mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-29 02:45:06 +00:00
Add servicemonitor in helm chart (#1984)
This commit is contained in:
Ahmed Waleed Malik
GitHub
parent
61381cd648
commit
a0bac26308
3 changed files with 60 additions and 0 deletions
|
|
@ -104,6 +104,17 @@ The following table lists the configurable parameters of the kyverno chart and t
|
|||
| `service.nodePort` | node port | `nil` |
|
||||
| `service.port` | port for the service | `443` |
|
||||
| `service.type` | type of service | `ClusterIP` |
|
||||
| `serviceMonitor.enabled` | create a ServiceMonitor(Requires Prometheus) | `false` |
|
||||
| `serviceMonitor.additionalLabels` | additional labels to add for ServiceMonitor | `nil` |
|
||||
|
||||
| `serviceMonitor.interval` | interval to scrape metrics | `30s` |
|
||||
|
||||
| `serviceMonitor.scrapeTimeout` | timeout if metrics can't be retrieved in given time interval | `25s` |
|
||||
|
||||
| `serviceMonitor.secure` | is TLS required for endpoint | `false` |
|
||||
|
||||
| `serviceMonitor.tlsConfig` | TLS Configuration for endpoint | `[]` |
|
||||
|
||||
| `tolerations` | list of node taints to tolerate | `[]` |
|
||||
| `securityContext` | security context configuration | `{}` |
|
||||
| `podSecurityStandard` | set desired pod security level `privileged`, `baseline`, `restricted`, `custom`. Set to `restricted` for maximum security for your cluster. See: https://kyverno.io/policies/pod-security/ | `baseline` |
|
||||
|
|
|
|||
33
charts/kyverno/templates/servicemonitor.yaml
Normal file
33
charts/kyverno/templates/servicemonitor.yaml
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
{{- if .Values.serviceMonitor.enabled }}
|
||||
|
||||
{{- if not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") -}}
|
||||
{{- fail "Prometheus is not installed" }}
|
||||
{{ end }}
|
||||
|
||||
apiVersion: "monitoring.coreos.com/v1"
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
labels: {{ include "kyverno.labels" . | nindent 4 }}
|
||||
app: kyverno
|
||||
{{- if .Values.serviceMonitor.additionalLabels }}
|
||||
{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
|
||||
{{- end }}
|
||||
name: {{ template "kyverno.serviceName" . }}-service-monitor
|
||||
namespace: {{ template "kyverno.namespace" . }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels: {{ include "kyverno.matchLabels" . | nindent 6 }}
|
||||
app: kyverno
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ template "kyverno.namespace" . }}
|
||||
endpoints:
|
||||
- port: metrics-port
|
||||
interval: {{ .Values.serviceMonitor.interval }}
|
||||
scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
|
||||
{{- if .Values.serviceMonitor.secure }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
{{- toYaml .Values.serviceMonitor.tlsConfig | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -175,6 +175,22 @@ metricsService:
|
|||
##
|
||||
annotations: {}
|
||||
|
||||
# Service Monitor to collect Prometheus Metrics
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
# Additional labels
|
||||
additionalLabels:
|
||||
# key: value
|
||||
|
||||
# Interval to scrape metrics
|
||||
interval: 30s
|
||||
# Timeout if metrics can't be retrieved in given time interval
|
||||
scrapeTimeout: 25s
|
||||
# Is TLS required for endpoint
|
||||
secure: false
|
||||
# TLS Configuration for endpoint
|
||||
tlsConfig: {}
|
||||
|
||||
# Kyverno requires a certificate key pair and corresponding certificate authority
|
||||
# to properly register its webhooks. This can be done in one of 3 ways:
|
||||
# 1) Use kube-controller-manager to generate a CA-signed certificate (preferred)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue