diff --git a/bitnami/thanos/Chart.yaml b/bitnami/thanos/Chart.yaml index b6ceb08234d8af..15e3e6ba4ec2c7 100644 --- a/bitnami/thanos/Chart.yaml +++ b/bitnami/thanos/Chart.yaml @@ -35,4 +35,4 @@ maintainers: name: thanos sources: - https://github.com/bitnami/charts/tree/main/bitnami/thanos -version: 12.23.2 +version: 13.0.0 diff --git a/bitnami/thanos/README.md b/bitnami/thanos/README.md index 9b66d653a979f4..5f43589452d4a9 100644 --- a/bitnami/thanos/README.md +++ b/bitnami/thanos/README.md @@ -107,35 +107,31 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate ### Thanos common parameters -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `image.registry` | Thanos image registry | `REGISTRY_NAME` | -| `image.repository` | Thanos image repository | `REPOSITORY_NAME/thanos` | -| `image.digest` | Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Thanos image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `objstoreConfig` | The [objstore configuration](https://thanos.io/tip/thanos/storage.md/) | `""` | -| `indexCacheConfig` | The [index cache configuration](https://thanos.io/tip/components/store.md/) | `""` | -| `bucketCacheConfig` | The [bucket cache configuration](https://thanos.io/tip/components/store.md/) | `""` | -| `existingObjstoreSecret` | Secret with Objstore Configuration | `""` | -| `existingObjstoreSecretItems` | Optional item list for specifying a custom Secret key. If so, path should be objstore.yml | `[]` | -| `httpConfig` | The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/) | `""` | -| `existingHttpConfigSecret` | Secret containing the HTTPS and Basic auth configuration | `""` | -| `https.enabled` | Set to true to enable HTTPS. Requires a secret containing the certificate and key. | `false` | -| `https.autoGenerated` | Create self-signed TLS certificates. | `false` | -| `https.existingSecret` | Existing secret containing your own server key and certificate | `""` | -| `https.certFilename` | | `tls.crt` | -| `https.keyFilename` | | `tls.key` | -| `https.caFilename` | | `ca.crt` | -| `https.key` | TLS Key for Thanos HTTPS - ignored if existingSecret is provided | `""` | -| `https.cert` | TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | -| `https.ca` | (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | -| `https.clientAuthType` | Server policy for client authentication using certificates. Maps to ClientAuth Policies. | `""` | -| `auth.basicAuthUsers` | Object containing : key-value pairs for each user that will have access via basic authentication | `{}` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| Name | Description | Value | +| ----------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `image.registry` | Thanos image registry | `REGISTRY_NAME` | +| `image.repository` | Thanos image repository | `REPOSITORY_NAME/thanos` | +| `image.digest` | Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Thanos image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `objstoreConfig` | The [objstore configuration](https://thanos.io/tip/thanos/storage.md/) | `""` | +| `indexCacheConfig` | The [index cache configuration](https://thanos.io/tip/components/store.md/) | `""` | +| `bucketCacheConfig` | The [bucket cache configuration](https://thanos.io/tip/components/store.md/) | `""` | +| `existingObjstoreSecret` | Secret with Objstore Configuration | `""` | +| `existingObjstoreSecretItems` | Optional item list for specifying a custom Secret key. If so, path should be objstore.yml | `[]` | +| `httpConfig` | The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/) | `""` | +| `existingHttpConfigSecret` | Secret containing the HTTPS and Basic auth configuration | `""` | +| `https.enabled` | Set to true to enable HTTPS. Requires a secret containing the certificate and key. | `false` | +| `https.autoGenerated` | Create self-signed TLS certificates. | `false` | +| `https.existingSecret` | Existing secret containing your own server key and certificate | `""` | +| `https.certFilename` | | `tls.crt` | +| `https.keyFilename` | | `tls.key` | +| `https.caFilename` | | `ca.crt` | +| `https.key` | TLS Key for Thanos HTTPS - ignored if existingSecret is provided | `""` | +| `https.cert` | TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | +| `https.ca` | (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | +| `https.clientAuthType` | Server policy for client authentication using certificates. Maps to ClientAuth Policies. | `""` | +| `auth.basicAuthUsers` | Object containing : key-value pairs for each user that will have access via basic authentication | `{}` | ### Thanos Query parameters @@ -160,6 +156,8 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `query.replicaCount` | Number of Thanos Query replicas to deploy | `1` | | `query.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | | `query.updateStrategy.type` | Update strategy type for Thanos Query replicas | `RollingUpdate` | +| `query.containerPorts.http` | HTTP container port | `10902` | +| `query.containerPorts.grpc` | HTTP container port | `10901` | | `query.podSecurityContext.enabled` | Enable security context for the Thanos Query pods | `true` | | `query.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | | `query.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | @@ -232,6 +230,13 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `query.grpc.client.tls.key` | TLS Key for GRPC server - ignored if existingSecret is provided | `""` | | `query.grpc.client.tls.ca` | TLS CA to verify clients against - ignored if existingSecret is provided | `""` | | `query.grpc.client.tls.existingSecret` | Existing secret containing your own TLS certificates | `{}` | +| `query.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `query.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `query.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `query.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `query.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `query.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `query.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `query.service.type` | Kubernetes service type | `ClusterIP` | | `query.service.ports.http` | Thanos Query service HTTP port | `9090` | | `query.service.nodePorts.http` | Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | @@ -321,6 +326,7 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `queryFrontend.replicaCount` | Number of Thanos Query Frontend replicas to deploy | `1` | | `queryFrontend.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | | `queryFrontend.updateStrategy.type` | Update strategy type for Thanos Query Frontend replicas | `RollingUpdate` | +| `queryFrontend.containerPorts.http` | HTTP container port | `9090` | | `queryFrontend.podSecurityContext.enabled` | Enable security context for the Thanos Query Frontend pods | `true` | | `queryFrontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | | `queryFrontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | @@ -379,6 +385,13 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `queryFrontend.priorityClassName` | Thanos Query Frontend priorityClassName | `""` | | `queryFrontend.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Query Frontend pods | `""` | | `queryFrontend.topologySpreadConstraints` | Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains | `[]` | +| `queryFrontend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `queryFrontend.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `queryFrontend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `queryFrontend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `queryFrontend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `queryFrontend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `queryFrontend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `queryFrontend.service.type` | Kubernetes service type | `ClusterIP` | | `queryFrontend.service.ports.http` | Thanos Query Frontend service HTTP port | `9090` | | `queryFrontend.service.nodePorts.http` | Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | @@ -439,6 +452,7 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `bucketweb.replicaCount` | Number of Thanos Bucket Web replicas to deploy | `1` | | `bucketweb.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | | `bucketweb.updateStrategy.type` | Update strategy type for Thanos Bucket Web replicas | `RollingUpdate` | +| `bucketweb.containerPorts.http` | HTTP container port | `8080` | | `bucketweb.podSecurityContext.enabled` | Enable security context for the Thanos Bucket Web pods | `true` | | `bucketweb.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | | `bucketweb.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | @@ -497,6 +511,13 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `bucketweb.priorityClassName` | Thanos Bucket Web priorityClassName | `""` | | `bucketweb.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Bucket Web pods | `""` | | `bucketweb.topologySpreadConstraints` | Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains | `[]` | +| `bucketweb.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `bucketweb.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `bucketweb.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `bucketweb.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `bucketweb.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `bucketweb.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `bucketweb.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `bucketweb.service.type` | Kubernetes service type | `ClusterIP` | | `bucketweb.service.ports.http` | Thanos Bucket Web service HTTP port | `8080` | | `bucketweb.service.nodePorts.http` | Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | @@ -565,6 +586,7 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `compactor.cronJob.ttlSecondsAfterFinished` | The maximum retention before removing the job | `""` | | `compactor.restartPolicy` | Compactor container restart policy. | `""` | | `compactor.updateStrategy.type` | Update strategy type for Thanos Compactor replicas | `Recreate` | +| `compactor.containerPorts.http` | HTTP container port | `10902` | | `compactor.podSecurityContext.enabled` | Enable security context for the Thanos Compactor pods | `true` | | `compactor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | | `compactor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | @@ -623,6 +645,13 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `compactor.priorityClassName` | Thanos Compactor priorityClassName | `""` | | `compactor.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Compactor pods | `""` | | `compactor.topologySpreadConstraints` | Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains | `[]` | +| `compactor.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `compactor.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `compactor.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `compactor.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `compactor.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `compactor.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `compactor.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `compactor.service.type` | Kubernetes service type | `ClusterIP` | | `compactor.service.ports.http` | Thanos Compactor service HTTP port | `9090` | | `compactor.service.nodePorts.http` | Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | @@ -687,6 +716,8 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `storegateway.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | | `storegateway.updateStrategy.type` | Update strategy type for Thanos Store Gateway replicas | `RollingUpdate` | | `storegateway.podManagementPolicy` | Statefulset Pod management policy: OrderedReady (default) or Parallel | `OrderedReady` | +| `storegateway.containerPorts.http` | HTTP container port | `10902` | +| `storegateway.containerPorts.grpc` | GRPC container port | `10901` | | `storegateway.podSecurityContext.enabled` | Enable security context for the Thanos Store Gateway pods | `true` | | `storegateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | | `storegateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | @@ -745,6 +776,13 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `storegateway.priorityClassName` | Thanos Store Gateway priorityClassName | `""` | | `storegateway.topologySpreadConstraints` | Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains | `[]` | | `storegateway.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Store Gateway pods | `""` | +| `storegateway.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `storegateway.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `storegateway.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `storegateway.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `storegateway.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `storegateway.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `storegateway.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `storegateway.service.type` | Kubernetes service type | `ClusterIP` | | `storegateway.service.ports.http` | Thanos Store Gateway service HTTP port | `9090` | | `storegateway.service.ports.grpc` | Thanos Store Gateway service GRPC port | `10901` | @@ -840,6 +878,8 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `ruler.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | | `ruler.updateStrategy.type` | Update strategy type for Thanos Ruler replicas | `RollingUpdate` | | `ruler.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` | +| `ruler.containerPorts.http` | HTTP container port | `10902` | +| `ruler.containerPorts.grpc` | GRPC container port | `10901` | | `ruler.podSecurityContext.enabled` | Enable security context for the Thanos Ruler pods | `true` | | `ruler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | | `ruler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | @@ -898,6 +938,13 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `ruler.priorityClassName` | Thanos Ruler priorityClassName | `""` | | `ruler.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Ruler pods | `""` | | `ruler.topologySpreadConstraints` | Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains | `[]` | +| `ruler.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `ruler.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `ruler.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `ruler.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `ruler.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `ruler.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `ruler.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `ruler.service.type` | Kubernetes service type | `ClusterIP` | | `ruler.service.ports.http` | Thanos Ruler service HTTP port | `9090` | | `ruler.service.ports.grpc` | Thanos Ruler service GRPC port | `10901` | @@ -975,6 +1022,9 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `receive.podManagementPolicy` | | `OrderedReady` | | `receive.podManagementPolicy` | Statefulset Pod management policy: OrderedReady (default) or Parallel | `OrderedReady` | | `receive.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `receive.containerPorts.http` | HTTP container port | `10902` | +| `receive.containerPorts.grpc` | GRPC container port | `10901` | +| `receive.containerPorts.remote` | remote-write container port | `19291` | | `receive.podSecurityContext.enabled` | Enable security context for the Thanos Receive pods | `true` | | `receive.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | | `receive.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | @@ -1034,6 +1084,13 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `receive.priorityClassName` | Thanos Receive priorityClassName | `""` | | `receive.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Receive pods | `""` | | `receive.topologySpreadConstraints` | Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains | `[]` | +| `receive.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `receive.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `receive.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `receive.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `receive.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `receive.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `receive.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | | `receive.service.type` | Kubernetes service type | `ClusterIP` | | `receive.service.ports.http` | Thanos Ruler service HTTP port | `10902` | | `receive.service.ports.grpc` | Thanos Ruler service GRPC port | `10901` | @@ -1273,14 +1330,6 @@ Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate | `minio.auth.rootPassword` | Password for MinIO® root user | `""` | | `minio.defaultBuckets` | Comma, semi-colon or space separated list of MinIO® buckets to create | `thanos` | -### NetWorkPolicy parameters - -| Name | Description | Value | -| ------------------------------------------ | ---------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | - Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console @@ -1532,6 +1581,12 @@ Find more information about how to deal with common errors related to Bitnami's ## Upgrading +### To 13.0.0 + +This major version changes the NetworkPolicy objects and creates one per Thanos component. The `networkPolicy` common value was removed in favor of `COMPONENT.networkPolicy`. Also, NetworkPolicy objects are deployed by default. This can be changed by setting `COMPONENT.networkPolicy.enabled=false` being `COMPONENT` one of the Thanos components. + +This version also removes deprecated service port values like `receive.service.http.port` in favor of `recieve.service.ports.http`, as well as `existingServiceAccount`. + ### To 12.0.0 This major updates the MinIO® subchart to its newest major, 12.0.0. This subchart's major doesn't include any changes affecting its use as a subchart for Thanos, so no major issues are expected during the upgrade. diff --git a/bitnami/thanos/templates/NOTES.txt b/bitnami/thanos/templates/NOTES.txt index 0ce1214afa9dad..e030369aaf107d 100644 --- a/bitnami/thanos/templates/NOTES.txt +++ b/bitnami/thanos/templates/NOTES.txt @@ -2,12 +2,11 @@ CHART NAME: {{ .Chart.Name }} CHART VERSION: {{ .Chart.Version }} APP VERSION: {{ .Chart.AppVersion }} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} ** Please be patient while the chart is being deployed ** Thanos chart was deployed enabling the following components: -{{- if $query.enabled }} +{{- if .Values.query.enabled }} - Thanos Query {{- end }} {{- if .Values.bucketweb.enabled }} @@ -23,45 +22,45 @@ Thanos chart was deployed enabling the following components: - Thanos Store Gateway {{- end }} -{{- if $query.enabled }} +{{- if .Values.query.enabled }} Thanos Query can be accessed through following DNS name from within your cluster: - {{ include "common.names.fullname" . }}-query.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ if $query.service.http }}{{ coalesce $query.service.ports.http $query.service.http.port }}{{ else }}{{ $query.service.ports.http }}{{ end }}) + {{ include "thanos.query.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.query.service.ports.http }}) To access Thanos Query from outside the cluster execute the following commands: -{{- if $query.ingress.enabled }} +{{- if .Values.query.ingress.enabled }} 1. Get the Thanos Query URL and associate Thanos Query hostname to your cluster external IP: export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Thanos Query URL: http{{ if $query.ingress.tls }}s{{ end }}://{{ $query.ingress.hostname }}/" - echo "$CLUSTER_IP {{ $query.ingress.hostname }}" | sudo tee -a /etc/hosts + echo "Thanos Query URL: http{{ if .Values.query.ingress.tls }}s{{ end }}://{{ .Values.query.ingress.hostname }}/" + echo "$CLUSTER_IP {{ .Values.query.ingress.hostname }}" | sudo tee -a /etc/hosts {{- else }} 1. Get the Thanos Query URL by running these commands: -{{- if contains "NodePort" $query.service.type }} +{{- if contains "NodePort" .Values.query.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}-query) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "thanos.query.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo "http://${NODE_IP}:${NODE_PORT}" -{{- else if contains "LoadBalancer" $query.service.type }} +{{- else if contains "LoadBalancer" .Values.query.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}-query' + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "thanos.query.fullname" . }}' - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query) - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-query -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }}) + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "thanos.query.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo "http://${SERVICE_IP}:${SERVICE_PORT}" -{{- else if contains "ClusterIP" $query.service.type }} +{{- else if contains "ClusterIP" .Values.query.service.type }} - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query) - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }}-query ${SERVICE_PORT}:${SERVICE_PORT} & + export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }}) + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "thanos.query.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} & echo "http://127.0.0.1:${SERVICE_PORT}" {{- end }} diff --git a/bitnami/thanos/templates/_helpers.tpl b/bitnami/thanos/templates/_helpers.tpl index 4f2a761d0a4443..762d52abebbacf 100644 --- a/bitnami/thanos/templates/_helpers.tpl +++ b/bitnami/thanos/templates/_helpers.tpl @@ -21,6 +21,62 @@ Fully qualified app name for PostgreSQL {{- end -}} {{- end -}} +{{/* +Return the proper Thanos bucketweb fullname +*/}} +{{- define "thanos.bucketweb.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "bucketweb" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos compactor fullname +*/}} +{{- define "thanos.compactor.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "compactor" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos query-frontend fullname +*/}} +{{- define "thanos.query-frontend.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "query-frontend" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos query fullname +*/}} +{{- define "thanos.query.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "query" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos receive-distributor fullname +*/}} +{{- define "thanos.receive-distributor.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "receive-distributor" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos receive fullname +*/}} +{{- define "thanos.receive.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "receive" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos compactor fullname +*/}} +{{- define "thanos.ruler.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "ruler" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos storegateway fullname +*/}} +{{- define "thanos.storegateway.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "storegateway" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Return the proper Thanos image name */}} @@ -104,31 +160,14 @@ Return true if a secret object should be created {{- end -}} {{- end -}} -{{/* -Return a YAML of either .Values.query or .Values.querier -If .Values.querier is used, we merge in the defaults from .Values.query, giving preference to .Values.querier -*/}} -{{- define "thanos.query.values" -}} -{{- if .Values.querier -}} - {{- if .Values.query -}} - {{- mergeOverwrite .Values.query .Values.querier | toYaml -}} - {{- else -}} - {{- .Values.querier | toYaml -}} - {{- end -}} -{{- else -}} - {{- .Values.query | toYaml -}} -{{- end -}} -{{- end -}} - {{/* Return the Thanos Query Service Discovery configuration configmap. */}} {{- define "thanos.query.SDConfigmapName" -}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.existingSDConfigmap -}} - {{- printf "%s" (tpl $query.existingSDConfigmap $) -}} +{{- if .Values.query.existingSDConfigmap -}} + {{- printf "%s" (tpl .Values.query.existingSDConfigmap $) -}} {{- else -}} - {{- printf "%s-query-sd-configmap" (include "common.names.fullname" .) -}} + {{- printf "%s-query-sd" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} @@ -136,8 +175,7 @@ Return the Thanos Query Service Discovery configuration configmap. Return true if a configmap object should be created */}} {{- define "thanos.query.createSDConfigmap" -}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.sdConfig (not $query.existingSDConfigmap) }} +{{- if and .Values.query.sdConfig (not .Values.query.existingSDConfigmap) }} {{- true -}} {{- else -}} {{- end -}} @@ -150,7 +188,7 @@ Return the Thanos Ruler configuration configmap. {{- if .Values.ruler.existingConfigmap -}} {{- printf "%s" (tpl .Values.ruler.existingConfigmap $) -}} {{- else -}} - {{- printf "%s-ruler-configmap" (include "common.names.fullname" .) -}} + {{- printf "%s-ruler" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} @@ -161,11 +199,10 @@ Return the queryURL used by Thanos Ruler. {{- if and .Values.queryFrontend.enabled .Values.queryFrontend.ingress.enabled .Values.queryFrontend.ingress.hostname .Values.queryFrontend.ingress.overrideAlertQueryURL -}} {{- printf "http://%s" (tpl .Values.queryFrontend.ingress.hostname .) -}} {{- else -}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} {{- if .Values.ruler.queryURL -}} {{- printf "%s" (tpl .Values.ruler.queryURL $) -}} {{- else -}} - {{- printf "http://%s-query.%s.svc.%s:%d" (include "common.names.fullname" . ) .Release.Namespace .Values.clusterDomain (int $query.service.ports.http) -}} + {{- printf "http://%s-query.%s.svc.%s:%d" (include "common.names.fullname" . ) .Release.Namespace .Values.clusterDomain (int .Values.query.service.ports.http) -}} {{- end -}} {{- end -}} {{- end -}} @@ -187,7 +224,7 @@ Return the Thanos storegateway configuration configmap. {{- if .Values.storegateway.existingConfigmap -}} {{- printf "%s" (tpl .Values.storegateway.existingConfigmap $) -}} {{- else -}} - {{- printf "%s-storegateway-configmap" (include "common.names.fullname" .) -}} + {{- printf "%s-storegateway" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} @@ -198,7 +235,7 @@ Return the Thanos Query Frontend configuration configmap. {{- if .Values.queryFrontend.existingConfigmap -}} {{- printf "%s" (tpl .Values.queryFrontend.existingConfigmap $) -}} {{- else -}} - {{- printf "%s-query-frontend-configmap" (include "common.names.fullname" .) -}} + {{- printf "%s-query-frontend" (include "common.names.fullname" .) -}} {{- end -}} {{- end -}} @@ -222,6 +259,94 @@ Return true if a configmap object should be created {{- end -}} {{- end -}} +{{/* +Create the name of the service account to use (bucketweb) +*/}} +{{- define "thanos.bucketweb.serviceAccountName" -}} +{{- if .Values.bucketweb.serviceAccount.create -}} + {{ default (include "thanos.bucketweb.fullname" .) .Values.bucketweb.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.bucketweb.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (compactor) +*/}} +{{- define "thanos.compactor.serviceAccountName" -}} +{{- if .Values.compactor.serviceAccount.create -}} + {{ default (include "thanos.compactor.fullname" .) .Values.compactor.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.compactor.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (query) +*/}} +{{- define "thanos.query.serviceAccountName" -}} +{{- if .Values.query.serviceAccount.create -}} + {{ default (include "thanos.query.fullname" .) .Values.query.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.query.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (queryFrontend) +*/}} +{{- define "thanos.query-frontend.serviceAccountName" -}} +{{- if .Values.queryFrontend.serviceAccount.create -}} + {{ default (include "thanos.query-frontend.fullname" .) .Values.queryFrontend.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.queryFrontend.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (receive) +*/}} +{{- define "thanos.receive.serviceAccountName" -}} +{{- if .Values.receive.serviceAccount.create -}} + {{ default (include "thanos.receive.fullname" .) .Values.receive.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.receive.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (receiveDistributor) +*/}} +{{- define "thanos.receive-distributor.serviceAccountName" -}} +{{- if .Values.receiveDistributor.serviceAccount.create -}} + {{ default (include "thanos.receive-distributor.fullname" .) .Values.receiveDistributor.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.receiveDistributor.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (ruler) +*/}} +{{- define "thanos.ruler.serviceAccountName" -}} +{{- if .Values.ruler.serviceAccount.create -}} + {{ default (include "thanos.ruler.fullname" .) .Values.ruler.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.ruler.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (storegateway) +*/}} +{{- define "thanos.storegateway.serviceAccountName" -}} +{{- if .Values.storegateway.serviceAccount.create -}} + {{ default (include "thanos.storegateway.fullname" .) .Values.storegateway.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.storegateway.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Return the Thanos Compactor pvc name */}} @@ -345,51 +470,6 @@ false {{- end }} {{- end }} -{{/* Service account name -Usage: -{{ include "thanos.serviceAccountName" (dict "component" "bucketweb" "context" $) }} -*/}} -{{- define "thanos.serviceAccountName" -}} -{{- $component := index .context.Values .component -}} -{{- if eq .component "query-frontend" -}} -{{- $component = index .context.Values "queryFrontend" -}} -{{- else if eq .component "receive-distributor" -}} -{{- $component = index .context.Values "receiveDistributor" -}} -{{- end -}} -{{- if not (include "thanos.serviceAccount.useExisting" (dict "component" .component "context" .context)) -}} - {{- if $component.serviceAccount.create -}} - {{- if eq .context.Values.serviceAccount.name "" -}} - {{ default (printf "%s-%s" (include "common.names.fullname" .context) .component) $component.serviceAccount.name }} - {{- else -}} - {{ default (printf "%s-%s" (.context.Values.serviceAccount.name) .component) $component.serviceAccount.name }} - {{- end -}} - {{- else if .context.Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .context) .context.Values.serviceAccount.name }} - {{- else -}} - {{ default "default" (coalesce $component.serviceAccount.name .context.Values.serviceAccount.name ) }} - {{- end -}} -{{- else -}} - {{ default (printf "%s-%s" (include "common.names.fullname" .context) .component) (coalesce $component.serviceAccount.existingServiceAccount .context.Values.existingServiceAccount) }} -{{- end -}} -{{- end -}} - -{{/* Service account use existing -{{- include "thanos.serviceAccount.useExisting" (dict "component" "bucketweb" "context" $) -}} -*/}} -{{- define "thanos.serviceAccount.useExisting" -}} -{{- $component := index .context.Values .component -}} -{{- if eq .component "query-frontend" -}} -{{- $component = index .context.Values "queryFrontend" -}} -{{- else if eq .component "receive-distributor" -}} -{{- $component = index .context.Values "receiveDistributor" -}} -{{- end -}} -{{- if .context.Values.existingServiceAccount -}} - {{- true -}} -{{- else if $component.serviceAccount.existingServiceAccount -}} - {{- true -}} -{{- end -}} -{{- end -}} - {{/* Return true if a hashring configmap object should be created */}} @@ -400,7 +480,6 @@ Return true if a hashring configmap object should be created {{- end -}} {{- end -}} - {{/* Return the Thanos receive hashring configuration configmap. */}} diff --git a/bitnami/thanos/templates/alert-rule/query.yml b/bitnami/thanos/templates/alert-rule/query.yml index 3294540e354e0f..d213572e599fc3 100644 --- a/bitnami/thanos/templates/alert-rule/query.yml +++ b/bitnami/thanos/templates/alert-rule/query.yml @@ -10,7 +10,7 @@ Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/ale apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: - name: {{ template "common.names.fullname" . }}-query + name: {{ include "thanos.query.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.metrics.prometheusRule.additionalLabels }} diff --git a/bitnami/thanos/templates/alert-rule/receive.yml b/bitnami/thanos/templates/alert-rule/receive.yml index 6464012948eac6..a65ba967de15e7 100644 --- a/bitnami/thanos/templates/alert-rule/receive.yml +++ b/bitnami/thanos/templates/alert-rule/receive.yml @@ -10,7 +10,7 @@ Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/ale apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: - name: {{ template "common.names.fullname" . }}-receive + name: {{ include "thanos.receive.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.metrics.prometheusRule.additionalLabels }} diff --git a/bitnami/thanos/templates/alert-rule/ruler.yml b/bitnami/thanos/templates/alert-rule/ruler.yml index ef7513f0376d12..b778ff87c9fb3a 100644 --- a/bitnami/thanos/templates/alert-rule/ruler.yml +++ b/bitnami/thanos/templates/alert-rule/ruler.yml @@ -10,7 +10,7 @@ Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/ale apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: - name: {{ template "common.names.fullname" . }}-ruler + name: {{ include "thanos.ruler.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.metrics.prometheusRule.additionalLabels }} diff --git a/bitnami/thanos/templates/alert-rule/store_gateway.yml b/bitnami/thanos/templates/alert-rule/store_gateway.yml index 70339e36f23997..96981c51efac8e 100644 --- a/bitnami/thanos/templates/alert-rule/store_gateway.yml +++ b/bitnami/thanos/templates/alert-rule/store_gateway.yml @@ -10,7 +10,7 @@ Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/ale apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: - name: {{ template "common.names.fullname" . }}-store-gateway + name: {{ include "thanos.storegateway.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.metrics.prometheusRule.additionalLabels }} diff --git a/bitnami/thanos/templates/bucketweb/deployment.yaml b/bitnami/thanos/templates/bucketweb/deployment.yaml index 6d374d90a15d7d..ebfe07136f95b6 100644 --- a/bitnami/thanos/templates/bucketweb/deployment.yaml +++ b/bitnami/thanos/templates/bucketweb/deployment.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: bucketweb {{- if .Values.commonAnnotations }} @@ -37,7 +37,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "bucketweb" "context" $) }} + serviceAccountName: {{ include "thanos.bucketweb.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.bucketweb.automountServiceAccountToken }} {{- if .Values.bucketweb.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.hostAliases "context" $) | nindent 8 }} @@ -97,7 +97,7 @@ spec: - tools - bucket - web - - --http-address=0.0.0.0:8080 + - --http-address=0.0.0.0:{{ .Values.bucketweb.containerPorts.http }} - --log.level={{ .Values.bucketweb.logLevel }} - --log.format={{ .Values.bucketweb.logFormat }} - --objstore.config-file=/conf/objstore.yml @@ -130,7 +130,7 @@ spec: {{- end }} ports: - name: http - containerPort: 8080 + containerPort: {{ .Values.bucketweb.containerPorts.http }} protocol: TCP {{- if .Values.bucketweb.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.customLivenessProbe "context" $) | nindent 12 }} diff --git a/bitnami/thanos/templates/bucketweb/hpa.yaml b/bitnami/thanos/templates/bucketweb/hpa.yaml index 1f6dad3768eadc..2b3c5cdc323f62 100644 --- a/bitnami/thanos/templates/bucketweb/hpa.yaml +++ b/bitnami/thanos/templates/bucketweb/hpa.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.commonAnnotations }} @@ -18,7 +18,7 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment - name: {{ include "common.names.fullname" . }}-bucketweb + name: {{ include "thanos.bucketweb.fullname" . }} minReplicas: {{ .Values.bucketweb.autoscaling.minReplicas }} maxReplicas: {{ .Values.bucketweb.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/thanos/templates/bucketweb/ingress.yaml b/bitnami/thanos/templates/bucketweb/ingress.yaml index a45354641c89d5..8402858d67ddac 100644 --- a/bitnami/thanos/templates/bucketweb/ingress.yaml +++ b/bitnami/thanos/templates/bucketweb/ingress.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: bucketweb {{- if or .Values.bucketweb.ingress.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/bucketweb/networkpolicy.yaml b/bitnami/thanos/templates/bucketweb/networkpolicy.yaml new file mode 100644 index 00000000000000..52f891941ef0ac --- /dev/null +++ b/bitnami/thanos/templates/bucketweb/networkpolicy.yaml @@ -0,0 +1,80 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.bucketweb.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: bucketweb + policyTypes: + - Ingress + - Egress + {{- if .Values.bucketweb.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.bucketweb.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.bucketweb.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.bucketweb.containerPorts.http }} + - port: {{ .Values.bucketweb.service.ports.http }} + {{- if not .Values.bucketweb.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.bucketweb.fullname" . }}-client: "true" + {{- if .Values.bucketweb.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.bucketweb.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.bucketweb.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.bucketweb.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.bucketweb.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.bucketweb.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/thanos/templates/bucketweb/pdb.yaml b/bitnami/thanos/templates/bucketweb/pdb.yaml index 7b6e4073bb90d5..a352238ecd4e5d 100644 --- a/bitnami/thanos/templates/bucketweb/pdb.yaml +++ b/bitnami/thanos/templates/bucketweb/pdb.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: bucketweb {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/bucketweb/service.yaml b/bitnami/thanos/templates/bucketweb/service.yaml index eb0e4aa40dc514..eb9ddd2c866e4a 100644 --- a/bitnami/thanos/templates/bucketweb/service.yaml +++ b/bitnami/thanos/templates/bucketweb/service.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.service.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: bucketweb @@ -32,7 +32,7 @@ spec: loadBalancerSourceRanges: {{- toYaml .Values.bucketweb.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ if .Values.bucketweb.service.http }}{{ coalesce .Values.bucketweb.service.ports.http .Values.bucketweb.service.http.port }}{{ else }}{{ .Values.bucketweb.service.ports.http }}{{ end }} + - port: {{ .Values.bucketweb.service.ports.http }} targetPort: http protocol: TCP name: http diff --git a/bitnami/thanos/templates/bucketweb/serviceaccount.yaml b/bitnami/thanos/templates/bucketweb/serviceaccount.yaml index d64bc206df93e7..a3aafaabb08dd2 100644 --- a/bitnami/thanos/templates/bucketweb/serviceaccount.yaml +++ b/bitnami/thanos/templates/bucketweb/serviceaccount.yaml @@ -3,12 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.bucketweb.enabled .Values.bucketweb.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "bucketweb" "context" $))) }} +{{- if and .Values.bucketweb.enabled .Values.bucketweb.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "bucketweb" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.bucketweb.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: bucketweb {{- if or .Values.bucketweb.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/bucketweb/servicemonitor.yaml b/bitnami/thanos/templates/bucketweb/servicemonitor.yaml index 10103707d2da4a..2a6e527a7c0fcf 100644 --- a/bitnami/thanos/templates/bucketweb/servicemonitor.yaml +++ b/bitnami/thanos/templates/bucketweb/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-bucketweb + name: {{ include "thanos.bucketweb.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/bucketweb/tls-secrets.yaml b/bitnami/thanos/templates/bucketweb/tls-secrets.yaml index 0cb4801d9002ff..78d08e14a891ae 100644 --- a/bitnami/thanos/templates/bucketweb/tls-secrets.yaml +++ b/bitnami/thanos/templates/bucketweb/tls-secrets.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-bucketweb - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: bucketweb {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: bucketweb {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/compactor/_pod-template.tpl b/bitnami/thanos/templates/compactor/_pod-template.tpl index de46913c57a078..71c9f01d83f8d6 100644 --- a/bitnami/thanos/templates/compactor/_pod-template.tpl +++ b/bitnami/thanos/templates/compactor/_pod-template.tpl @@ -20,7 +20,7 @@ metadata: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 2 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "compactor" "context" $) }} + serviceAccountName: {{ include "thanos.compactor.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.compactor.automountServiceAccountToken }} {{- if .Values.compactor.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.hostAliases "context" $) | nindent 4 }} @@ -104,7 +104,7 @@ spec: - compact - --log.level={{ .Values.compactor.logLevel }} - --log.format={{ .Values.compactor.logFormat }} - - --http-address=0.0.0.0:10902 + - --http-address=0.0.0.0:{{ .Values.compactor.containerPorts.http }} - --data-dir=/data - --retention.resolution-raw={{ .Values.compactor.retentionResolutionRaw }} - --retention.resolution-5m={{ .Values.compactor.retentionResolution5m }} @@ -137,7 +137,7 @@ spec: {{- end }} ports: - name: http - containerPort: 10902 + containerPort: {{ .Values.compactor.containerPorts.http }} protocol: TCP {{- if .Values.compactor.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.customLivenessProbe "context" $) | nindent 8 }} diff --git a/bitnami/thanos/templates/compactor/cronjob.yaml b/bitnami/thanos/templates/compactor/cronjob.yaml index 70a90ce2cdb00f..4e65df0c21f54d 100644 --- a/bitnami/thanos/templates/compactor/cronjob.yaml +++ b/bitnami/thanos/templates/compactor/cronjob.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} kind: CronJob metadata: - name: {{ include "common.names.fullname" . }}-compactor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/compactor/deployment.yaml b/bitnami/thanos/templates/compactor/deployment.yaml index d2b58d6925600b..1e005f0f1c4f70 100644 --- a/bitnami/thanos/templates/compactor/deployment.yaml +++ b/bitnami/thanos/templates/compactor/deployment.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ include "common.names.fullname" . }}-compactor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/compactor/ingress.yaml b/bitnami/thanos/templates/compactor/ingress.yaml index ec1eb054798bdc..d4a797916cacfc 100644 --- a/bitnami/thanos/templates/compactor/ingress.yaml +++ b/bitnami/thanos/templates/compactor/ingress.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-compactor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor {{- if or .Values.compactor.ingress.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/compactor/networkpolicy.yaml b/bitnami/thanos/templates/compactor/networkpolicy.yaml new file mode 100644 index 00000000000000..f41a2ae2811637 --- /dev/null +++ b/bitnami/thanos/templates/compactor/networkpolicy.yaml @@ -0,0 +1,80 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.compactor.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: compactor + policyTypes: + - Ingress + - Egress + {{- if .Values.compactor.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.compactor.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.compactor.containerPorts.http }} + - port: {{ .Values.compactor.service.ports.http }} + {{- if not .Values.compactor.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.compactor.fullname" . }}-client: "true" + {{- if .Values.compactor.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.compactor.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.compactor.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.compactor.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.compactor.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/thanos/templates/compactor/pvc.yaml b/bitnami/thanos/templates/compactor/pvc.yaml index 6083515440ecf9..292baf69675da9 100644 --- a/bitnami/thanos/templates/compactor/pvc.yaml +++ b/bitnami/thanos/templates/compactor/pvc.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ include "common.names.fullname" . }}-compactor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor diff --git a/bitnami/thanos/templates/compactor/service.yaml b/bitnami/thanos/templates/compactor/service.yaml index f2dab76f338b7e..fe2a8861b48702 100644 --- a/bitnami/thanos/templates/compactor/service.yaml +++ b/bitnami/thanos/templates/compactor/service.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-compactor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.service.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor @@ -32,7 +32,7 @@ spec: loadBalancerSourceRanges: {{- toYaml .Values.compactor.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ if .Values.compactor.service.http }}{{ coalesce .Values.compactor.service.ports.http .Values.compactor.service.http.port }}{{ else }}{{ .Values.compactor.service.ports.http }}{{ end }} + - port: {{ .Values.compactor.service.ports.http }} targetPort: http protocol: TCP name: http diff --git a/bitnami/thanos/templates/compactor/serviceaccount.yaml b/bitnami/thanos/templates/compactor/serviceaccount.yaml index c0665c9fa97d84..d2d246079edd1b 100644 --- a/bitnami/thanos/templates/compactor/serviceaccount.yaml +++ b/bitnami/thanos/templates/compactor/serviceaccount.yaml @@ -3,12 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.compactor.enabled .Values.compactor.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "compactor" "context" $))) }} +{{- if and .Values.compactor.enabled .Values.compactor.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "compactor" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.compactor.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor {{- if or .Values.compactor.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/compactor/servicemonitor.yaml b/bitnami/thanos/templates/compactor/servicemonitor.yaml index f6edf21a738a00..2be4ade6c54e7d 100644 --- a/bitnami/thanos/templates/compactor/servicemonitor.yaml +++ b/bitnami/thanos/templates/compactor/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-compactor + name: {{ include "thanos.compactor.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/compactor/tls-secrets.yaml b/bitnami/thanos/templates/compactor/tls-secrets.yaml index 790b0dd7acd40a..150ee75d897e3e 100644 --- a/bitnami/thanos/templates/compactor/tls-secrets.yaml +++ b/bitnami/thanos/templates/compactor/tls-secrets.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-compactor - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: compactor {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/grpc-tls-secrets.yaml b/bitnami/thanos/templates/grpc-tls-secrets.yaml index 31e25a2004aaa6..0753539efc6b73 100644 --- a/bitnami/thanos/templates/grpc-tls-secrets.yaml +++ b/bitnami/thanos/templates/grpc-tls-secrets.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if .Values.commonAnnotations }} @@ -39,7 +39,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.commonAnnotations }} @@ -66,7 +66,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} @@ -93,7 +93,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/http-certs-secret.yaml b/bitnami/thanos/templates/http-certs-secret.yaml index 2bde87855108ca..22c49cd5526f26 100644 --- a/bitnami/thanos/templates/http-certs-secret.yaml +++ b/bitnami/thanos/templates/http-certs-secret.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/httpconfig-secret.yaml b/bitnami/thanos/templates/httpconfig-secret.yaml index be372066dd0df3..b2c509a12fd91d 100644 --- a/bitnami/thanos/templates/httpconfig-secret.yaml +++ b/bitnami/thanos/templates/httpconfig-secret.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" . }}-http-config-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} stringData: http-config.yml: |- diff --git a/bitnami/thanos/templates/networkpolicy.yaml b/bitnami/thanos/templates/networkpolicy.yaml deleted file mode 100644 index 0e595a8876b1d0..00000000000000 --- a/bitnami/thanos/templates/networkpolicy.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: http - - port: grpc - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} - role: read - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/objstore-secret.yaml b/bitnami/thanos/templates/objstore-secret.yaml index 45289d77a4bd5c..080337f6683d7c 100644 --- a/bitnami/thanos/templates/objstore-secret.yaml +++ b/bitnami/thanos/templates/objstore-secret.yaml @@ -8,7 +8,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" . }}-objstore-secret - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} data: objstore.yml: |- diff --git a/bitnami/thanos/templates/prometheusrule.yaml b/bitnami/thanos/templates/prometheusrule.yaml index 0e82c52b134532..66119d995144a6 100644 --- a/bitnami/thanos/templates/prometheusrule.yaml +++ b/bitnami/thanos/templates/prometheusrule.yaml @@ -8,7 +8,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "common.names.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} {{- if .Values.metrics.prometheusRule.additionalLabels }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} diff --git a/bitnami/thanos/templates/query-frontend/configmap.yaml b/bitnami/thanos/templates/query-frontend/configmap.yaml index af1570d6208467..428e7601d96708 100644 --- a/bitnami/thanos/templates/query-frontend/configmap.yaml +++ b/bitnami/thanos/templates/query-frontend/configmap.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.names.fullname" . }}-query-frontend-configmap - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query-frontend/deployment.yaml b/bitnami/thanos/templates/query-frontend/deployment.yaml index ed8c3891076035..47308eab70ae57 100644 --- a/bitnami/thanos/templates/query-frontend/deployment.yaml +++ b/bitnami/thanos/templates/query-frontend/deployment.yaml @@ -3,13 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} {{- if .Values.queryFrontend.enabled }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} @@ -42,7 +41,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "query-frontend" "context" $) }} + serviceAccountName: {{ include "thanos.query-frontend.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.queryFrontend.automountServiceAccountToken }} {{- if .Values.queryFrontend.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.hostAliases "context" $) | nindent 8 }} @@ -102,8 +101,8 @@ spec: - query-frontend - --log.level={{ .Values.queryFrontend.logLevel }} - --log.format={{ .Values.queryFrontend.logFormat }} - - --http-address=0.0.0.0:10902 - - --query-frontend.downstream-url=http://{{ include "common.names.fullname" . }}-query:{{ if $query.service.http }}{{ coalesce $query.service.ports.http $query.service.http.port }}{{ else }}{{ $query.service.ports.http }}{{ end }} + - --http-address=0.0.0.0:{{ .Values.queryFrontend.containerPorts.http }} + - --query-frontend.downstream-url=http://{{ include "thanos.query.fullname" . }}:{{ .Values.query.service.ports.http }} {{- if (include "thanos.httpConfigEnabled" .) }} - --http.config=/conf/http/http-config.yml {{- end }} @@ -130,7 +129,7 @@ spec: {{- end }} ports: - name: http - containerPort: 10902 + containerPort: {{ .Values.queryFrontend.containerPorts.http }} protocol: TCP {{- if .Values.queryFrontend.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.customLivenessProbe "context" $) | nindent 12 }} diff --git a/bitnami/thanos/templates/query-frontend/hpa.yaml b/bitnami/thanos/templates/query-frontend/hpa.yaml index 8f527c10fc7baf..90cb76826b1580 100644 --- a/bitnami/thanos/templates/query-frontend/hpa.yaml +++ b/bitnami/thanos/templates/query-frontend/hpa.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} @@ -18,7 +18,7 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment - name: {{ include "common.names.fullname" . }}-query-frontend + name: {{ include "thanos.query-frontend.fullname" . }} minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/thanos/templates/query-frontend/ingress.yaml b/bitnami/thanos/templates/query-frontend/ingress.yaml index cc9cf683968684..aafe4c0c02a15c 100644 --- a/bitnami/thanos/templates/query-frontend/ingress.yaml +++ b/bitnami/thanos/templates/query-frontend/ingress.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if or .Values.queryFrontend.ingress.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query-frontend/networkpolicy.yaml b/bitnami/thanos/templates/query-frontend/networkpolicy.yaml new file mode 100644 index 00000000000000..366f0b5f6ac64b --- /dev/null +++ b/bitnami/thanos/templates/query-frontend/networkpolicy.yaml @@ -0,0 +1,92 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.queryFrontend.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query-frontend + policyTypes: + - Ingress + - Egress + {{- if .Values.queryFrontend.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.query.enabled }} + # Communicate with query + - ports: + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + {{- end }} + {{- if .Values.queryFrontend.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.queryFrontend.containerPorts.http }} + - port: {{ .Values.queryFrontend.service.ports.http }} + {{- if not .Values.queryFrontend.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.query.fullname" . }}-client: "true" + {{- if .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/pdb.yaml b/bitnami/thanos/templates/query-frontend/pdb.yaml index e171051e6c307f..0672907ec8ddb7 100644 --- a/bitnami/thanos/templates/query-frontend/pdb.yaml +++ b/bitnami/thanos/templates/query-frontend/pdb.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml b/bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml index 36a8815965357a..3b64927c5cb562 100644 --- a/bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml +++ b/bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: - name: {{ include "common.names.fullname" . }}-query-frontend + name: {{ include "thanos.query-frontend.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} @@ -18,7 +18,7 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: - - {{ include "common.names.fullname" . }}-query-frontend + - {{ include "thanos.query-frontend.fullname" . }} {{- if .Values.queryFrontend.rbac.rules }} {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.rbac.rules "context" $ ) | nindent 2 }} {{- end }} diff --git a/bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml b/bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml index ff768db5659e7f..50e794045875bb 100644 --- a/bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml +++ b/bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: - name: {{ include "common.names.fullname" . }}-query-frontend + name: {{ include "thanos.query-frontend.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} @@ -15,10 +15,10 @@ metadata: {{- end }} roleRef: kind: ClusterRole - name: {{ include "common.names.fullname" . }}-query-frontend + name: {{ include "thanos.query-frontend.fullname" . }} apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount - name: {{ include "thanos.serviceAccountName" (dict "component" "query-frontend" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} {{- end }} diff --git a/bitnami/thanos/templates/query-frontend/psp.yaml b/bitnami/thanos/templates/query-frontend/psp.yaml index 63b20c0a717f90..ac436be6ba0b12 100644 --- a/bitnami/thanos/templates/query-frontend/psp.yaml +++ b/bitnami/thanos/templates/query-frontend/psp.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query-frontend/service.yaml b/bitnami/thanos/templates/query-frontend/service.yaml index 54e05091117cc2..0c5d26022ec8f2 100644 --- a/bitnami/thanos/templates/query-frontend/service.yaml +++ b/bitnami/thanos/templates/query-frontend/service.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.service.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend @@ -32,7 +32,7 @@ spec: loadBalancerSourceRanges: {{- toYaml .Values.queryFrontend.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ if .Values.queryFrontend.service.http }}{{ coalesce .Values.queryFrontend.service.ports.http .Values.queryFrontend.service.http.port }}{{ else }}{{ .Values.queryFrontend.service.ports.http }}{{ end }} + - port: {{ .Values.queryFrontend.service.ports.http }} targetPort: http protocol: TCP name: http diff --git a/bitnami/thanos/templates/query-frontend/serviceaccount.yaml b/bitnami/thanos/templates/query-frontend/serviceaccount.yaml index b1ae50520964f9..afa938c38eb090 100644 --- a/bitnami/thanos/templates/query-frontend/serviceaccount.yaml +++ b/bitnami/thanos/templates/query-frontend/serviceaccount.yaml @@ -3,12 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "query-frontend" "context" $))) }} +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "query-frontend" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query-frontend.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if or .Values.queryFrontend.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query-frontend/servicemonitor.yaml b/bitnami/thanos/templates/query-frontend/servicemonitor.yaml index 45e85117ea86bb..6d399ae587ff57 100644 --- a/bitnami/thanos/templates/query-frontend/servicemonitor.yaml +++ b/bitnami/thanos/templates/query-frontend/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-query-frontend + name: {{ include "thanos.query-frontend.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/query-frontend/tls-secrets.yaml b/bitnami/thanos/templates/query-frontend/tls-secrets.yaml index a02c07222060f7..8b726f18715ad0 100644 --- a/bitnami/thanos/templates/query-frontend/tls-secrets.yaml +++ b/bitnami/thanos/templates/query-frontend/tls-secrets.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-query-frontend - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query-frontend {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query/deployment.yaml b/bitnami/thanos/templates/query/deployment.yaml index 5e10755800f8fb..ec54f66fd79597 100644 --- a/bitnami/thanos/templates/query/deployment.yaml +++ b/bitnami/thanos/templates/query/deployment.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ include "common.names.fullname" . }}-query - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} @@ -41,7 +41,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "query" "context" $) }} + serviceAccountName: {{ include "thanos.query.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.query.automountServiceAccountToken }} {{- if .Values.query.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.query.hostAliases "context" $) | nindent 8 }} @@ -131,13 +131,13 @@ spec: {{- end }} {{- end }} {{- if and .Values.storegateway.enabled .Values.query.dnsDiscovery.enabled (not .Values.storegateway.sharded.enabled ) }} - - --endpoint=dnssrv+_grpc._tcp.{{ include "common.names.fullname" . }}-storegateway{{ if .Values.storegateway.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - --endpoint=dnssrv+_grpc._tcp.{{ include "thanos.storegateway.fullname" . }}{{ if .Values.storegateway.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{- end }} {{- if and .Values.ruler.enabled .Values.query.dnsDiscovery.enabled }} - - --endpoint=dnssrv+_grpc._tcp.{{ include "common.names.fullname" . }}-ruler{{ if .Values.ruler.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - --endpoint=dnssrv+_grpc._tcp.{{ include "thanos.ruler.fullname" . }}{{ if .Values.ruler.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{- end }} {{- if and .Values.receive.enabled .Values.query.dnsDiscovery.enabled }} - - --endpoint=dnssrv+_grpc._tcp.{{ include "common.names.fullname" . }}-receive{{ if .Values.receive.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + - --endpoint=dnssrv+_grpc._tcp.{{ include "thanos.receive.fullname" . }}{{ if .Values.receive.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{- end }} {{- range .Values.query.stores }} - --endpoint={{ . }} diff --git a/bitnami/thanos/templates/query/hpa.yaml b/bitnami/thanos/templates/query/hpa.yaml index 5b932f17923135..4d0e0d06d15877 100644 --- a/bitnami/thanos/templates/query/hpa.yaml +++ b/bitnami/thanos/templates/query/hpa.yaml @@ -3,13 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled $query.autoscaling.enabled }} +{{- if and .Values.query.enabled .Values.query.autoscaling.enabled }} apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "common.names.fullname" . }}-query - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} @@ -19,32 +18,32 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment - name: {{ include "common.names.fullname" . }}-query - minReplicas: {{ $query.autoscaling.minReplicas }} - maxReplicas: {{ $query.autoscaling.maxReplicas }} + name: {{ include "thanos.query.fullname" . }} + minReplicas: {{ .Values.query.autoscaling.minReplicas }} + maxReplicas: {{ .Values.query.autoscaling.maxReplicas }} metrics: - {{- if $query.autoscaling.targetMemory }} + {{- if .Values.query.autoscaling.targetMemory }} - type: Resource resource: name: memory {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ $query.autoscaling.targetMemory }} + targetAverageUtilization: {{ .Values.query.autoscaling.targetMemory }} {{- else }} target: type: Utilization - averageUtilization: {{ $query.autoscaling.targetMemory }} + averageUtilization: {{ .Values.query.autoscaling.targetMemory }} {{- end }} {{- end }} - {{- if $query.autoscaling.targetCPU }} + {{- if .Values.query.autoscaling.targetCPU }} - type: Resource resource: name: cpu {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ $query.autoscaling.targetCPU }} + targetAverageUtilization: {{ .Values.query.autoscaling.targetCPU }} {{- else }} target: type: Utilization - averageUtilization: {{ $query.autoscaling.targetCPU }} + averageUtilization: {{ .Values.query.autoscaling.targetCPU }} {{- end }} {{- end }} {{- end }} diff --git a/bitnami/thanos/templates/query/ingress-grpc.yaml b/bitnami/thanos/templates/query/ingress-grpc.yaml index 493e742248d45f..154e7d70e834e0 100644 --- a/bitnami/thanos/templates/query/ingress-grpc.yaml +++ b/bitnami/thanos/templates/query/ingress-grpc.yaml @@ -8,7 +8,7 @@ apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ include "common.names.fullname" . }}-grpc - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if or .Values.query.ingress.grpc.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query/ingress.yaml b/bitnami/thanos/templates/query/ingress.yaml index cbb4cc78a9bdf4..7d2b3c91cc8461 100644 --- a/bitnami/thanos/templates/query/ingress.yaml +++ b/bitnami/thanos/templates/query/ingress.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-query - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if or .Values.query.ingress.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query/networkpolicy.yaml b/bitnami/thanos/templates/query/networkpolicy.yaml new file mode 100644 index 00000000000000..8b4a65dd9622c3 --- /dev/null +++ b/bitnami/thanos/templates/query/networkpolicy.yaml @@ -0,0 +1,124 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.query.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query + policyTypes: + - Ingress + - Egress + {{- if .Values.query.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Communicate with other query instances via headless service + - ports: + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.queryFrontend.enabled }} + # Communicate with query-frontend + - ports: + - port: {{ .Values.queryFrontend.service.ports.http }} + - port: {{ .Values.queryFrontend.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query-frontend + {{- end }} + {{- if .Values.storegateway.enabled }} + # Communicate with storegateway + - ports: + - port: {{ .Values.storegateway.service.ports.grpc }} + - port: {{ .Values.storegateway.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: storegateway + {{- end }} + {{- if .Values.receive.enabled }} + # Communicate with receive + - ports: + - port: {{ .Values.queryFrontend.service.ports.grpc }} + - port: {{ .Values.queryFrontend.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if eq .Values.receive.mode "dual-mode" }} + app.kubernetes.io/component: receive-distributor + {{ else }} + app.kubernetes.io/component: receive + {{ end }} + {{- end }} + {{- if .Values.query.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.query.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.containerPorts.grpc }} + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + {{- if not .Values.query.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.query.fullname" . }}-client: "true" + {{- if .Values.query.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.query.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.query.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.query.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.query.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.query.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/thanos/templates/query/pdb.yaml b/bitnami/thanos/templates/query/pdb.yaml index d8e8ba844fe8ab..de4b9d6e2441a0 100644 --- a/bitnami/thanos/templates/query/pdb.yaml +++ b/bitnami/thanos/templates/query/pdb.yaml @@ -3,26 +3,25 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled $query.pdb.create }} +{{- if and .Values.query.enabled .Values.query.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }}-query - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} spec: - {{- if $query.pdb.minAvailable }} - minAvailable: {{ $query.pdb.minAvailable }} + {{- if .Values.query.pdb.minAvailable }} + minAvailable: {{ .Values.query.pdb.minAvailable }} {{- end }} - {{- if $query.pdb.maxUnavailable }} - maxUnavailable: {{ $query.pdb.maxUnavailable }} + {{- if .Values.query.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.query.pdb.maxUnavailable }} {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $query.podLabels .Values.commonLabels ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} selector: matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} app.kubernetes.io/component: query diff --git a/bitnami/thanos/templates/query/psp-clusterrole.yaml b/bitnami/thanos/templates/query/psp-clusterrole.yaml index 24e8f535ad0413..0a04a275de9a24 100644 --- a/bitnami/thanos/templates/query/psp-clusterrole.yaml +++ b/bitnami/thanos/templates/query/psp-clusterrole.yaml @@ -3,12 +3,11 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) }} -{{- if and (include "common.capabilities.psp.supported" .) $query.enabled $query.pspEnabled $query.rbac.create }} +{{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create }} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRole metadata: - name: {{ include "common.names.fullname" . }}-query + name: {{ include "thanos.query.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} @@ -19,7 +18,7 @@ rules: resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: - - {{ include "common.names.fullname" . }}-query + - {{ include "thanos.query.fullname" . }} {{- if .Values.query.rbac.rules }} {{- include "common.tplvalues.render" ( dict "value" .Values.query.rbac.rules "context" $ ) | nindent 2 }} {{- end }} diff --git a/bitnami/thanos/templates/query/psp-clusterrolebinding.yaml b/bitnami/thanos/templates/query/psp-clusterrolebinding.yaml index f033356cdb83d0..32e1a9d2747a76 100644 --- a/bitnami/thanos/templates/query/psp-clusterrolebinding.yaml +++ b/bitnami/thanos/templates/query/psp-clusterrolebinding.yaml @@ -3,12 +3,11 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and (include "common.capabilities.psp.supported" .) $query.enabled $query.pspEnabled $query.rbac.create }} +{{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create }} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: - name: {{ include "common.names.fullname" . }}-query + name: {{ include "thanos.query.fullname" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} @@ -16,10 +15,10 @@ metadata: {{- end }} roleRef: kind: ClusterRole - name: {{ include "common.names.fullname" . }}-query + name: {{ include "thanos.query.fullname" . }} apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount - name: {{ include "thanos.serviceAccountName" (dict "component" "query" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} {{- end }} diff --git a/bitnami/thanos/templates/query/psp.yaml b/bitnami/thanos/templates/query/psp.yaml index e1a89dbbd534d3..84f6f80846dfae 100644 --- a/bitnami/thanos/templates/query/psp.yaml +++ b/bitnami/thanos/templates/query/psp.yaml @@ -3,13 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and (include "common.capabilities.psp.supported" .) $query.enabled $query.pspEnabled $query.rbac.create -}} +{{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create -}} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ include "common.names.fullname" . }}-query - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query/sd-configmap.yaml b/bitnami/thanos/templates/query/sd-configmap.yaml index 63af5eee55709d..2e43e3a413c9b0 100644 --- a/bitnami/thanos/templates/query/sd-configmap.yaml +++ b/bitnami/thanos/templates/query/sd-configmap.yaml @@ -3,13 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} {{- if (include "thanos.query.createSDConfigmap" .) }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.names.fullname" . }}-query-sd-configmap - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }}-sd + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} @@ -17,5 +16,5 @@ metadata: {{- end }} data: servicediscovery.yml: |- - {{- include "common.tplvalues.render" (dict "value" $query.sdConfig "context" $) | nindent 4 }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.sdConfig "context" $) | nindent 4 }} {{ end }} diff --git a/bitnami/thanos/templates/query/service-grpc-headless.yaml b/bitnami/thanos/templates/query/service-grpc-headless.yaml index 0eae624927eb30..31718f922569ab 100644 --- a/bitnami/thanos/templates/query/service-grpc-headless.yaml +++ b/bitnami/thanos/templates/query/service-grpc-headless.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-query-grpc-headless - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }}-grpc-headless + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if or .Values.query.serviceGrpc.headless.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query/service-grpc.yaml b/bitnami/thanos/templates/query/service-grpc.yaml index a8b9ea804343aa..2eab74e15b7173 100644 --- a/bitnami/thanos/templates/query/service-grpc.yaml +++ b/bitnami/thanos/templates/query/service-grpc.yaml @@ -3,52 +3,51 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.enabled -}} +{{- if .Values.query.enabled -}} apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-query-grpc - namespace: {{ .Release.Namespace | quote }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $query.serviceGrpc.labels .Values.commonLabels ) "context" . ) }} + name: {{ include "thanos.query.fullname" . }}-grpc + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceGrpc.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query - {{- if or $query.serviceGrpc.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $query.serviceGrpc.annotations .Values.commonAnnotations ) "context" . ) }} + {{- if or .Values.query.serviceGrpc.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceGrpc.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: - type: {{ $query.serviceGrpc.type }} - {{- if and $query.serviceGrpc.clusterIP (eq $query.serviceGrpc.type "ClusterIP") }} - clusterIP: {{ $query.serviceGrpc.clusterIP }} + type: {{ .Values.query.serviceGrpc.type }} + {{- if and .Values.query.serviceGrpc.clusterIP (eq .Values.query.serviceGrpc.type "ClusterIP") }} + clusterIP: {{ .Values.query.serviceGrpc.clusterIP }} {{- end }} - {{- if ne $query.serviceGrpc.type "ClusterIP" }} - externalTrafficPolicy: {{ $query.serviceGrpc.externalTrafficPolicy }} + {{- if ne .Values.query.serviceGrpc.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.query.serviceGrpc.externalTrafficPolicy }} {{- end }} - {{- if and $query.serviceGrpc.loadBalancerIP (eq $query.serviceGrpc.type "LoadBalancer") }} - loadBalancerIP: {{ $query.serviceGrpc.loadBalancerIP }} + {{- if and .Values.query.serviceGrpc.loadBalancerIP (eq .Values.query.serviceGrpc.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.query.serviceGrpc.loadBalancerIP }} {{- end }} - {{- if and (eq $query.serviceGrpc.type "LoadBalancer") $query.serviceGrpc.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $query.serviceGrpc.loadBalancerSourceRanges | nindent 4 }} + {{- if and (eq .Values.query.serviceGrpc.type "LoadBalancer") .Values.query.serviceGrpc.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.query.serviceGrpc.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ $query.serviceGrpc.ports.grpc }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} targetPort: grpc protocol: TCP name: grpc - {{- if and (or (eq $query.serviceGrpc.type "NodePort") (eq $query.serviceGrpc.type "LoadBalancer")) $query.serviceGrpc.nodePorts.grpc }} - nodePort: {{ $query.serviceGrpc.nodePorts.grpc }} - {{- else if eq $query.serviceGrpc.type "ClusterIP" }} + {{- if and (or (eq .Values.query.serviceGrpc.type "NodePort") (eq .Values.query.serviceGrpc.type "LoadBalancer")) .Values.query.serviceGrpc.nodePorts.grpc }} + nodePort: {{ .Values.query.serviceGrpc.nodePorts.grpc }} + {{- else if eq .Values.query.serviceGrpc.type "ClusterIP" }} nodePort: null {{- end }} - {{- if $query.serviceGrpc.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $query.serviceGrpc.extraPorts "context" $) | nindent 4 }} + {{- if .Values.query.serviceGrpc.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.extraPorts "context" $) | nindent 4 }} {{- end }} selector: - {{- if $query.serviceGrpc.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" $query.serviceGrpc.labelSelectorsOverride "context" $) | nindent 4 }} + {{- if .Values.query.serviceGrpc.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.labelSelectorsOverride "context" $) | nindent 4 }} {{- else }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $query.podLabels .Values.commonLabels ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- end }} diff --git a/bitnami/thanos/templates/query/service-headless.yaml b/bitnami/thanos/templates/query/service-headless.yaml index 84b4cb3c2dc0aa..e230f3dbb65d06 100644 --- a/bitnami/thanos/templates/query/service-headless.yaml +++ b/bitnami/thanos/templates/query/service-headless.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-query-headless - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} @@ -20,7 +20,7 @@ spec: type: ClusterIP clusterIP: None ports: - - port: {{ if .Values.query.service.http }}{{ coalesce .Values.query.service.ports.http .Values.query.service.http.port }}{{ else }}{{ .Values.query.service.ports.http }}{{ end }} + - port: {{ .Values.query.service.ports.http }} targetPort: http protocol: TCP name: http diff --git a/bitnami/thanos/templates/query/service.yaml b/bitnami/thanos/templates/query/service.yaml index 634284d1eb651a..68cab5ea7757e5 100644 --- a/bitnami/thanos/templates/query/service.yaml +++ b/bitnami/thanos/templates/query/service.yaml @@ -3,53 +3,52 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.enabled -}} +{{- if .Values.query.enabled -}} apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-query - namespace: {{ .Release.Namespace | quote }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list $query.service.labels .Values.commonLabels ) "context" . ) }} + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.service.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} - {{- if or $query.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $query.service.annotations .Values.commonAnnotations ) "context" . ) }} + {{- if or .Values.query.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.service.annotations .Values.commonAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: - type: {{ $query.service.type }} - {{- if and $query.service.clusterIP (eq $query.service.type "ClusterIP") }} - clusterIP: {{ $query.service.clusterIP }} + type: {{ .Values.query.service.type }} + {{- if and .Values.query.service.clusterIP (eq .Values.query.service.type "ClusterIP") }} + clusterIP: {{ .Values.query.service.clusterIP }} {{- end }} - {{- if ne $query.service.type "ClusterIP" }} - externalTrafficPolicy: {{ $query.service.externalTrafficPolicy }} + {{- if ne .Values.query.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.query.service.externalTrafficPolicy }} {{- end }} - {{- if and $query.service.loadBalancerIP (eq $query.service.type "LoadBalancer") }} - loadBalancerIP: {{ $query.service.loadBalancerIP }} + {{- if and .Values.query.service.loadBalancerIP (eq .Values.query.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.query.service.loadBalancerIP }} {{- end }} - {{- if and (eq $query.service.type "LoadBalancer") $query.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $query.service.loadBalancerSourceRanges | nindent 4 }} + {{- if and (eq .Values.query.service.type "LoadBalancer") .Values.query.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.query.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ $query.service.ports.http }} + - port: {{ .Values.query.service.ports.http }} targetPort: http protocol: TCP name: http - {{- if and (or (eq $query.service.type "NodePort") (eq $query.service.type "LoadBalancer")) $query.service.nodePorts.http }} - nodePort: {{ $query.service.nodePorts.http }} - {{- else if eq $query.service.type "ClusterIP" }} + {{- if and (or (eq .Values.query.service.type "NodePort") (eq .Values.query.service.type "LoadBalancer")) .Values.query.service.nodePorts.http }} + nodePort: {{ .Values.query.service.nodePorts.http }} + {{- else if eq .Values.query.service.type "ClusterIP" }} nodePort: null {{- end }} - {{- if $query.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" $query.service.extraPorts "context" $) | nindent 4 }} + {{- if .Values.query.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.service.extraPorts "context" $) | nindent 4 }} {{- end }} selector: - {{- if $query.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" $query.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- if .Values.query.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.service.labelSelectorsOverride "context" $) | nindent 4 }} {{- else }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $query.podLabels .Values.commonLabels ) "context" . ) }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- end }} diff --git a/bitnami/thanos/templates/query/serviceaccount.yaml b/bitnami/thanos/templates/query/serviceaccount.yaml index 03a7673c8f2549..ecd164e9c7892c 100644 --- a/bitnami/thanos/templates/query/serviceaccount.yaml +++ b/bitnami/thanos/templates/query/serviceaccount.yaml @@ -3,13 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled .Values.query.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "query" "context" $))) }} +{{- if and .Values.query.enabled .Values.query.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "query" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.query.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if or .Values.query.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query/servicemonitor.yaml b/bitnami/thanos/templates/query/servicemonitor.yaml index adc8c5ef60627e..c26d7bdfbbac74 100644 --- a/bitnami/thanos/templates/query/servicemonitor.yaml +++ b/bitnami/thanos/templates/query/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-query + name: {{ include "thanos.query.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/query/tls-secrets-grpc.yaml b/bitnami/thanos/templates/query/tls-secrets-grpc.yaml index d395c14913a5f9..819712e986e3e1 100644 --- a/bitnami/thanos/templates/query/tls-secrets-grpc.yaml +++ b/bitnami/thanos/templates/query/tls-secrets-grpc.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-grpc - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/query/tls-secrets.yaml b/bitnami/thanos/templates/query/tls-secrets.yaml index 5c379288281cb2..0e40dd1e167952 100644 --- a/bitnami/thanos/templates/query/tls-secrets.yaml +++ b/bitnami/thanos/templates/query/tls-secrets.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-query - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: query {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/receive-distributor/deployment.yaml b/bitnami/thanos/templates/receive-distributor/deployment.yaml index 097aa64968f381..3a82926b853a81 100644 --- a/bitnami/thanos/templates/receive-distributor/deployment.yaml +++ b/bitnami/thanos/templates/receive-distributor/deployment.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ include "common.names.fullname" . }}-receive-distributor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive-distributor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive-distributor {{- if .Values.commonAnnotations }} @@ -40,7 +40,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "receive" "context" $) }} + serviceAccountName: {{ include "thanos.receive-distributor.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.receiveDistributor.automountServiceAccountToken }} {{- if .Values.receiveDistributor.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.hostAliases "context" $) | nindent 8 }} @@ -100,9 +100,9 @@ spec: - receive - --log.level={{ .Values.receiveDistributor.logLevel }} - --log.format={{ .Values.receiveDistributor.logFormat }} - - --grpc-address=0.0.0.0:{{ if .Values.receive.service.grpc }}{{ coalesce .Values.receive.service.ports.grpc .Values.receive.service.grpc.port }}{{ else }}{{ .Values.receive.service.ports.grpc }}{{ end }} - - --http-address=0.0.0.0:{{ if .Values.receive.service.http }}{{ coalesce .Values.receive.service.ports.http .Values.receive.service.http.port }}{{ else }}{{ .Values.receive.service.ports.http }}{{ end }} - - --remote-write.address=0.0.0.0:{{ if .Values.receive.service.remoteWrite }}{{ coalesce .Values.receive.service.ports.remote .Values.receive.service.remoteWrite.port }}{{ else }}{{ .Values.receive.service.ports.remote }}{{ end }} + - --grpc-address=0.0.0.0:{{ .Values.receive.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.receive.containerPorts.http }} + - --remote-write.address=0.0.0.0:{{ .Values.receive.containerPorts.remote }} - --label={{ .Values.receiveDistributor.replicaLabel }}="$(NAME)" - --label=receive="true" - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json @@ -143,13 +143,13 @@ spec: {{- end }} {{- end }} ports: - - containerPort: {{ if .Values.receive.service.grpc }}{{ coalesce .Values.receive.service.ports.grpc .Values.receive.service.grpc.port }}{{ else }}{{ .Values.receive.service.ports.grpc }}{{ end }} + - containerPort: {{ .Values.receive.service.ports.grpc }} name: grpc protocol: TCP - - containerPort: {{ if .Values.receive.service.http }}{{ coalesce .Values.receive.service.ports.http .Values.receive.service.http.port }}{{ else }}{{ .Values.receive.service.ports.http }}{{ end }} + - containerPort: {{ .Values.receive.service.ports.http }} name: http protocol: TCP - - containerPort: {{ if .Values.receive.service.remoteWrite }}{{ coalesce .Values.receive.service.ports.remote .Values.receive.service.remoteWrite.port }}{{ else }}{{ .Values.receive.service.ports.remote }}{{ end }} + - containerPort: {{ .Values.receive.service.ports.remote }} name: remote-write protocol: TCP {{- if .Values.receiveDistributor.customLivenessProbe }} diff --git a/bitnami/thanos/templates/receive-distributor/hpa.yaml b/bitnami/thanos/templates/receive-distributor/hpa.yaml index 75a25f90290481..925e6c18c56a3b 100644 --- a/bitnami/thanos/templates/receive-distributor/hpa.yaml +++ b/bitnami/thanos/templates/receive-distributor/hpa.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "common.names.fullname" . }}-receive-distributor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive-distributor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive-distributor {{- if .Values.commonAnnotations }} @@ -18,7 +18,7 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment - name: {{ include "common.names.fullname" . }}-receive-distributor + name: {{ include "thanos.receive-distributor.fullname" . }} minReplicas: {{ .Values.receiveDistributor.autoscaling.minReplicas }} maxReplicas: {{ .Values.receiveDistributor.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/thanos/templates/receive-distributor/pdb.yaml b/bitnami/thanos/templates/receive-distributor/pdb.yaml index d725ac2a93d2d0..b88e222deeefe0 100644 --- a/bitnami/thanos/templates/receive-distributor/pdb.yaml +++ b/bitnami/thanos/templates/receive-distributor/pdb.yaml @@ -7,10 +7,10 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }}-receive-distributor - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive-distributor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: receive + app.kubernetes.io/component: receive-distributor {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/bitnami/thanos/templates/receive-distributor/serviceaccount.yaml b/bitnami/thanos/templates/receive-distributor/serviceaccount.yaml index fd9e29a9e31871..b9a13069b69d5d 100644 --- a/bitnami/thanos/templates/receive-distributor/serviceaccount.yaml +++ b/bitnami/thanos/templates/receive-distributor/serviceaccount.yaml @@ -3,12 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "receive-distributor" "context" $))) }} +{{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "receive-distributor" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive-distributor.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive-distributor {{- if or .Values.receiveDistributor.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/receive-distributor/servicemonitor.yaml b/bitnami/thanos/templates/receive-distributor/servicemonitor.yaml index e3b056817d70ca..dae3a3e6892675 100644 --- a/bitnami/thanos/templates/receive-distributor/servicemonitor.yaml +++ b/bitnami/thanos/templates/receive-distributor/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-receive-distributor + name: {{ include "thanos.receive-distributor.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/receive/configmap.yaml b/bitnami/thanos/templates/receive/configmap.yaml index c694f6f29d0856..305cf9518a5914 100644 --- a/bitnami/thanos/templates/receive/configmap.yaml +++ b/bitnami/thanos/templates/receive/configmap.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.names.fullname" . }}-receive - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/receive/hpa.yaml b/bitnami/thanos/templates/receive/hpa.yaml index ee3fe2fc4c52cf..ba3e1cb76f0def 100644 --- a/bitnami/thanos/templates/receive/hpa.yaml +++ b/bitnami/thanos/templates/receive/hpa.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "common.names.fullname" . }}-receive - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.commonAnnotations }} @@ -18,7 +18,7 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet - name: {{ include "common.names.fullname" . }}-receive + name: {{ include "thanos.receive.fullname" . }} minReplicas: {{ .Values.receive.autoscaling.minReplicas }} maxReplicas: {{ .Values.receive.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/thanos/templates/receive/ingress.yaml b/bitnami/thanos/templates/receive/ingress.yaml index fc87418aececa3..28c5957c133f98 100644 --- a/bitnami/thanos/templates/receive/ingress.yaml +++ b/bitnami/thanos/templates/receive/ingress.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-receive - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if or .Values.receive.ingress.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/receive/networkpolicy.yaml b/bitnami/thanos/templates/receive/networkpolicy.yaml new file mode 100644 index 00000000000000..358d8a7dac94ee --- /dev/null +++ b/bitnami/thanos/templates/receive/networkpolicy.yaml @@ -0,0 +1,126 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.receive.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive + policyTypes: + - Ingress + - Egress + {{- if .Values.receive.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - ports: + - port: {{ .Values.receive.containerPorts.http }} + - port: {{ .Values.receive.service.ports.http }} + - port: {{ .Values.receive.containerPorts.grpc }} + - port: {{ .Values.receive.service.ports.grpc }} + # Communicate with other receive instances via headless service + - ports: + - port: {{ .Values.receive.containerPorts.http }} + - port: {{ .Values.receive.containerPorts.grpc }} + - port: {{ .Values.receive.containerPorts.remote }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if eq .Values.receive.mode "dual-mode" }} + app.kubernetes.io/component: receive-distributor + {{ else }} + app.kubernetes.io/component: receive + {{ end }} + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.queryFrontend.enabled }} + # Communicate with query-frontend + - ports: + - port: {{ .Values.queryFrontend.service.ports.http }} + - port: {{ .Values.queryFrontend.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query-frontend + + {{- end }} + {{- if .Values.query.enabled }} + # Communicate with query + - ports: + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + + {{- end }} + {{- if .Values.receive.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.receive.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.receive.containerPorts.http }} + - port: {{ .Values.receive.service.ports.http }} + - port: {{ .Values.receive.containerPorts.grpc }} + - port: {{ .Values.receive.service.ports.grpc }} + - port: {{ .Values.receive.containerPorts.remote }} + - port: {{ .Values.receive.service.ports.remote }} + {{- if not .Values.receive.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.receive.fullname" . }}-client: "true" + {{- if .Values.receive.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.receive.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.receive.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.receive.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.receive.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.receive.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/thanos/templates/receive/pdb.yaml b/bitnami/thanos/templates/receive/pdb.yaml index d61a1aacfd15d4..910c8569619d23 100644 --- a/bitnami/thanos/templates/receive/pdb.yaml +++ b/bitnami/thanos/templates/receive/pdb.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }}-receive - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/receive/service-headless.yaml b/bitnami/thanos/templates/receive/service-headless.yaml index f2efc9aa47ad48..a8b34d966b4aa1 100644 --- a/bitnami/thanos/templates/receive/service-headless.yaml +++ b/bitnami/thanos/templates/receive/service-headless.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-receive-headless - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} @@ -20,11 +20,11 @@ spec: type: ClusterIP clusterIP: None ports: - - port: {{ if .Values.receive.service.http }}{{ coalesce .Values.receive.service.ports.http .Values.receive.service.http.port }}{{ else }}{{ .Values.receive.service.ports.http }}{{ end }} + - port: {{ .Values.receive.service.ports.http }} targetPort: http protocol: TCP name: http - - port: {{ if .Values.receive.service.grpc }}{{ coalesce .Values.receive.service.ports.grpc .Values.receive.service.grpc.port }}{{ else }}{{ .Values.receive.service.ports.grpc }}{{ end }} + - port: {{ .Values.receive.service.ports.grpc }} targetPort: grpc protocol: TCP name: grpc diff --git a/bitnami/thanos/templates/receive/service.yaml b/bitnami/thanos/templates/receive/service.yaml index c71606ece28460..df4b886fc5c2f0 100644 --- a/bitnami/thanos/templates/receive/service.yaml +++ b/bitnami/thanos/templates/receive/service.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-receive - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.service.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive @@ -32,7 +32,7 @@ spec: loadBalancerSourceRanges: {{- toYaml .Values.receive.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ if .Values.receive.service.http }}{{ coalesce .Values.receive.service.ports.http .Values.receive.service.http.port }}{{ else }}{{ .Values.receive.service.ports.http }}{{ end }} + - port: {{ .Values.receive.service.ports.http }} targetPort: http protocol: TCP name: http @@ -41,7 +41,7 @@ spec: {{- else if eq .Values.receive.service.type "ClusterIP" }} nodePort: null {{- end }} - - port: {{ if .Values.receive.service.grpc }}{{ coalesce .Values.receive.service.ports.grpc .Values.receive.service.grpc.port }}{{ else }}{{ .Values.receive.service.ports.grpc }}{{ end }} + - port: {{ .Values.receive.service.ports.grpc }} targetPort: grpc protocol: TCP name: grpc @@ -50,7 +50,7 @@ spec: {{- else if eq .Values.receive.service.type "ClusterIP" }} nodePort: null {{- end }} - - port: {{ if .Values.receive.service.remoteWrite }}{{ coalesce .Values.receive.service.ports.remote .Values.receive.service.remoteWrite.port }}{{ else }}{{ .Values.receive.service.ports.remote }}{{ end }} + - port: {{ .Values.receive.service.ports.remote }} targetPort: remote-write protocol: TCP name: remote diff --git a/bitnami/thanos/templates/receive/serviceaccount.yaml b/bitnami/thanos/templates/receive/serviceaccount.yaml index 245ceb04d03b33..01c1b8c2e5bfdd 100644 --- a/bitnami/thanos/templates/receive/serviceaccount.yaml +++ b/bitnami/thanos/templates/receive/serviceaccount.yaml @@ -3,12 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.receive.enabled .Values.receive.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "receive" "context" $))) }} +{{- if and .Values.receive.enabled .Values.receive.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "receive" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if or .Values.receive.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/receive/servicemonitor.yaml b/bitnami/thanos/templates/receive/servicemonitor.yaml index 6166fd13934f9d..2774fcb0a5f487 100644 --- a/bitnami/thanos/templates/receive/servicemonitor.yaml +++ b/bitnami/thanos/templates/receive/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-receive + name: {{ include "thanos.receive.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/receive/statefulset.yaml b/bitnami/thanos/templates/receive/statefulset.yaml index 834a4d27e3e7ed..cefb038359244c 100644 --- a/bitnami/thanos/templates/receive/statefulset.yaml +++ b/bitnami/thanos/templates/receive/statefulset.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: - name: {{ include "common.names.fullname" . }}-receive - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.receive.statefulsetLabels }} @@ -23,7 +23,7 @@ spec: {{- end }} revisionHistoryLimit: {{ .Values.receive.revisionHistoryLimit }} podManagementPolicy: {{ .Values.receive.podManagementPolicy }} - serviceName: {{ include "common.names.fullname" . }}-receive-headless + serviceName: {{ include "thanos.receive.fullname" . }}-headless {{- if .Values.receive.updateStrategy }} updateStrategy: {{- toYaml .Values.receive.updateStrategy | nindent 4 }} {{- end }} @@ -46,7 +46,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "receive" "context" $) }} + serviceAccountName: {{ include "thanos.receive.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.receive.automountServiceAccountToken }} {{- if .Values.receive.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.receive.hostAliases "context" $) | nindent 8 }} @@ -125,9 +125,9 @@ spec: - receive - --log.level={{ .Values.receive.logLevel }} - --log.format={{ .Values.receive.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 - - --remote-write.address=0.0.0.0:19291 + - --grpc-address=0.0.0.0:{{ .Values.receive.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.receive.containerPorts.http }} + - --remote-write.address=0.0.0.0:{{ .Values.receive.containerPorts.remote }} {{- if or .Values.objstoreConfig .Values.existingObjstoreSecret }} - --objstore.config=$(OBJSTORE_CONFIG) {{- end }} @@ -139,9 +139,9 @@ spec: - --label=receive="true" - --tsdb.retention={{ .Values.receive.tsdbRetention }} {{- if not .Values.receive.service.additionalHeadless }} - - --receive.local-endpoint=127.0.0.1:10901 + - --receive.local-endpoint=127.0.0.1:{{ .Values.receive.containerPorts.grpc }} {{- else }} - - --receive.local-endpoint=$(NAME).{{ include "common.names.fullname" . }}-receive-headless.$(NAMESPACE).svc.{{ .Values.clusterDomain }}:10901 + - --receive.local-endpoint=$(NAME).{{ include "thanos.receive.fullname" . }}-headless.$(NAMESPACE).svc.{{ .Values.clusterDomain }}:10901 {{- end }} {{- if eq .Values.receive.mode "standalone" }} - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json @@ -187,13 +187,13 @@ spec: {{- end }} {{- end }} ports: - - containerPort: 10901 + - containerPort: {{ .Values.receive.containerPorts.grpc }} name: grpc protocol: TCP - - containerPort: 10902 + - containerPort: {{ .Values.receive.containerPorts.http }} name: http protocol: TCP - - containerPort: 19291 + - containerPort: {{ .Values.receive.containerPorts.remote }} name: remote-write protocol: TCP {{- if .Values.receive.customLivenessProbe }} diff --git a/bitnami/thanos/templates/receive/tls-secrets.yaml b/bitnami/thanos/templates/receive/tls-secrets.yaml index 5457dc6ca9bb95..6b4a1c5e7cb409 100644 --- a/bitnami/thanos/templates/receive/tls-secrets.yaml +++ b/bitnami/thanos/templates/receive/tls-secrets.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-receive - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/ruler/configmap.yaml b/bitnami/thanos/templates/ruler/configmap.yaml index bffe60d3ce7c1b..6c669e4683290e 100644 --- a/bitnami/thanos/templates/ruler/configmap.yaml +++ b/bitnami/thanos/templates/ruler/configmap.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.names.fullname" . }}-ruler-configmap - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/ruler/hpa.yaml b/bitnami/thanos/templates/ruler/hpa.yaml index 20563e8660c859..05e7dc54214468 100644 --- a/bitnami/thanos/templates/ruler/hpa.yaml +++ b/bitnami/thanos/templates/ruler/hpa.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "common.names.fullname" . }}-ruler - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: receive {{- if .Values.commonAnnotations }} @@ -18,7 +18,7 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet - name: {{ include "common.names.fullname" . }}-ruler + name: {{ include "thanos.ruler.fullname" . }} minReplicas: {{ .Values.ruler.autoscaling.minReplicas }} maxReplicas: {{ .Values.ruler.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/thanos/templates/ruler/ingress.yaml b/bitnami/thanos/templates/ruler/ingress.yaml index a0515b155ff7b6..5eb37645d09363 100644 --- a/bitnami/thanos/templates/ruler/ingress.yaml +++ b/bitnami/thanos/templates/ruler/ingress.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-ruler - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if or .Values.ruler.ingress.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/ruler/networkpolicy.yaml b/bitnami/thanos/templates/ruler/networkpolicy.yaml new file mode 100644 index 00000000000000..ee0f0a8f050ffd --- /dev/null +++ b/bitnami/thanos/templates/ruler/networkpolicy.yaml @@ -0,0 +1,113 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ruler.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: ruler + policyTypes: + - Ingress + - Egress + {{- if .Values.ruler.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Communicate with other ruler instances via headless service + - ports: + - port: {{ .Values.ruler.containerPorts.http }} + - port: {{ .Values.ruler.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: ruler + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.query.enabled }} + # Communicate with query + - ports: + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + {{- end }} + {{- if .Values.queryFrontend.enabled }} + # Communicate with query-frontend + - ports: + - port: {{ .Values.queryFrontend.service.ports.http }} + - port: {{ .Values.queryFrontend.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query-frontend + + {{- end }} + {{- if .Values.ruler.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.ruler.containerPorts.http }} + - port: {{ .Values.ruler.service.ports.http }} + - port: {{ .Values.ruler.containerPorts.grpc }} + - port: {{ .Values.ruler.service.ports.grpc }} + {{- if not .Values.ruler.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.ruler.fullname" . }}-client: "true" + {{- if .Values.ruler.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.ruler.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.ruler.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.ruler.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.ruler.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/thanos/templates/ruler/pdb.yaml b/bitnami/thanos/templates/ruler/pdb.yaml index 75d05c383bcd05..610138fce15e3a 100644 --- a/bitnami/thanos/templates/ruler/pdb.yaml +++ b/bitnami/thanos/templates/ruler/pdb.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }}-ruler - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/ruler/secret.yaml b/bitnami/thanos/templates/ruler/secret.yaml index 99344236bda2c3..dcea0df3040a02 100644 --- a/bitnami/thanos/templates/ruler/secret.yaml +++ b/bitnami/thanos/templates/ruler/secret.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-ruler-alertmanagers-config - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }}-alertmanagers-config + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/ruler/service-headless.yaml b/bitnami/thanos/templates/ruler/service-headless.yaml index a7787227ad7ff0..c1b4154f70ed83 100644 --- a/bitnami/thanos/templates/ruler/service-headless.yaml +++ b/bitnami/thanos/templates/ruler/service-headless.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-ruler-headless - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} @@ -20,11 +20,11 @@ spec: type: ClusterIP clusterIP: None ports: - - port: {{ if .Values.ruler.service.http }}{{ coalesce .Values.ruler.service.ports.http .Values.ruler.service.http.port }}{{ else }}{{ .Values.ruler.service.ports.http }}{{ end }} + - port: {{ .Values.ruler.service.ports.http }} targetPort: http protocol: TCP name: http - - port: {{ if .Values.ruler.service.grpc }}{{ coalesce .Values.ruler.service.ports.grpc .Values.ruler.service.grpc.port }}{{ else }}{{ .Values.ruler.service.ports.grpc }}{{ end }} + - port: {{ .Values.ruler.service.ports.grpc }} targetPort: grpc protocol: TCP name: grpc diff --git a/bitnami/thanos/templates/ruler/service.yaml b/bitnami/thanos/templates/ruler/service.yaml index 1f764129542527..3f9db173d72b34 100644 --- a/bitnami/thanos/templates/ruler/service.yaml +++ b/bitnami/thanos/templates/ruler/service.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-ruler - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.service.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler @@ -32,7 +32,7 @@ spec: loadBalancerSourceRanges: {{- toYaml .Values.ruler.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ if .Values.ruler.service.http }}{{ coalesce .Values.ruler.service.ports.http .Values.ruler.service.http.port }}{{ else }}{{ .Values.ruler.service.ports.http }}{{ end }} + - port: {{ .Values.ruler.service.ports.http }} targetPort: http protocol: TCP name: http @@ -41,7 +41,7 @@ spec: {{- else if eq .Values.ruler.service.type "ClusterIP" }} nodePort: null {{- end }} - - port: {{ if .Values.ruler.service.grpc }}{{ coalesce .Values.ruler.service.ports.grpc .Values.ruler.service.grpc.port }}{{ else }}{{ .Values.ruler.service.ports.grpc }}{{ end }} + - port: {{ .Values.ruler.service.ports.grpc }} targetPort: grpc protocol: TCP name: grpc diff --git a/bitnami/thanos/templates/ruler/serviceaccount.yaml b/bitnami/thanos/templates/ruler/serviceaccount.yaml index dfaaefdafca4d6..0bde183230dd52 100644 --- a/bitnami/thanos/templates/ruler/serviceaccount.yaml +++ b/bitnami/thanos/templates/ruler/serviceaccount.yaml @@ -3,12 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.ruler.enabled .Values.ruler.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "ruler" "context" $))) }} +{{- if and .Values.ruler.enabled .Values.ruler.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "ruler" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if or .Values.ruler.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/ruler/servicemonitor.yaml b/bitnami/thanos/templates/ruler/servicemonitor.yaml index ee494b872cb46d..b0626167b4e949 100644 --- a/bitnami/thanos/templates/ruler/servicemonitor.yaml +++ b/bitnami/thanos/templates/ruler/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-ruler + name: {{ include "thanos.ruler.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/ruler/statefulset.yaml b/bitnami/thanos/templates/ruler/statefulset.yaml index 0f56cdbf972e43..1310174d342da0 100644 --- a/bitnami/thanos/templates/ruler/statefulset.yaml +++ b/bitnami/thanos/templates/ruler/statefulset.yaml @@ -3,13 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} {{- if .Values.ruler.enabled }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: - name: {{ include "common.names.fullname" . }}-ruler - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if .Values.commonAnnotations }} @@ -21,7 +20,7 @@ spec: {{- end }} revisionHistoryLimit: {{ .Values.ruler.revisionHistoryLimit }} podManagementPolicy: {{ .Values.ruler.podManagementPolicy }} - serviceName: {{ include "common.names.fullname" . }}-ruler-headless + serviceName: {{ include "thanos.ruler.fullname" . }}-headless {{- if .Values.ruler.updateStrategy }} updateStrategy: {{- toYaml .Values.ruler.updateStrategy | nindent 4 }} {{- end }} @@ -41,7 +40,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "ruler" "context" $) }} + serviceAccountName: {{ include "thanos.ruler.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.ruler.automountServiceAccountToken }} {{- if .Values.ruler.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.hostAliases "context" $) | nindent 8 }} @@ -120,8 +119,8 @@ spec: - rule - --log.level={{ .Values.ruler.logLevel }} - --log.format={{ .Values.ruler.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 + - --grpc-address=0.0.0.0:{{ .Values.ruler.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.ruler.containerPorts.http }} - --data-dir=/data - --eval-interval={{ .Values.ruler.evalInterval }} {{- if (include "thanos.httpConfigEnabled" .) }} @@ -133,8 +132,8 @@ spec: {{- if .Values.ruler.alertmanagersConfig }} - --alertmanagers.config-file=/conf/alertmanagers/alertmanagers_config.yml {{- end }} - {{- if and $query.enabled .Values.ruler.dnsDiscovery.enabled }} - - --query=dnssrv+_http._tcp.{{ include "common.names.fullname" . }}-query.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + {{- if and .Values.query.enabled .Values.ruler.dnsDiscovery.enabled }} + - --query=dnssrv+_http._tcp.{{ include "thanos.query.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{- end }} - --alert.query-url={{- template "thanos.ruler.queryURL" .}} - --label={{ .Values.ruler.replicaLabel }}="$(POD_NAME)" @@ -170,10 +169,10 @@ spec: {{- end }} ports: - name: http - containerPort: 10902 + containerPort: {{ .Values.ruler.containerPorts.http }} protocol: TCP - name: grpc - containerPort: 10901 + containerPort: {{ .Values.ruler.containerPorts.grpc }} protocol: TCP {{- if .Values.ruler.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.customLivenessProbe "context" $) | nindent 12 }} @@ -268,7 +267,7 @@ spec: {{- if .Values.ruler.alertmanagersConfig }} - name: alertmanagers-config secret: - secretName: {{ include "common.names.fullname" . }}-ruler-alertmanagers-config + secretName: {{ include "thanos.ruler.fullname" . }}-alertmanagers-config {{- end }} {{- if .Values.ruler.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraVolumes "context" $) | nindent 8 }} diff --git a/bitnami/thanos/templates/ruler/tls-secrets.yaml b/bitnami/thanos/templates/ruler/tls-secrets.yaml index c4857ccdc89625..553fb4e6d69cd5 100644 --- a/bitnami/thanos/templates/ruler/tls-secrets.yaml +++ b/bitnami/thanos/templates/ruler/tls-secrets.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-ruler - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: ruler {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/serviceaccount.yaml b/bitnami/thanos/templates/serviceaccount.yaml deleted file mode 100644 index bf5abde5dd2f8b..00000000000000 --- a/bitnami/thanos/templates/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- /* -Copyright VMware, Inc. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.serviceAccount.create (not .Values.existingServiceAccount) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "" "context" $) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/configmap.yaml b/bitnami/thanos/templates/storegateway/configmap.yaml index 137b2c12bdd5be..ba0fcf2d6b9f1e 100644 --- a/bitnami/thanos/templates/storegateway/configmap.yaml +++ b/bitnami/thanos/templates/storegateway/configmap.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.names.fullname" . }}-storegateway-configmap - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/storegateway/hpa-sharded.yaml b/bitnami/thanos/templates/storegateway/hpa-sharded.yaml index d25f057027575d..6c03c3084013fb 100644 --- a/bitnami/thanos/templates/storegateway/hpa-sharded.yaml +++ b/bitnami/thanos/templates/storegateway/hpa-sharded.yaml @@ -16,8 +16,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ printf "%s-storegateway-%s" (include "common.names.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Release.Namespace | quote }} + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway shard: {{ $index | quote }} @@ -28,7 +28,7 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet - name: {{ printf "%s-storegateway-%s" (include "common.names.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} minReplicas: {{ $.Values.storegateway.autoscaling.minReplicas }} maxReplicas: {{ $.Values.storegateway.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/thanos/templates/storegateway/hpa.yaml b/bitnami/thanos/templates/storegateway/hpa.yaml index 794482f51b135d..a3a679cbd80224 100644 --- a/bitnami/thanos/templates/storegateway/hpa.yaml +++ b/bitnami/thanos/templates/storegateway/hpa.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "common.names.fullname" . }}-storegateway - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if .Values.commonAnnotations }} @@ -18,7 +18,7 @@ spec: scaleTargetRef: apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet - name: {{ include "common.names.fullname" . }}-storegateway + name: {{ include "thanos.storegateway.fullname" . }} minReplicas: {{ .Values.storegateway.autoscaling.minReplicas }} maxReplicas: {{ .Values.storegateway.autoscaling.maxReplicas }} metrics: diff --git a/bitnami/thanos/templates/storegateway/ingress-grpc.yaml b/bitnami/thanos/templates/storegateway/ingress-grpc.yaml index 6b8bcebb76171c..767a69f1c453cb 100644 --- a/bitnami/thanos/templates/storegateway/ingress-grpc.yaml +++ b/bitnami/thanos/templates/storegateway/ingress-grpc.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-storegateway-grpc - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }}-grpc + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if or .Values.storegateway.ingress.grpc.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/storegateway/ingress.yaml b/bitnami/thanos/templates/storegateway/ingress.yaml index 2f50309198934b..4098f652ede853 100644 --- a/bitnami/thanos/templates/storegateway/ingress.yaml +++ b/bitnami/thanos/templates/storegateway/ingress.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ include "common.names.fullname" . }}-storegateway - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if or .Values.storegateway.ingress.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/storegateway/networkpolicy.yaml b/bitnami/thanos/templates/storegateway/networkpolicy.yaml new file mode 100644 index 00000000000000..3c1100c103b933 --- /dev/null +++ b/bitnami/thanos/templates/storegateway/networkpolicy.yaml @@ -0,0 +1,90 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.storegateway.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: storegateway + policyTypes: + - Ingress + - Egress + {{- if .Values.storegateway.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Communicate with other storegateway instances via headless service + - ports: + - port: {{ .Values.storegateway.containerPorts.http }} + - port: {{ .Values.storegateway.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: storegateway + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.containerPorts.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.storegateway.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.storegateway.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.storegateway.containerPorts.http }} + - port: {{ .Values.storegateway.service.ports.http }} + - port: {{ .Values.storegateway.containerPorts.grpc }} + - port: {{ .Values.storegateway.service.ports.grpc }} + {{- if not .Values.storegateway.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.storegateway.fullname" . }}-client: "true" + {{- if .Values.storegateway.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.storegateway.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.storegateway.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.storegateway.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storegateway.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.storegateway.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/thanos/templates/storegateway/pdb-sharded.yaml b/bitnami/thanos/templates/storegateway/pdb-sharded.yaml index 2babf84e9fdc45..095905a2128301 100644 --- a/bitnami/thanos/templates/storegateway/pdb-sharded.yaml +++ b/bitnami/thanos/templates/storegateway/pdb-sharded.yaml @@ -16,8 +16,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.policy.apiVersion" $ }} kind: PodDisruptionBudget metadata: - name: {{ printf "%s-storegateway-%s" (include "common.names.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Release.Namespace | quote }} + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway shard: {{ $index | quote }} diff --git a/bitnami/thanos/templates/storegateway/pdb.yaml b/bitnami/thanos/templates/storegateway/pdb.yaml index 984cf7f026762d..608b829ea67a96 100644 --- a/bitnami/thanos/templates/storegateway/pdb.yaml +++ b/bitnami/thanos/templates/storegateway/pdb.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget metadata: - name: {{ include "common.names.fullname" . }}-storegateway - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/storegateway/service-headless.yaml b/bitnami/thanos/templates/storegateway/service-headless.yaml index 02c249a639f9e4..9343a76f3d4089 100644 --- a/bitnami/thanos/templates/storegateway/service-headless.yaml +++ b/bitnami/thanos/templates/storegateway/service-headless.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-storegateway-headless - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} @@ -20,11 +20,11 @@ spec: type: ClusterIP clusterIP: None ports: - - port: {{ if .Values.storegateway.service.http }}{{ coalesce .Values.storegateway.service.ports.http .Values.storegateway.service.http.port }}{{ else }}{{ .Values.storegateway.service.ports.http }}{{ end }} + - port: {{ .Values.storegateway.service.ports.http }} targetPort: http protocol: TCP name: http - - port: {{ if .Values.storegateway.service.grpc }}{{ coalesce .Values.storegateway.service.ports.grpc .Values.storegateway.service.grpc.port }}{{ else }}{{ .Values.storegateway.service.ports.grpc }}{{ end }} + - port: {{ .Values.storegateway.service.ports.grpc }} targetPort: grpc protocol: TCP name: grpc diff --git a/bitnami/thanos/templates/storegateway/service-sharded.yaml b/bitnami/thanos/templates/storegateway/service-sharded.yaml index fe05dedd4aed52..1a260b6f79f7fc 100644 --- a/bitnami/thanos/templates/storegateway/service-sharded.yaml +++ b/bitnami/thanos/templates/storegateway/service-sharded.yaml @@ -16,9 +16,9 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - {{- $svcNamePrefix := printf "%s-storegateway" (include "common.names.fullname" $) | trunc 61 | trimSuffix "-" }} + {{- $svcNamePrefix := include "thanos.storegateway.fullname" $ }} name: {{ printf "%s-%s" $svcNamePrefix (toString $index) }} - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway shard: {{ $index | quote }} @@ -44,7 +44,7 @@ spec: loadBalancerSourceRanges: {{- toYaml $.Values.storegateway.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ if $.Values.storegateway.service.http }}{{ coalesce $.Values.storegateway.service.ports.http $.Values.storegateway.service.http.port }}{{ else }}{{ $.Values.storegateway.service.ports.http }}{{ end }} + - port: {{ $.Values.storegateway.service.ports.http }} targetPort: http protocol: TCP name: http @@ -53,7 +53,7 @@ spec: {{- else if eq $.Values.storegateway.service.type "ClusterIP" }} nodePort: null {{- end }} - - port: {{ if $.Values.storegateway.service.grpc }}{{ coalesce $.Values.storegateway.service.ports.grpc $.Values.storegateway.service.grpc.port }}{{ else }}{{ $.Values.storegateway.service.ports.grpc }}{{ end }} + - port: {{ $.Values.storegateway.service.ports.grpc }} targetPort: grpc protocol: TCP name: grpc diff --git a/bitnami/thanos/templates/storegateway/service.yaml b/bitnami/thanos/templates/storegateway/service.yaml index dbf710d7c5e4ae..ba25da6d022f51 100644 --- a/bitnami/thanos/templates/storegateway/service.yaml +++ b/bitnami/thanos/templates/storegateway/service.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: v1 kind: Service metadata: - name: {{ include "common.names.fullname" . }}-storegateway - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.service.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway @@ -32,7 +32,7 @@ spec: loadBalancerSourceRanges: {{- toYaml .Values.storegateway.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} ports: - - port: {{ if .Values.storegateway.service.http }}{{ coalesce .Values.storegateway.service.ports.http .Values.storegateway.service.http.port }}{{ else }}{{ .Values.storegateway.service.ports.http }}{{ end }} + - port: {{ .Values.storegateway.service.ports.http }} targetPort: http protocol: TCP name: http @@ -41,7 +41,7 @@ spec: {{- else if eq .Values.storegateway.service.type "ClusterIP" }} nodePort: null {{- end }} - - port: {{ if .Values.storegateway.service.grpc }}{{ coalesce .Values.storegateway.service.ports.grpc .Values.storegateway.service.grpc.port }}{{ else }}{{ .Values.storegateway.service.ports.grpc }}{{ end }} + - port: {{ .Values.storegateway.service.ports.grpc }} targetPort: grpc protocol: TCP name: grpc diff --git a/bitnami/thanos/templates/storegateway/serviceaccount.yaml b/bitnami/thanos/templates/storegateway/serviceaccount.yaml index d8e66c30575a76..e1eaf4ba12be73 100644 --- a/bitnami/thanos/templates/storegateway/serviceaccount.yaml +++ b/bitnami/thanos/templates/storegateway/serviceaccount.yaml @@ -3,12 +3,12 @@ Copyright VMware, Inc. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.storegateway.enabled .Values.storegateway.serviceAccount.create (not (include "thanos.serviceAccount.useExisting" (dict "component" "storegateway" "context" $))) }} +{{- if and .Values.storegateway.enabled .Values.storegateway.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "thanos.serviceAccountName" (dict "component" "storegateway" "context" $) }} - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if or .Values.storegateway.serviceAccount.annotations .Values.commonAnnotations }} diff --git a/bitnami/thanos/templates/storegateway/servicemonitor.yaml b/bitnami/thanos/templates/storegateway/servicemonitor.yaml index f50de7f35642af..7c9595122ebc56 100644 --- a/bitnami/thanos/templates/storegateway/servicemonitor.yaml +++ b/bitnami/thanos/templates/storegateway/servicemonitor.yaml @@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ include "common.names.fullname" . }}-storegateway + name: {{ include "thanos.storegateway.fullname" . }} namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} diff --git a/bitnami/thanos/templates/storegateway/statefulset-sharded.yaml b/bitnami/thanos/templates/storegateway/statefulset-sharded.yaml index d99764bc703089..8eb5ec9d1cccd0 100644 --- a/bitnami/thanos/templates/storegateway/statefulset-sharded.yaml +++ b/bitnami/thanos/templates/storegateway/statefulset-sharded.yaml @@ -20,8 +20,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} kind: StatefulSet metadata: - name: {{ printf "%s-storegateway-%s" (include "common.names.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} - namespace: {{ $.Release.Namespace | quote }} + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway shard: {{ $index | quote }} @@ -59,7 +59,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" $ | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "storegateway" "context" $) }} + serviceAccountName: {{ include "thanos.storegateway.serviceAccountName" $ }} automountServiceAccountToken: {{ $.Values.storegateway.automountServiceAccountToken }} {{- if $.Values.storegateway.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.hostAliases "context" $) | nindent 8 }} @@ -135,8 +135,8 @@ spec: - store - --log.level={{ $.Values.storegateway.logLevel }} - --log.format={{ $.Values.storegateway.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 + - --grpc-address=0.0.0.0:{{ $.Values.storegateway.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ $.Values.storegateway.containerPorts.http }} - --data-dir=/data - --objstore.config-file=/conf/objstore.yml {{- if (include "thanos.httpConfigEnabled" $) }} @@ -196,10 +196,10 @@ spec: {{- end }} ports: - name: http - containerPort: 10902 + containerPort: {{ $.Values.storegateway.containerPorts.http }} protocol: TCP - name: grpc - containerPort: 10901 + containerPort: {{ $.Values.storegateway.containerPorts.grpc }} protocol: TCP {{- if $.Values.storegateway.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.customLivenessProbe "context" $) | nindent 12 }} diff --git a/bitnami/thanos/templates/storegateway/statefulset.yaml b/bitnami/thanos/templates/storegateway/statefulset.yaml index adbf00a69dfc19..491225ebcf0a2e 100644 --- a/bitnami/thanos/templates/storegateway/statefulset.yaml +++ b/bitnami/thanos/templates/storegateway/statefulset.yaml @@ -7,8 +7,8 @@ SPDX-License-Identifier: APACHE-2.0 apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: - name: {{ include "common.names.fullname" . }}-storegateway - namespace: {{ .Release.Namespace | quote }} + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if .Values.commonAnnotations }} @@ -20,7 +20,7 @@ spec: {{- end }} revisionHistoryLimit: {{ .Values.storegateway.revisionHistoryLimit }} podManagementPolicy: {{ .Values.storegateway.podManagementPolicy }} - serviceName: {{ include "common.names.fullname" . }}-storegateway-headless + serviceName: {{ include "thanos.storegateway.fullname" . }}-headless {{- if .Values.storegateway.updateStrategy }} updateStrategy: {{- toYaml .Values.storegateway.updateStrategy | nindent 4 }} {{- end }} @@ -42,7 +42,7 @@ spec: {{- end }} spec: {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "thanos.serviceAccountName" (dict "component" "storegateway" "context" $) }} + serviceAccountName: {{ include "thanos.storegateway.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.storegateway.automountServiceAccountToken }} {{- if .Values.storegateway.hostAliases }} hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.hostAliases "context" $) | nindent 8 }} @@ -121,8 +121,8 @@ spec: - store - --log.level={{ .Values.storegateway.logLevel }} - --log.format={{ .Values.storegateway.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 + - --grpc-address=0.0.0.0:{{ .Values.storegateway.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.storegateway.containerPorts.http }} - --data-dir=/data - --objstore.config-file=/conf/objstore.yml {{- if (include "thanos.httpConfigEnabled" .) }} @@ -162,10 +162,10 @@ spec: {{- end }} ports: - name: http - containerPort: 10902 + containerPort: {{ .Values.storegateway.containerPorts.http }} protocol: TCP - name: grpc - containerPort: 10901 + containerPort: {{ .Values.storegateway.containerPorts.grpc }} protocol: TCP {{- if .Values.storegateway.customLivenessProbe }} livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.customLivenessProbe "context" $) | nindent 12 }} diff --git a/bitnami/thanos/templates/storegateway/tls-secrets.yaml b/bitnami/thanos/templates/storegateway/tls-secrets.yaml index feddad71dbabea..0d89b9de82f784 100644 --- a/bitnami/thanos/templates/storegateway/tls-secrets.yaml +++ b/bitnami/thanos/templates/storegateway/tls-secrets.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "common.names.fullname" $ }}-storegateway - namespace: {{ $.Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" $ }} labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if $.Values.commonAnnotations }} @@ -31,7 +31,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ include "common.names.namespace" . }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: storegateway {{- if .Values.commonAnnotations }} diff --git a/bitnami/thanos/values.yaml b/bitnami/thanos/values.yaml index 0e25707c1121e4..446cb189016b26 100644 --- a/bitnami/thanos/values.yaml +++ b/bitnami/thanos/values.yaml @@ -136,23 +136,6 @@ auth: ## Note: Passwords will be later encrypted using bcrypt basicAuthUsers: {} -## Common Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. -## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account -## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. -## -serviceAccount: - create: true - name: "" - automountServiceAccountToken: false - annotations: {} - -## DEPRECATED - existingServiceAccount. This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead -## -## existingServiceAccount: "" - ## @section Thanos Query parameters query: @@ -220,6 +203,12 @@ query: ## updateStrategy: type: RollingUpdate + ## @param query.containerPorts.http HTTP container port + ## @param query.containerPorts.grpc HTTP container port + ## + containerPorts: + http: 10902 + grpc: 10901 ## K8s Pod Security Context for Thanos Query pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pods @@ -490,6 +479,61 @@ query: key: "" ca: "" existingSecret: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param query.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param query.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param query.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param query.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param query.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param query.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param query.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## Service parameters ## service: @@ -615,14 +659,12 @@ query: ## @param query.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account ## @param query.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED query.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## RBAC configuration ## rbac: @@ -917,6 +959,10 @@ queryFrontend: ## updateStrategy: type: RollingUpdate + ## @param queryFrontend.containerPorts.http HTTP container port + ## + containerPorts: + http: 9090 ## K8s Pod Security Context for Thanos Query Frontend pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Query Frontend pods @@ -1126,6 +1172,61 @@ queryFrontend: ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param queryFrontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param queryFrontend.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param queryFrontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param queryFrontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param queryFrontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param queryFrontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param queryFrontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## Service parameters ## service: @@ -1182,14 +1283,12 @@ queryFrontend: ## @param queryFrontend.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account ## @param queryFrontend.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED queryFrontend.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## RBAC configuration ## rbac: @@ -1383,6 +1482,10 @@ bucketweb: ## updateStrategy: type: RollingUpdate + ## @param bucketweb.containerPorts.http HTTP container port + ## + containerPorts: + http: 8080 ## K8s Pod Security Context for Thanos Bucket Web pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucket Web pods @@ -1592,6 +1695,61 @@ bucketweb: ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param bucketweb.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param bucketweb.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param bucketweb.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param bucketweb.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param bucketweb.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param bucketweb.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param bucketweb.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## Service parameters ## service: @@ -1646,14 +1804,12 @@ bucketweb: ## @param bucketweb.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account ## @param bucketweb.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED bucketweb.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## Thanos Bucket Web Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param bucketweb.autoscaling.enabled Enable autoscaling for Thanos Bucket Web @@ -1851,6 +2007,10 @@ compactor: ## updateStrategy: type: Recreate + ## @param compactor.containerPorts.http HTTP container port + ## + containerPorts: + http: 10902 ## K8s Pod Security Context for Thanos Compactor pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pods @@ -2060,6 +2220,61 @@ compactor: ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param compactor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param compactor.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param compactor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param compactor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param compactor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param compactor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param compactor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## Service parameters ## service: @@ -2116,14 +2331,12 @@ compactor: ## @param compactor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account ## @param compactor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED compactor.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## Configure the ingress resource that allows you to access Thanos Query Frontend ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## @@ -2338,6 +2551,12 @@ storegateway: ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: OrderedReady + ## @param storegateway.containerPorts.http HTTP container port + ## @param storegateway.containerPorts.grpc GRPC container port + ## + containerPorts: + http: 10902 + grpc: 10901 ## K8s Pod Security Context for Thanos Store Gateway pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Store Gateway pods @@ -2547,6 +2766,61 @@ storegateway: ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param storegateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param storegateway.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param storegateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param storegateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param storegateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param storegateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param storegateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## Service parameters ## service: @@ -2646,14 +2920,12 @@ storegateway: ## @param storegateway.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account ## @param storegateway.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED storegateway.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## Thanos Store Gateway Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway @@ -3000,6 +3272,12 @@ ruler: ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## podManagementPolicy: OrderedReady + ## @param ruler.containerPorts.http HTTP container port + ## @param ruler.containerPorts.grpc GRPC container port + ## + containerPorts: + http: 10902 + grpc: 10901 ## K8s Pod Security Context for Thanos Ruler pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pods @@ -3209,6 +3487,61 @@ ruler: ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param ruler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param ruler.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param ruler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param ruler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param ruler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param ruler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param ruler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## Service parameters ## service: @@ -3305,14 +3638,12 @@ ruler: ## @param ruler.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account ## @param ruler.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED ruler.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## Thanos Ruler Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param ruler.autoscaling.enabled Enable autoscaling for Thanos Ruler @@ -3526,6 +3857,14 @@ receive: ## @param receive.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update ## minReadySeconds: 0 + ## @param receive.containerPorts.http HTTP container port + ## @param receive.containerPorts.grpc GRPC container port + ## @param receive.containerPorts.remote remote-write container port + ## + containerPorts: + http: 10902 + grpc: 10901 + remote: 19291 ## K8s Pod Security Context for Thanos Receive pods ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pods @@ -3740,6 +4079,61 @@ receive: ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param receive.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param receive.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param receive.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param receive.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param receive.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param receive.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param receive.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} ## Service parameters ## service: @@ -3812,14 +4206,12 @@ receive: ## @param receive.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account ## @param receive.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## Thanos Receive Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive @@ -4233,14 +4625,12 @@ receiveDistributor: ## @param receiveDistributor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. ## @param receiveDistributor.serviceAccount.annotations Annotations for Thanos Receive Distributor Service Account ## @param receiveDistributor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## DEPRECATED receive.serviceAccount.existingServiceAccount - This value has been deprecated and will be removed in a future release, please use `serviceAccount.name` in combination with `serviceAccount.create=false` instead ## serviceAccount: create: true name: "" annotations: {} automountServiceAccountToken: false - ## existingServiceAccount: "" ## Thanos Receive Distributor Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param receiveDistributor.autoscaling.enabled Enable autoscaling for Thanos Receive Distributor @@ -4467,31 +4857,3 @@ minio: ## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create ## defaultBuckets: "thanos" - -## @section NetWorkPolicy parameters - -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to http and grpc thanos port. - ## When true, thanos will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach thanos. - ## But sometimes, we want thanos to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {}