluster-client-lb 10.0.176.134 35.184.74.127 2379:32478/TCP 1m
```
The etcd client API should now be accessible from outside the Kubernetes cluster:
```
$ ETCDCTL_API=3 etcdctl --endpoints http://35.184.74.127:2379 get foo
foo
bar
```
================================================
FILE: third_party/etcd-operator/doc/user/cluster_tls.md
================================================
# Cluster TLS policy
Cluster TLS policy is configured on a per-cluster basis through the CR spec provided to etcd operator.
For etcd's TLS support and requirements, see the [etcd security model][etcd-security].
To learn about generating self-signed TLS certs, see [Generate self-signed certificates][self-signed].
## Static cluster TLS policy
Static TLS means keys/certs are generated by the user and passed to an operator.
This section will use the following YAML manifest to describe the spec. The example cluster manifest and certs can be found in the [example/tls/ directory][example-tls].
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: example
namespace: default
spec:
...
TLS:
static:
member:
peerSecret: etcd-peer-tls
serverSecret: etcd-server-tls
operatorSecret: etcd-client-tls
```
### member.peerSecret
`member.peerSecret` contains pem-encoded private keys and x509 certificates for etcd peer communication.
The peer TLS assets should have the following:
- **peer.crt**: peer communication cert.
The certificate should allow wildcard domain `*.${clusterName}.${namespace}.svc` and `*.${clusterName}.${namespace}.svc.${cluster_domain}`.
The example shown above uses `*.example.default.svc` and `*.example.default.svc.cluster.local`.
- **peer.key**: peer communication key.
- **peer-ca.crt**: CA cert for this peer key-cert pair.
Create a secret using the `peer.key`, `peer.crt`, and `peer-ca.crt`:
```
$ kubectl create secret generic etcd-peer-tls --from-file=peer-ca.crt --from-file=peer.crt --from-file=peer.key
```
Once passed, etcd operator will mount this secret at `/etc/etcdtls/member/peer-tls/` for each etcd member pod in the cluster.
### member.serverSecret
`member.serverSecret` contains pem-encoded private keys and x509 certificates for etcd client communication on server side.
The client TLS assets should have the following:
- **server.crt**: etcd server's client communication cert.
The certificate should allow wildcard domain `*.${clusterName}.${namespace}.svc`,
`${clusterName}-client.${namespace}.svc`, and `localhost`.
The example shown above uses `*.example.default.svc`, `example-client.default.svc`, and `localhost`.
To use more DNS name or IP to access etcd server, please add it here.
- **server.key**: etcd server's client communication key.
- **server-ca.crt**: CA cert for validating the certs of etcd clients.
Create a secret using `server.key`, `server.crt`, and `server-ca.crt`:
```
$ kubectl create secret generic etcd-server-tls --from-file=server-ca.crt --from-file=server.crt --from-file=server.key
```
etcd operator will mount this secret at `/etc/etcdtls/member/server-tls/` for each etcd member pod in the cluster.
### operatorSecret
The operator must send client requests (such as snapshot, healthy check, add/remove member) to maintain this cluster.
`operatorSecret` contains pem-encoded private keys and x509 certificates for communicating with etcd server via client URL.
The operator's etcd TLS assets should have the following:
- **etcd-client.crt**: operator's etcd x509 client cert.
- **etcd-client.key**: operator's etcd x509 client key.
- **etcd-client-ca.crt**: CA cert for validating the certs of etcd members.
They correspond to the `--cert`,`--key`, and `--cacert` arguments of `etcdctl`.
Create a secret containing the `etcd-client.crt`, `etcd-client.key`, and `etcd-client-ca.crt`:
```
$ kubectl create secret generic etcd-client-tls --from-file=etcd-client-ca.crt --from-file=etcd-client.crt --from-file=etcd-client.key
```
Pass `etcd-client-tls` to the `operatorSecret` field.
### Access a secure etcd cluster
Assume a secure etcd cluster `example` is up and running.
To access the cluster, use the service `example-client.default.svc`, which matches the SAN of its certificates.
Assume the following certs are used:
```
etcd-client.crt
etcd-client.key
etcd-client-ca.crt
```
`etcd-client.crt` and `etcd-client.key` should be trusted by the etcd server's client CA `server-ca.crt`.
`server.crt` and `server.key` should be trusted by the etcd client CA `etcd-client-ca.crt`.
The following example `etcdctl` command will list members from the secure etcd cluster. Run this command from within a Kubernetes Pod to access the service name:
```
$ ETCDCTL_API=3 etcdctl --endpoints=https://example-client.default.svc:2379 \
--cert=etcd-client.crt --key=etcd-client.key --cacert=etcd-client-ca.crt \
member list -w table
```
[etcd-security]: https://coreos.com/etcd/docs/latest/op-guide/security.html
[self-signed]: https://coreos.com/os/docs/latest/generate-self-signed-certificates.html
[example-tls]: ../../example/tls/
================================================
FILE: third_party/etcd-operator/doc/user/clusterwide.md
================================================
# Manage clusters in all namespaces
Default etcd operator behavior is to only manage etcd clusters created in the same namespace.
It is possible to deploy an etcd operator with special option to manage clusterwide etcd clusters.
## Install etcd operator
etcd operator have to run with `-cluster-wide` arg option.
More information in [install guide](install_guide.md).
See the example in [example/example-etcd-cluster.yaml](../../example/example-etcd-cluster.yaml)
================================================
FILE: third_party/etcd-operator/doc/user/conditions_and_events.md
================================================
# Status Events and Conditions
To make it easier for users to understand and debug the etcd-operator, the actions of the operator and the state of the cluster are communicated to the user in the standard Kubernetes convention.
Use `kubectl describe` to view information about an object, including [Events][k8s-events] and [Conditions][k8s-conditions] associated with the resource.
The etcd-operator exposes the Events and Conditions for each EtcdCluster Custom Resource.
## Events
The following types of Events and their specific instances are common in the lifecycle of an EtcdCluster:
- A new member is added
- A member is removed
- A member is upgraded
- A dead member is replaced
## Conditions
The etcd cluster Condition and its statuses are defined as:
- Available
- True: Majority members up
- False: Reason for not being available (majority down only)
- Recovering
- True: Reason for recovery (all members down, or majority down)
- False: Reason for recovery failure (for example: no backup found)
- Not present
- Scaling
- True: Scaling from current members size X to spec.size Y
- False: Reason for failure (for example: no more nodes to place member due to anti-affinity)
- Not present
- Upgrading
- True: Upgrading from version X to Y
- False: Reason for failure
- Not present
[k8s-events]: https://kubernetes.io/docs/api-reference/v1.7/#event-v1-core
[k8s-conditions]: https://kubernetes.io/docs/api-reference/v1.7/#podcondition-v1-core
================================================
FILE: third_party/etcd-operator/doc/user/gcs_backup.md
================================================
# Backups using Google Cloud Storage (GCS)
Etcd backup operator backs up the data of an etcd cluster running on Kubernetes to a remote storage such as Google Cloud Storage (GCS). If it is not deployed yet, please follow [here](walkthrough/backup-operator.md#deploy-etcd-backup-operator) to deploy it, e.g. by running
```sh
kubectl apply -f example/etcd-backup-operator/deployment.yaml
```
## Setup Google Cloud Platform (GCP) backup account, GCS bucket, and Secret
```bash
# create account
BACKUP_ACCOUNT='backup-creator'
BACKUP_ACCOUNT_EMAIL="${BACKUP_ACCOUNT}@$(gcloud config get-value project).iam.gserviceaccount.com"
gcloud iam service-accounts create "$BACKUP_ACCOUNT" --display-name='Backup creator service account'
# create bucket and set permissions
BACKUP_BUCKET='mygcsbackupsbucket'
gsutil mb "$BACKUP_BUCKET"
gsutil iam ch "serviceAccount:${BACKUP_ACCOUNT_EMAIL}:objectCreator" "$BACKUP_BUCKET"
# create secret
kubectl create secret generic gcp-credentials \
--from-literal="credentials.json=$(gcloud iam service-accounts keys create - --iam-account="$BACKUP_ACCOUNT_EMAIL")"
```
## Create EtcdBackup CR
Create an `EtcdBackup` CR file `etcdbackup.yaml` which uses secret `gcp-credentials` from the previous section:
```yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
metadata:
name: example-etcd-cluster-backup
spec:
etcdEndpoints: ["http://example-etcd-cluster-client:2379"]
storageType: GCS
gcs:
# The format of the path must be: "/"
path: my-etcd-backups-bucket/my-etcd-backup-object
gcpSecret: gcp-credentials
```
Apply it to kubernetes cluster:
```sh
kubectl apply -f etcdbackup.yaml
```
Check the `status` section of the `EtcdBackup` CR:
```sh
$ kubectl get EtcdBackup example-etcd-cluster-backup -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
...
spec:
gcs:
gcpSecret: gcp-credentials
path: my-etcd-backups-bucket/my-etcd-backup-object
etcdEndpoints:
- http://example-etcd-cluster-client:2379
storageType: GCS
status:
etcdRevision: 1
etcdVersion: 3.2.13
succeeded: true
```
We should see the backup files after running the following command:
```bash
$ gsutil ls gs://my-etcd-backups-bucket/my-etcd-backup-object
gs://my-etcd-backups-bucket/my-etcd-backup-object
```
Alternatively, you can also login into the Google Cloud Platform Console to view these backups.
## Create EtcdRestore CR
Etcd restore operator is in charge of restoring etcd cluster from backup. If it is not deployed, please deploy by following command:
```yaml
kubectl apply -f example/etcd-restore-operator/deployment.yaml
```
Now kill all the etcd pods to simulate a cluster failure:
```sh
kubectl delete pod -l app=etcd,etcd_cluster=example-etcd-cluster --force --grace-period=0
```
Create EtcdRestore CR:
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore"
metadata:
# The restore CR name must be the same as spec.etcdCluster.name
name: example-etcd-cluster
spec:
etcdCluster:
# The namespace is the same as this EtcdRestore CR
name: example-etcd-cluster
backupStorageType: GCS
gcs:
# The format of the path must be: "/"
path: my-etcd-backups-bucket/my-etcd-backup-object
gcpSecret: gcp-credentials
```
Check the `status` section of the `EtcdRestore` CR:
```sh
$ kubectl get etcdrestore example-etcd-cluster -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdRestore
...
spec:
gcs:
gcpSecret: gcp-credentials
path: my-etcd-backups-bucket/my-etcd-backup-object
backupStorageType: GCS
etcdCluster:
name: example-etcd-cluster
status:
succeeded: true
```
Verify the `EtcdCluster` CR and restored pods for the restored cluster:
```sh
$ kubectl get etcdcluster
NAME AGE
example-etcd-cluster 1m
$ kubectl get pods -l app=etcd,etcd_cluster=example-etcd-cluster
NAME READY STATUS RESTARTS AGE
example-etcd-cluster-795649v9kq 1/1 Running 1 3m
example-etcd-cluster-jtp447ggnq 1/1 Running 1 4m
example-etcd-cluster-psw7sf2hhr 1/1 Running 1 4m
```
================================================
FILE: third_party/etcd-operator/doc/user/install_guide.md
================================================
# Installation guide
## Set up RBAC
Set up basic [RBAC rules][rbac-rules] for etcd operator:
```bash
$ example/rbac/create_role.sh
```
## Install etcd operator
Create a deployment for etcd operator:
```bash
$ kubectl create -f example/deployment.yaml
```
etcd operator will automatically create a Kubernetes Custom Resource Definition (CRD):
```bash
$ kubectl get customresourcedefinitions
NAME KIND
etcdclusters.etcd.database.coreos.com CustomResourceDefinition.v1beta1.apiextensions.k8s.io
```
## Uninstall etcd operator
Note that the etcd clusters managed by etcd operator will **NOT** be deleted even if the operator is uninstalled.
This is an intentional design to prevent accidental operator failure from killing all the etcd clusters.
To delete all clusters, delete all cluster CR objects before uninstalling the operator.
Clean up etcd operator:
```bash
kubectl delete -f example/deployment.yaml
kubectl delete endpoints etcd-operator
kubectl delete crd etcdclusters.etcd.database.coreos.com
kubectl delete clusterrole etcd-operator
kubectl delete clusterrolebinding etcd-operator
```
## Installation using Helm
etcd operator is available as a [Helm chart][etcd-helm]. Follow the instructions on the chart to install etcd operator on clusters.
[Alejandro Escobar][alejandroEsc] is the active maintainer.
[rbac-rules]: rbac.md
[etcd-helm]: https://github.com/kubernetes/charts/tree/master/stable/etcd-operator/
[alejandroEsc]:https://github.com/alejandroEsc
================================================
FILE: third_party/etcd-operator/doc/user/oss_backup.md
================================================
# Backups using Alibaba Cloud Object Storage Service (OSS)
Etcd backup operator backs up the data of an etcd cluster running on Kubernetes to a remote storage such as Alibaba Cloud Object Storage Service (OSS). If it is not deployed yet, please follow the [instructions](walkthrough/backup-operator.md#deploy-etcd-backup-operator) to deploy it, e.g. by running
```sh
kubectl apply -f example/etcd-backup-operator/deployment.yaml
```
## Setup Alibaba Cloud backup account, OSS bucket, and Secret
1. Login [Alibaba Cloud Console](https://www.alibabacloud.com) (or [Aliyun Console](https://www.aliyun.com/) if you are in China) and create your own [AccessKey](https://www.alibabacloud.com/help/doc-detail/29009.htm) which gives you the AccessKeyID (AKID) and AccessKeySecret (AKS). You can optionally create an Object Storage Service ([OSS](https://www.alibabacloud.com/help/doc-detail/31947.htm)) bucket for backups.
2. Create a secret storing your AKID and AKS in Kubernetes.
```yaml
apiVersion: v1
kind: Secret
metadata:
name: my-oss-credentials
type: Opaque
data:
accessKeyID:
accessKeySecret:
```
3. Create an `EtcdBackup` CR file `etcdbackup.yaml` which uses secret `my-oss-credentials` from the previous step.
```yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
metadata:
name: etcd-cluster-with-oss-backup
spec:
backupPolicy:
...
etcdEndpoints:
- "http://example-etcd-cluster-client:2379"
storageType: OSS
oss:
endpoint: http://oss-cn-hangzhou.aliyuncs.com
ossSecret: my-oss-credentials
path: my-etcd-backups-bucket/etcd.backup
```
4. Apply yaml file to kubernetes cluster.
```sh
kubectl apply -f etcdbackup.yaml
```
5. Check the `status` section of the `EtcdBackup` CR.
```console
$ kubectl get EtcdBackup etcd-cluster-with-oss-backup -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
...
spec:
oss:
ossSecret: my-oss-credentials
path: my-etcd-backups-bucket/etcd.backup
endpoint: http://oss-cn-hangzhou.aliyuncs.com
etcdEndpoints:
- http://example-etcd-cluster-client:2379
storageType: OSS
status:
etcdRevision: 1
etcdVersion: 3.2.13
succeeded: true
```
6. We should see the backup files from Alibaba Cloud OSS Console.
## Restore etcd based on data from OSS.
Etcd restore operator is in charge of restoring etcd cluster from backup. If it is not deployed, please deploy by following command:
```sh
kubectl apply -f example/etcd-restore-operator/deployment.yaml
```
Now kill all the etcd pods to simulate a cluster failure:
```sh
kubectl delete pod -l app=etcd,etcd_cluster=example-etcd-cluster --force --grace-period=0
```
1. Create an EtcdRestore CR.
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore"
metadata:
# The restore CR name must be the same as spec.etcdCluster.name
name: example-etcd-cluster
spec:
etcdCluster:
# The namespace is the same as this EtcdRestore CR
name: example-etcd-cluster
backupStorageType: OSS
oss:
# The format of the path must be: "/"
path: my-etcd-backups-bucket/etcd.backup
ossSecret: my-oss-credentials
endpoint: http://oss-cn-hangzhou.aliyuncs.com
```
2. Check the `status` section of the `EtcdRestore` CR.
```sh
$ kubectl get etcdrestore example-etcd-cluster -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdRestore
...
spec:
oss:
ossSecret: my-oss-credentials
path: my-etcd-backups-bucket/etcd.backup
endpoint: http://oss-cn-hangzhou.aliyuncs.com
backupStorageType: OSS
etcdCluster:
name: example-etcd-cluster
status:
succeeded: true
```
3. Verify the `EtcdCluster` CR and restored pods for the restored cluster.
```sh
$ kubectl get etcdcluster
$ kubectl get pods -l app=etcd,etcd_cluster=example-etcd-cluster
```
================================================
FILE: third_party/etcd-operator/doc/user/rbac.md
================================================
# Setting up RBAC for etcd operator
If RBAC is in place, users must create RBAC rules for etcd operator. This doc serves a tutorial for it.
## Production setup
In production, allow access only to the resources etcd operator needs, and create a specific role for the operator.
The following example binds a role to the `default` service account in the namespace in which the etcd operator is running. To bind to a different service account, modify the `subjects.name` field in the [rolebinding templates][rbac-templates] as needed.
### Role vs ClusterRole
The permission model required for the etcd operator depends on the value of its `--create-crd` flag:
- `--create-crd=true`: Creates a CRD if one does not yet exist. This the default behavior.
- In this mode the operator requires a ClusterRole with the permission to create a CRD.
- `--create-crd=false` Creates a CR without first creating a CRD.
- In this mode the operator can be run with just a Role without the permission to create a CRD.
## Set up RBAC
Set up RBAC rules using either a ClusterRole or Role, according to the `--create-crd` flag requirements listed above.
Modify and export the following environment variables. These will be used to fill out the [RBAC templates][rbac-templates]:
```
export ROLE_NAME=
export ROLE_BINDING_NAME=
export NAMESPACE=
```
### RBAC with ClusterRole (create-crd=true)
1. Create a ClusterRole:
```sh
sed -e "s//${ROLE_NAME}/g" example/rbac/cluster-role-template.yaml \
| kubectl create -f -
```
2. Create a ClusterRoleBinding which binds the default service account in the namespace to the ClusterRole:
```sh
sed -e "s//${ROLE_NAME}/g" \
-e "s//${ROLE_BINDING_NAME}/g" \
-e "s//${NAMESPACE}/g" \
example/rbac/cluster-role-binding-template.yaml \
| kubectl create -f -
```
### RBAC with Role (create-crd=false)
1. Create a Role:
```sh
sed -e "s//${ROLE_NAME}/g" \
-e "s//${NAMESPACE}/g" \
example/rbac/role-template.yaml \
| kubectl create -f -
```
2. Create a RoleBinding which binds the default service account in the namespace to the Role:
```sh
sed -e "s//${ROLE_NAME}/g" \
-e "s//${ROLE_BINDING_NAME}/g" \
-e "s//${NAMESPACE}/g" \
example/rbac/role-binding-template.yaml \
| kubectl create -f -
```
[rbac-templates]: ../../example/rbac/
================================================
FILE: third_party/etcd-operator/doc/user/resource_labels.md
================================================
# Resource Labels
The etcd operator creates the following Kubernetes resources for each etcd cluster:
- Pods for the etcd nodes
- Services for the etcd client and peer
where each resource has the following labels:
- `app=etcd`
- `etcd_cluster=`
================================================
FILE: third_party/etcd-operator/doc/user/spec_examples.md
================================================
# Cluster Spec Examples
## Three member cluster
```yaml
spec:
size: 3
```
This will use the default version chosen by the etcd-operator.
## Three member cluster with version specified
```yaml
spec:
size: 3
version: "3.2.13"
```
## Three member cluster with node selector and anti-affinity across nodes
> Note: change $cluster_name to the EtcdCluster's name.
```yaml
spec:
size: 3
pod:
nodeSelector:
diskType: ssd
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: etcd_cluster
operator: In
values: ["$cluster_name"]
topologyKey: kubernetes.io/hostname
```
For other topology keys, see https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ .
## Three member cluster with preferred anti-affinity between pods and nodes (place pods in different nodes if possible)
> Note: change $cluster_name to the EtcdCluster's name.
```yaml
spec:
size: 3
pod:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: etcd_cluster
operator: In
values:
- $cluster_name
topologyKey: kubernetes.io/hostname
```
## Three member cluster with resource requirement
```yaml
spec:
size: 3
pod:
resources:
limits:
cpu: 300m
memory: 200Mi
requests:
cpu: 200m
memory: 100Mi
```
## Custom etcd configuration
etcd members could be configured via env: https://coreos.com/etcd/docs/latest/op-guide/configuration.html
```yaml
spec:
size: 3
pod:
etcdEnv:
- name: ETCD_AUTO_COMPACTION_RETENTION
value: "1"
```
## TLS
For more information on working with TLS, see [Cluster TLS policy][cluster-tls].
## Custom pod annotations
```yaml
spec:
size: 3
pod:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "2379"
```
## Custom pod security context
For more information on pod security context see the Kubernetes [docs][pod-security-context].
```yaml
spec:
size: 3
pod:
securityContext:
runAsNonRoot: true
runAsUser: 9000
# The FSGroup is needed to let the etcd container access mounted volumes
fsGroup: 9000
```
## Custom PersistentVolumeClaim definition
> Note: Change $STORAGECLASS for your preferred StorageClass or remove the line to use the default one.
```yaml
spec:
size: 3
pod:
persistentVolumeClaimSpec:
storageClassName: $STORAGECLASS
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
```
[cluster-tls]: cluster_tls.md
[pod-security-context]: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
================================================
FILE: third_party/etcd-operator/doc/user/upgrade/migrate_cr_070.md
================================================
# Custom Resource Migration Guide for 0.7.0 relase
In 0.7.0 release, BackupPolicy and RestorePolicy are removed from EtcdCluster spec.
This doc provides the migration guide for the change.
## Migrate EtcdCluster
This has to be done **before upgrading operator**.
Update any EtcdCluster Custom Resource to remove BackupPolicy and RestorePolicy:
```
kubectl get etcdcluster -o json | \
jq 'del(.spec.backup)' | jq 'del(.spec.restore)' | \
kubectl replace -f -
```
## Migrate BackupPolicy to EtcdBackup CR
Read [etcd backup operator doc](../walkthrough/backup-operator.md) for how to save backup for etcd cluster.
It currently only supports S3 backup for non-TLS etcd cluster.
For previous backup policy, for example:
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "example-etcd-cluster"
spec:
...
backup:
storageType: "S3"
s3:
s3Bucket:
awsSecret:
```
The equivalent EtcdBackup CR is:
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: example-etcd-cluster-backup
spec:
clusterName: example-etcd-cluster
storageType: "S3"
s3:
s3Bucket:
awsSecret:
```
Create the above CR will make **one-time** backup attempt to target etcd cluster.
After backup is saved, it is safe to delete the CR and doing that won’t delete the S3 backup.
## Migrate RestoreSpec to EtcdRestore CR
Read [etcd restore operator doc](../walkthrough/restore-operator.md) for how to restore etcd cluster from backup.
It currently only supports S3 backup and non-TLS etcd cluster.
For previous restore policy for example:
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "restored-etcd-cluster"
spec:
...
restore:
storageType: "S3"
backupClustername: “example-etcd-cluster”
```
The equivalent EtcdRestore CR is:
```yaml
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore"
metadata:
# an EtcdCluster with the same name will be created
name: "restored-etcd-cluster"
spec:
clusterSpec:
size: 3
version: "3.1.8"
s3:
# e.g: "etcd-snapshot-bucket/v1/default/example-etcd-cluster/3.1.8_0000000000000001_etcd.backup"
path:
awsSecret:
```
Create the above CR to trigger restore.
> Note: restore process will create a new EtcdCluster CR.
Wait until etcd cluster reaches given size.
The it is safe to delete the EtcdRestore CR and doing that won’t delete the EtcdCluster CR.
================================================
FILE: third_party/etcd-operator/doc/user/upgrade/upgrade_guide.md
================================================
# Upgrade Guide
This document shows how to safely upgrade the operator to a desired version while preserving the cluster's state and data whenever possible.
### Backup safety precaution:
**Note:** Only applies to when upgrading from an etcd operator with version < v0.7.0.
First create a backup of your current cluster before starting the upgrade process. See the [backup service guide](https://github.com/coreos/etcd-operator/blob/v0.6.1/doc/user/backup_service.md) on how to create a backup.
In the case of an upgrade failure you can restore your cluster to the previous state from the previous backup. See the [spec examples](https://github.com/coreos/etcd-operator/blob/v0.6.1/doc/user/spec_examples.md) on how to do that.
## v0.6.1 -> v0.7.0
**Note:** if your cluster specifies either the backup policy or restore policy, then follow the [migrate CR](./migrate_cr_070.md) guide to update the cluster spec before upgrading the etcd-operator deployment.
Update the etcd-operator deployment:
- Edit the existing etcd-operator deployment: `kubectl edit deployment/`.
- Modify `image` to `quay.io/coreos/etcd-operator:v0.7.0`.
- If `command` field doesn't exist, add a new `command` field to run `etcd-operator`:
```
command:
- etcd-operator
```
- If `command` field exists and `pv-provisioner` flag is used, you must remove `pv-provisioner` flag.
- Save.
## v0.6.0 -> v0.6.1
In `v0.6.1+` the operator will no longer create a storage class specified by `--pv-provisioner` by default. This behavior is set by the new flag `--create-storage-class` which by default is `false`.
**Note:** If your cluster does not have the following backup policy then you can simply upgrade the operator to the `v0.6.1` image.
Backup policy that has `StorageType=PersistentVolume` but `pv.storageClass` is unset. For example:
```yaml
spec:
backup:
backupIntervalInSecond: 30
maxBackups: 5
pv:
storageClass: ""
volumeSizeInMB: 512
storageType: PersistentVolume
```
So if your cluster has the above backup policy then do the following steps before upgrading the operator image to `v0.6.1`.
- Confirm the name of the storage class for a given cluster:
```sh
kubectl -n get pvc -l=etcd_cluster= -o yaml | grep storage-class
```
- Edit your etcd cluster spec by changing the `spec.backup.pv.storageClass` field to the name of the existing storage class from the previous step.
- Wait for the the backup sidecar to be updated.
## v0.5.x -> v0.6.0
### Breaking Change
The v0.6.0 release removes [operator S3 flag](https://github.com/coreos/etcd-operator/blob/v0.5.1/doc/user/backup_config.md#operator-level-configuration).
**Note:** if your cluster is not using operator S3 flag, then you just need recreate etcd-operator deployment with the `v0.6.0` image.
If your cluster is using operator S3 flag for backup and want to use S3 backup in v0.6.0, then you need to migrate your cluster to use [cluster level backup](../backup_config.md#S3-on-aws).
Steps for migration:
- Create a backup of you current data using the [backup service guide](../backup_service.md#http-api-v1).
- Create a new AWS secret `` for [cluster level backup](../backup_config.md#s3-on-aws):
`$ kubectl -n create secret generic --from-file=$AWS_DIR/credentials --from-file=$AWS_DIR/config`
- Change the backup field in your existing cluster backup spec to enable [cluster level backup](../backup_config.md#s3-on-aws):
From
```yaml
backup:
backupIntervalInSecond: 30
maxBackups: 5
storageType: "S3"
```
to
```yaml
backup:
backupIntervalInSecond: 30
maxBackups: 5
storageType: "S3"
s3:
s3Bucket:
awsSecret:
```
- Apply the cluster backup spec:
`$ kubectl -n apply -f .yaml`
- Update deployment spec to use `etcd-operator:v0.6.0` and remove the dependency on operator level S3 backup flags:
From
```yaml
spec:
containers:
- name: etcd-operator
image: quay.io/coreos/etcd-operator:v0.5.2
command:
- /usr/local/bin/etcd-operator
- --backup-aws-secret=aws
- --backup-aws-config=aws
- --backup-s3-bucket=
```
to
```yaml
spec:
containers:
- name: etcd-operator
image: quay.io/coreos/etcd-operator:v0.6.0
command:
- /usr/local/bin/etcd-operator
```
- Apply the updated deployment spec:
`$ kubectl -n apply -f .yaml`
## v0.4.x -> v0.5.x
For any `0.4.x` versions, please update to `0.5.0` first.
The `0.5.0` release introduces a breaking change in moving from [TPR](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-third-party-resource/) to [CRD](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/). To preserve the cluster state across the upgrade, the cluster must be recreated from backup after the upgrade.
### Prerequisite:
Kubernetes cluster version must be 1.7+.
### Steps to upgrade:
- Create a backup of your current cluster data. See the following guides on how to enable and create backups:
- [backup config guide](https://github.com/coreos/etcd-operator/blob/master/doc/user/backup_config.md) to enable backups fro your cluster
- [backup service guide](https://github.com/coreos/etcd-operator/blob/master/doc/user/backup_service.md) to create a backup
- Delete the cluster TPR object. The etcd-operator will delete all resources(pods, services, deployments) associated with the cluster:
- `kubectl -n delete cluster `
- Delete the etcd-operator deployment
- Delete the TPR
- `kubectl delete thirdpartyresource cluster.etcd.coreos.com`
- Replace the existing RBAC rules for the etcd-operator by editing or recreating the `ClusterRole` with the [new rules for CRD](https://github.com/coreos/etcd-operator/blob/master/doc/user/rbac.md#create-clusterrole).
- Recreate the etcd-operator deployment with the `0.5.0` image.
- Create a new cluster that restores from the backup of the previous cluster. The new cluster CR spec should look as follows:
```
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name:
spec:
size:
version: "3.1.8"
backup:
# The same backup spec used to save the backup of the previous cluster
. . .
. . .
restore:
backupClusterName:
storageType:
```
The two points of interest in the above CR spec are:
1. The `apiVersion` and `kind` fields have been changed as mentioned in the `0.5.0` release notes
2. The `spec.restore` field needs to be specified according your backup configuration. See [spec examples guide](https://github.com/coreos/etcd-operator/blob/master/doc/user/spec_examples.md#three-members-cluster-that-restores-from-previous-pv-backup) on how to specify the `spec.restore` field for your particular backup configuration.
## v0.3.x -> v0.4.x
Upgrade to `v0.4.0` first.
See the release notes of `v0.4.0` for noticeable changes: https://github.com/coreos/etcd-operator/releases/tag/v0.4.0
## v0.2.x -> v0.3.x
### Prerequisite:
To upgrade to `v0.3.x` the current operator version **must** first be upgraded to `v0.2.6+`, since versions < `v0.2.6` are not compatible with `v0.3.x` .
### Noticeable changes:
- `Spec.Backup.MaxBackups` update:
- If you have `Spec.Backup.MaxBackups < 0`, previously it had no effect.
Now it will get rejected. Please remove it.
- If you have `Spec.Backup.MaxBackups == 0`, previously it had no effect.
Now it will create backup sidecar that allows unlimited backups.
If you don't want backup sidecar, just don't set any backup policy.
================================================
FILE: third_party/etcd-operator/doc/user/walkthrough/backup-operator.md
================================================
# etcd backup operator
## Overview
etcd backup operator backs up the data of a etcd cluster running on [Kubernetes][Kube] to a remote storage such as AWS [S3][s3].
## Getting Started
Try out etcd backup operator by running it on Kubernetes and then create a `EtcdBackup` Custom Resource which contains the targeting etcd cluster and S3 backup config; the etcd backup operator automatically picks up the `EtcdBackup` Custom Resource, retrieves etcd snapshot, and then saves it to S3.
>Note: The demo uses the `default` namespace.
Prerequisites:
* Setup RBAC and deploy an etcd operator. See [Install Guide][install_guide]
* A running etcd cluster named `example-etcd-cluster`. See [instructions][etcd_cluster_deploy] to deploy it.
### Deploy etcd backup operator
Create a deployment of etcd backup operator:
> Note: etcd backup operator creates EtcdBackup CRD automatically
```sh
$ kubectl create -f example/etcd-backup-operator/deployment.yaml
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
etcd-backup-operator-1102130733-hhgt7 1/1 Running 0 3s
```
Verify that the etcd-backup-operator creates EtcdBackup CRD:
```sh
$ kubectl get crd
NAME KIND
etcdbackups.etcd.database.coreos.com CustomResourceDefinition.v1beta1.apiextensions.k8s.io
```
### Setup AWS Secret
Create a Kubernetes secret that contains aws config/credential;
the secret will be used later to save etcd backup into S3.
1. Verify that the local aws config and credentials files exist:
```sh
$ cat $AWS_DIR/credentials
[default]
aws_access_key_id = XXX
aws_secret_access_key = XXX
$ cat $AWS_DIR/config
[default]
region =
```
2. Create secret `aws`:
```
kubectl create secret generic aws --from-file=$AWS_DIR/credentials --from-file=$AWS_DIR/config
```
### Create EtcdBackup CR
Create EtcdBackup CR:
>Note: this example uses S3 Bucket "mybucket" and k8s secret "aws"
```sh
sed -e 's||mybucket/etcd.backup|g' \
-e 's||aws|g' \
-e 's||"http://example-etcd-cluster-client:2379"|g' \
example/etcd-backup-operator/backup_cr.yaml \
| kubectl create -f -
```
### Verify status
Check the `status` section of the `EtcdBackup` CR:
```
$ kubectl get EtcdBackup example-etcd-cluster-backup -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdBackup
...
status:
etcdRevision: 1
etcdVersion: 3.2.13
succeeded: true
```
This demonstrates etcd backup operator's basic one time backup functionality.
### Cleanup
Delete the etcd-backup-operator deployment and the `EtcdBackup` CR.
> Note: Deleting the `EtcdBackup` CR won't delete the backup in S3.
```sh
kubectl delete etcdbackup example-etcd-cluster-backup
kubectl delete -f example/etcd-backup-operator/deployment.yaml
```
[Kube]:https://github.com/kubernetes/kubernetes
[s3]:https://aws.amazon.com/s3/
[etcd_cluster_deploy]:https://github.com/coreos/etcd-operator#create-and-destroy-an-etcd-cluster
[minikube]:https://github.com/kubernetes/minikube
[install_guide]:../install_guide.md
================================================
FILE: third_party/etcd-operator/doc/user/walkthrough/restore-operator.md
================================================
# etcd restore operator
## Overview
The etcd-restore-operator can restore an etcd cluster on Kubernetes from backup.
The overall workflow is:
- Create the etcd-restore-operator
- Create an `EtcdRestore` Custom Resource which triggers a restore request that specifies:
- the etcd cluster spec
- how to access the backup
- The etcd-restore-operator will restore a new cluster from the backup
- The etcd-operator takes over the management of the restored cluster
Note that currently the etcd-restore-operator only supports restoring from backups saved on S3.
**Prerequisite**
- Setup RBAC and deploy an etcd operator. See [Install Guide][install_guide]
- Have an etcd backup saved on S3. See the [etcd-backup-operator README][backup-operator-README] as one way to save a backup to S3.
>Note: This demo uses the `default` namespace.
### Simulate disaster failure
1. Make sure `example-etcd-cluster` EtcdCluster CR exists
```sh
kubectl get etcdcluster example-etcd-cluster
```
2. Kill etcd pods to simulate disaster failure
```sh
kubectl delete pod -l app=etcd,etcd_cluster=example-etcd-cluster --force --grace-period=0
```
### Deploy the etcd-restore-operator
1. Create a deployment of the etcd-restore-operator:
```sh
kubectl create -f example/etcd-restore-operator/deployment.yaml
```
2. Verify the following resources exist:
```sh
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
etcd-restore-operator-4203122180-npn3g 1/1 Running 0 7s
```
3. Verify that the etcd-restore-operator creates the `EtcdRestore` CRD:
```sh
$ kubectl get crd
NAME KIND
etcdrestores.etcd.database.coreos.com CustomResourceDefinition.v1beta1.apiextensions.k8s.io
```
### Setup AWS Secret
Create a Kubernetes secret that contains AWS credentials and config. This is used by the etcd-restore-operator to retrieve the backup from S3.
1. Verify that the local aws config and credentials files exist:
```sh
$ cat $AWS_DIR/credentials
[default]
aws_access_key_id = XXX
aws_secret_access_key = XXX
$ cat $AWS_DIR/config
[default]
region =
```
2. Create the secret `aws`:
```sh
kubectl create secret generic aws --from-file=$AWS_DIR/credentials --from-file=$AWS_DIR/config
```
### Create EtcdRestore CR
Create the `EtcdRestore` CR:
>Note: This example uses k8s secret "aws" and S3 path "mybucket/etcd.backup"
```sh
sed -e 's||mybucket/etcd.backup|g' \
-e 's||aws|g' \
example/etcd-restore-operator/restore_cr.yaml \
| kubectl create -f -
```
### Verify the CR status and restored cluster
1. Check the `status` section of the `EtcdRestore` CR:
```sh
$ kubectl get etcdrestore example-etcd-cluster -o yaml
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdRestore
...
status:
succeeded: true
```
2. Verify the `EtcdCluster` CR for the restored cluster:
```
$ kubectl get etcdcluster
NAME KIND
example-etcd-cluster EtcdCluster.v1beta2.etcd.database.coreos.com
```
3. Verify that the etcd-operator scales the cluster to the desired size:
```sh
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
etcd-operator-2486363115-ltc17 1/1 Running 0 1h
etcd-restore-operator-4203122180-npn3g 1/1 Running 0 30m
example-etcd-cluster-795649v9kq 1/1 Running 1 3m
example-etcd-cluster-jtp447ggnq 1/1 Running 1 4m
example-etcd-cluster-psw7sf2hhr 1/1 Running 1 4m
```
### Cleanup
Delete the etcd-restore-operator deployment and service, and the `EtcdRestore` CR.
>Note: Deleting the `EtcdRestore` CR won't delete the `EtcdCluster` CR.
```sh
kubectl delete etcdrestore example-etcd-cluster
kubectl delete -f example/etcd-restore-operator/deployment.yaml
```
[backup-operator-README]:./backup-operator.md
[install_guide]:../install_guide.md
================================================
FILE: third_party/etcd-operator/example/deployment.yaml
================================================
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: etcd-operator
spec:
replicas: 1
template:
metadata:
labels:
name: etcd-operator
spec:
containers:
- name: etcd-operator
image: quay.io/coreos/etcd-operator:v0.9.4
command:
- etcd-operator
# Uncomment to act for resources in all namespaces. More information in doc/user/clusterwide.md
#- -cluster-wide
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
================================================
FILE: third_party/etcd-operator/example/deployment_psp.yaml
================================================
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: etcd-operator
spec:
replicas: 1
template:
metadata:
labels:
name: etcd-operator
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: etcd-operator
image: quay.io/coreos/etcd-operator:v0.9.4
command:
- etcd-operator
# Uncomment to act for resources in all namespaces. More information in doc/user/clusterwide.md
#- -cluster-wide
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
================================================
FILE: third_party/etcd-operator/example/etcd-backup-operator/backu_cr_qcloud.yaml
================================================
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: etcd-backup-TIMESTAMP
spec:
etcdEndpoints: ["http://localhost:2379"]
storageType: COS
cos:
# The format of "path" must be: "/"
# e.g: "mybucket/etcd.backup"
path: bucket-test.cos.ap-shanghai.myqcloud.com/cos-test/TIMESTAMP
cosSecret: cos-secret
================================================
FILE: third_party/etcd-operator/example/etcd-backup-operator/backup.sh
================================================
#!/bin/bash
timestamp=`date +%s`
echo $timestamp
cat ./backup_cr_qcloud.yaml | sed "s/TIMESTAMP/$timestamp/" | kubectl create -f -
================================================
FILE: third_party/etcd-operator/example/etcd-backup-operator/backup_cr.yaml
================================================
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: example-etcd-cluster-backup
spec:
etcdEndpoints: []
storageType: S3
s3:
# The format of "path" must be: "/"
# e.g: "mybucket/etcd.backup"
path:
awsSecret:
================================================
FILE: third_party/etcd-operator/example/etcd-backup-operator/deployment.yaml
================================================
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: etcd-backup-operator
spec:
replicas: 1
template:
metadata:
labels:
name: etcd-backup-operator
spec:
containers:
- name: etcd-backup-operator
image: quay.io/coreos/etcd-operator:v0.9.4
command:
- etcd-backup-operator
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
================================================
FILE: third_party/etcd-operator/example/etcd-backup-operator/deployment_qcloud.yaml
================================================
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: etcd-backup-operator
spec:
replicas: 1
template:
metadata:
labels:
name: etcd-backup-operator
spec:
containers:
- name: etcd-backup-operator
image: ccr.ccs.tencentyun.com/etcd-dev/etcd-operator:latest
imagePullPolicy: Always
command:
- etcd-backup-operator
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
================================================
FILE: third_party/etcd-operator/example/etcd-backup-operator/periodic_backup_cr.yaml
================================================
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
name: example-etcd-cluster-periodic-backup
spec:
etcdEndpoints: []
storageType: S3
backupPolicy:
# 0 > enable periodic backup
backupIntervalInSecond: 125
maxBackups: 4
s3:
# The format of "path" must be: "/"
# e.g: "mybucket/etcd.backup"
path:
awsSecret:
================================================
FILE: third_party/etcd-operator/example/etcd-backup-operator/secrets.yaml
================================================
apiVersion: v1
data:
secret-id: xxx
secret-key: xxx
kind: Secret
metadata:
name: cos-secret
namespace: default
================================================
FILE: third_party/etcd-operator/example/etcd-restore-operator/deployment.yaml
================================================
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: etcd-restore-operator
labels:
name: etcd-restore-operator
spec:
replicas: 1
template:
metadata:
labels:
name: etcd-restore-operator
spec:
containers:
- name: etcd-restore-operator
image: quay.io/coreos/etcd-operator:v0.9.4
command:
- etcd-restore-operator
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
================================================
FILE: third_party/etcd-operator/example/etcd-restore-operator/deployment_qcloud.yaml
================================================
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: etcd-restore-operator
labels:
name: etcd-restore-operator
spec:
replicas: 1
template:
metadata:
labels:
name: etcd-restore-operator
spec:
containers:
- name: etcd-restore-operator
image: ccr.ccs.tencentyun.com/etcd-dev/etcd-operator:latest
imagePullPolicy: Always
command:
- etcd-restore-operator
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
================================================
FILE: third_party/etcd-operator/example/etcd-restore-operator/restore_cr.yaml
================================================
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore"
metadata:
# The restore CR name must be the same as spec.etcdCluster.name
name: example-etcd-cluster
spec:
etcdCluster:
# The namespace is the same as this EtcdRestore CR
name: example-etcd-cluster
backupStorageType: S3
s3:
# The format of "path" must be: "/"
# e.g: "mybucket/etcd.backup"
path:
awsSecret:
================================================
FILE: third_party/etcd-operator/example/etcd-restore-operator/restore_cr_qcloud.yaml
================================================
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore"
metadata:
# The restore CR name must be the same as spec.etcdCluster.name
name: cos-test
spec:
etcdCluster:
# The namespace is the same as this EtcdRestore CR
name: cos-test
backupStorageType: COS
cos:
# The format of "path" must be: "/"
# e.g: "mybucket/etcd.backup"
path: bucket-test.cos.ap-shanghai.myqcloud.com/cos-test/xxx
cosSecret: cos-secret
================================================
FILE: third_party/etcd-operator/example/example-etcd-cluster-nodeport-service.json
================================================
{
"kind": "Service",
"apiVersion": "v1",
"metadata": {
"name": "example-etcd-cluster-client-service"
},
"spec": {
"selector": {
"etcd_cluster": "example-etcd-cluster",
"app": "etcd"
},
"ports": [
{
"protocol": "TCP",
"port": 2379,
"targetPort": 2379,
"nodePort": 32379
}
],
"type": "NodePort"
}
}
================================================
FILE: third_party/etcd-operator/example/example-etcd-cluster.yaml
================================================
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "example-etcd-cluster"
## Adding this annotation make this cluster managed by clusterwide operators
## namespaced operators ignore it
# annotations:
# etcd.database.coreos.com/scope: clusterwide
spec:
size: 3
version: "3.2.13"
================================================
FILE: third_party/etcd-operator/example/rbac/cluster-role-binding-template.yaml
================================================
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name:
subjects:
- kind: ServiceAccount
name: default
namespace:
================================================
FILE: third_party/etcd-operator/example/rbac/cluster-role-template.yaml
================================================
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name:
rules:
- apiGroups:
- etcd.database.coreos.com
resources:
- etcdclusters
- etcdbackups
- etcdrestores
verbs:
- "*"
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
verbs:
- "*"
- apiGroups:
- apps
resources:
- deployments
verbs:
- "*"
# The following permissions can be removed if not using S3 backup and TLS
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
================================================
FILE: third_party/etcd-operator/example/rbac/create_role.sh
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
ETCD_OPERATOR_ROOT=$(dirname "${BASH_SOURCE}")/../..
print_usage() {
echo "$(basename "$0") - Create Kubernetes RBAC role and role bindings for etcd-operator
Usage: $(basename "$0") [options...]
Options:
--role-name=STRING Name of ClusterRole to create
(default=\"etcd-operator\", environment variable: ROLE_NAME)
--role-binding-name=STRING Name of ClusterRoleBinding to create
(default=\"etcd-operator\", environment variable: ROLE_BINDING_NAME)
--namespace=STRING namespace to create role and role binding in. Must already exist.
(default=\"default\", environment variable: NAMESPACE)
" >&2
}
ROLE_NAME="${ROLE_NAME:-etcd-operator}"
ROLE_BINDING_NAME="${ROLE_BINDING_NAME:-etcd-operator}"
NAMESPACE="${NAMESPACE:-default}"
for i in "$@"
do
case $i in
--role-name=*)
ROLE_NAME="${i#*=}"
;;
--role-binding-name=*)
ROLE_BINDING_NAME="${i#*=}"
;;
--namespace=*)
NAMESPACE="${i#*=}"
;;
-h|--help)
print_usage
exit 0
;;
*)
print_usage
exit 1
;;
esac
done
echo "Creating role with ROLE_NAME=${ROLE_NAME}, NAMESPACE=${NAMESPACE}"
sed -e "s//${ROLE_NAME}/g" \
-e "s//${NAMESPACE}/g" \
"${ETCD_OPERATOR_ROOT}/example/rbac/cluster-role-template.yaml" | \
kubectl create -f -
echo "Creating role binding with ROLE_NAME=${ROLE_NAME}, ROLE_BINDING_NAME=${ROLE_BINDING_NAME}, NAMESPACE=${NAMESPACE}"
sed -e "s//${ROLE_NAME}/g" \
-e "s//${ROLE_BINDING_NAME}/g" \
-e "s//${NAMESPACE}/g" \
"${ETCD_OPERATOR_ROOT}/example/rbac/cluster-role-binding-template.yaml" | \
kubectl create -f -
================================================
FILE: third_party/etcd-operator/example/rbac/role-binding-template.yaml
================================================
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name:
namespace:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name:
subjects:
- kind: ServiceAccount
name: default
namespace:
================================================
FILE: third_party/etcd-operator/example/rbac/role-template.yaml
================================================
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name:
namespace:
rules:
- apiGroups:
- etcd.database.coreos.com
resources:
- etcdclusters
- etcdbackups
- etcdrestores
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
verbs:
- "*"
- apiGroups:
- apps
resources:
- deployments
verbs:
- "*"
# The following permissions can be removed if not using S3 backup and TLS
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
================================================
FILE: third_party/etcd-operator/example/tls/certs/ca-config.json
================================================
{
"signing": {
"default": {
"expiry": "43800h"
},
"profiles": {
"server": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"peer": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
================================================
FILE: third_party/etcd-operator/example/tls/certs/ca-csr.json
================================================
{
"CN": "My own CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "CA",
"O": "My Company Name",
"ST": "San Francisco",
"OU": "Org Unit 1"
}
]
}
================================================
FILE: third_party/etcd-operator/example/tls/certs/etcd-client-ca.crt
================================================
-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIUKXbvWUAgVnL7iVUcet3e4x1qH70wDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0xNzEwMzEyMjUzMDBaFw0yMjEw
MzAyMjUzMDBaMHUxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv
MQswCQYDVQQHEwJDQTEYMBYGA1UEChMPTXkgQ29tcGFueSBOYW1lMRMwEQYDVQQL
EwpPcmcgVW5pdCAxMRIwEAYDVQQDEwlNeSBvd24gQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDgwydE2HYdqTiz//bMSL/C4w2y4DDMjGZgNdo50VIl
QniiNDrPRB8Xt1fY4MO3VAyLWU934YKssrsqSDn1PE/Fcc5yURKaMc+rsSlGr8Qn
E/W551OuEIAKujPKhIIBk6X4mBVQWEQnjVskAD0aEjYtoo4I/+9F67Rklub5fXwE
ESsB5yf812zWSzC51Ls0s1Uc80h5buh4p7HtFDOY0oCNxNx2Ou21xn5qqpG/1flY
ReHHKmuvRWwnxQdQu+qrill8j/H48Ly6ZGSV47Qqiw7Hb2JK2vnsf95Pp8nEProU
53M5V5y5WHW8VH0sVgzjgc0rC0w0TCCQVkGUSttqFpdJAgMBAAGjZjBkMA4GA1Ud
DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSgWCYJFFoa
6O22U4MaelWJt3khUDAfBgNVHSMEGDAWgBSgWCYJFFoa6O22U4MaelWJt3khUDAN
BgkqhkiG9w0BAQsFAAOCAQEA1ELpWokOl1kwD5fbuROUZ9YedhXVRBWUKKluqQCr
eUUU7x/txKZ4xRYr3s1ltuUjxOMs5XbJSJq1z3tifDQ1srDjyU2CkKtZfjX5xmaS
QHCEJv/WgC6SBHGVYAgZ1hONPN2WpWxDYOLf6seonLszCHLkHMmjub8uFi/TSP8x
5OQ2SYLpHQDQcb3xlwk6+09ZuihAzWAgNAOvW+cNrunlD7N+BBTWMZmugKzqk0BT
avTn+p4dimFk528Iz+bk2uCfmF9WlnHm9DmlwCwM4PioGND7ag1VXAsgkqRWGa3k
uCP+NP3PpnGJLfxV5u20YlNLJk8bVFMB6FoFMafREVMQBA==
-----END CERTIFICATE-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/etcd-client.crt
================================================
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIUFr+6DAbtFSnfqm4Aup/yPagMWB8wDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0xNzEwMzEyMjUzMDBaFw0yMjEw
MzAyMjUzMDBaMEgxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv
MQswCQYDVQQHEwJDQTEUMBIGA1UEAxMLZXRjZCBjbGllbnQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDBA3WhHLwWPFeaqsDIvwkqnszPIiCpyDdLkpTx
XcjM6PTiA/hA2y3WRlcQrBsPAcGyj3V+fGxOCGTIktoKLvFk4GjGR6zw+hfIGwSe
hbuPAQnkaoCsctrgeRjyv7TUb9N4KzXOYfP/RHAtZxh+91gmo/oF/kgzJz+MFR/y
OodBzzdXp7ZAumt0HUB5kqDxQDNXftnquK0WWvjU9geoYwFuHZ4J25p18RmMkL7p
hAWK+MB8+DgTMDP3SGh7SwdVS41UJhJTxK6C/ebj5fMjMNmsinAtCt39pvgwcP7y
p3k/IPoXxWBqRaC3NZW8Mq/dFVMVdcDZ9kzXWiRuvVnCpwzzAgMBAAGjgYMwgYAw
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFNJTsiGVvKItIERnVbqCz9kpQoDyMB8GA1UdIwQYMBaAFKBY
JgkUWhro7bZTgxp6VYm3eSFQMAsGA1UdEQQEMAKCADANBgkqhkiG9w0BAQsFAAOC
AQEAjleSdnxhceY4/muz9HsC1Fk9Yh/KqkMZWMbKCSGyDGR27hS69RJ5VSpfHV6O
2BzXrhH7ygbnqGIl9BreBVOuYsNK/Z2l/h1vwRmehpjlht1LWQAYgSsS24RxgFSL
w2QREI+3hYtnOW7ESnnZTD5xlNJenR1iQx7+R+1Y4R2viqN6s8WF30p7q28EzBVR
+jlqezpwDhmIRTv91IQhrhmkn/xFtg0ZiIS/AGbjKpPKmVw19mweh2TRscV1V8Gk
0nCV8xvREELZyFLNyXdlkhVMyE2f0Dp4uYcPwuPlGTFcQOmELirzi0Gw94WaoIPO
58JdskKHXTJdzbV15WYM/KD8Kw==
-----END CERTIFICATE-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/etcd-client.json
================================================
{
"CN": "etcd client",
"hosts": [""],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "CA",
"ST": "San Francisco"
}
]
}
================================================
FILE: third_party/etcd-operator/example/tls/certs/etcd-client.key
================================================
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwQN1oRy8FjxXmqrAyL8JKp7MzyIgqcg3S5KU8V3IzOj04gP4
QNst1kZXEKwbDwHBso91fnxsTghkyJLaCi7xZOBoxkes8PoXyBsEnoW7jwEJ5GqA
rHLa4HkY8r+01G/TeCs1zmHz/0RwLWcYfvdYJqP6Bf5IMyc/jBUf8jqHQc83V6e2
QLprdB1AeZKg8UAzV37Z6ritFlr41PYHqGMBbh2eCduadfEZjJC+6YQFivjAfPg4
EzAz90hoe0sHVUuNVCYSU8Sugv3m4+XzIzDZrIpwLQrd/ab4MHD+8qd5PyD6F8Vg
akWgtzWVvDKv3RVTFXXA2fZM11okbr1ZwqcM8wIDAQABAoIBAQCF26tZl/8NgL3U
wzU+Q9bMmyM5R9bVSMiofbkUB9G54pnqoYwrFpacc13wbxu49aPq/TkkBpBqMcIL
pGTZCSNarZOcZ5sV6KxTmAFFG0Qvci31HrOsZV9MrE9UEwYLCp7jSTxgrGg2kbUm
l8hSTaHx8mj0fRx/dWnJ8eCc8mBZj3LO6A9w1bSa53LGh5LggyxDFwRfECXcUEAI
RWFkP8QWVweSzbScHomVEQ3Wn0isBgMF3s5hcdvu6txkS+p12/M7ZXk1cgXZTNtM
6WUhX/uP/NrcA4b5NIRiW5hQ0qgGsCcVD7Tq3fBHZbt6dfRsPE+XIkQF79lmIRIu
DYeamONxAoGBANktHJ25DJ9lB99kIF8wTm1F0Xv1rfkz2YrW38MVhOErDfDurgTk
4VTcIfV8gNTmI/LLIOvk9B2nzm2wWJWFO2XRdEuTbWjQQn/po8G5mEKieYiHFHY1
0vx2HrwzZAtuxz0ceHC6aEoYg76w4a7ILiSw4eoMsIBjci7Q8kO3HUPJAoGBAOOE
j812IJylsdPiYAFlnqmm4+XPqXnXA8juUzlZr69GTgtwb0o6ZmnvmNPwErBXPwaB
DzWauENu5Tg1PxBjxBCxCjDlJcizhbGNaGLn8TphVpzg3roIWEqn6LR8es7WGao1
H9TyUSKGCSqCnszVhdBw+DyFxnKCKi8VXbHfFZDbAoGBAI6POlWef1aybzSI+WcC
wrigOB7y6rzG+GpXGpNosM1OAdzCEKFNzUxzJCeNDtSyLa7XAElZBZXh7XO7aqrb
xl3T3E8v+4XuD3j/2Wr1daloFfc1FI10T4dB0nMgGPAYS9klsznsY0EgTnsCiWK+
LOwQ4HtO0R22KeHpbt5ceW1hAoGBAJ3TWUX3ycugjWkkQeD2M0gQg0rp8PCaHQAH
gyfndR2rMXxx9GGTfXPDR0rN4Mj+3LOQV5Khz2zHwq5pEWQ3MM07YoxkiP9euUFf
jKf/qbEL0N9mhlqaa1TugViieTZ+ArO1wm0f4vSF8lnQ3oPNItRjaW/ihLTuYoDi
22oGDJm9AoGAS7rQk9SkMvg0miOGJJSKPwhLjvPRLxYWE/X9DkSpJPLdlay7LXj2
o9kytsNQ305U+aB55h1MkpI22TxClFIJ0YiPHOoYuvvEJ6YCpphZiNdRQVT/8Unv
sCV40oCU+RDsJNC4FAuVnXAovdT1VHkhZum7i25oto+C0hdZGpSlloM=
-----END RSA PRIVATE KEY-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/gen-cert.sh
================================================
#!/usr/bin/env bash
echo "generating CA certs ==="
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
echo "generating etcd peer certs ==="
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer peer.json | cfssljson -bare peer
echo "generating etcd server certs ==="
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server server.json | cfssljson -bare server
echo "generating etcd client certs ==="
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client etcd-client.json | cfssljson -bare etcd-client
mv etcd-client.pem etcd-client.crt
mv etcd-client-key.pem etcd-client.key
cp ca.pem etcd-client-ca.crt
mv server.pem server.crt
mv server-key.pem server.key
cp ca.pem server-ca.crt
mv peer.pem peer.crt
mv peer-key.pem peer.key
mv ca.pem peer-ca.crt
rm *.csr ca-key.pem
================================================
FILE: third_party/etcd-operator/example/tls/certs/peer-ca.crt
================================================
-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIUKXbvWUAgVnL7iVUcet3e4x1qH70wDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0xNzEwMzEyMjUzMDBaFw0yMjEw
MzAyMjUzMDBaMHUxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv
MQswCQYDVQQHEwJDQTEYMBYGA1UEChMPTXkgQ29tcGFueSBOYW1lMRMwEQYDVQQL
EwpPcmcgVW5pdCAxMRIwEAYDVQQDEwlNeSBvd24gQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDgwydE2HYdqTiz//bMSL/C4w2y4DDMjGZgNdo50VIl
QniiNDrPRB8Xt1fY4MO3VAyLWU934YKssrsqSDn1PE/Fcc5yURKaMc+rsSlGr8Qn
E/W551OuEIAKujPKhIIBk6X4mBVQWEQnjVskAD0aEjYtoo4I/+9F67Rklub5fXwE
ESsB5yf812zWSzC51Ls0s1Uc80h5buh4p7HtFDOY0oCNxNx2Ou21xn5qqpG/1flY
ReHHKmuvRWwnxQdQu+qrill8j/H48Ly6ZGSV47Qqiw7Hb2JK2vnsf95Pp8nEProU
53M5V5y5WHW8VH0sVgzjgc0rC0w0TCCQVkGUSttqFpdJAgMBAAGjZjBkMA4GA1Ud
DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSgWCYJFFoa
6O22U4MaelWJt3khUDAfBgNVHSMEGDAWgBSgWCYJFFoa6O22U4MaelWJt3khUDAN
BgkqhkiG9w0BAQsFAAOCAQEA1ELpWokOl1kwD5fbuROUZ9YedhXVRBWUKKluqQCr
eUUU7x/txKZ4xRYr3s1ltuUjxOMs5XbJSJq1z3tifDQ1srDjyU2CkKtZfjX5xmaS
QHCEJv/WgC6SBHGVYAgZ1hONPN2WpWxDYOLf6seonLszCHLkHMmjub8uFi/TSP8x
5OQ2SYLpHQDQcb3xlwk6+09ZuihAzWAgNAOvW+cNrunlD7N+BBTWMZmugKzqk0BT
avTn+p4dimFk528Iz+bk2uCfmF9WlnHm9DmlwCwM4PioGND7ag1VXAsgkqRWGa3k
uCP+NP3PpnGJLfxV5u20YlNLJk8bVFMB6FoFMafREVMQBA==
-----END CERTIFICATE-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/peer.crt
================================================
-----BEGIN CERTIFICATE-----
MIIEETCCAvmgAwIBAgIUY5HWQmhEKqvuoS4dGe74MUpfp+swDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0xNzEwMzEyMjUzMDBaFw0yMjEw
MzAyMjUzMDBaMEYxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv
MQswCQYDVQQHEwJDQTESMBAGA1UEAxMJZXRjZCBwZWVyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAzvv3cmbiO5Q68T6VF+UJq0hlI5zs+AUhnhEF9Oth
L52oOckQGSt9RiuywBKmBsESFLm+gfP6waQFvVl4QazckTCIZx2qze0sfxQzWWNI
xySePfx7E/aZvWVfeJROMLRVZ530K2K0zPdCc1vxyGTkpFSg6qO5pY6g2appfKIZ
zF+HE1exDgagCvFpnQ3zheSY6F4S47r4UMnH6aeSGsyE1RZVL91K9+MURRjjpr/1
ySB+It4wfk458g6RiNuKtm4NtQRDkaf4zki4paiRVAz8418k0tL9pWzdbxk9LWJx
Jy4tHmy/m9h4lT8wS0Fav4J5SlWJwxqTWlco3fUgrSgOfQIDAQABo4HHMIHEMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUXHY98bMHb7Jq5VmVOk+cvqJT2tAwHwYDVR0j
BBgwFoAUoFgmCRRaGujttlODGnpVibd5IVAwRQYDVR0RBD4wPIIVKi5leGFtcGxl
LmRlZmF1bHQuc3ZjgiMqLmV4YW1wbGUuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2Nh
bDANBgkqhkiG9w0BAQsFAAOCAQEAqnJ4DgqC5JZYYjrQdGHP9NQ8fUyy2AVT9KOj
s6Ik/bTtwSJ7vTEG+yFDJSlyAWLPYl09rXm+aQ73FFKZihN5ptqpQjyjfqh3jfoC
DjzFNSxOoGJMwNufLZezD1P3JE26EZPnt9rBd6EGKgDfSMSKCSTjYYpSP93OM816
3dUkbdiPzAtGN/Q9NFdYY42UyjXAj2c+hmPUr41pZSTW2lzNvLpXrB7nMZH6hjIX
7BemrTR0X+nG/wiJPKMAjizrhiXfMBA8eqo3fota98cDKDWdIKhgIFOZ26wJpoit
Hm1WUJCvgR6+Ujg3tIWTJdmMn3wnqlXKfM/uoihlV1DmHYw7pg==
-----END CERTIFICATE-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/peer.json
================================================
{
"CN": "etcd peer",
"hosts": [
"*.example.default.svc",
"*.example.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "CA",
"ST": "San Francisco"
}
]
}
================================================
FILE: third_party/etcd-operator/example/tls/certs/peer.key
================================================
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAzvv3cmbiO5Q68T6VF+UJq0hlI5zs+AUhnhEF9OthL52oOckQ
GSt9RiuywBKmBsESFLm+gfP6waQFvVl4QazckTCIZx2qze0sfxQzWWNIxySePfx7
E/aZvWVfeJROMLRVZ530K2K0zPdCc1vxyGTkpFSg6qO5pY6g2appfKIZzF+HE1ex
DgagCvFpnQ3zheSY6F4S47r4UMnH6aeSGsyE1RZVL91K9+MURRjjpr/1ySB+It4w
fk458g6RiNuKtm4NtQRDkaf4zki4paiRVAz8418k0tL9pWzdbxk9LWJxJy4tHmy/
m9h4lT8wS0Fav4J5SlWJwxqTWlco3fUgrSgOfQIDAQABAoIBAAOuu/JPHktNEddk
86YfLxLbEOGXUyf+f2CekOqQnYQJXArbJuwrt+jdsip0qnuIR9gSje8l9hon3upF
gzw35Ry4LlUXVAih5Z7FLzyx5YOVhTM5IL90LbwO56nviYyYSMS1LLjw4qKa65W9
1wlnsiGyV8KU8yKc7QOyYnoTMD5QlJTMrIyQz0JJYXpnKJ7nUVkVVF2EaJANloYU
bh6hyWBayup6EcHNrvpaGejbp1Zd+ByTTy0O1vSc6c+nMozJWeZo8XgXuAtZAgth
3Yll7esUvBkwG/AFxO+ernD7oOFjEVNYXopph+jsQlBHxkxFhLTincicabyU81wv
UJ4Gv0kCgYEA2k0len5xQVXiRm2EeLvhs3gGwe+ymehgXorhznrlfZLcrB9dzGsj
nNKy59vwG45/oY+y2lA45WBY0wBvrRIY9yhAomukzXyKnDgcDnUDzwCO0bZ+0FIi
eGykyB8VRiOgDWuID2FXDLyBdcNwGj5nzHt1mL3rKTXcGzDC9Nmhfi8CgYEA8rqA
9NyRdNxwO2JVcK0LLx71E7s3xmAJHst2PecO/D/+GhNa/zyDk4rAYeTQsBHxjWp1
mbjWiPF229QqZOQGVkXh9FoBYflAOHH1sgR6Lhpv5qr+Tcpabl1vLK0+RLLFS4Ta
nSzgoxMa/LepKontO237BPMje30HlKwraJFcHxMCgYEAqCZ+dPFKaaou5lLblGgc
PTJ5+g6ZQwYEnS5bKsHtXaGvSwHKLXhlcRm25vO56nAEDb1zZcgfW0ewg681Vlm3
U0H1L2a9Be8lkZmCuvwVV/C1EgKBghOSK7J75w5SQ7mTQmMO5dHzzIKzMbO9+OkS
6SY7+dBogFDVXzhbI2EzjM8CgYEA56tYn9zRu/8V46gEMmoHDa93bKC5KE7LBahe
L9ET/XC6f3rP1GKWlsDMw+KXyCUoLrhYjCLeKJCGyGQlHmyBG+DRO96YCUHTqMwk
HAen8c7r1PaJiAfF7iahkLu9feY+5shju7Z0pVD75g8Jl/9S/PEIr/28dQWtsZnu
SHzMtx8CgYEAiSJ30r6jnp1fQbsYIaTaeHUwh8QDBlA5K71L0oBADTucPV3i5unV
BMFFZ97uH0NEhOGL4l2ZgzLX85Lk9abLrMP04TuxRxt6nPctPB8/RY0RdrwTtbmo
35YK9y08MtHOn7H5CRarrgOJAZPyk4VPdscP+xXNuIP4uS0Z0qLtdRI=
-----END RSA PRIVATE KEY-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/server-ca.crt
================================================
-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIUKXbvWUAgVnL7iVUcet3e4x1qH70wDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0xNzEwMzEyMjUzMDBaFw0yMjEw
MzAyMjUzMDBaMHUxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv
MQswCQYDVQQHEwJDQTEYMBYGA1UEChMPTXkgQ29tcGFueSBOYW1lMRMwEQYDVQQL
EwpPcmcgVW5pdCAxMRIwEAYDVQQDEwlNeSBvd24gQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDgwydE2HYdqTiz//bMSL/C4w2y4DDMjGZgNdo50VIl
QniiNDrPRB8Xt1fY4MO3VAyLWU934YKssrsqSDn1PE/Fcc5yURKaMc+rsSlGr8Qn
E/W551OuEIAKujPKhIIBk6X4mBVQWEQnjVskAD0aEjYtoo4I/+9F67Rklub5fXwE
ESsB5yf812zWSzC51Ls0s1Uc80h5buh4p7HtFDOY0oCNxNx2Ou21xn5qqpG/1flY
ReHHKmuvRWwnxQdQu+qrill8j/H48Ly6ZGSV47Qqiw7Hb2JK2vnsf95Pp8nEProU
53M5V5y5WHW8VH0sVgzjgc0rC0w0TCCQVkGUSttqFpdJAgMBAAGjZjBkMA4GA1Ud
DwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSgWCYJFFoa
6O22U4MaelWJt3khUDAfBgNVHSMEGDAWgBSgWCYJFFoa6O22U4MaelWJt3khUDAN
BgkqhkiG9w0BAQsFAAOCAQEA1ELpWokOl1kwD5fbuROUZ9YedhXVRBWUKKluqQCr
eUUU7x/txKZ4xRYr3s1ltuUjxOMs5XbJSJq1z3tifDQ1srDjyU2CkKtZfjX5xmaS
QHCEJv/WgC6SBHGVYAgZ1hONPN2WpWxDYOLf6seonLszCHLkHMmjub8uFi/TSP8x
5OQ2SYLpHQDQcb3xlwk6+09ZuihAzWAgNAOvW+cNrunlD7N+BBTWMZmugKzqk0BT
avTn+p4dimFk528Iz+bk2uCfmF9WlnHm9DmlwCwM4PioGND7ag1VXAsgkqRWGa3k
uCP+NP3PpnGJLfxV5u20YlNLJk8bVFMB6FoFMafREVMQBA==
-----END CERTIFICATE-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/server.crt
================================================
-----BEGIN CERTIFICATE-----
MIIECzCCAvOgAwIBAgIUJ9A0ORmRWaag95KE7Mw7ZEeAsqwwDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0xNzEwMzEyMjUzMDBaFw0yMjEw
MzAyMjUzMDBaMEgxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv
MQswCQYDVQQHEwJDQTEUMBIGA1UEAxMLZXRjZCBzZXJ2ZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDHQ27rtTF+U5X67gpWf4tmAnG9P/p2PzVltqWi
jn2niHcAm3rA2ZyKa97REIg43j3K9+mfcah36fY6h567OfxuOU3MY5Nf7A/EchxZ
qqiGCyghwXBWs7kspucxr3KIrlZD8ZFshLDKwKJuHonxBqZgU90gCGrex+RnYRO3
fUBWXTua/d+k5kKXSrpSYQhevZX3QxPwhBYc1a6tEgNcTi4hQWjNoVNVq0vySps3
5eOzh/vD7Y6iFimp6EkRDfqfEUG9Vt1ngfILqP/P3chHVFkBPGLWYqGrD7jELmry
DtHfbFUuzZJcz4I5FxE6V0LdkOEbI7VGqLcCFokwzi3gCkF9AgMBAAGjgb8wgbww
DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFAt3OUO1pMZ4rQSzKbebIWE/PbYEMB8GA1UdIwQYMBaAFKBY
JgkUWhro7bZTgxp6VYm3eSFQMEcGA1UdEQRAMD6CFSouZXhhbXBsZS5kZWZhdWx0
LnN2Y4IaZXhhbXBsZS1jbGllbnQuZGVmYXVsdC5zdmOCCWxvY2FsaG9zdDANBgkq
hkiG9w0BAQsFAAOCAQEAjdkgFCI0ySHIf3QyfckcoCpPVTU+S3g4gRp+RWGbQ2yp
pgAJBBG6tFZRu9VGhj2uDtqDxyp1igKs4aOA95Amm92/k9y8Xw1LMPNIdmst/1ol
UbLrFfhxwYbZTpn0FDESHrRNX8j5UlRFsoqcW6CXdem8DL2MB5eshnpKZMLABoqM
EzNRvfnJ4tkH9T949nJkjXcih/0UWg/S/P9MsXMxbXpuDxivynMcBUQxPfdkMzTV
BwogyJn/f508ahlmlwb0JM5D7RLhHndBP1hbs00KE8g927PkpL8QNBW/DL2bjS0y
UI/MmAWRZiP6LAj+3H12QbbCmG5LvY+Ujbz28qSuXg==
-----END CERTIFICATE-----
================================================
FILE: third_party/etcd-operator/example/tls/certs/server.json
================================================
{
"CN": "etcd server",
"hosts": [
"*.example.default.svc",
"example-client.default.svc",
"localhost"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "CA",
"ST": "San Francisco"
}
]
}
================================================
FILE: third_party/etcd-operator/example/tls/certs/server.key
================================================
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAx0Nu67UxflOV+u4KVn+LZgJxvT/6dj81Zbaloo59p4h3AJt6
wNmcimve0RCION49yvfpn3God+n2Ooeeuzn8bjlNzGOTX+wPxHIcWaqohgsoIcFw
VrO5LKbnMa9yiK5WQ/GRbISwysCibh6J8QamYFPdIAhq3sfkZ2ETt31AVl07mv3f
pOZCl0q6UmEIXr2V90MT8IQWHNWurRIDXE4uIUFozaFTVatL8kqbN+Xjs4f7w+2O
ohYpqehJEQ36nxFBvVbdZ4HyC6j/z93IR1RZATxi1mKhqw+4xC5q8g7R32xVLs2S
XM+CORcROldC3ZDhGyO1Rqi3AhaJMM4t4ApBfQIDAQABAoIBADYtnIwUAPgDDAVl
EYSBO0qqIXi+W4ApIYCdT53KNloF3a1ZmN+0iz6Lo9KeNxuXOZ/lFi1W/uJTx7IU
S9FGK99gT0niTSDIk2TrTdAHebiwceHzsXKxfQip/LRiqraFCEmC9fJWhacrBz7/
qKvTDguk4bui7kPSf8Sn/W9na8XPKssoPEzYR/sPUh3D8TcdrWZrS2R+6xaLr2Pm
Hi5ZtF9eW4n2biRxXvIFGI76BrFE8UlHcdau7YdTrHQhbLz+go43T02iV4eKdSzp
A3OJDyKbut4fTPWx4rlk1ysaianpdXDaFxXzZd7vXvLq5VfxO17D3Ti9uhjBQE9J
YzUbFPUCgYEA6s9aWhmmMtzoEBt2FngjfDrRxI2Yp0yASvh2bDCO+b5/P8F0uLKU
HcOmJG1949212nPQ9SDnRSSM9joRA3HKP/gRx8KGKoFsQadMnW7tOnEwKJvDWe6V
DypW36zI4YicJJOX+UbLHStom24Y7O7q59wp726p8piy3Sa/MHz2ZAcCgYEA2T7f
oBP76IuTDKOzk3QO0ow7fsVQCM28h2JLMYFnGQQksDvFgdeM4Y8dONrVVahXVH+N
7CAnZ5H3wFEXpXetyuwplEmhfzDnyERvi0udxmYrug0xOu+DCEJP3w7T4pHCDEho
Ea3sbwTmZC4ckfkR/gQKR8RxX2R/6n93rDj29VsCgYEAt3teA+flCfu6ztNWnEo2
mF2yCuAGeDx8R5kNmI79OkRUVPKLjcPln7iBfBee9s8JynETyGh0r3/XMpS/NKzX
ONNUuX7UriRB/q+HW8IRV8iYtDK7HOwkyBvylIgE1M+WC7LVX3GlR97iuAn5KjOr
lZBhqHoWDL6rjco4PeB3/EMCgYEAvOCIJrIZOzZWdA/DqjimRnI7q90611ygRAi2
nWUHUN2kVECzWE8iolz+KBdCkYWZ39JCfv/5ondrMp6Oc4NY62tmPxHBQkcvzZOK
c04b74mXDNw5aCcjAkQ9Ew7eM0dMsccmC/Dt9hwJfyIEHvmwpeu3UGw/sZM8D5Ih
Zu/j7q8CgYAv76kxhx/jxdX77FNflAhM7HK+hpcpJPzy/e/Jle+jbMki6d5lytCp
DjRPVsgVUV6FGOSLRcDzbOyfwVRJduToLox2UUGVJaPRid8D/Y5+HGs2yyKG7ubz
SzH3mMv+TDPFmVsKlECMUgr1aEKJRQf2KcLFioXZlLAIRuzDufnCnw==
-----END RSA PRIVATE KEY-----
================================================
FILE: third_party/etcd-operator/example/tls/example-tls-cluster.yaml
================================================
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdCluster"
metadata:
name: "example"
spec:
size: 3
TLS:
static:
member:
peerSecret: etcd-peer-tls
serverSecret: etcd-server-tls
operatorSecret: etcd-client-tls
================================================
FILE: third_party/etcd-operator/go.mod
================================================
module github.com/coreos/etcd-operator
go 1.12
require (
cloud.google.com/go v0.38.0
git.apache.org/thrift.git v0.0.0-20181218151757-9b75e4fe745a // indirect
github.com/Azure/azure-sdk-for-go v11.3.0-beta+incompatible
github.com/Azure/go-autorest v11.1.1+incompatible
github.com/PuerkitoBio/purell v1.1.1
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190125095113-2b29687e15f2
github.com/aws/aws-sdk-go v1.13.8
github.com/beorn7/perks v1.0.0
github.com/coreos/etcd v3.3.10+incompatible
github.com/davecgh/go-spew v1.1.1
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/emicklei/go-restful v2.9.5+incompatible
github.com/ghodss/yaml v1.0.0
github.com/go-ini/ini v1.42.0
github.com/go-openapi/jsonpointer v0.19.3
github.com/go-openapi/jsonreference v0.19.3
github.com/go-openapi/spec v0.19.3
github.com/go-openapi/swag v0.19.5
github.com/gogo/protobuf v1.3.1
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef
github.com/golang/protobuf v1.3.2
github.com/google/btree v1.0.0
github.com/google/go-querystring v1.0.0
github.com/google/gofuzz v1.1.0
github.com/googleapis/gax-go v0.0.0-20181219185031-c8a15bac9b9f
github.com/googleapis/gnostic v0.2.0
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc
github.com/hashicorp/golang-lru v0.5.1
github.com/imdario/mergo v0.3.7
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8
github.com/json-iterator/go v1.1.8
github.com/mailru/easyjson v0.7.0
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2 v1.0.1
github.com/mozillazg/go-httpheader v0.2.1
github.com/openzipkin/zipkin-go v0.1.3 // indirect
github.com/pborman/uuid v1.2.0
github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c
github.com/peterbourgon/diskv v2.0.1+incompatible
github.com/pkg/errors v0.8.1
github.com/prometheus/client_golang v1.0.0
github.com/prometheus/client_model v0.2.0
github.com/prometheus/common v0.4.1
github.com/prometheus/procfs v0.0.2
github.com/satori/uuid v1.2.0
github.com/sirupsen/logrus v1.4.2
github.com/spf13/pflag v1.0.5
github.com/tencentyun/cos-go-sdk-v5 v0.7.31
go.opencensus.io v0.21.0
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
google.golang.org/api v0.4.0
gopkg.in/inf.v0 v0.9.1
gopkg.in/yaml.v2 v2.2.8
k8s.io/api v0.18.3
k8s.io/apiextensions-apiserver v0.18.3
k8s.io/apimachinery v0.18.3
k8s.io/client-go v11.0.0+incompatible
)
================================================
FILE: third_party/etcd-operator/go.sum
================================================
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
git.apache.org/thrift.git v0.0.0-20181218151757-9b75e4fe745a/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
github.com/Azure/azure-sdk-for-go v11.3.0-beta+incompatible h1:F+Xs1GMaEJnaBa8gY+ogJSCeK34w4PXPYspY0huefbM=
github.com/Azure/azure-sdk-for-go v11.3.0-beta+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest v11.1.1+incompatible h1:kqw9PTHZBZKk6kSv/S7L/qxKKcz6hBDnmjWJU5RnHTw=
github.com/Azure/go-autorest v11.1.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.9.0 h1:MRvx8gncNaXJqOoLmhNjUAKh33JJF8LyxPhomEtOsjs=
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM=
github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190125095113-2b29687e15f2 h1:7oDAZnIvzxoPhyBFLgiBXEqOpNnqS9CJVeazaQpEzmA=
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190125095113-2b29687e15f2/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
github.com/aws/aws-sdk-go v1.13.8 h1:2GXJr7VVErT37gjlGzkRI7Pb0alhJ2Y3XoCRcXRhavQ=
github.com/aws/aws-sdk-go v1.13.8/go.mod h1:ZRmQr0FajVIyZ4ZzBYKG5P3ZqPz9IHG41ZoMu1ADI3k=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/coreos/etcd v3.3.10+incompatible h1:jFneRYjIvLMLhDLCzuTuU4rSJUjRplcJQ7pD7MnhC04=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/go-ini/ini v1.42.0 h1:TWr1wGj35+UiWHlBA8er89seFXxzwFn11spilrrj+38=
github.com/go-ini/ini v1.42.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU=
github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs=
github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk=
github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go v0.0.0-20181219185031-c8a15bac9b9f h1:UagDZv2cTLFNxuFiG5WvbbxtKTwbLWec8QUnFNqS6Ho=
github.com/googleapis/gax-go v0.0.0-20181219185031-c8a15bac9b9f/go.mod h1:5VvnLYVimBt+hOVlFtJDkYQHVmk4K27qHHioZjPbYAI=
github.com/googleapis/gax-go/v2 v2.0.2/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
github.com/googleapis/gax-go/v2 v2.0.4 h1:hU4mGcQI4DaAYW+IbTun+2qEZVFxK0ySjQLTbS0VQKc=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.2.0 h1:l6N3VoaVzTncYYW+9yOz2LJJammFZGBO13sqgEhpy9g=
github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8 h1:12VvqtR6Aowv3l/EQUlocDHW2Cp4G9WJVH7uyH8QFJE=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/mozillazg/go-httpheader v0.2.1 h1:geV7TrjbL8KXSyvghnFm+NyTux/hxwueTSrwhe88TQQ=
github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c/go.mod h1:HUpKUBZnpzkdx0kD/+Yfuft+uD3zHGtXF/XJB14TUr4=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0 h1:vrDKnkGzuGvhNAL56c7DBz29ZL+KxnoR0x7enabFceM=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.4.1 h1:K0MGApIoQvMw27RTdJkPbr3JZ7DNbtxQNyi5STVM6Kw=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2 h1:6LJUbpNm42llc4HRCuvApCSWB/WfhuNo9K98Q9sNGfs=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/satori/uuid v1.2.0 h1:6TFY4nxn5XwBx0gDfzbEMCNT6k4N/4FNIuN8RACZ0KI=
github.com/satori/uuid v1.2.0/go.mod h1:B8HLsPLik/YNn6KKWVMDJ8nzCL8RP5WyfsnmvnAEwIU=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.194/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.194/go.mod h1:yrBKWhChnDqNz1xuXdSbWXG56XawEq0G5j1lg4VwBD4=
github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190717101923-c5c1f9751e7f h1:TzE7Cs9HhTyfot4WIoMnbD1rWfD4Jkwy2M3Zs66CaRE=
github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190717101923-c5c1f9751e7f/go.mod h1:/4BhymH1yO6ljUGQgcKsd7L3W+pdKRxoRiOuoZPLnGg=
github.com/tencentyun/cos-go-sdk-v5 v0.7.31/go.mod h1:4E4+bQ2gBVJcgEC9Cufwylio4mXOct2iu05WjgEBx1o=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7 h1:HmbHVPwrPEKPGLAcHSrMe6+hqSUlvZU0rab6x5EXfGU=
golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/api v0.4.0 h1:KKgc1aqhV8wDPbDzlDtpvyjZFY3vjz85FP7p4wcQUyI=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg=
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/api v0.18.3 h1:2AJaUQdgUZLoDZHrun21PW2Nx9+ll6cUzvn3IKhSIn0=
k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA=
k8s.io/apiextensions-apiserver v0.18.3 h1:h6oZO+iAgg0HjxmuNnguNdKNB9+wv3O1EBDdDWJViQ0=
k8s.io/apiextensions-apiserver v0.18.3/go.mod h1:TMsNGs7DYpMXd+8MOCX8KzPOCx8fnZMoIGB24m03+JE=
k8s.io/apimachinery v0.18.3 h1:pOGcbVAhxADgUYnjS08EFXs9QMl8qaH5U4fr5LGUrSk=
k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
k8s.io/apiserver v0.18.3/go.mod h1:tHQRmthRPLUtwqsOnJJMoI8SW3lnoReZeE861lH8vUw=
k8s.io/client-go v0.18.3/go.mod h1:4a/dpQEvzAhT1BbuWW09qvIaGw6Gbu1gZYiQZIi1DMw=
k8s.io/client-go v11.0.0+incompatible h1:LBbX2+lOwY9flffWlJM7f1Ct8V2SRNiMRDFeiwnJo9o=
k8s.io/client-go v11.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c=
k8s.io/component-base v0.18.3/go.mod h1:bp5GzGR0aGkYEfTj+eTY0AN/vXTgkJdQXjNTTVUaa3k=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY=
k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU=
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
================================================
FILE: third_party/etcd-operator/hack/build/Dockerfile
================================================
FROM alpine:3.6
RUN apk add --no-cache ca-certificates
ADD _output/bin/etcd-backup-operator /usr/local/bin/etcd-backup-operator
ADD _output/bin/etcd-restore-operator /usr/local/bin/etcd-restore-operator
ADD _output/bin/etcd-operator /usr/local/bin/etcd-operator
RUN adduser -D etcd-operator
USER etcd-operator
================================================
FILE: third_party/etcd-operator/hack/build/backup-operator/build
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
source hack/lib/build.sh
if ! which go > /dev/null; then
echo "golang needs to be installed"
exit 1
fi
GIT_SHA=`git rev-parse --short HEAD || echo "GitNotFound"`
gitHash="github.com/coreos/etcd-operator/version.GitSHA=${GIT_SHA}"
go_ldflags="-X ${gitHash}"
bin_dir="$(pwd)/_output/bin"
mkdir -p ${bin_dir} || true
GO_BUILD_FLAGS="$@" go_build backup-operator
================================================
FILE: third_party/etcd-operator/hack/build/build
================================================
#!/usr/bin/env bash
# This script builds the operators' binaries
set -o errexit
set -o nounset
set -o pipefail
mkdir -p _output
DOCKER_REPO_ROOT="/go/src/github.com/coreos/etcd-operator"
docker run --rm \
-v "$PWD":"$DOCKER_REPO_ROOT" \
-w "$DOCKER_REPO_ROOT" \
gcr.io/coreos-k8s-scale-testing/etcd-operator-builder:0.4.1-2 \
/bin/bash -c "hack/build/operator/build && \
hack/build/backup-operator/build && \
hack/build/restore-operator/build"
================================================
FILE: third_party/etcd-operator/hack/build/docker_push
================================================
#!/usr/bin/env bash
if ! which docker > /dev/null; then
echo "docker needs to be installed"
exit 1
fi
IMAGE=ccr.ccs.tencentyun.com/etcd-dev/etcd-operator
echo $IMAGE
: ${IMAGE:?"Need to set IMAGE, e.g. gcr.io/coreos-k8s-scale-testing/etcd-operator"}
echo "login:"
docker login ccr.ccs.tencentyun.com -u 100000493114 -p codis123
echo "building container..."
docker build --tag "${IMAGE}" -f hack/build/Dockerfile . 1>/dev/null
# For gcr users, do "gcloud docker -a" to have access.
echo "pushing container..."
docker push "${IMAGE}" 1>/dev/null
================================================
FILE: third_party/etcd-operator/hack/build/e2e/builder/Dockerfile
================================================
FROM golang:1.11.5
RUN curl -L https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64 -o /usr/local/bin/dep \
&& chmod +x /usr/local/bin/dep \
&& go get honnef.co/go/tools/cmd/gosimple \
&& go get honnef.co/go/tools/cmd/unused
================================================
FILE: third_party/etcd-operator/hack/build/e2e/builder/build
================================================
#!/usr/bin/env bash
# This script builds and pushes the builder image
set -o errexit
set -o nounset
set -o pipefail
if ! which docker > /dev/null; then
echo "docker needs to be installed"
exit 1
fi
: ${IMAGE:?"Need to set IMAGE, e.g. gcr.io/coreos-k8s-scale-testing/etcd-operator-builder"}
echo "building container..."
docker build --tag "${IMAGE}" -f hack/build/e2e/builder/Dockerfile . 1>/dev/null
# For gcr users, do "gcloud docker -a" to have access.
echo "pushing container..."
docker push "${IMAGE}"
================================================
FILE: third_party/etcd-operator/hack/build/e2e/docker_push
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
: ${TEST_IMAGE:?"Need to set TEST_IMAGE"}
if ! which docker > /dev/null; then
echo "docker needs to be installed"
exit 1
fi
# Push test pod image
TEST_IMAGE=${TEST_IMAGE} test/pod/docker_push
================================================
FILE: third_party/etcd-operator/hack/build/logcollector/Dockerfile
================================================
# Build step: docker build --tag gcr.io/coreos-k8s-scale-testing/logcollector -f hack/build/logcollector/Dockerfile .
FROM golang:1.11.5
ADD ./ /go/src/github.com/coreos/etcd-operator
WORKDIR /go/src/github.com/coreos/etcd-operator
RUN rm -rf _output _test .git .gitignore
RUN go build -o /usr/local/bin/logcollector test/logcollector/main.go
================================================
FILE: third_party/etcd-operator/hack/build/operator/build
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
source hack/lib/build.sh
if ! which go > /dev/null; then
echo "golang needs to be installed"
exit 1
fi
GIT_SHA=`git rev-parse --short HEAD || echo "GitNotFound"`
bin_dir="$(pwd)/_output/bin"
mkdir -p ${bin_dir} || true
gitHash="github.com/coreos/etcd-operator/version.GitSHA=${GIT_SHA}"
go_ldflags="-X ${gitHash}"
GO_BUILD_FLAGS="$@" go_build operator
================================================
FILE: third_party/etcd-operator/hack/build/restore-operator/build
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
source hack/lib/build.sh
if ! which go > /dev/null; then
echo "golang needs to be installed"
exit 1
fi
GIT_SHA=`git rev-parse --short HEAD || echo "GitNotFound"`
gitHash="github.com/coreos/etcd-operator/version.GitSHA=${GIT_SHA}"
go_ldflags="-X ${gitHash}"
bin_dir="$(pwd)/_output/bin"
mkdir -p ${bin_dir} || true
GO_BUILD_FLAGS="$@" go_build restore-operator
================================================
FILE: third_party/etcd-operator/hack/ci/get_dep
================================================
#!/usr/bin/env bash
set -o errexit
DOCKER_REPO_ROOT="/go/src/github.com/coreos/etcd-operator"
docker run --rm \
-v "$PWD":"$DOCKER_REPO_ROOT" \
-w "$DOCKER_REPO_ROOT" \
gcr.io/coreos-k8s-scale-testing/etcd-operator-builder:0.4.1-2 \
hack/update_vendor.sh
================================================
FILE: third_party/etcd-operator/hack/ci/get_kube.sh
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
: ${DOWNLOAD_DIR:?"Need to set DOWNLOAD_DIR"}
: ${KUBE_VERSION:?"Need to set KUBE_VERSION"}
: ${KUBE_RELEASE_URL:?"Need to set KUBE_RELEASE_URL"}
gsutil cp "gs://${KUBE_RELEASE_URL}/${KUBE_VERSION}/kubernetes.tar.gz" "${DOWNLOAD_DIR}/"
cd $DOWNLOAD_DIR
tar zxvf kubernetes.tar.gz 1>/dev/null
gsutil cp "gs://${KUBE_RELEASE_URL}/${KUBE_VERSION}/kubernetes-server-linux-amd64.tar.gz" "kubernetes/server/"
================================================
FILE: third_party/etcd-operator/hack/ci/rbac_utils.sh
================================================
#!/usr/bin/env bash
: ${TEST_NAMESPACE:?"Need to set TEST_NAMESPACE"}
ROLE_NAME=etcd-operator-${TEST_NAMESPACE}
ROLE_BINDING_NAME=etcd-operator-${TEST_NAMESPACE}
function rbac_cleanup {
kubectl delete clusterrolebinding ${ROLE_BINDING_NAME}
kubectl delete clusterrole ${ROLE_NAME}
}
function rbac_setup() {
# Create ClusterRole
sed -e "s//${ROLE_NAME}/g" example/rbac/cluster-role-template.yaml | kubectl create -f -
# Create ClusterRoleBinding
sed -e "s//${ROLE_NAME}/g" \
-e "s//${ROLE_BINDING_NAME}/g" \
-e "s//${TEST_NAMESPACE}/g" \
example/rbac/cluster-role-binding-template.yaml \
| kubectl create -f -
}
================================================
FILE: third_party/etcd-operator/hack/ci/run_e2e
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
kubectl version
: ${TEST_NAMESPACE:?"Need to set TEST_NAMESPACE"}
: ${TEST_S3_BUCKET:?"Need to set TEST_S3_BUCKET"}
: ${TEST_AWS_SECRET:?"Need to set TEST_AWS_SECRET"}
# Default values for e2e and upgrade test envs
GIT_VERSION=$(git rev-parse HEAD)
OPERATOR_IMAGE=${OPERATOR_IMAGE:-"gcr.io/coreos-k8s-scale-testing/etcd-operator:${GIT_VERSION}"}
E2E_TEST_SELECTOR=${E2E_TEST_SELECTOR:-""}
UPGRADE_TEST_SELECTOR=${UPGRADE_TEST_SELECTOR:-""}
UPGRADE_FROM=${UPGRADE_FROM:-"quay.io/coreos/etcd-operator:latest"}
UPGRADE_TO=${UPGRADE_TO:-"quay.io/coreos/etcd-operator:dev"}
function finish {
sudo chown -R "$(whoami)" ./
}
trap finish EXIT
hack/ci/get_dep
BUILD_IMAGE=${BUILD_IMAGE:-true}
if [[ ${BUILD_IMAGE} == "true" ]]; then
gcloud docker -a
hack/build/build
IMAGE=${OPERATOR_IMAGE} hack/build/docker_push
fi
BUILD_E2E=${BUILD_E2E:-true}
if [[ ${BUILD_E2E} == "true" ]]; then
TEST_IMAGE=${TEST_IMAGE:-"gcr.io/coreos-k8s-scale-testing/etcd-operator-e2e:${GIT_VERSION}"}
gcloud docker -a
TEST_IMAGE=${TEST_IMAGE} hack/build/e2e/docker_push
fi
echo "TEST_NAMESPACE: ${TEST_NAMESPACE}"
echo "OPERATOR_IMAGE: ${OPERATOR_IMAGE}"
echo "TEST_IMAGE: ${TEST_IMAGE}"
if [ -z "${PASSES-}" ]; then
echo "No PASSES specified. Skipping tests"
exit 0
fi
# Generate test-pod spec
export TEST_POD_SPEC=${PWD}/test/pod/test-pod-spec.yaml
export POD_NAME=${POD_NAME:-"e2e-testing"}
sed -e "s||${POD_NAME}|g" \
-e "s||${TEST_IMAGE}|g" \
-e "s||${PASSES}|g" \
-e "s||${OPERATOR_IMAGE}|g" \
-e "s||${E2E_TEST_SELECTOR}|g" \
-e "s||${TEST_S3_BUCKET}|g" \
-e "s||${TEST_AWS_SECRET}|g" \
-e "s||${UPGRADE_TEST_SELECTOR}|g" \
-e "s||${UPGRADE_FROM}|g" \
-e "s||${UPGRADE_TO}|g" \
test/pod/test-pod-templ.yaml > ${TEST_POD_SPEC}
# Run test-pod
test/pod/run-test-pod
================================================
FILE: third_party/etcd-operator/hack/ci/run_unit
================================================
#!/usr/bin/env bash
#
# This script is used for fmt_pass and unit_pass
set -o errexit
set -o nounset
set -o pipefail
export CODECOV_TOKEN=$(cat $CODECOV_TOKEN_FILE)
function finish {
sudo chown -R "$(whoami)" ./
}
trap finish EXIT
hack/ci/get_dep
hack/test
================================================
FILE: third_party/etcd-operator/hack/fmt_pass
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
source "hack/lib/test_lib.sh"
allfiles=$(listFiles)
echo "Checking gofmt..."
for file in $allfiles; do
checkRes=$(gofmt -l -s -d $file)
if [ -n "${checkRes}" ]; then
echo -e "gofmt checking failed:\n${checkRes}"
exit 255
fi
done
if which gosimple >/dev/null; then
echo "Checking gosimple..."
# Generated deepcopy code failed checking... Ignore it at the moment
checkRes=$(gosimple `listPkgs | grep -v apis/etcd/v1beta2`) || true
if [ -n "${checkRes}" ]; then
echo -e "gosimple checking failed:\n${checkRes}"
exit 255
fi
else
echo "Skipping gosimple: failed to install"
fi
if which unused >/dev/null; then
echo "Checking unused..."
checkRes=$(unused `listPkgs`) || true
if [ -n "${checkRes}" ]; then
echo -e "unused checking failed:\n${checkRes}"
exit 255
fi
else
echo "Skipping unused: failed to install"
fi
echo "Checking for license header..."
licRes=""
for file in $allfiles; do
if ! head -n3 "${file}" | grep -Eq "(Copyright|generated|GENERATED)" ; then
licRes="${licRes}"$(echo -e " ${file}")
fi
done
if [ -n "${licRes}" ]; then
echo -e "license header checking failed:\n${licRes}"
exit 255
fi
================================================
FILE: third_party/etcd-operator/hack/k8s/codegen/README.md
================================================
## How to use codegen
```sh
./hack/k8s/codegen/update-generated.sh
```
It should print:
```
Generating deepcopy funcs
Generating clientset for etcd:v1beta2 at github.com/coreos/etcd-operator/pkg/generated/clientset
Generating listers for etcd:v1beta2 at github.com/coreos/etcd-operator/pkg/generated/listers
Generating informers for etcd:v1beta2 at github.com/coreos/etcd-operator/pkg/generated/informers
```
================================================
FILE: third_party/etcd-operator/hack/k8s/codegen/boilerplate.go.txt
================================================
/*
Copyright YEAR The etcd-operator Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
================================================
FILE: third_party/etcd-operator/hack/k8s/codegen/update-generated.sh
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
vendor/k8s.io/code-generator/generate-groups.sh \
"all" \
"github.com/coreos/etcd-operator/pkg/generated" \
"github.com/coreos/etcd-operator/pkg/apis" \
"etcd:v1beta2" \
--go-header-file "./hack/k8s/codegen/boilerplate.go.txt" \
$@
================================================
FILE: third_party/etcd-operator/hack/k8s/codegen/verify-generated.sh
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
if ! output=$(./hack/k8s/codegen/update-generated.sh --verify-only 2>&1); then
echo "FAILURE: verification of codegen failed:"
echo "${output}"
exit 1
fi
echo "Verified generated code ==="
================================================
FILE: third_party/etcd-operator/hack/lib/build.sh
================================================
function go_build {
echo "building "${1}"..."
# We’re disabling cgo which gives us a static binary.
# This is needed for building minimal container based on alpine image.
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build $GO_BUILD_FLAGS -o ${bin_dir}/etcd-${1} -installsuffix cgo -ldflags "$go_ldflags" ./cmd/${1}/
}
================================================
FILE: third_party/etcd-operator/hack/lib/test_lib.sh
================================================
function listPkgs() {
go list ./cmd/... ./pkg/... ./test/... | grep -v generated
}
function listFiles() {
# pipeline is much faster than for loop
listPkgs | xargs -I {} find "${GOPATH}/src/{}" -name '*.go' | grep -v generated
}
================================================
FILE: third_party/etcd-operator/hack/release/bump_version.sh
================================================
#!/usr/bin/env bash
# Usage:
# ./hack/release/bump_version.sh 0.8.0 0.8.1
oldv=$1
newv=$2
echo "old version: ${oldv}, new version: ${newv}"
sed -i.bak -e "s/${oldv}+git/${newv}/g" version/version.go
sed -i.bak -e "s/${oldv}/${newv}/g" example/deployment.yaml
sed -i.bak -e "s/${oldv}/${newv}/g" example/etcd-backup-operator/deployment.yaml
sed -i.bak -e "s/${oldv}/${newv}/g" example/etcd-restore-operator/deployment.yaml
rm version/version.go.bak
rm example/deployment.yaml.bak
rm example/etcd-backup-operator/deployment.yaml.bak
rm example/etcd-restore-operator/deployment.yaml.bak
================================================
FILE: third_party/etcd-operator/hack/test
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
source "hack/lib/test_lib.sh"
# KUBECONFIG can be an empty string and so needs to be explicitly declared to avoid an unbound variable error
KUBECONFIG=${KUBECONFIG:-""}
if [ -z "${PASSES-}" ]; then
PASSES="fmt e2e e2eslow unit"
fi
function fmt_pass {
if ! "./hack/k8s/codegen/verify-generated.sh"; then
exit 1
fi
DOCKER_REPO_ROOT="/go/src/github.com/coreos/etcd-operator"
docker run --rm \
-v "${PWD}":"${DOCKER_REPO_ROOT}" \
-w "${DOCKER_REPO_ROOT}" \
gcr.io/coreos-k8s-scale-testing/etcd-operator-builder:0.4.1-2 \
"./hack/fmt_pass"
}
function e2e_pass {
: ${TEST_S3_BUCKET:?"Need to set TEST_S3_BUCKET"}
: ${TEST_AWS_SECRET:?"Need to set TEST_AWS_SECRET"}
# Run all the tests by default
E2E_TEST_SELECTOR=${E2E_TEST_SELECTOR:-.*}
build_flags=("-i") # cache package compilation data for faster repeated builds
for i in {1..2}; do
go test -failfast -parallel=4 "./test/e2e/" ${build_flags[@]} -run "$E2E_TEST_SELECTOR" -timeout 30m --race \
--kubeconfig=$KUBECONFIG --operator-image=$OPERATOR_IMAGE --namespace=${TEST_NAMESPACE}
build_flags=("")
done
}
function e2eslow_pass {
E2E_TEST_SELECTOR=${E2E_TEST_SELECTOR:-.*}
build_flags=("-i") # cache package compilation data for faster repeated builds
for i in {1..2}; do
go test -failfast "./test/e2e/e2eslow" ${build_flags[@]} -run "$E2E_TEST_SELECTOR" -timeout 30m --race \
--kubeconfig=$KUBECONFIG --operator-image=$OPERATOR_IMAGE --namespace=${TEST_NAMESPACE}
build_flags=("")
done
}
function upgrade_pass {
# Run all the tests by default
UPGRADE_TEST_SELECTOR=${UPGRADE_TEST_SELECTOR:-.*}
go test -failfast ./test/e2e/upgradetest/ -run "$UPGRADE_TEST_SELECTOR" --race -timeout 30m \
--kubeconfig=$KUBECONFIG --kube-ns=$TEST_NAMESPACE \
--old-image=$UPGRADE_FROM \
--new-image=$UPGRADE_TO
}
function unit_pass {
DOCKER_REPO_ROOT="/go/src/github.com/coreos/etcd-operator"
docker run --rm \
-v "${PWD}":"${DOCKER_REPO_ROOT}" \
-w "${DOCKER_REPO_ROOT}" \
-e "CODECOV_TOKEN" \
golang:1.11.5 \
"./hack/unit_test"
}
for p in $PASSES
do
${p}_pass
done
echo "test success ==="
================================================
FILE: third_party/etcd-operator/hack/unit_test
================================================
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
source "hack/lib/test_lib.sh"
# coverage.txt is the combined coverage report consumed by codecov
echo "mode: atomic" > coverage.txt
TEST_PKGS=$(listPkgs | grep -v e2e)
for pkg in $TEST_PKGS
do
build_flags=("-i") # cache package compilation data for faster repeated builds
for i in {1..2}; do
go test -failfast ${build_flags[@]} -race -covermode=atomic -coverprofile=profile.out $pkg
# Expand empty array would cause "unbound variable".
# Expand one empty string array is equal to nothing.
build_flags=("")
done
if [ -f profile.out ]; then
tail -n +2 profile.out >> coverage.txt
rm profile.out
fi
done
# Send reports to codecov, CODECOV_TOKEN env must be present in Jenkins
(curl -s https://codecov.io/bash | bash) || true
================================================
FILE: third_party/etcd-operator/hack/update_vendor.sh
================================================
#!/usr/bin/env bash
dep ensure -v
================================================
FILE: third_party/etcd-operator/pkg/apis/etcd/v1beta2/backup_types.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1beta2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
// AWS S3 related consts
BackupStorageTypeS3 BackupStorageType = "S3"
AWSSecretCredentialsFileName = "credentials"
AWSSecretConfigFileName = "config"
// Azure ABS related consts
BackupStorageTypeABS BackupStorageType = "ABS"
AzureSecretStorageAccount = "storage-account"
AzureSecretStorageKey = "storage-key"
AzureCloudKey = "cloud"
// Google GCS related consts
BackupStorageTypeGCS BackupStorageType = "GCS"
GCPAccessToken = "access-token"
GCPCredentialsJson = "credentials.json"
// Tencent COS related consts
BackupStorageTypeCOS BackupStorageType = "COS"
COSSecretKey = "secret-key"
COSSecretId = "secret-id"
// Alibaba Cloud OSS related consts
BackupStorageTypeOSS BackupStorageType = "OSS"
AlibabaCloudSecretCredentialsAccessKeyID = "accessKeyID"
AlibabaCloudSecretCredentialsAccessKeySecret = "accessKeySecret"
// Hostpath related consts
BackupStorageTypeHostPath BackupStorageType = "HostPath"
)
type BackupStorageType string
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdBackupList is a list of EtcdBackup.
type EtcdBackupList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []EtcdBackup `json:"items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdBackup represents a Kubernetes EtcdBackup Custom Resource.
type EtcdBackup struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec BackupSpec `json:"spec"`
Status BackupStatus `json:"status,omitempty"`
}
// BackupSpec contains a backup specification for an etcd cluster.
type BackupSpec struct {
// EtcdEndpoints specifies the endpoints of an etcd cluster.
// When multiple endpoints are given, the backup operator retrieves
// the backup from the endpoint that has the most up-to-date state.
// The given endpoints must belong to the same etcd cluster.
EtcdEndpoints []string `json:"etcdEndpoints,omitempty"`
// StorageType is the etcd backup storage type.
// We need this field because CRD doesn't support validation against invalid fields
// and we cannot verify invalid backup storage source.
StorageType BackupStorageType `json:"storageType"`
// BackupPolicy configures the backup process.
BackupPolicy *BackupPolicy `json:"backupPolicy,omitempty"`
// BackupSource is the backup storage source.
BackupSource `json:",inline"`
// ClientTLSSecret is the secret containing the etcd TLS client certs and
// must contain the following data items:
// data:
// "client.crt":
// "client.key":
// "client-ca.crt":
ClientTLSSecret string `json:"clientTLSSecret,omitempty"`
// insecure-skip-tsl-verify
InsecureSkipVerify bool `json:"insecureSkipVerify, omitempty"`
// BasicAuthSecret is the secret containing the etcd user password
// data:
// "username": xx
// "password": xxxx
BasicAuthSecret string `json:"basicAuthSecret,omitempty"`
}
// BackupSource contains the supported backup sources.
type BackupSource struct {
// S3 defines the S3 backup source spec.
S3 *S3BackupSource `json:"s3,omitempty"`
// ABS defines the ABS backup source spec.
ABS *ABSBackupSource `json:"abs,omitempty"`
// GCS defines the GCS backup source spec.
GCS *GCSBackupSource `json:"gcs,omitempty"`
// COS defines the COS backup source spec.
COS *COSBackupSource `json:"cos,omitempty"`
// OSS defines the OSS backup source spec.
OSS *OSSBackupSource `json:"oss,omitempty"`
// HostPath defines the HostPath backup source spec.
HostPath *HostPathBackupSource `json:"hostpath,omitempty"`
}
// BackupPolicy defines backup policy.
type BackupPolicy struct {
// TimeoutInSecond is the maximal allowed time in second of the entire backup process.
TimeoutInSecond int64 `json:"timeoutInSecond,omitempty"`
// BackupIntervalInSecond is to specify how often operator take snapshot
// 0 is magic number to indicate one-shot backup
BackupIntervalInSecond int64 `json:"backupIntervalInSecond,omitempty"`
// MaxBackups is to specify how many backups we want to keep
// 0 is magic number to indicate un-limited backups
MaxBackups int `json:"maxBackups,omitempty"`
}
// BackupStatus represents the status of the EtcdBackup Custom Resource.
type BackupStatus struct {
// Succeeded indicates if the backup has Succeeded.
Succeeded bool `json:"succeeded"`
// Reason indicates the reason for any backup related failures.
Reason string `json:"Reason,omitempty"`
// EtcdVersion is the version of the backup etcd server.
EtcdVersion string `json:"etcdVersion,omitempty"`
// EtcdRevision is the revision of etcd's KV store where the backup is performed on.
EtcdRevision int64 `json:"etcdRevision,omitempty"`
// LastSuccessDate indicate the time to get snapshot last time
LastSuccessDate metav1.Time `json:"lastSuccessDate,omitempty"`
}
// S3BackupSource provides the spec how to store backups on S3.
type S3BackupSource struct {
// Path is the full s3 path where the backup is saved.
// The format of the path must be: "/"
// e.g: "mybucket/etcd.backup"
Path string `json:"path"`
// The name of the secret object that stores the AWS credential and config files.
// The file name of the credential MUST be 'credentials'.
// The file name of the config MUST be 'config'.
// The profile to use in both files will be 'default'.
//
// AWSSecret overwrites the default etcd operator wide AWS credential and config.
AWSSecret string `json:"awsSecret"`
// Endpoint if blank points to aws. If specified, can point to s3 compatible object
// stores.
Endpoint string `json:"endpoint,omitempty"`
// ForcePathStyle forces to use path style over the default subdomain style.
// This is useful when you have an s3 compatible endpoint that doesn't support
// subdomain buckets.
ForcePathStyle bool `json:"forcePathStyle"`
}
// ABSBackupSource provides the spec how to store backups on ABS.
type ABSBackupSource struct {
// Path is the full abs path where the backup is saved.
// The format of the path must be: "/"
// e.g: "myabscontainer/etcd.backup"
Path string `json:"path"`
// The name of the secret object that stores the Azure storage credential
ABSSecret string `json:"absSecret"`
}
// GCSBackupSource provides the spec how to store backups on GCS.
type GCSBackupSource struct {
// Path is the full GCS path where the backup is saved.
// The format of the path must be: "/"
// e.g: "mygcsbucket/etcd.backup"
Path string `json:"path"`
// The name of the secret object that stores the Google storage credential
// containing at most ONE of the following:
// An access token with file name of 'access-token'.
// JSON credentials with file name of 'credentials.json'.
//
// If omitted, client will use the default application credentials.
GCPSecret string `json:"gcpSecret,omitempty"`
}
// COSBackupSource provides the spec how to store backups on COS.
type COSBackupSource struct {
// Path is the full COS path where the backup is saved.
// The format of the path must be: "/"
// e.g: "mycosbucket/etcd.backup"
Path string `json:"path"`
// The name of the secret object that stores the COS storage credential
COSSecret string `json:"cosSecret"`
}
// OSSBackupSource provides the spec how to store backups on OSS.
type OSSBackupSource struct {
// Path is the full abs path where the backup is saved.
// The format of the path must be: "/"
// e.g: "mybucket/etcd.backup"
Path string `json:"path"`
// The name of the secret object that stores the credential which will be used
// to access Alibaba Cloud OSS.
//
// The secret must contain the following keys/fields:
// accessKeyID
// accessKeySecret
//
// The format of secret:
//
// apiVersion: v1
// kind: Secret
// metadata:
// name:
// type: Opaque
// data:
// accessKeyID:
// accessKeySecret:
//
OSSSecret string `json:"ossSecret"`
// Endpoint is the OSS service endpoint on alibaba cloud, defaults to
// "http://oss-cn-hangzhou.aliyuncs.com".
//
// Details about regions and endpoints, see:
// https://www.alibabacloud.com/help/doc-detail/31837.htm
Endpoint string `json:"endpoint,omitempty"`
}
// HostPathBackupSource provides the spec how to store backups on HostPath.
type HostPathBackupSource struct {
// Path is the full Host path where the backup is saved.
// The format of the path is relative
// e.g: "etcd.backup"
Path string `json:"path"`
}
================================================
FILE: third_party/etcd-operator/pkg/apis/etcd/v1beta2/cluster.go
================================================
// Copyright 2016 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1beta2
import (
"errors"
"strings"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
defaultRepository = "quay.io/coreos/etcd"
DefaultEtcdVersion = "3.2.13"
)
var (
// TODO: move validation code into separate package.
ErrBackupUnsetRestoreSet = errors.New("spec: backup policy must be set if restore policy is set")
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdClusterList is a list of etcd clusters.
type EtcdClusterList struct {
metav1.TypeMeta `json:",inline"`
// Standard list metadata
// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
metav1.ListMeta `json:"metadata,omitempty"`
Items []EtcdCluster `json:"items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type EtcdCluster struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ClusterSpec `json:"spec"`
Status ClusterStatus `json:"status"`
}
func (c *EtcdCluster) AsOwner() metav1.OwnerReference {
trueVar := true
return metav1.OwnerReference{
APIVersion: SchemeGroupVersion.String(),
Kind: EtcdClusterResourceKind,
Name: c.Name,
UID: c.UID,
Controller: &trueVar,
}
}
type ClusterSpec struct {
// Size is the expected size of the etcd cluster.
// The etcd-operator will eventually make the size of the running
// cluster equal to the expected size.
// The vaild range of the size is from 1 to 7.
Size int `json:"size"`
// Repository is the name of the repository that hosts
// etcd container images. It should be direct clone of the repository in official
// release:
// https://github.com/coreos/etcd/releases
// That means, it should have exact same tags and the same meaning for the tags.
//
// By default, it is `quay.io/coreos/etcd`.
Repository string `json:"repository,omitempty"`
// Version is the expected version of the etcd cluster.
// The etcd-operator will eventually make the etcd cluster version
// equal to the expected version.
//
// The version must follow the [semver]( http://semver.org) format, for example "3.2.13".
// Only etcd released versions are supported: https://github.com/coreos/etcd/releases
//
// If version is not set, default is "3.2.13".
Version string `json:"version,omitempty"`
// Paused is to pause the control of the operator for the etcd cluster.
Paused bool `json:"paused,omitempty"`
// Pod defines the policy to create pod for the etcd pod.
//
// Updating Pod does not take effect on any existing etcd pods.
Pod *PodPolicy `json:"pod,omitempty"`
// etcd cluster TLS configuration
TLS *TLSPolicy `json:"TLS,omitempty"`
}
// PodPolicy defines the policy to create pod for the etcd container.
type PodPolicy struct {
// Labels specifies the labels to attach to pods the operator creates for the
// etcd cluster.
// "app" and "etcd_*" labels are reserved for the internal use of the etcd operator.
// Do not overwrite them.
Labels map[string]string `json:"labels,omitempty"`
// NodeSelector specifies a map of key-value pairs. For the pod to be eligible
// to run on a node, the node must have each of the indicated key-value pairs as
// labels.
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// The scheduling constraints on etcd pods.
Affinity *v1.Affinity `json:"affinity,omitempty"`
// **DEPRECATED**. Use Affinity instead.
AntiAffinity bool `json:"antiAffinity,omitempty"`
// Resources is the resource requirements for the etcd container.
// This field cannot be updated once the cluster is created.
Resources v1.ResourceRequirements `json:"resources,omitempty"`
// Tolerations specifies the pod's tolerations.
Tolerations []v1.Toleration `json:"tolerations,omitempty"`
// List of environment variables to set in the etcd container.
// This is used to configure etcd process. etcd cluster cannot be created, when
// bad environement variables are provided. Do not overwrite any flags used to
// bootstrap the cluster (for example `--initial-cluster` flag).
// This field cannot be updated.
EtcdEnv []v1.EnvVar `json:"etcdEnv,omitempty"`
// PersistentVolumeClaimSpec is the spec to describe PVC for the etcd container
// This field is optional. If no PVC spec, etcd container will use emptyDir as volume
// Note. This feature is in alpha stage. It is currently only used as non-stable storage,
// not the stable storage. Future work need to make it used as stable storage.
PersistentVolumeClaimSpec *v1.PersistentVolumeClaimSpec `json:"persistentVolumeClaimSpec,omitempty"`
// Annotations specifies the annotations to attach to pods the operator creates for the
// etcd cluster.
// The "etcd.version" annotation is reserved for the internal use of the etcd operator.
Annotations map[string]string `json:"annotations,omitempty"`
// busybox init container image. default is busybox:1.28.0-glibc
// busybox:latest uses uclibc which contains a bug that sometimes prevents name resolution
// More info: https://github.com/docker-library/busybox/issues/27
BusyboxImage string `json:"busyboxImage,omitempty"`
// SecurityContext specifies the security context for the entire pod
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context
SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
// DNSTimeoutInSecond is the maximum allowed time for the init container of the etcd pod to
// reverse DNS lookup its IP given the hostname.
// The default is to wait indefinitely and has a vaule of 0.
DNSTimeoutInSecond int64 `json:"DNSTimeoutInSecond,omitempty"`
// ClusterDomain is the cluster domain to use for member URLs E.g.
// '.cluster.local'.
// The default is to not set a cluster domain explicitly.
ClusterDomain string `json:"ClusterDomain"`
}
// TODO: move this to initializer
func (c *ClusterSpec) Validate() error {
if c.TLS != nil {
if err := c.TLS.Validate(); err != nil {
return err
}
}
if c.Pod != nil {
for k := range c.Pod.Labels {
if k == "app" || strings.HasPrefix(k, "etcd_") {
return errors.New("spec: pod labels contains reserved label")
}
}
}
return nil
}
// SetDefaults cleans up user passed spec, e.g. defaulting, transforming fields.
// TODO: move this to initializer
func (e *EtcdCluster) SetDefaults() {
c := &e.Spec
if len(c.Repository) == 0 {
c.Repository = defaultRepository
}
if len(c.Version) == 0 {
c.Version = DefaultEtcdVersion
}
c.Version = strings.TrimLeft(c.Version, "v")
// convert PodPolicy.AntiAffinity to Pod.Affinity.PodAntiAffinity
// TODO: Remove this once PodPolicy.AntiAffinity is removed
if c.Pod != nil && c.Pod.AntiAffinity && c.Pod.Affinity == nil {
c.Pod.Affinity = &v1.Affinity{
PodAntiAffinity: &v1.PodAntiAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{
{
// set anti-affinity to the etcd pods that belongs to the same cluster
LabelSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
"etcd_cluster": e.Name,
}},
TopologyKey: "kubernetes.io/hostname",
},
},
},
}
}
}
================================================
FILE: third_party/etcd-operator/pkg/apis/etcd/v1beta2/cluster_tls.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1beta2
import "errors"
// TLSPolicy defines the TLS policy of an etcd cluster
type TLSPolicy struct {
// StaticTLS enables user to generate static x509 certificates and keys,
// put them into Kubernetes secrets, and specify them into here.
Static *StaticTLS `json:"static,omitempty"`
}
type StaticTLS struct {
// Member contains secrets containing TLS certs used by each etcd member pod.
Member *MemberSecret `json:"member,omitempty"`
// OperatorSecret is the secret containing TLS certs used by operator to
// talk securely to this cluster.
OperatorSecret string `json:"operatorSecret,omitempty"`
}
type MemberSecret struct {
// PeerSecret is the secret containing TLS certs used by each etcd member pod
// for the communication between etcd peers.
PeerSecret string `json:"peerSecret,omitempty"`
// ServerSecret is the secret containing TLS certs used by each etcd member pod
// for the communication between etcd server and its clients.
ServerSecret string `json:"serverSecret,omitempty"`
}
func (tp *TLSPolicy) Validate() error {
if tp.Static == nil {
return nil
}
st := tp.Static
if len(st.OperatorSecret) != 0 {
if len(st.Member.ServerSecret) == 0 {
return errors.New("operator secret set but member serverSecret not set")
}
} else if st.Member != nil && len(st.Member.ServerSecret) != 0 {
return errors.New("member serverSecret set but operator secret not set")
}
return nil
}
func (tp *TLSPolicy) IsSecureClient() bool {
if tp == nil || tp.Static == nil {
return false
}
return len(tp.Static.OperatorSecret) != 0
}
func (tp *TLSPolicy) IsSecurePeer() bool {
if tp == nil || tp.Static == nil || tp.Static.Member == nil {
return false
}
return len(tp.Static.Member.PeerSecret) != 0
}
================================================
FILE: third_party/etcd-operator/pkg/apis/etcd/v1beta2/doc.go
================================================
/*
Copyright 2017 The etcd-operator Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +k8s:deepcopy-gen=package
// +groupName=etcd.database.coreos.com
package v1beta2
================================================
FILE: third_party/etcd-operator/pkg/apis/etcd/v1beta2/register.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1beta2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
const (
EtcdClusterResourceKind = "EtcdCluster"
EtcdClusterResourcePlural = "etcdclusters"
groupName = "etcd.database.coreos.com"
EtcdBackupResourceKind = "EtcdBackup"
EtcdBackupResourcePlural = "etcdbackups"
EtcdRestoreResourceKind = "EtcdRestore"
EtcdRestoreResourcePlural = "etcdrestores"
)
var (
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
AddToScheme = SchemeBuilder.AddToScheme
SchemeGroupVersion = schema.GroupVersion{Group: groupName, Version: "v1beta2"}
EtcdClusterCRDName = EtcdClusterResourcePlural + "." + groupName
EtcdBackupCRDName = EtcdBackupResourcePlural + "." + groupName
EtcdRestoreCRDName = EtcdRestoreResourcePlural + "." + groupName
)
// Resource gets an EtcdCluster GroupResource for a specified resource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
// addKnownTypes adds the set of types defined in this package to the supplied scheme.
func addKnownTypes(s *runtime.Scheme) error {
s.AddKnownTypes(SchemeGroupVersion,
&EtcdCluster{},
&EtcdClusterList{},
&EtcdBackup{},
&EtcdBackupList{},
&EtcdRestore{},
&EtcdRestoreList{},
)
metav1.AddToGroupVersion(s, SchemeGroupVersion)
return nil
}
================================================
FILE: third_party/etcd-operator/pkg/apis/etcd/v1beta2/restore_types.go
================================================
// Copyright 2017 The etcd-operator Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1beta2
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdRestoreList is a list of EtcdRestore.
type EtcdRestoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []EtcdRestore `json:"items"`
}
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EtcdRestore represents a Kubernetes EtcdRestore Custom Resource.
// The EtcdRestore CR name will be used as the name of the new restored cluster.
type EtcdRestore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
Spec RestoreSpec `json:"spec"`
Status RestoreStatus `json:"status,omitempty"`
}
// RestoreSpec defines how to restore an etcd cluster from existing backup.
type RestoreSpec struct {
// BackupStorageType is the type of the backup storage which is used as RestoreSource.
BackupStorageType BackupStorageType `json:"backupStorageType"`
// RestoreSource tells the where to get the backup and restore from.
RestoreSource `json:",inline"`
// EtcdCluster references an EtcdCluster resource whose metadata and spec
// will be used to create the new restored EtcdCluster CR.
// This reference EtcdCluster CR and all its resources will be deleted before the
// restored EtcdCluster CR is created.
EtcdCluster EtcdClusterRef `json:"etcdCluster"`
}
// EtcdCluster references an EtcdCluster resource whose metadata and spec
// will be used to create the new restored EtcdCluster CR.
// This reference EtcdCluster CR and all its resources will be deleted before the
// restored EtcdCluster CR is created.
type EtcdClusterRef struct {
// Name is the EtcdCluster resource name.
// This reference EtcdCluster must be present in the same namespace as the restore-operator
Name string `json:"name"`
}
type RestoreSource struct {
// S3 tells where on S3 the backup is saved and how to fetch the backup.
S3 *S3RestoreSource `json:"s3,omitempty"`
// ABS tells where on ABS the backup is saved and how to fetch the backup.
ABS *ABSRestoreSource `json:"abs,omitempty"`
// GCS tells where on GCS the backup is saved and how to fetch the backup.
GCS *GCSRestoreSource `json:"gcs,omitempty"`
// COS tells where on COS the backup is saved and how to fetch the backup.
COS *COSRestoreSource `json:"cos,omitempty"`
// OSS tells where on OSS the backup is saved and how to fetch the backup.
OSS *OSSRestoreSource `json:"oss,omitempty"`
// HostPath tells where on HostPath the backup is saved and how to fetch the backup.
HostPath *HostPathRestoreSource `json:"hostPath,omitempty"`
}
type S3RestoreSource struct {
// Path is the full s3 path where the backup is saved.
// The format of the path must be: "/"
// e.g: "mybucket/etcd.backup"
Path string `json:"path"`
// The name of the secret object that stores the AWS credential and config files.
// The file name of the credential MUST be 'credentials'.
// The file name of the config MUST be 'config'.
// The profile to use in both files will be 'default'.
//
// AWSSecret overwrites the default etcd operator wide AWS credential and config.
AWSSecret string `json:"awsSecret"`
// Endpoint if blank points to aws. If specified, can point to s3 compatible object
// stores.
Endpoint string `json:"endpoint"`
// ForcePathStyle forces to use path style over the default subdomain style.
// This is useful when you have an s3 compatible endpoint that doesn't support
// subdomain buckets.
ForcePathStyle bool `json:"forcePathStyle"`
}
type ABSRestoreSource struct {
// Path is the full abs path where the backup is saved.
// The format of the path must be: "/"
// e.g: "myabscontainer/etcd.backup"
Path string `json:"path"`
// The name of the secret object that stores the Azure Blob Storage credential.
ABSSecret string `json:"absSecret"`
}
type GCSRestoreSource struct {
// Path is the full GCS path where the backup is saved.
// The format of the path must be: " 
