├── .github ├── CODEOWNERS └── workflows │ ├── check-codeowners.yaml │ ├── ci.yml │ ├── lint-test.yaml │ ├── linter.yml │ ├── release.yaml │ ├── sync-readme.yaml │ ├── update-helm-repo.yaml │ └── validate-pr.yaml ├── .gitignore ├── .helmdocsignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── charts ├── agent-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── crds │ │ ├── monitoring.coreos.com_podmonitors.yaml │ │ ├── monitoring.coreos.com_probes.yaml │ │ ├── monitoring.coreos.com_servicemonitors.yaml │ │ ├── monitoring.grafana.com_grafanaagents.yaml │ │ ├── monitoring.grafana.com_integrations.yaml │ │ ├── monitoring.grafana.com_logsinstances.yaml │ │ ├── monitoring.grafana.com_metricsinstances.yaml │ │ └── monitoring.grafana.com_podlogs.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── operator-clusterrole.yaml │ │ ├── operator-clusterrolebinding.yaml │ │ ├── operator-deployment.yaml │ │ ├── operator-serviceaccount.yaml │ │ └── tests │ │ │ └── test-grafanaagent.yaml │ └── values.yaml ├── cloudcost-exporter │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml │ ├── values.aws.yaml │ └── values.yaml ├── enterprise-logs-simple │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── test-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── secret-config.yaml │ │ ├── secret-license.yaml │ │ └── tokengen │ │ │ ├── _helpers.yaml │ │ │ ├── job-tokengen.yaml │ │ │ ├── role-tokengen.yaml │ │ │ ├── rolebinding-tokengen.yaml │ │ │ └── serviceaccount-tokengen.yaml │ └── values.yaml ├── enterprise-logs │ ├── CHANGELOG.md │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ └── test-values.yaml │ ├── small.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── admin-api │ │ │ ├── _helpers.yaml │ │ │ ├── deployment-admin-api.yaml │ │ │ └── service-admin-api.yaml │ │ ├── compactor │ │ │ ├── _helpers.yaml │ │ │ └── statefulset-compactor.yaml │ │ ├── gateway │ │ │ ├── _helpers.yaml │ │ │ ├── deployment-gateway.yaml │ │ │ └── service-gateway.yaml │ │ ├── secret-config.yaml │ │ ├── secret-license.yaml │ │ └── tokengen │ │ │ ├── _helpers.yaml │ │ │ ├── job-tokengen.yaml │ │ │ ├── role-tokengen.yaml │ │ │ └── rolebinding-tokengen.yaml │ └── values.yaml ├── enterprise-metrics │ ├── .gitignore │ ├── .helmignore │ ├── CHANGELOG.md │ ├── Chart.yaml │ ├── Makefile │ ├── README.md │ ├── capped-large.yaml │ ├── capped-small.yaml │ ├── ci │ │ └── test-values.yaml │ ├── environments │ │ ├── default │ │ │ ├── main.jsonnet │ │ │ └── spec.json │ │ ├── large │ │ │ ├── main.jsonnet │ │ │ └── spec.json │ │ └── small │ │ │ ├── main.jsonnet │ │ │ └── spec.json │ ├── jsonnetfile.json │ ├── jsonnetfile.lock.json │ ├── large.yaml │ ├── small.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── admin-api-dep.yaml │ │ ├── admin-api-svc.yaml │ │ ├── alertmanager-dep.yaml │ │ ├── alertmanager-statefulset.yaml │ │ ├── alertmanager-svc-headless.yaml │ │ ├── alertmanager-svc.yaml │ │ ├── compactor-statefulset.yaml │ │ ├── compactor-svc.yaml │ │ ├── distributor-dep.yaml │ │ ├── distributor-svc.yaml │ │ ├── gateway-dep.yaml │ │ ├── gateway-svc.yaml │ │ ├── gossip-ring-svc.yaml │ │ ├── ingester-dep.yaml │ │ ├── ingester-statefulset.yaml │ │ ├── ingester-svc.yaml │ │ ├── license-secret.yaml │ │ ├── overrides-exporter-dep.yaml │ │ ├── overrides-exporter-svc.yaml │ │ ├── pdb.yaml │ │ ├── podsecuritypolicy.yaml │ │ ├── querier-dep.yaml │ │ ├── querier-svc.yaml │ │ ├── query-frontend-dep.yaml │ │ ├── query-frontend-svc-headless.yaml │ │ ├── query-frontend-svc.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── ruler-dep.yaml │ │ ├── ruler-svc.yaml │ │ ├── runtime-configmap.yaml │ │ ├── secret.yaml │ │ ├── serviceaccount.yaml │ │ ├── store-gateway-statefulset.yaml │ │ ├── store-gateway-svc.yaml │ │ └── tokengen-job.yaml │ ├── tools │ │ ├── chart-version-tag.sh │ │ └── update-version │ ├── values.yaml │ └── vendor │ │ └── github.com │ │ └── grafana │ │ └── jsonnet-libs │ │ └── tanka-util │ │ ├── Makefile │ │ ├── README.md │ │ ├── README.md.tmpl │ │ ├── _example.jsonnet │ │ ├── helm.libsonnet │ │ ├── k8s.libsonnet │ │ ├── kustomize.libsonnet │ │ └── main.libsonnet ├── fluent-bit │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmap.yaml │ │ ├── daemonset.yaml │ │ ├── podsecuritypolicy.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service-headless.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── grafana-agent │ └── README.md ├── grafana-sampling │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── sampling-architecture.png │ ├── templates │ │ ├── _alloy_config_deployment.alloy.txt │ │ ├── _alloy_config_statefulset.alloy.txt │ │ ├── _helpers.tpl │ │ ├── _live_debugging.alloy.txt │ │ ├── _otelcol_auth_basic.alloy.txt │ │ ├── _otelcol_connector_servicegraph.alloy.txt │ │ ├── _otelcol_connector_spanmetrics.alloy.txt │ │ ├── _otelcol_exporter_loadbalancing.alloy.txt │ │ ├── _otelcol_exporter_otlp.alloy.txt │ │ ├── _otelcol_exporter_prometheus.alloy.txt │ │ ├── _otelcol_processor_batch.alloy.txt │ │ ├── _otelcol_processor_filter.alloy.txt │ │ ├── _otelcol_processor_tail_sampling.alloy.txt │ │ ├── _otelcol_processor_transform.alloy.txt │ │ ├── _otelcol_receiver_otlp.alloy.txt │ │ ├── _prometheus_remote_write.alloy.txt │ │ ├── configmap_deployment.yaml │ │ └── configmap_statefulset.yaml │ └── values.yaml ├── grafana │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci │ │ ├── default-values.yaml │ │ ├── with-affinity-values.yaml │ │ ├── with-dashboard-json-values.yaml │ │ ├── with-dashboard-values.yaml │ │ ├── with-extraconfigmapmounts-values.yaml │ │ ├── with-image-renderer-values.yaml │ │ ├── with-nondefault-values.yaml │ │ ├── with-persistence.yaml │ │ └── with-sidecars-envvaluefrom-values.yaml │ ├── dashboards │ │ └── custom-dashboard.json │ ├── templates │ │ ├── NOTES.txt │ │ ├── _config.tpl │ │ ├── _helpers.tpl │ │ ├── _pod.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configSecret.yaml │ │ ├── configmap-dashboard-provider.yaml │ │ ├── configmap.yaml │ │ ├── dashboards-json-configmap.yaml │ │ ├── deployment.yaml │ │ ├── extra-manifests.yaml │ │ ├── headless-service.yaml │ │ ├── hpa.yaml │ │ ├── image-renderer-deployment.yaml │ │ ├── image-renderer-hpa.yaml │ │ ├── image-renderer-network-policy.yaml │ │ ├── image-renderer-service.yaml │ │ ├── image-renderer-servicemonitor.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── podsecuritypolicy.yaml │ │ ├── pvc.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── route.yaml │ │ ├── secret-env.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ ├── statefulset.yaml │ │ └── tests │ │ │ ├── test-configmap.yaml │ │ │ ├── test-podsecuritypolicy.yaml │ │ │ ├── test-role.yaml │ │ │ ├── test-rolebinding.yaml │ │ │ ├── test-serviceaccount.yaml │ │ │ └── test.yaml │ └── values.yaml ├── k8s-monitoring │ └── README.md ├── lgtm-distributed │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ └── _helpers.tpl │ └── values.yaml ├── loki-canary │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ ├── with-basic-auth-values.yaml │ │ └── without-basic-auth-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── daemonset.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── loki-distributed │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ ├── cache-values.yaml │ │ ├── default-values.yaml │ │ ├── ingress-values.yaml │ │ └── persistence-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── compactor │ │ │ ├── _helpers-compactor.tpl │ │ │ ├── deployment-compactor.yaml │ │ │ ├── persistentvolumeclaim-compactor.yaml │ │ │ ├── service-compactor.yaml │ │ │ ├── serviceaccount-compactor.yaml │ │ │ ├── servicemonitor-compactor.yaml │ │ │ └── statefulset-compactor.yaml │ │ ├── config-secret.yaml │ │ ├── configmap.yaml │ │ ├── distributor │ │ │ ├── _helpers-distributor.tpl │ │ │ ├── deployment-distributor.yaml │ │ │ ├── hpa.yaml │ │ │ ├── poddisruptionbudget-distributor.yaml │ │ │ ├── service-distributor.yaml │ │ │ └── servicemonitor-distributor.yaml │ │ ├── gateway │ │ │ ├── _helpers-gateway.tpl │ │ │ ├── configmap-gateway.yaml │ │ │ ├── deployment-gateway.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress-gateway.yaml │ │ │ ├── poddisruptionbudget-gateway.yaml │ │ │ ├── secret-gateway.yaml │ │ │ └── service-gateway.yaml │ │ ├── index-gateway │ │ │ ├── _helpers-index-gateway.tpl │ │ │ ├── poddisruptionbudget-index-gateway.yaml │ │ │ ├── service-index-gateway-headless.yaml │ │ │ ├── service-index-gateway.yaml │ │ │ ├── servicemonitor-index-gateway.yaml │ │ │ └── statefulset-index-gateway.yaml │ │ ├── ingester │ │ │ ├── _helpers-ingester.tpl │ │ │ ├── deployment-ingester.yaml │ │ │ ├── hpa.yaml │ │ │ ├── poddisruptionbudget-ingester.yaml │ │ │ ├── service-ingester-headless.yaml │ │ │ ├── service-ingester.yaml │ │ │ ├── servicemonitor-ingester.yaml │ │ │ └── statefulset-ingester.yaml │ │ ├── ingress.yaml │ │ ├── memcached-chunks │ │ │ ├── _helpers-memcached-chunks.tpl │ │ │ ├── poddisruptionbudget-memcached-chunks.yaml │ │ │ ├── service-memcached-chunks.yaml │ │ │ ├── servicemonitor-memcached-chunks.yaml │ │ │ └── statefulset-memcached-chunks.yaml │ │ ├── memcached-frontend │ │ │ ├── _helpers-memcached-frontend.tpl │ │ │ ├── poddisruptionbudget-memcached-frontend.yaml │ │ │ ├── service-memcached-frontend.yaml │ │ │ ├── servicemonitor-memcached-frontend.yaml │ │ │ └── statefulset-memcached-frontend.yaml │ │ ├── memcached-index-queries │ │ │ ├── _helpers-memcached-index-queries.tpl │ │ │ ├── poddisruptionbudget-memcached-index-queries.yaml │ │ │ ├── service-memcached-index-queries.yaml │ │ │ ├── servicemonitor-memcached-index-queries.yaml │ │ │ └── statefulset-memcached-index-queries.yaml │ │ ├── memcached-index-writes │ │ │ ├── _helpers-memcached-index-writes.tpl │ │ │ ├── poddisruptionbudget-memcached-index-writes.yaml │ │ │ ├── service-memcached-index-writes.yaml │ │ │ ├── servicemonitor-memcached-index-writes.yaml │ │ │ └── statefulset-memcached-index-writes.yaml │ │ ├── networkpolicy.yaml │ │ ├── podsecuritypolicy.yaml │ │ ├── prometheusrule.yaml │ │ ├── querier │ │ │ ├── _helpers-querier.tpl │ │ │ ├── deployment-querier.yaml │ │ │ ├── hpa.yaml │ │ │ ├── poddisruptionbudget-querier.yaml │ │ │ ├── service-querier-headless.yaml │ │ │ ├── service-querier.yaml │ │ │ ├── servicemonitor-querier.yaml │ │ │ └── statefulset-querier.yaml │ │ ├── query-frontend │ │ │ ├── _helpers-query-frontend.tpl │ │ │ ├── deployment-query-frontend.yaml │ │ │ ├── hpa.yaml │ │ │ ├── poddisruptionbudget-query-frontent.yaml │ │ │ ├── service-query-frontend-headless.yaml │ │ │ ├── service-query-frontend.yaml │ │ │ └── servicemonitor-query-frontend.yaml │ │ ├── query-scheduler │ │ │ ├── _helpers-query-scheduler.tpl │ │ │ ├── deployment-query-scheduler.yaml │ │ │ ├── poddisruptionbudget-query-scheduler.yaml │ │ │ ├── service-query-scheduler.yaml │ │ │ └── servicemonitor-query-scheduler.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── ruler │ │ │ ├── _helpers-ruler.tpl │ │ │ ├── configmap-ruler.yaml │ │ │ ├── deployment-ruler.yaml │ │ │ ├── persistentvolumeclaim-ruler.yaml │ │ │ ├── poddisruptionbudget-ruler.yaml │ │ │ ├── service-ruler.yaml │ │ │ ├── servicemonitor-ruler.yaml │ │ │ └── statefulset-ruler.yaml │ │ ├── runtime-configmap.yaml │ │ ├── securitycontextconstraints.yaml │ │ ├── service-memberlist.yaml │ │ ├── serviceaccount.yaml │ │ ├── table-manager │ │ │ ├── _helpers-table-manager.tpl │ │ │ ├── deployment-table-manager.yaml │ │ │ ├── service-table-manager.yaml │ │ │ └── servicemonitor-table-manager.yaml │ │ └── validate.yaml │ ├── values.test.yaml │ └── values.yaml ├── loki-simple-scalable │ └── README.md ├── loki-stack │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── requirements.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── datasources.yaml │ │ └── tests │ │ │ ├── loki-test-configmap.yaml │ │ │ └── loki-test-pod.yaml │ └── values.yaml ├── loki │ └── README.md ├── mimir-distributed │ └── README.md ├── promtail │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ ├── autoscaled-deployment-values.yaml │ │ ├── default-values.yaml │ │ ├── deployment-values.yaml │ │ ├── netpol-values.yaml │ │ └── service-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── _pod.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmap.yaml │ │ ├── daemonset.yaml │ │ ├── deployment.yaml │ │ ├── extra-manifests.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ ├── networkpolicy.yaml │ │ ├── podsecuritypolicy.yaml │ │ ├── prometheus-rules.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── secret.yaml │ │ ├── service-extra.yaml │ │ ├── service-metrics.yaml │ │ ├── serviceaccount.yaml │ │ ├── servicemonitor.yaml │ │ └── verticalpodautoscaler.yaml │ └── values.yaml ├── rollout-operator │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── snyk-exporter │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── synthetic-monitoring-agent │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ └── default-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── extra-manifests.yaml │ │ ├── hpa.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── tempo-distributed │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ └── parquet-dedicated-columns.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── admin-api │ │ │ ├── _helpers.tpl │ │ │ ├── admin-api-dep.yaml │ │ │ ├── admin-api-pdb.yaml │ │ │ ├── admin-api-servmon.yaml │ │ │ └── admin-api-svc.yaml │ │ ├── compactor │ │ │ ├── _helpers-compactor.tpl │ │ │ ├── deployment-compactor.yaml │ │ │ ├── hpa.yaml │ │ │ ├── keda-scaledObject.yaml │ │ │ ├── poddisruptionbudget-compactor.yaml │ │ │ ├── service-compactor.yaml │ │ │ └── servicemonitor-compactor.yaml │ │ ├── configmap-runtime.yaml │ │ ├── configmap-tempo.yaml │ │ ├── distributor │ │ │ ├── _helpers-distributor.tpl │ │ │ ├── deployment-distributor.yaml │ │ │ ├── hpa.yaml │ │ │ ├── poddisruptionbudget-distributor.yaml │ │ │ ├── service-distributor-discovery.yaml │ │ │ ├── service-distributor.yaml │ │ │ └── servicemonitor-distributor.yaml │ │ ├── enterprise-federation-frontend │ │ │ ├── _helpers-federation-frontend.tpl │ │ │ ├── deployment-federation-frontend.yaml │ │ │ ├── hpa.yaml │ │ │ ├── poddisruptionbudget-federation-frontend.yaml │ │ │ ├── service-federation-frontend.yaml │ │ │ └── servicemonitor-federation-frontend.yaml │ │ ├── enterprise-gateway │ │ │ ├── _helpers.tpl │ │ │ ├── gateway-dep.yaml │ │ │ ├── gateway-ingress.yaml │ │ │ ├── gateway-pdb.yaml │ │ │ ├── gateway-servmon.yaml │ │ │ └── gateway-svc.yaml │ │ ├── extra-manifests.yaml │ │ ├── gateway │ │ │ ├── _helpers-gateway.tpl │ │ │ ├── configmap-gateway.yaml │ │ │ ├── deployment-gateway.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress-gateway.yaml │ │ │ ├── poddisruptionbudget-gateway.yaml │ │ │ ├── secret-gateway.yaml │ │ │ └── service-gateway.yaml │ │ ├── gossip-ring │ │ │ ├── _helpers.gossip-ring.tpl │ │ │ └── service-gossip-ring.yaml │ │ ├── ingester │ │ │ ├── _helpers-ingester.tpl │ │ │ ├── hpa.yaml │ │ │ ├── pdb.yaml │ │ │ ├── poddisruptionbudget-ingester.yaml │ │ │ ├── service-ingester-discovery.yaml │ │ │ ├── service-ingester.yaml │ │ │ ├── servicemonitor-ingester.yaml │ │ │ └── statefulset-ingester.yaml │ │ ├── ingress.yaml │ │ ├── lib │ │ │ ├── pdb.tpl │ │ │ └── service-monitor.tpl │ │ ├── license-secret.yaml │ │ ├── memcached │ │ │ ├── _helpers-memcached.tpl │ │ │ ├── poddisruptionbudget-memcached.yaml │ │ │ ├── service-memcached.yaml │ │ │ ├── servicemonitor-memcached.yaml │ │ │ └── statefulset-memcached.yaml │ │ ├── metamonitoring │ │ │ ├── _helpers.tpl │ │ │ ├── grafana-agent-cluster-role-binding.yaml │ │ │ ├── grafana-agent-cluster-role.yaml │ │ │ ├── grafana-agent-service-account.yaml │ │ │ ├── grafana-agent.yaml │ │ │ ├── kube-state-metrics-servmon.yaml │ │ │ ├── kubelet-cadvisor-servmon.yaml │ │ │ ├── logs-instance-usernames-secret.yaml │ │ │ ├── logs-instance.yaml │ │ │ ├── metrics-instance-usernames-secret.yaml │ │ │ ├── metrics-instance.yaml │ │ │ └── pod-logs.yaml │ │ ├── metrics-generator │ │ │ ├── _helpers-metrics-generator.tpl │ │ │ ├── deployment-metrics-generator.yaml │ │ │ ├── poddisruptionbudget-metrics-generator.yaml │ │ │ ├── service-metrics-generator-discovery.yaml │ │ │ ├── service-metrics-generator.yaml │ │ │ ├── servicemonitor-metrics-generator.yaml │ │ │ └── statefulset-metrics-generator.yaml │ │ ├── podsecuritypolicy.yaml │ │ ├── prometheusrule.yaml │ │ ├── provisioner │ │ │ ├── provisioner-job.yaml │ │ │ ├── provisioner-rbac.yaml │ │ │ └── provisioner-serviceaccount.yaml │ │ ├── querier │ │ │ ├── _helpers-querier.tpl │ │ │ ├── deployment-querier.yaml │ │ │ ├── hpa.yaml │ │ │ ├── poddisruptionbudget-querier.yaml │ │ │ ├── service-querier.yaml │ │ │ └── servicemonitor-querier.yaml │ │ ├── query-frontend │ │ │ ├── _helpers-query-frontend.tpl │ │ │ ├── deployment-query-frontend.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress-query-frontend.yaml │ │ │ ├── poddisruptionbudget-query-frontend.yaml │ │ │ ├── service-query-frontend-discovery.yaml │ │ │ ├── service-query-frontend.yaml │ │ │ ├── servicemonitor-jaeger-query.yaml │ │ │ └── servicemonitor-query-frontend.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── serviceaccount.yaml │ │ └── tokengen │ │ │ ├── __helpers.tpl │ │ │ ├── tokengen-job.yaml │ │ │ ├── tokengen-rbac.yaml │ │ │ └── tokengen-serviceaccount.yaml │ └── values.yaml ├── tempo-vulture │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── ci │ │ └── basic-values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── podmonitor.yaml │ │ ├── secret.yaml │ │ └── serviceaccount.yaml │ └── values.yaml └── tempo │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── templates │ ├── _helpers.tpl │ ├── _ports.tpl │ ├── configmap-tempo-query.yaml │ ├── configmap-tempo.yaml │ ├── ingress-tempo-query.yaml │ ├── networkpolicy.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ ├── servicemonitor.yaml │ └── statefulset.yaml │ └── values.yaml ├── cr.yaml ├── ct.yaml └── scripts ├── check-codeowners.sh └── validate-pr.sh /.github/workflows/check-codeowners.yaml: -------------------------------------------------------------------------------- 1 | name: Check CODEOWNERS 2 | 3 | on: workflow_call 4 | 5 | jobs: 6 | build: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: actions/checkout@v4 10 | with: 11 | persist-credentials: false 12 | - name: install yq 13 | run: | 14 | sudo snap install yq 15 | - name: generate CODEOWNERS 16 | run: | 17 | ./scripts/check-codeowners.sh > .github/CODEOWNERS 18 | - name: check CODEOWNERS for modifications 19 | run: | 20 | git diff --exit-code || echo "::warning::There is at least one codeowner mismatch." 21 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: pull_request 4 | 5 | permissions: {} 6 | 7 | jobs: 8 | call-check-codeowners: 9 | uses: ./.github/workflows/check-codeowners.yaml 10 | call-lint: 11 | uses: ./.github/workflows/linter.yml 12 | call-lint-test: 13 | uses: ./.github/workflows/lint-test.yaml 14 | -------------------------------------------------------------------------------- /.github/workflows/sync-readme.yaml: -------------------------------------------------------------------------------- 1 | on: 2 | push: 3 | branches: 4 | - 'main' 5 | paths: 6 | - 'README.md' 7 | permissions: {} 8 | jobs: 9 | build: 10 | permissions: 11 | contents: write # for git push 12 | 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v4 16 | with: 17 | persist-credentials: false 18 | - run: | 19 | cp -f README.md ${{ runner.temp }}/README.md 20 | - uses: actions/checkout@v4 21 | with: 22 | ref: gh-pages 23 | persist-credentials: false 24 | - run: | 25 | cp -f ${{ runner.temp }}/README.md . 26 | git config user.name "$GITHUB_ACTOR" 27 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 28 | git add README.md 29 | git commit --signoff -m "Sync README from main" 30 | git push 31 | -------------------------------------------------------------------------------- /.github/workflows/validate-pr.yaml: -------------------------------------------------------------------------------- 1 | name: Validate Pull Request 2 | 3 | on: 4 | pull_request: 5 | types: 6 | - opened 7 | - edited 8 | - reopened 9 | - synchronize 10 | 11 | permissions: 12 | pull-requests: read 13 | contents: read 14 | 15 | jobs: 16 | validate: 17 | runs-on: ubuntu-latest 18 | steps: 19 | - name: Checkout Code 20 | uses: actions/checkout@v4 21 | with: 22 | fetch-depth: 0 23 | persist-credentials: false 24 | 25 | - name: Set up chart-testing 26 | uses: helm/chart-testing-action@b0d4458c71155b54fcf33e11dd465dc923550009 # v2.0.1 27 | - name: Validate PR 28 | run: scripts/validate-pr.sh 29 | env: 30 | PR_TITLE: ${{ github.event.pull_request.title }} 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /charts/*/charts 2 | .idea 3 | .vscode 4 | .project 5 | .settings 6 | /charts/enterprise-metrics/vendor/tanka-util 7 | .DS_Store 8 | *.iml 9 | -------------------------------------------------------------------------------- /.helmdocsignore: -------------------------------------------------------------------------------- 1 | charts/fluent-bit 2 | charts/grafana 3 | charts/loki 4 | charts/loki-stack 5 | charts/enterprise-metrics 6 | charts/enterprise-logs 7 | # TODO get rid of this list after all docs migrated to helm-docs:1.8.1 8 | charts/enterprise-logs-simple 9 | -------------------------------------------------------------------------------- /charts/agent-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/agent-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: grafana-agent-operator 3 | description: A Helm chart for Grafana Agent Operator 4 | type: application 5 | version: 0.5.1 6 | appVersion: "0.44.2" 7 | home: https://grafana.com/docs/agent/v0.44/ 8 | icon: https://raw.githubusercontent.com/grafana/agent/v0.44.2/docs/sources/assets/logo_and_name.png 9 | sources: 10 | - https://github.com/grafana/agent/tree/v0.44.2/static/operator 11 | maintainers: 12 | - name: Grafana Agent Team 13 | email: grafana-agent-team@googlegroups.com 14 | -------------------------------------------------------------------------------- /charts/agent-operator/templates/operator-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ include "ga-operator.fullname" . }} 6 | labels: 7 | {{ include "ga-operator.labels" . | indent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: {{ include "ga-operator.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ template "ga-operator.serviceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end -}} 17 | 18 | -------------------------------------------------------------------------------- /charts/agent-operator/templates/operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "ga-operator.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "ga-operator.labels" . | indent 4 }} 9 | {{- end -}} 10 | 11 | -------------------------------------------------------------------------------- /charts/cloudcost-exporter/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/cloudcost-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: cloudcost-exporter 3 | description: Cloud Cost Exporter exports cloud provider agnostic cost metrics to Prometheus. 4 | type: application 5 | 6 | # This is the chart version. This version number should be incremented each time you make changes 7 | # to the chart and its templates, including the app version. 8 | version: 1.0.4 9 | 10 | # This is the version of cloudcost-exporter to be deployed, which should be incremented 11 | # with each release. 12 | appVersion: "0.8.1" 13 | 14 | home: https://github.com/grafana/cloudcost-exporter 15 | -------------------------------------------------------------------------------- /charts/cloudcost-exporter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "cloudcost-exporter.fullname" . }} 5 | labels: 6 | {{- include "cloudcost-exporter.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: {{ .Values.portName }} 12 | protocol: {{ .Values.service.protocol }} 13 | name: http 14 | selector: 15 | {{- include "cloudcost-exporter.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/cloudcost-exporter/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "cloudcost-exporter.serviceAccountName" . }} 6 | labels: 7 | {{- include "cloudcost-exporter.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/cloudcost-exporter/values.aws.yaml: -------------------------------------------------------------------------------- 1 | # Custom values to deploy cloudcost-exporter on AWS. 2 | # This is a YAML-formatted file. 3 | # Declare additional variables to be passed into your templates. 4 | # Use this values file together with the default values file. 5 | 6 | containerArgs: 7 | - "--provider=aws" 8 | - "--aws.region=us-east-1" 9 | - "--aws.services=s3,ec2" 10 | 11 | serviceAccount: 12 | annotations: 13 | eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/CloudCostExporterRole 14 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: loki-simple-scalable 3 | repository: https://grafana.github.io/helm-charts 4 | version: 0.3.2 5 | - name: minio 6 | repository: https://helm.min.io/ 7 | version: 8.0.9 8 | digest: sha256:5c04ba24c657a1cfaf96ff9b35bc018056c9c4de1a6e7ac5b2d9143e1fb11c2b 9 | generated: "2022-04-01T13:37:13.444741911-06:00" 10 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v2" 2 | name: "enterprise-logs-simple" 3 | type: application 4 | version: "1.3.0" 5 | appVersion: "v1.4.0" 6 | kubeVersion: "^1.10.0-0" 7 | description: "DEPRECATED Grafana Enterprise Logs (Simple Scalable)" 8 | deprecated: true 9 | home: "https://grafana.com/products/enterprise/logs/" 10 | dependencies: 11 | - name: loki-simple-scalable 12 | version: ^0.3.0 13 | repository: https://grafana.github.io/helm-charts 14 | - name: minio 15 | alias: minio 16 | version: 8.0.9 17 | repository: https://helm.min.io/ 18 | condition: minio.enabled 19 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/ci/test-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | commonConfig: 3 | replication_factor: 1 4 | 5 | loki-simple-scalable: 6 | read: 7 | replicas: 1 8 | write: 9 | replicas: 1 10 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | This chart is now deprecated and will no longer be updated. 2 | Grafana Enterprise Logs v1.4.0 is included in the `loki-simple-scalable` chart which implements Grafana Enterprise Logs as an option (`enterprise.enabled: true`). 3 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/templates/secret-config.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.useExternalConfig -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: enterprise-logs-config 6 | labels: 7 | {{- include "enterprise-logs.labels" . | nindent 4 }} 8 | data: 9 | config.yaml: {{ tpl (mergeOverwrite (tpl .Values.config . | fromYaml) .Values.structuredConfig | toYaml) . | b64enc }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/templates/secret-license.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.useExternalLicense -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: enterprise-logs-license 6 | labels: 7 | {{- include "enterprise-logs.labels" . | nindent 4 }} 8 | data: 9 | license.jwt: {{ .Values.license.contents | b64enc }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/templates/tokengen/_helpers.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | tokengen fullname 3 | */}} 4 | {{- define "enterprise-logs.tokengenFullname" -}} 5 | {{ include "enterprise-logs.fullname" . }}-tokengen 6 | {{- end }} 7 | 8 | {{/* 9 | tokengen common labels 10 | */}} 11 | {{- define "enterprise-logs.tokengenLabels" -}} 12 | {{ include "enterprise-logs.labels" . }} 13 | app.kubernetes.io/component: tokengen 14 | {{- end }} 15 | 16 | {{/* 17 | tokengen selector labels 18 | */}} 19 | {{- define "enterprise-logs.tokengenSelectorLabels" -}} 20 | {{ include "enterprise-logs.selectorLabels" . }} 21 | app.kubernetes.io/component: tokengen 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/templates/tokengen/role-tokengen.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.tokengen.enable }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "enterprise-logs.tokengenFullname" . }} 6 | labels: 7 | {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }} 8 | {{- with .Values.tokengen.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- with .Values.tokengen.annotations }} 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | "helm.sh/hook": post-install 16 | rules: 17 | - apiGroups: [""] 18 | resources: ["secrets"] 19 | verbs: ["create"] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/templates/tokengen/rolebinding-tokengen.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.tokengen.enable }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "enterprise-logs.tokengenFullname" . }} 6 | labels: 7 | {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }} 8 | {{- with .Values.tokengen.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- with .Values.tokengen.annotations }} 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | "helm.sh/hook": post-install 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: Role 19 | name: {{ template "enterprise-logs.tokengenFullname" . }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ template "enterprise-logs.tokengenFullname" . }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/enterprise-logs-simple/templates/tokengen/serviceaccount-tokengen.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.tokengen.enable }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "enterprise-logs.tokengenFullname" . }} 6 | labels: 7 | {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }} 8 | {{- with .Values.tokengen.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- with .Values.tokengen.annotations }} 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | "helm.sh/hook": post-install 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/enterprise-logs/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v2" 2 | name: "enterprise-logs" 3 | type: application 4 | version: "2.5.0" 5 | appVersion: "v1.5.2" 6 | kubeVersion: "^1.10.0-0" 7 | description: "Grafana Enterprise Logs" 8 | home: "https://grafana.com/products/enterprise/logs/" 9 | dependencies: 10 | - name: "loki-distributed" 11 | version: "0.55.0" 12 | repository: "https://grafana.github.io/helm-charts" 13 | - name: minio 14 | alias: minio 15 | version: 8.0.9 16 | repository: https://helm.min.io/ 17 | condition: minio.enabled 18 | -------------------------------------------------------------------------------- /charts/enterprise-logs/ci/test-values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | commonConfig: 3 | replication_factor: 1 4 | compactor: 5 | persistentVolume: 6 | enabled: false 7 | 8 | loki-distributed: 9 | ingester: 10 | replicas: 1 11 | persistence: 12 | enabled: false 13 | distributor: 14 | persistence: 15 | enabled: false 16 | ruler: 17 | persistence: 18 | enabled: false 19 | querier: 20 | persistence: 21 | enabled: false 22 | queryFrontend: 23 | persistence: 24 | enabled: false 25 | indexGateway: 26 | persistence: 27 | enabled: false 28 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/admin-api/_helpers.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | adminApi fullname 3 | */}} 4 | {{- define "enterprise-logs.adminApiFullname" -}} 5 | {{ include "enterprise-logs.fullname" . }}-admin-api 6 | {{- end }} 7 | 8 | {{/* 9 | adminApi common labels 10 | */}} 11 | {{- define "enterprise-logs.adminApiLabels" -}} 12 | {{ include "enterprise-logs.labels" . }} 13 | app.kubernetes.io/component: admin-api 14 | target: admin-api 15 | {{- end }} 16 | 17 | {{/* 18 | adminApi selector labels 19 | */}} 20 | {{- define "enterprise-logs.adminApiSelectorLabels" -}} 21 | {{ include "enterprise-logs.selectorLabels" . }} 22 | app.kubernetes.io/component: admin-api 23 | target: admin-api 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/admin-api/service-admin-api.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-logs.adminApiFullname" . }} 5 | labels: 6 | {{- include "enterprise-logs.adminApiLabels" . | nindent 4 }} 7 | {{- with .Values.adminApi.service.labels }} 8 | {{- toYaml . | nindent 4 }} 9 | {{- end }} 10 | annotations: 11 | {{- with .Values.adminApi.service.annotations }} 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: http-metrics 18 | port: 3100 19 | protocol: TCP 20 | targetPort: http-metrics 21 | - name: grpc 22 | port: 9095 23 | protocol: TCP 24 | targetPort: grpc 25 | selector: 26 | {{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 4 }} 27 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/compactor/_helpers.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | compactor fullname 3 | */}} 4 | {{- define "enterprise-logs.compactorFullname" -}} 5 | {{ include "enterprise-logs.fullname" . }}-compactor 6 | {{- end }} 7 | 8 | {{/* 9 | compactor common labels 10 | */}} 11 | {{- define "enterprise-logs.compactorLabels" -}} 12 | {{ include "enterprise-logs.labels" . }} 13 | app.kubernetes.io/component: compactor 14 | target: compactor 15 | {{- end }} 16 | 17 | {{/* 18 | compactor selector labels 19 | */}} 20 | {{- define "enterprise-logs.compactorSelectorLabels" -}} 21 | {{ include "enterprise-logs.selectorLabels" . }} 22 | app.kubernetes.io/component: compactor 23 | target: compactor 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/gateway/_helpers.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | gateway fullname 3 | */}} 4 | {{- define "enterprise-logs.gatewayFullname" -}} 5 | {{ include "enterprise-logs.fullname" . }}-gateway 6 | {{- end }} 7 | 8 | {{/* 9 | gateway common labels 10 | */}} 11 | {{- define "enterprise-logs.gatewayLabels" -}} 12 | {{ include "enterprise-logs.labels" . }} 13 | app.kubernetes.io/component: gateway 14 | target: gateway 15 | {{- end }} 16 | 17 | {{/* 18 | gateway selector labels 19 | */}} 20 | {{- define "enterprise-logs.gatewaySelectorLabels" -}} 21 | {{ include "enterprise-logs.selectorLabels" . }} 22 | app.kubernetes.io/component: gateway 23 | target: gateway 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/gateway/service-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-logs.gatewayFullname" . }} 5 | labels: 6 | {{- with .Values.gateway.service.labels }} 7 | {{- toYaml . | nindent 4 }} 8 | {{- end }} 9 | annotations: 10 | {{- with .Values.gateway.service.annotations }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | type: {{ .Values.gateway.service.type }} 15 | ports: 16 | - name: http-metrics 17 | port: 3100 18 | protocol: TCP 19 | targetPort: http-metrics 20 | selector: 21 | {{- include "enterprise-logs.gatewaySelectorLabels" . | nindent 4 }} 22 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/secret-config.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.useExternalConfig -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: enterprise-logs-config 6 | labels: 7 | {{- include "enterprise-logs.labels" . | nindent 4 }} 8 | data: 9 | config.yaml: {{ tpl (mergeOverwrite (tpl .Values.config . | fromYaml) .Values.structuredConfig | toYaml) . | b64enc }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/secret-license.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.useExternalLicense -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: enterprise-logs-license 6 | labels: 7 | {{- include "enterprise-logs.labels" . | nindent 4 }} 8 | data: 9 | license.jwt: {{ .Values.license.contents | b64enc }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/tokengen/_helpers.yaml: -------------------------------------------------------------------------------- 1 | {{/* 2 | tokengen fullname 3 | */}} 4 | {{- define "enterprise-logs.tokengenFullname" -}} 5 | {{ include "enterprise-logs.fullname" . }}-tokengen 6 | {{- end }} 7 | 8 | {{/* 9 | tokengen common labels 10 | */}} 11 | {{- define "enterprise-logs.tokengenLabels" -}} 12 | {{ include "enterprise-logs.labels" . }} 13 | app.kubernetes.io/component: tokengen 14 | {{- end }} 15 | 16 | {{/* 17 | tokengen selector labels 18 | */}} 19 | {{- define "enterprise-logs.tokengenSelectorLabels" -}} 20 | {{ include "enterprise-logs.selectorLabels" . }} 21 | app.kubernetes.io/component: tokengen 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/tokengen/role-tokengen.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.tokengen.enable }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "enterprise-logs.tokengenFullname" . }} 6 | labels: 7 | {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }} 8 | {{- with .Values.tokengen.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- with .Values.tokengen.annotations }} 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | "helm.sh/hook": post-install 16 | rules: 17 | - apiGroups: [""] 18 | resources: ["secrets"] 19 | verbs: ["create"] 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/enterprise-logs/templates/tokengen/rolebinding-tokengen.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.tokengen.enable }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "enterprise-logs.tokengenFullname" . }} 6 | labels: 7 | {{- include "enterprise-logs.tokengenLabels" . | nindent 4 }} 8 | {{- with .Values.tokengen.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | annotations: 12 | {{- with .Values.tokengen.annotations }} 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | "helm.sh/hook": post-install 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: Role 19 | name: {{ template "enterprise-logs.tokengenFullname" . }} 20 | subjects: 21 | - kind: ServiceAccount 22 | name: {{ include "loki.serviceAccountName" . }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/.gitignore: -------------------------------------------------------------------------------- 1 | exports 2 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | .envrc 3 | nix 4 | shell.nix 5 | vendor 6 | lib 7 | environments 8 | releases 9 | docs 10 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 1.10.0 3 | appVersion: v1.7.0 4 | deprecated: true 5 | description: "DEPRECATED Grafana Enterprise Metrics" 6 | engine: gotpl 7 | home: https://grafana.com/products/enterprise/metrics 8 | icon: https://grafana.com/static/img/menu/metrics-enterprise.svg 9 | kubeVersion: ^1.10.0-0 10 | name: enterprise-metrics 11 | dependencies: 12 | - name: memcached 13 | alias: memcached 14 | version: 6.1.11 15 | repository: https://charts.bitnami.com/bitnami 16 | condition: memcached.enabled 17 | - name: memcached 18 | alias: memcached-queries 19 | version: 6.1.11 20 | repository: https://charts.bitnami.com/bitnami 21 | condition: memcached-queries.enabled 22 | - name: memcached 23 | alias: memcached-metadata 24 | version: 6.1.11 25 | repository: https://charts.bitnami.com/bitnami 26 | condition: memcached-metadata.enabled 27 | - name: minio 28 | alias: minio 29 | version: 8.0.9 30 | repository: https://helm.min.io/ 31 | condition: minio.enabled 32 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/Makefile: -------------------------------------------------------------------------------- 1 | .ONESHELL: 2 | .DELETE_ON_ERROR: 3 | export SHELL := bash 4 | export SHELLOPTS := pipefail:errexit 5 | MAKEFLAGS += --warn-undefined-variables 6 | MAKEFLAGS += --no-builtin-rule 7 | 8 | # Adapted from https://suva.sh/posts/well-documented-makefiles/ 9 | .PHONY: help 10 | help: ## Display this help 11 | help: 12 | @awk 'BEGIN {FS = ": ##"; printf "Usage:\n make \n\nTargets:\n"} /^[a-zA-Z0-9_\.\-\/%]+: ##/ { printf " %-45s %s\n", $$1, $$2 }' $(MAKEFILE_LIST) 13 | 14 | .PHONY: dep-update 15 | dep-update: ## Update chart dependencies 16 | dep-update: 17 | helm dep update 18 | 19 | .PHONY: exports 20 | exports: ## Recreate exports directory using Tanka 21 | exports: dep-update 22 | rm -rf -- exports/* 23 | tk export exports/default environments/default 24 | tk export exports/small environments/small 25 | tk export exports/large environments/large 26 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/ci/test-values.yaml: -------------------------------------------------------------------------------- 1 | # Test values to limit the load during CI 2 | alertmanager: 3 | persistentVolume: 4 | enabled: false 5 | 6 | compactor: 7 | persistentVolume: 8 | enabled: false 9 | 10 | ingester: 11 | persistentVolume: 12 | enabled: false 13 | 14 | store_gateway: 15 | persistentVolume: 16 | enabled: false 17 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/environments/default/main.jsonnet: -------------------------------------------------------------------------------- 1 | local tanka = import 'github.com/grafana/jsonnet-libs/tanka-util/main.libsonnet'; 2 | local helm = tanka.helm.new(std.thisFile); 3 | 4 | { 5 | grafana: helm.template('enterprise-metrics', '../../', { 6 | namespace: 'enterprise-metrics', 7 | }), 8 | } 9 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/environments/default/spec.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "tanka.dev/v1alpha1", 3 | "kind": "Environment", 4 | "metadata": { 5 | "name": "environments/default" 6 | }, 7 | "spec": { 8 | "apiServer": "", 9 | "namespace": "enterprise-metrics", 10 | "resourceDefaults": {}, 11 | "expectVersions": {} 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/environments/large/main.jsonnet: -------------------------------------------------------------------------------- 1 | local tanka = import 'github.com/grafana/jsonnet-libs/tanka-util/main.libsonnet'; 2 | local helm = tanka.helm.new(std.thisFile); 3 | 4 | { 5 | grafana: helm.template('enterprise-metrics', '../../', { 6 | namespace: 'enterprise-metrics', 7 | values: std.native('parseYaml')(importstr '../../large.yaml')[0], 8 | }), 9 | } 10 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/environments/large/spec.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "tanka.dev/v1alpha1", 3 | "kind": "Environment", 4 | "metadata": { 5 | "name": "environments/large" 6 | }, 7 | "spec": { 8 | "apiServer": "", 9 | "namespace": "enterprise-metrics", 10 | "resourceDefaults": {}, 11 | "expectVersions": {} 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/environments/small/main.jsonnet: -------------------------------------------------------------------------------- 1 | local tanka = import 'github.com/grafana/jsonnet-libs/tanka-util/main.libsonnet'; 2 | local helm = tanka.helm.new(std.thisFile); 3 | 4 | { 5 | grafana: helm.template('enterprise-metrics', '../../', { 6 | namespace: 'enterprise-metrics', 7 | values: std.native('parseYaml')(importstr '../../small.yaml')[0], 8 | }), 9 | } 10 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/environments/small/spec.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "tanka.dev/v1alpha1", 3 | "kind": "Environment", 4 | "metadata": { 5 | "name": "environments/small" 6 | }, 7 | "spec": { 8 | "apiServer": "", 9 | "namespace": "enterprise-metrics", 10 | "resourceDefaults": {}, 11 | "expectVersions": {} 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/jsonnetfile.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": 1, 3 | "dependencies": [ 4 | { 5 | "source": { 6 | "git": { 7 | "remote": "https://github.com/grafana/jsonnet-libs.git", 8 | "subdir": "tanka-util" 9 | } 10 | }, 11 | "version": "master" 12 | } 13 | ], 14 | "legacyImports": true 15 | } 16 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/jsonnetfile.lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": 1, 3 | "dependencies": [ 4 | { 5 | "source": { 6 | "git": { 7 | "remote": "https://github.com/grafana/jsonnet-libs.git", 8 | "subdir": "tanka-util" 9 | } 10 | }, 11 | "version": "752752875b50fa4c5021d92beb6871ccbd588f03", 12 | "sum": "XZGAMWkORQ2XmTTaK9jvsgVvsgabz8Vio1j5U4fmO8U=" 13 | } 14 | ], 15 | "legacyImports": false 16 | } 17 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/admin-api-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-admin-api 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-admin-api 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.admin_api.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.admin_api.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-admin-api 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/alertmanager-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-alertmanager 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-alertmanager 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.alertmanager.service.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.alertmanager.service.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-alertmanager 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/compactor-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-compactor 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-compactor 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.compactor.service.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.compactor.service.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-compactor 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/distributor-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-distributor 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-distributor 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.distributor.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.distributor.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-distributor 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/gateway-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-gateway 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-gateway 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.gateway.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.gateway.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | selector: 23 | app: {{ template "enterprise-metrics.name" . }}-gateway 24 | release: {{ .Release.Name }} 25 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/gossip-ring-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-gossip-ring 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-gossip-ring 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: ClusterIP 12 | clusterIP: None 13 | ports: 14 | - name: gossip-ring 15 | port: {{ .Values.config.memberlist.bind_port }} 16 | protocol: TCP 17 | targetPort: {{ .Values.config.memberlist.bind_port }} 18 | publishNotReadyAddresses: true 19 | selector: 20 | gossip_ring_member: "true" 21 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/ingester-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-ingester 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-ingester 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.ingester.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.ingester.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-ingester 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/license-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.license.external }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.license.secretName }} 6 | labels: 7 | app: {{ .Values.license.secretName }} 8 | chart: {{ template "enterprise-metrics.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | data: 12 | license.jwt: {{ .Values.license.contents | b64enc }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/overrides-exporter-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-overrides-exporter 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-overrides-exporter 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.overrides_exporter.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.overrides_exporter.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-overrides-exporter 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget -}} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "enterprise-metrics.fullname" . }} 6 | labels: 7 | app: {{ template "enterprise-metrics.name" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | chart: {{ template "enterprise-metrics.chart" . }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | app: {{ template "enterprise-metrics.name" . }} 15 | {{ toYaml .Values.podDisruptionBudget | indent 2 }} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ template "enterprise-metrics.fullname" . }} 6 | labels: 7 | app: {{ template "enterprise-metrics.name" . }} 8 | chart: {{ template "enterprise-metrics.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | spec: 12 | privileged: false 13 | allowPrivilegeEscalation: false 14 | volumes: 15 | - 'configMap' 16 | - 'emptyDir' 17 | - 'persistentVolumeClaim' 18 | - 'secret' 19 | hostNetwork: false 20 | hostIPC: false 21 | hostPID: false 22 | runAsUser: 23 | rule: 'MustRunAsNonRoot' 24 | seLinux: 25 | rule: 'RunAsAny' 26 | supplementalGroups: 27 | rule: 'MustRunAs' 28 | ranges: 29 | - min: 1 30 | max: 65535 31 | fsGroup: 32 | rule: 'MustRunAs' 33 | ranges: 34 | - min: 1 35 | max: 65535 36 | readOnlyRootFilesystem: true 37 | requiredDropCapabilities: 38 | - ALL 39 | {{- end }} 40 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/querier-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-querier 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-querier 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.querier.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.querier.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-querier 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/query-frontend-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-query-frontend 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-query-frontend 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.query_frontend.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.query_frontend.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | - port: {{ .Values.config.server.grpc_listen_port }} 23 | protocol: TCP 24 | name: grpc 25 | targetPort: grpc 26 | selector: 27 | app: {{ template "enterprise-metrics.name" . }}-query-frontend 28 | release: {{ .Release.Name }} 29 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "enterprise-metrics.fullname" . }} 6 | labels: 7 | app: {{ template "enterprise-metrics.name" . }} 8 | chart: {{ template "enterprise-metrics.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | {{- if .Values.rbac.pspEnabled }} 12 | rules: 13 | - apiGroups: ['extensions'] 14 | resources: ['podsecuritypolicies'] 15 | verbs: ['use'] 16 | resourceNames: [{{ template "enterprise-metrics.fullname" . }}] 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "enterprise-metrics.fullname" . }} 6 | labels: 7 | app: {{ template "enterprise-metrics.name" . }} 8 | chart: {{ template "enterprise-metrics.chart" . }} 9 | heritage: {{ .Release.Service }} 10 | release: {{ .Release.Name }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: {{ template "enterprise-metrics.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "enterprise-metrics.serviceAccountName" . }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/ruler-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-ruler 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }}-ruler 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- with .Values.ruler.labels }} 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | annotations: 14 | {{- toYaml .Values.ruler.annotations | nindent 4 }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - port: {{ .Values.config.server.http_listen_port }} 19 | protocol: TCP 20 | name: http-metrics 21 | targetPort: http-metrics 22 | selector: 23 | app: {{ template "enterprise-metrics.name" . }}-ruler 24 | release: {{ .Release.Name }} 25 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/runtime-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "enterprise-metrics.fullname" . }}-runtime 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }} 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | data: 11 | runtime.yaml: | 12 | {{ tpl (toYaml .Values.runtimeConfig) . | nindent 4 }} 13 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.useExternalConfig }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "enterprise-metrics.fullname" . }} 6 | labels: 7 | app: {{ template "enterprise-metrics.name" . }} 8 | chart: {{ template "enterprise-metrics.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | data: 12 | enterprise-metrics.yaml: {{ tpl (toYaml .Values.config) . | b64enc}} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app: {{ template "enterprise-metrics.name" . }} 7 | chart: {{ template "enterprise-metrics.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | annotations: 11 | {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} 12 | name: {{ template "enterprise-metrics.serviceAccountName" . }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/tools/chart-version-tag.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -o nounset 4 | set -o pipefail 5 | 6 | RELEASE_TAG=$(git describe --tags --exact-match 2>/dev/null) 7 | set -o errexit 8 | if [ -z "$RELEASE_TAG" ] 9 | then 10 | WORKING_SUFFIX=$(if git status --porcelain | grep -qE '^(?:[^?][^ ]|[^ ][^?])\s'; then echo "-WIP"; else echo ""; fi) 11 | BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) 12 | TAG_PREFIX=$(git describe --tags 2>/dev/null) 13 | echo "$TAG_PREFIX-${BRANCH_NAME//\//-}$WORKING_SUFFIX" 14 | else 15 | echo "$RELEASE_TAG" 16 | fi -------------------------------------------------------------------------------- /charts/enterprise-metrics/tools/update-version: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Update references to Grafana Enterprise Metrics versions 3 | 4 | set -euf -o pipefail 5 | 6 | DRYRUN="${DRYRUN:-1}" 7 | SED=sed 8 | 9 | if [[ "${DRYRUN}" -eq 0 ]]; then 10 | SED="${SED} -i" 11 | fi 12 | 13 | if [[ "${#@}" -ne 1 ]]; then 14 | echo "Usage: $0 " 15 | echo "Example: $0 v1.0.2" 16 | fi 17 | 18 | ${SED} -e "6s/tag: .*/tag: ${1}/" values.yaml 19 | ${SED} -e "3s/appVersion: .*/appVersion: ${1}/" Chart.yaml 20 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/vendor/github.com/grafana/jsonnet-libs/tanka-util/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: docs 2 | docs: 3 | docsonnet -o . main.libsonnet 4 | -------------------------------------------------------------------------------- /charts/enterprise-metrics/vendor/github.com/grafana/jsonnet-libs/tanka-util/_example.jsonnet: -------------------------------------------------------------------------------- 1 | local tanka = import 'github.com/grafana/jsonnet-libs/tanka-util/main.libsonnet'; 2 | local helm = tanka.helm.new(std.thisFile); 3 | local kustomize = tanka.kustomize.new(std.thisFile); 4 | 5 | { 6 | // render the Grafana Chart, set namespace to "test" 7 | grafana: helm.template('grafana', './charts/grafana', { 8 | values: { 9 | persistence: { enabled: true }, 10 | plugins: ['grafana-clock-panel'], 11 | }, 12 | namespace: 'test', 13 | }), 14 | 15 | // render the Prometheus Kustomize 16 | // then entrypoint for `kustomize build` will be ./base/prometheus/kustomization.yaml 17 | prometheus: kustomize.build('./base/prometheus'), 18 | } 19 | -------------------------------------------------------------------------------- /charts/fluent-bit/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/fluent-bit/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | name: fluent-bit 3 | version: 2.6.0 4 | appVersion: v2.1.0 5 | kubeVersion: "^1.10.0-0" 6 | description: "Uses fluent-bit Loki go plugin for gathering logs and sending them to Loki" 7 | # This Helm chart is deprecated and no longer maintained. 8 | deprecated: true 9 | home: https://grafana.com/loki 10 | icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png 11 | sources: 12 | - https://github.com/grafana/loki 13 | maintainers: 14 | - name: Loki Maintainers 15 | email: lokiproject@googlegroups.com 16 | engine: gotpl 17 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | !WARNING! !WARNING! !WARNING! !WARNING! !WARNING! 2 | 3 | Please use the official fluent-bit chart 4 | 5 | https://github.com/fluent/helm-charts 6 | 7 | !WARNING! !WARNING! !WARNING! !WARNING! !WARNING! 8 | 9 | Verify the application is working by running these commands: 10 | kubectl --namespace {{ .Release.Namespace }} port-forward daemonset/{{ include "fluent-bit-loki.fullname" . }} {{ .Values.config.port }} 11 | curl http://127.0.0.1:{{ .Values.config.port }}/api/v1/metrics/prometheus 12 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | labels: 6 | app: {{ template "fluent-bit-loki.name" . }} 7 | chart: {{ template "fluent-bit-loki.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | name: {{ template "fluent-bit-loki.fullname" . }}-clusterrole 11 | rules: 12 | - apiGroups: [""] # "" indicates the core API group 13 | resources: 14 | - namespaces 15 | - pods 16 | verbs: ["get", "watch", "list"] 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ template "fluent-bit-loki.fullname" . }}-clusterrolebinding 6 | labels: 7 | app: {{ template "fluent-bit-loki.name" . }} 8 | chart: {{ template "fluent-bit-loki.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | subjects: 12 | - kind: ServiceAccount 13 | name: {{ template "fluent-bit-loki.serviceAccountName" . }} 14 | namespace: {{ .Release.Namespace }} 15 | roleRef: 16 | kind: ClusterRole 17 | name: {{ template "fluent-bit-loki.fullname" . }}-clusterrole 18 | apiGroup: rbac.authorization.k8s.io 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} 3 | apiVersion: policy/v1beta1 4 | kind: PodSecurityPolicy 5 | metadata: 6 | name: {{ template "fluent-bit-loki.fullname" . }} 7 | labels: 8 | app: {{ template "fluent-bit-loki.name" . }} 9 | chart: {{ template "fluent-bit-loki.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | spec: 13 | privileged: false 14 | allowPrivilegeEscalation: false 15 | volumes: 16 | - 'secret' 17 | - 'configMap' 18 | - 'hostPath' 19 | - 'projected' 20 | - 'downwardAPI' 21 | hostNetwork: false 22 | hostIPC: false 23 | hostPID: false 24 | runAsUser: 25 | rule: 'RunAsAny' 26 | seLinux: 27 | rule: 'RunAsAny' 28 | supplementalGroups: 29 | rule: 'RunAsAny' 30 | fsGroup: 31 | rule: 'RunAsAny' 32 | readOnlyRootFilesystem: true 33 | requiredDropCapabilities: 34 | - ALL 35 | {{- end }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "fluent-bit-loki.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "fluent-bit-loki.name" . }} 9 | chart: {{ template "fluent-bit-loki.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | {{- if .Values.rbac.pspEnabled }} 13 | rules: 14 | - apiGroups: ['extensions'] 15 | resources: ['podsecuritypolicies'] 16 | verbs: ['use'] 17 | resourceNames: [{{ template "fluent-bit-loki.fullname" . }}] 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "fluent-bit-loki.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "fluent-bit-loki.name" . }} 9 | chart: {{ template "fluent-bit-loki.chart" . }} 10 | heritage: {{ .Release.Service }} 11 | release: {{ .Release.Name }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: {{ template "fluent-bit-loki.fullname" . }} 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ template "fluent-bit-loki.serviceAccountName" . }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/service-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceMonitor.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "fluent-bit-loki.fullname" . }}-headless 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ template "fluent-bit-loki.name" . }} 9 | chart: {{ template "fluent-bit-loki.chart" . }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | spec: 13 | clusterIP: None 14 | ports: 15 | - port: {{ .Values.config.port }} 16 | protocol: TCP 17 | name: http-metrics 18 | targetPort: http-metrics 19 | selector: 20 | app: {{ template "fluent-bit-loki.name" . }} 21 | release: {{ .Release.Name }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/fluent-bit/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app: {{ template "fluent-bit-loki.name" . }} 7 | chart: {{ template "fluent-bit-loki.chart" . }} 8 | heritage: {{ .Release.Service }} 9 | release: {{ .Release.Name }} 10 | name: {{ template "fluent-bit-loki.serviceAccountName" . }} 11 | namespace: {{ .Release.Namespace }} 12 | automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/grafana-agent/README.md: -------------------------------------------------------------------------------- 1 | # Grafana Agent chart 2 | 3 | The source for the Grafana Agent chart can be found at 4 | . 5 | The chart is still published to the 6 | repository. 7 | 8 | Please file any issues with this chart to the 9 | [Grafana Agent](https://github.com/grafana/agent) repository. 10 | -------------------------------------------------------------------------------- /charts/grafana-sampling/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/grafana-sampling/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: alloy 3 | repository: https://grafana.github.io/helm-charts 4 | version: 0.12.5 5 | - name: alloy 6 | repository: https://grafana.github.io/helm-charts 7 | version: 0.12.5 8 | digest: sha256:e3981ad0a096fac88106d866d61a1cae09a0feec8f50e8f97bdaa0dee556e0a2 9 | generated: "2025-03-31T15:26:38.379304672+02:00" 10 | -------------------------------------------------------------------------------- /charts/grafana-sampling/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: grafana-sampling 3 | description: A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. 4 | type: application 5 | version: 1.1.5 6 | appVersion: "v1.7.5" 7 | sources: 8 | - https://github.com/grafana/alloy 9 | - https://grafana.com/docs/grafana-cloud/monitor-applications/application-observability/setup/sampling/tail/ 10 | dependencies: 11 | - name: alloy 12 | version: 0.12.5 13 | repository: https://grafana.github.io/helm-charts 14 | alias: alloy-deployment 15 | - name: alloy 16 | version: 0.12.5 17 | repository: https://grafana.github.io/helm-charts 18 | alias: alloy-statefulset 19 | -------------------------------------------------------------------------------- /charts/grafana-sampling/sampling-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grafana/helm-charts/e1178edc6e6bb7c0a32c7542d154747e6d9890c1/charts/grafana-sampling/sampling-architecture.png -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_alloy_config_deployment.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "alloy.config.deployment" -}} 2 | {{- include "deployment.receiver.otlp" . }} 3 | {{- include "deployment.processor.batch" . }} 4 | {{- include "deployment.exporter.loadbalancing" . }} 5 | {{- if .Values.liveDebugging.enabled -}} 6 | {{- include "liveDebugging" . }} 7 | {{- end -}} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* use the release name as the serviceAccount name for deployment and statefulset collectors */}} 2 | {{- define "alloy.serviceAccountName" -}} 3 | {{- default .Release.Name }} 4 | {{- end }} 5 | 6 | {{/* Calculate name of image ID to use for "alloy". */}} 7 | {{- define "alloy.imageId" -}} 8 | {{- printf ":%s" .Chart.AppVersion }} 9 | {{- end }} 10 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_live_debugging.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "liveDebugging" -}} 2 | livedebugging { 3 | enabled = true 4 | } 5 | {{ end }} 6 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_otelcol_auth_basic.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "auth.basic" -}} 2 | otelcol.auth.basic "grafana_cloud_tempo" { 3 | // https://grafana.com/docs/alloy/latest/reference/components/otelcol.auth.basic/ 4 | username = env("GRAFANA_CLOUD_TEMPO_USERNAME") 5 | password = env("GRAFANA_CLOUD_API_KEY") 6 | } 7 | 8 | {{ end }} 9 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_otelcol_connector_servicegraph.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "statefulset.connector.servicegraph" -}} 2 | otelcol.connector.servicegraph "default" { 3 | // https://grafana.com/docs/alloy/latest/reference/components/otelcol.connector.servicegraph/ 4 | dimensions = [ 5 | {{- range $.Values.metricsGeneration.dimensions }} 6 | {{ . | quote }}, 7 | {{- end }} 8 | ] 9 | latency_histogram_buckets = ["0.005s", "0.01s", "0.025s", "0.05s", "0.075s", "0.1s", "0.25s", "0.5s", "0.75s", "1s", "2.5s", "5s", "7.5s", "10s"] 10 | metrics_flush_interval = {{ $.Values.metricsGeneration.serviceGraph.metricsFlushInterval | quote }} 11 | 12 | store { 13 | ttl = "2s" 14 | } 15 | 16 | output { 17 | metrics = [otelcol.processor.batch.default.input] 18 | } 19 | } 20 | 21 | {{ end }} 22 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "deployment.exporter.loadbalancing" -}} 2 | otelcol.exporter.loadbalancing "default" { 3 | // https://grafana.com/docs/alloy/latest/reference/components/otelcol.exporter.loadbalancing/ 4 | resolver { 5 | 6 | kubernetes { 7 | service = "{{ .Release.Name }}-statefulset.{{ .Release.Namespace }}" 8 | } 9 | } 10 | 11 | protocol { 12 | otlp { 13 | client { 14 | tls { 15 | insecure = true 16 | } 17 | } 18 | } 19 | } 20 | } 21 | 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_otelcol_exporter_otlp.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "exporter.otlp" -}} 2 | otelcol.exporter.otlp "grafana_cloud_tempo" { 3 | // https://grafana.com/docs/alloy/latest/reference/components/otelcol.exporter.otlp/ 4 | client { 5 | endpoint = env("GRAFANA_CLOUD_TEMPO_ENDPOINT") 6 | auth = otelcol.auth.basic.grafana_cloud_tempo.handler 7 | } 8 | } 9 | 10 | {{ end }} 11 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_otelcol_exporter_prometheus.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "statefulset.exporter.prometheus" -}} 2 | otelcol.exporter.prometheus "grafana_cloud_prometheus" { 3 | // https://grafana.com/docs/alloy/latest/reference/components/otelcol.exporter.prometheus/ 4 | add_metric_suffixes = {{ not .Values.metricsGeneration.legacy }} 5 | forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver] 6 | } 7 | 8 | {{ end }} 9 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_otelcol_processor_filter.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "statefulset.processor.filter" -}} 2 | otelcol.processor.filter "drop_unneeded_span_metrics" { 3 | // https://grafana.com/docs/alloy/latest/reference/components/otelcol.processor.filter/ 4 | error_mode = "ignore" 5 | 6 | metrics { 7 | datapoint = [ 8 | "IsMatch(metric.name, \"traces.spanmetrics.calls|traces.spanmetrics.duration\") and IsMatch(attributes[\"span.kind\"], \"SPAN_KIND_INTERNAL|SPAN_KIND_CLIENT|SPAN_KIND_PRODUCER\")", 9 | ] 10 | } 11 | 12 | output { 13 | // TODO: only use grafana_metric_names is legacy is enabled. 14 | {{ if .Values.metricsGeneration.legacy }} 15 | metrics = [otelcol.processor.transform.use_grafana_metric_names.input] 16 | {{ else }} 17 | metrics = [otelcol.processor.batch.default.input] 18 | {{- end }} 19 | } 20 | } 21 | 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/_prometheus_remote_write.alloy.txt: -------------------------------------------------------------------------------- 1 | {{- define "statefulset.prometheus.remote_write" -}} 2 | prometheus.remote_write "grafana_cloud_prometheus" { 3 | // https://grafana.com/docs/alloy/latest/reference/components/prometheus.remote_write/ 4 | endpoint { 5 | url = env("GRAFANA_CLOUD_PROMETHEUS_URL") 6 | 7 | basic_auth { 8 | username = env("GRAFANA_CLOUD_PROMETHEUS_USERNAME") 9 | password = env("GRAFANA_CLOUD_API_KEY") 10 | } 11 | queue_config { 12 | retry_on_http_429 = false 13 | } 14 | } 15 | external_labels = { 16 | "__metrics_gen_instance" = env("POD_UID"), 17 | } 18 | } 19 | 20 | {{ end }} 21 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/configmap_deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ .Release.Name }}-deployment 5 | labels: 6 | {{- include "alloy.labels" . | nindent 4 }} 7 | data: 8 | config.alloy: |- {{- (include "alloy.config.deployment" .) | nindent 4 }} 9 | -------------------------------------------------------------------------------- /charts/grafana-sampling/templates/configmap_statefulset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ .Release.Name }}-statefulset 5 | labels: 6 | {{- include "alloy.labels" . | nindent 4 }} 7 | data: 8 | config.alloy: |- {{- (include "alloy.config.statefulset" .) | nindent 4 }} 9 | -------------------------------------------------------------------------------- /charts/grafana/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .vscode 20 | .project 21 | .idea/ 22 | *.tmproj 23 | OWNERS 24 | -------------------------------------------------------------------------------- /charts/grafana/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | # Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. 2 | -------------------------------------------------------------------------------- /charts/grafana/ci/with-affinity-values.yaml: -------------------------------------------------------------------------------- 1 | affinity: 2 | podAntiAffinity: 3 | preferredDuringSchedulingIgnoredDuringExecution: 4 | - podAffinityTerm: 5 | labelSelector: 6 | matchLabels: 7 | app.kubernetes.io/instance: grafana-test 8 | app.kubernetes.io/name: grafana 9 | topologyKey: failure-domain.beta.kubernetes.io/zone 10 | weight: 100 11 | requiredDuringSchedulingIgnoredDuringExecution: 12 | - labelSelector: 13 | matchLabels: 14 | app.kubernetes.io/instance: grafana-test 15 | app.kubernetes.io/name: grafana 16 | topologyKey: kubernetes.io/hostname 17 | -------------------------------------------------------------------------------- /charts/grafana/ci/with-dashboard-values.yaml: -------------------------------------------------------------------------------- 1 | dashboards: 2 | my-provider: 3 | my-awesome-dashboard: 4 | gnetId: 10000 5 | revision: 1 6 | datasource: Prometheus 7 | dashboardProviders: 8 | dashboardproviders.yaml: 9 | apiVersion: 1 10 | providers: 11 | - name: 'my-provider' 12 | orgId: 1 13 | folder: '' 14 | type: file 15 | updateIntervalSeconds: 10 16 | disableDeletion: true 17 | editable: true 18 | options: 19 | path: /var/lib/grafana/dashboards/my-provider 20 | -------------------------------------------------------------------------------- /charts/grafana/ci/with-extraconfigmapmounts-values.yaml: -------------------------------------------------------------------------------- 1 | extraConfigmapMounts: 2 | - name: '{{ include "grafana.fullname" . }}' 3 | configMap: '{{ include "grafana.fullname" . }}' 4 | mountPath: /var/lib/grafana/dashboards/test-dashboard.json 5 | # This is not a realistic test, but for this we only care about extraConfigmapMounts not being empty and pointing to an existing ConfigMap 6 | subPath: grafana.ini 7 | readOnly: true 8 | -------------------------------------------------------------------------------- /charts/grafana/ci/with-nondefault-values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | environment: prod 3 | ingress: 4 | enabled: true 5 | hosts: 6 | - monitoring-{{ .Values.global.environment }}.example.com 7 | 8 | route: 9 | main: 10 | enabled: true 11 | labels: 12 | app: monitoring-prometheus 13 | hostnames: 14 | - "*.example.com" 15 | - "{{ .Values.global.environment }}.example.com" 16 | filters: 17 | - type: RequestHeaderModifier 18 | requestHeaderModifier: 19 | set: 20 | - name: my-header-name 21 | value: my-new-header-value 22 | additionalRules: 23 | - filters: 24 | - type: RequestHeaderModifier 25 | requestHeaderModifier: 26 | set: 27 | - name: my-header-name 28 | value: my-new-header-value 29 | matches: 30 | - path: 31 | type: PathPrefix 32 | value: /foo/ 33 | -------------------------------------------------------------------------------- /charts/grafana/ci/with-persistence.yaml: -------------------------------------------------------------------------------- 1 | persistence: 2 | type: pvc 3 | enabled: true 4 | -------------------------------------------------------------------------------- /charts/grafana/dashboards/custom-dashboard.json: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /charts/grafana/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) }} 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "grafana.fullname" . }}-clusterrolebinding 6 | labels: 7 | {{- include "grafana.labels" . | nindent 4 }} 8 | {{- with .Values.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "grafana.serviceAccountName" . }} 15 | namespace: {{ include "grafana.namespace" . }} 16 | roleRef: 17 | kind: ClusterRole 18 | {{- if .Values.rbac.useExistingClusterRole }} 19 | name: {{ .Values.rbac.useExistingClusterRole }} 20 | {{- else }} 21 | name: {{ include "grafana.fullname" . }}-clusterrole 22 | {{- end }} 23 | apiGroup: rbac.authorization.k8s.io 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/grafana/templates/configmap-dashboard-provider.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.sidecar.dashboards.enabled .Values.sidecar.dashboards.SCProvider }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | labels: 6 | {{- include "grafana.labels" . | nindent 4 }} 7 | {{- with .Values.annotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | name: {{ include "grafana.fullname" . }}-config-dashboards 12 | namespace: {{ include "grafana.namespace" . }} 13 | data: 14 | {{- include "grafana.configDashboardProviderData" . | nindent 2 }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/grafana/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.createConfigmap }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "grafana.fullname" . }} 6 | namespace: {{ include "grafana.namespace" . }} 7 | labels: 8 | {{- include "grafana.labels" . | nindent 4 }} 9 | {{- if or .Values.configMapAnnotations .Values.annotations }} 10 | annotations: 11 | {{- with .Values.annotations }} 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | {{- with .Values.configMapAnnotations }} 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | {{- end }} 18 | data: 19 | {{- include "grafana.configData" . | nindent 2 }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/grafana/templates/dashboards-json-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dashboards }} 2 | {{ $files := .Files }} 3 | {{- range $provider, $dashboards := .Values.dashboards }} 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: {{ include "grafana.fullname" $ }}-dashboards-{{ $provider }} 8 | namespace: {{ include "grafana.namespace" $ }} 9 | labels: 10 | {{- include "grafana.labels" $ | nindent 4 }} 11 | dashboard-provider: {{ $provider }} 12 | {{- if $dashboards }} 13 | data: 14 | {{- $dashboardFound := false }} 15 | {{- range $key, $value := $dashboards }} 16 | {{- if (or (hasKey $value "json") (hasKey $value "file")) }} 17 | {{- $dashboardFound = true }} 18 | {{- print $key | nindent 2 }}.json: 19 | {{- if hasKey $value "json" }} 20 | |- 21 | {{- $value.json | nindent 6 }} 22 | {{- end }} 23 | {{- if hasKey $value "file" }} 24 | {{- toYaml ( $files.Get $value.file ) | nindent 4}} 25 | {{- end }} 26 | {{- end }} 27 | {{- end }} 28 | {{- if not $dashboardFound }} 29 | {} 30 | {{- end }} 31 | {{- end }} 32 | --- 33 | {{- end }} 34 | 35 | {{- end }} 36 | -------------------------------------------------------------------------------- /charts/grafana/templates/extra-manifests.yaml: -------------------------------------------------------------------------------- 1 | {{ range .Values.extraObjects }} 2 | --- 3 | {{- if typeIs "string" . }} 4 | {{ tpl . $ }} 5 | {{ else }} 6 | {{ tpl (. | toYaml) $ }} 7 | {{- end }} 8 | {{ end }} 9 | -------------------------------------------------------------------------------- /charts/grafana/templates/headless-service.yaml: -------------------------------------------------------------------------------- 1 | {{- $sts := list "sts" "StatefulSet" "statefulset" -}} 2 | {{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)) }} 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: {{ include "grafana.fullname" . }}-headless 7 | namespace: {{ include "grafana.namespace" . }} 8 | labels: 9 | {{- include "grafana.labels" . | nindent 4 }} 10 | {{- with .Values.annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | clusterIP: None 16 | selector: 17 | {{- include "grafana.selectorLabels" . | nindent 4 }} 18 | type: ClusterIP 19 | ports: 20 | - name: {{ .Values.gossipPortName }}-tcp 21 | port: 9094 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/grafana/templates/poddisruptionbudget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget }} 2 | apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "grafana.fullname" . }} 6 | namespace: {{ include "grafana.namespace" . }} 7 | labels: 8 | {{- include "grafana.labels" . | nindent 4 }} 9 | {{- with .Values.labels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | {{- with .Values.podDisruptionBudget.minAvailable }} 14 | minAvailable: {{ . }} 15 | {{- end }} 16 | {{- with .Values.podDisruptionBudget.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | selector: 20 | matchLabels: 21 | {{- include "grafana.selectorLabels" . | nindent 6 }} 22 | {{- with .Values.podDisruptionBudget.unhealthyPodEvictionPolicy }} 23 | unhealthyPodEvictionPolicy: {{ . }} 24 | {{- end }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/grafana/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "grafana.fullname" . }} 6 | namespace: {{ include "grafana.namespace" . }} 7 | labels: 8 | {{- include "grafana.labels" . | nindent 4 }} 9 | {{- with .Values.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | roleRef: 14 | apiGroup: rbac.authorization.k8s.io 15 | kind: Role 16 | {{- if .Values.rbac.useExistingRole }} 17 | name: {{ .Values.rbac.useExistingRole }} 18 | {{- else }} 19 | name: {{ include "grafana.fullname" . }} 20 | {{- end }} 21 | subjects: 22 | - kind: ServiceAccount 23 | name: {{ include "grafana.serviceAccountName" . }} 24 | namespace: {{ include "grafana.namespace" . }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/grafana/templates/secret-env.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.envRenderSecret }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "grafana.fullname" . }}-env 6 | namespace: {{ include "grafana.namespace" . }} 7 | labels: 8 | {{- include "grafana.labels" . | nindent 4 }} 9 | type: Opaque 10 | data: 11 | {{- range $key, $val := .Values.envRenderSecret }} 12 | {{ $key }}: {{ tpl ($val | toString) $ | b64enc | quote }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/grafana/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "grafana.fullname" . }} 6 | namespace: {{ include "grafana.namespace" . }} 7 | labels: 8 | {{- include "grafana.labels" . | nindent 4 }} 9 | {{- with .Values.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | type: Opaque 14 | data: 15 | {{- include "grafana.secretsData" . | nindent 2 }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/grafana/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | automountServiceAccountToken: {{ .Values.serviceAccount.autoMount | default .Values.serviceAccount.automountServiceAccountToken }} 5 | metadata: 6 | labels: 7 | {{- include "grafana.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.labels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.serviceAccount.annotations }} 12 | annotations: 13 | {{- tpl (toYaml . | nindent 4) $ }} 14 | {{- end }} 15 | name: {{ include "grafana.serviceAccountName" . }} 16 | namespace: {{ include "grafana.namespace" . }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/grafana/templates/tests/test-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.testFramework.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "grafana.fullname" . }}-test 6 | namespace: {{ include "grafana.namespace" . }} 7 | annotations: 8 | "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} 9 | "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" 10 | labels: 11 | {{- include "grafana.labels" . | nindent 4 }} 12 | data: 13 | run.sh: |- 14 | @test "Test Health" { 15 | url="http://{{ include "grafana.fullname" . }}/api/health" 16 | 17 | code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}') 18 | [ "$code" == "200" ] 19 | } 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/grafana/templates/tests/test-podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ include "grafana.fullname" . }}-test 6 | annotations: 7 | "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} 8 | "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" 9 | labels: 10 | {{- include "grafana.labels" . | nindent 4 }} 11 | spec: 12 | allowPrivilegeEscalation: true 13 | privileged: false 14 | hostNetwork: false 15 | hostIPC: false 16 | hostPID: false 17 | fsGroup: 18 | rule: RunAsAny 19 | seLinux: 20 | rule: RunAsAny 21 | supplementalGroups: 22 | rule: RunAsAny 23 | runAsUser: 24 | rule: RunAsAny 25 | volumes: 26 | - configMap 27 | - downwardAPI 28 | - emptyDir 29 | - projected 30 | - csi 31 | - secret 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/grafana/templates/tests/test-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "grafana.fullname" . }}-test 6 | namespace: {{ include "grafana.namespace" . }} 7 | annotations: 8 | "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} 9 | "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" 10 | labels: 11 | {{- include "grafana.labels" . | nindent 4 }} 12 | rules: 13 | - apiGroups: ['policy'] 14 | resources: ['podsecuritypolicies'] 15 | verbs: ['use'] 16 | resourceNames: [{{ include "grafana.fullname" . }}-test] 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/grafana/templates/tests/test-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "grafana.fullname" . }}-test 6 | namespace: {{ include "grafana.namespace" . }} 7 | annotations: 8 | "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} 9 | "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" 10 | labels: 11 | {{- include "grafana.labels" . | nindent 4 }} 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: {{ include "grafana.fullname" . }}-test 16 | subjects: 17 | - kind: ServiceAccount 18 | name: {{ include "grafana.serviceAccountNameTest" . }} 19 | namespace: {{ include "grafana.namespace" . }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/grafana/templates/tests/test-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | {{- include "grafana.labels" . | nindent 4 }} 7 | name: {{ include "grafana.serviceAccountNameTest" . }} 8 | namespace: {{ include "grafana.namespace" . }} 9 | annotations: 10 | "helm.sh/hook": {{ .Values.testFramework.hookType | default "test" }} 11 | "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/k8s-monitoring/README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Monitoring chart 2 | 3 | The source for the Kubernetes Monitoring Helm chart can be found at 4 | . 5 | Releases of the chart are still published to the 6 | repository. 7 | 8 | If you have any issues with this chart, please file them on the [Kubernetes Monitoring Helm chart](https://github.com/grafana/k8s-monitoring-helm) repository. 9 | -------------------------------------------------------------------------------- /charts/lgtm-distributed/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Release name should be limited to 25 characters to not exceed the resource name limits of 63 characters. 2 | -------------------------------------------------------------------------------- /charts/lgtm-distributed/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name without trimming it at all. 3 | If release name contains chart name it will be used as a full name. 4 | This value is essentially the same as "mimir.fullname" in the upstream chart. 5 | */}} 6 | {{- define "mimir.fullname" -}} 7 | {{- if .Values.mimir.fullnameOverride -}} 8 | {{- .Values.mimir.fullnameOverride | trunc 25 | trimSuffix "-" -}} 9 | {{- else -}} 10 | {{- $name := .Values.mimir.nameOverride | default ( include "mimir.infixName" . ) | trunc 25 | trimSuffix "-" -}} 11 | {{- $releasename := .Release.Name | trunc 25 | trimSuffix "-" -}} 12 | {{- if contains $name .Release.Name -}} 13 | {{- $releasename -}} 14 | {{- else -}} 15 | {{- printf "%s-%s" $releasename $name -}} 16 | {{- end -}} 17 | {{- end -}} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/loki-canary/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | doc.yaml 25 | README.tpl 26 | -------------------------------------------------------------------------------- /charts/loki-canary/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: loki-canary 3 | description: Helm chart for Grafana Loki Canary 4 | type: application 5 | appVersion: 2.9.1 6 | version: 0.14.0 7 | home: https://github.com/grafana/helm-charts 8 | sources: 9 | - https://github.com/grafana/loki 10 | - https://grafana.com/oss/loki/ 11 | - https://grafana.com/docs/loki/latest/ 12 | icon: https://grafana.com/docs/loki/latest/logo_and_name.png 13 | maintainers: 14 | - name: unguiculus 15 | -------------------------------------------------------------------------------- /charts/loki-canary/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "chart.header" . }} 2 | 3 | {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} 4 | 5 | {{ template "chart.description" . }} 6 | 7 | {{ template "chart.sourcesSection" . }} 8 | 9 | {{ template "chart.requirementsSection" . }} 10 | 11 | ## Chart Repo 12 | 13 | Add the following repo to use the chart: 14 | 15 | ```console 16 | helm repo add grafana https://grafana.github.io/helm-charts 17 | ``` 18 | 19 | {{ template "chart.valuesSection" . }} 20 | -------------------------------------------------------------------------------- /charts/loki-canary/ci/with-basic-auth-values.yaml: -------------------------------------------------------------------------------- 1 | lokiAddress: loki:3100 2 | 3 | basicAuth: 4 | enabled: true 5 | username: user 6 | password: pass 7 | -------------------------------------------------------------------------------- /charts/loki-canary/ci/without-basic-auth-values.yaml: -------------------------------------------------------------------------------- 1 | lokiAddress: loki:3100 2 | -------------------------------------------------------------------------------- /charts/loki-canary/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | *********************************************************************** 2 | Welcome to Grafana Loki Canary 3 | Chart version: {{ .Chart.Version }} 4 | Loki version: {{ .Chart.AppVersion }} 5 | *********************************************************************** 6 | -------------------------------------------------------------------------------- /charts/loki-canary/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.basicAuth }} 2 | {{- if and .enabled (not .existingSecret) }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "loki-canary.fullname" $ }} 7 | namespace: {{ include "loki-canary.namespaceName" $ }} 8 | labels: 9 | {{- include "loki-canary.labels" $ | nindent 4 }} 10 | stringData: 11 | username: {{ .username }} 12 | password: {{ .password }} 13 | {{- end }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/loki-canary/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "loki-canary.fullname" . }} 5 | namespace: {{ include "loki-canary.namespaceName" . }} 6 | labels: 7 | {{- include "loki-canary.labels" . | nindent 4 }} 8 | spec: 9 | type: ClusterIP 10 | ports: 11 | - name: http 12 | port: 3500 13 | targetPort: http 14 | protocol: TCP 15 | selector: 16 | {{- include "loki-canary.selectorLabels" . | nindent 4 }} 17 | -------------------------------------------------------------------------------- /charts/loki-canary/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "loki-canary.fullname" . }} 6 | namespace: {{ include "loki-canary.namespaceName" . }} 7 | labels: 8 | {{- include "loki-canary.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 14 | {{- with .Values.serviceAccount.imagePullSecrets }} 15 | imagePullSecrets: 16 | {{- toYaml . | nindent 2 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/loki-canary/templates/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.serviceMonitor }} 2 | {{- if .enabled }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | name: {{ include "loki-canary.fullname" $ }} 7 | {{- with .namespace }} 8 | namespace: {{ . }} 9 | {{- end }} 10 | {{- with .annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | labels: 15 | {{- include "loki-canary.labels" $ | nindent 4 }} 16 | {{- with .labels }} 17 | {{- toYaml . | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | {{- with .namespaceSelector }} 21 | namespaceSelector: 22 | {{- toYaml . | nindent 4 }} 23 | {{- end }} 24 | selector: 25 | matchLabels: 26 | {{- include "loki-canary.selectorLabels" $ | nindent 6 }} 27 | endpoints: 28 | - port: http 29 | {{- with .interval }} 30 | interval: {{ . }} 31 | {{- end }} 32 | {{- with .scrapeTimeout }} 33 | scrapeTimeout: {{ . }} 34 | {{- end }} 35 | {{- end }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/loki-distributed/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | doc.yaml 25 | README.tpl 26 | -------------------------------------------------------------------------------- /charts/loki-distributed/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: loki-distributed 3 | description: Helm chart for Grafana Loki in microservices mode 4 | type: application 5 | appVersion: 2.9.13 6 | version: 0.80.5 7 | home: https://grafana.github.io/helm-charts 8 | sources: 9 | - https://github.com/grafana/loki 10 | - https://grafana.com/oss/loki/ 11 | - https://grafana.com/docs/loki/latest/ 12 | icon: https://grafana.com/docs/loki/latest/logo_and_name.png 13 | maintainers: 14 | - name: unguiculus 15 | -------------------------------------------------------------------------------- /charts/loki-distributed/ci/default-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grafana/helm-charts/e1178edc6e6bb7c0a32c7542d154747e6d9890c1/charts/loki-distributed/ci/default-values.yaml -------------------------------------------------------------------------------- /charts/loki-distributed/ci/ingress-values.yaml: -------------------------------------------------------------------------------- 1 | gateway: 2 | ingress: 3 | enabled: true 4 | annotations: {} 5 | hosts: 6 | - host: gateway.loki.example.com 7 | paths: 8 | - path: / 9 | pathType: Prefix 10 | -------------------------------------------------------------------------------- /charts/loki-distributed/ci/persistence-values.yaml: -------------------------------------------------------------------------------- 1 | ingester: 2 | persistence: 3 | enabled: true 4 | size: 100Mi 5 | 6 | querier: 7 | persistence: 8 | enabled: true 9 | size: 100Mi 10 | 11 | gateway: 12 | nginxConfig: 13 | httpSnippet: |- 14 | client_max_body_size 100M; 15 | serverSnippet: |- 16 | client_max_body_size 100M; 17 | 18 | basicAuth: 19 | enabled: true 20 | username: user 21 | password: pass 22 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/compactor/persistentvolumeclaim-compactor.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.compactor.enabled .Values.compactor.persistence.enabled }} 2 | {{- if eq .Values.compactor.kind "Deployment"}} 3 | apiVersion: v1 4 | kind: PersistentVolumeClaim 5 | metadata: 6 | name: data-{{ include "loki.compactorFullname" . }} 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{- include "loki.compactorLabels" . | nindent 4 }} 10 | {{- with .Values.compactor.persistence.annotations }} 11 | annotations: 12 | {{- . | toYaml | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | accessModes: 16 | - ReadWriteOnce 17 | {{- with .Values.compactor.persistence.storageClass }} 18 | storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} 19 | {{- end }} 20 | resources: 21 | requests: 22 | storage: "{{ .Values.compactor.persistence.size }}" 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/compactor/service-compactor.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.compactor.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "loki.compactorFullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.labels" . | nindent 4 }} 9 | {{- with .Values.compactor.serviceLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | app.kubernetes.io/component: compactor 13 | {{- with .Values.loki.serviceAnnotations }} 14 | annotations: 15 | {{- toYaml . | nindent 4 }} 16 | {{- end }} 17 | spec: 18 | type: ClusterIP 19 | ports: 20 | - name: http 21 | port: 3100 22 | targetPort: http 23 | protocol: TCP 24 | - name: grpc 25 | port: 9095 26 | targetPort: grpc 27 | protocol: TCP 28 | {{- if .Values.compactor.appProtocol.grpc }} 29 | appProtocol: {{ .Values.compactor.appProtocol.grpc }} 30 | {{- end }} 31 | selector: 32 | {{- include "loki.selectorLabels" . | nindent 4 }} 33 | app.kubernetes.io/component: compactor 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/compactor/serviceaccount-compactor.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.compactor.enabled .Values.compactor.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "loki.compactorServiceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.labels" . | nindent 4 }} 9 | {{- with .Values.compactor.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | automountServiceAccountToken: {{ .Values.compactor.serviceAccount.automountServiceAccountToken }} 14 | {{- with .Values.compactor.serviceAccount.imagePullSecrets }} 15 | imagePullSecrets: 16 | {{- toYaml . | nindent 2 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/config-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Values.loki.configAsSecret) (not .Values.loki.existingSecretForConfig) -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "loki.fullname" . }}-config 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.labels" . | nindent 4 }} 9 | {{- with .Values.loki.configSecretLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.loki.configSecretAnnotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | stringData: 17 | config.yaml: | 18 | {{- tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . | nindent 4 }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.loki.existingSecretForConfig) (not .Values.loki.configAsSecret) -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "loki.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.labels" . | nindent 4 }} 9 | data: 10 | config.yaml: | 11 | {{- tpl (mergeOverwrite (tpl .Values.loki.config . | fromYaml) .Values.loki.structuredConfig | toYaml) . | nindent 4 }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/distributor/poddisruptionbudget-distributor.yaml: -------------------------------------------------------------------------------- 1 | {{- if gt (int .Values.distributor.replicas) 1 }} 2 | {{- if kindIs "invalid" .Values.distributor.maxUnavailable }} 3 | {{- fail "`.Values.distributor.maxUnavailable` must be set when `.Values.distributor.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.distributorFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.distributorLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.distributorSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.distributor.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.distributor.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/distributor/service-distributor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "loki.distributorFullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "loki.distributorLabels" . | nindent 4 }} 8 | {{- with .Values.distributor.serviceLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.loki.serviceAnnotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - name: http 19 | port: 3100 20 | targetPort: http 21 | protocol: TCP 22 | - name: grpc 23 | port: 9095 24 | targetPort: grpc 25 | protocol: TCP 26 | {{- if .Values.distributor.appProtocol.grpc }} 27 | appProtocol: {{ .Values.distributor.appProtocol.grpc }} 28 | {{- end }} 29 | selector: 30 | {{- include "loki.distributorSelectorLabels" . | nindent 4 }} 31 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/gateway/configmap-gateway.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.gateway.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "loki.gatewayFullname" . }} 6 | labels: 7 | {{- include "loki.gatewayLabels" . | nindent 4 }} 8 | data: 9 | nginx.conf: | 10 | {{- tpl .Values.gateway.nginxConfig.file . | nindent 4 }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/gateway/poddisruptionbudget-gateway.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.gateway.enabled (gt (int .Values.gateway.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.gateway.maxUnavailable }} 3 | {{- fail "`.Values.gateway.maxUnavailable` must be set when `.Values.gateway.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.gatewayFullname" . }} 9 | labels: 10 | {{- include "loki.gatewayLabels" . | nindent 4 }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "loki.gatewaySelectorLabels" . | nindent 6 }} 15 | {{- with .Values.gateway.maxUnavailable }} 16 | maxUnavailable: {{ . }} 17 | {{- end }} 18 | {{- with .Values.gateway.minAvailable }} 19 | minAvailable: {{ . }} 20 | {{- end }} 21 | {{- end }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/gateway/secret-gateway.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.gateway }} 2 | {{- if and .enabled .basicAuth.enabled (not .basicAuth.existingSecret) }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ include "loki.gatewayFullname" $ }} 7 | labels: 8 | {{- include "loki.gatewayLabels" $ | nindent 4 }} 9 | stringData: 10 | .htpasswd: | 11 | {{- tpl .basicAuth.htpasswd $ | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/index-gateway/poddisruptionbudget-index-gateway.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.indexGateway.enabled (gt (int .Values.indexGateway.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.indexGateway.maxUnavailable }} 3 | {{- fail "`.Values.indexGateway.maxUnavailable` must be set when `.Values.indexGateway.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.indexGatewayFullname" . }} 9 | labels: 10 | {{- include "loki.indexGatewayLabels" . | nindent 4 }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "loki.indexGatewaySelectorLabels" . | nindent 6 }} 15 | {{- with .Values.indexGateway.maxUnavailable }} 16 | maxUnavailable: {{ . }} 17 | {{- end }} 18 | {{- with .Values.indexGateway.minAvailable }} 19 | minAvailable: {{ . }} 20 | {{- end }} 21 | {{- end }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/index-gateway/service-index-gateway-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.indexGateway.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "loki.indexGatewayFullname" . }}-headless 6 | labels: 7 | {{- include "loki.indexGatewaySelectorLabels" . | nindent 4 }} 8 | prometheus.io/service-monitor: "false" 9 | spec: 10 | type: ClusterIP 11 | clusterIP: None 12 | ports: 13 | - name: http 14 | port: 3100 15 | targetPort: http 16 | protocol: TCP 17 | - name: grpc 18 | port: 9095 19 | targetPort: grpc 20 | protocol: TCP 21 | {{- with .Values.indexGateway.appProtocol.grpc }} 22 | appProtocol: {{ . }} 23 | {{- end }} 24 | selector: 25 | {{- include "loki.indexGatewaySelectorLabels" . | nindent 4 }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/index-gateway/service-index-gateway.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.indexGateway.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "loki.indexGatewayFullname" . }} 6 | labels: 7 | {{- include "loki.indexGatewayLabels" . | nindent 4 }} 8 | {{- with .Values.indexGateway.serviceLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.loki.serviceAnnotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - name: http 19 | port: 3100 20 | targetPort: http 21 | protocol: TCP 22 | - name: grpc 23 | port: 9095 24 | targetPort: grpc 25 | protocol: TCP 26 | {{- with .Values.indexGateway.appProtocol.grpc }} 27 | appProtocol: {{ . }} 28 | {{- end }} 29 | selector: 30 | {{- include "loki.indexGatewaySelectorLabels" . | nindent 4 }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/ingester/poddisruptionbudget-ingester.yaml: -------------------------------------------------------------------------------- 1 | {{- if gt (int .Values.ingester.replicas) 1 }} 2 | {{- if kindIs "invalid" .Values.ingester.maxUnavailable }} 3 | {{- fail "`.Values.ingester.maxUnavailable` must be set when `.Values.ingester.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.ingesterFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.ingesterLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.ingesterSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.ingester.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.ingester.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/ingester/service-ingester-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "loki.ingesterFullname" . }}-headless 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "loki.ingesterSelectorLabels" . | nindent 4 }} 8 | prometheus.io/service-monitor: "false" 9 | {{- with .Values.loki.serviceAnnotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | type: ClusterIP 15 | clusterIP: None 16 | ports: 17 | - name: http 18 | port: 3100 19 | targetPort: http 20 | protocol: TCP 21 | - name: grpc 22 | port: 9095 23 | targetPort: grpc 24 | protocol: TCP 25 | {{- if .Values.ingester.appProtocol.grpc }} 26 | appProtocol: {{ .Values.ingester.appProtocol.grpc }} 27 | {{- end }} 28 | selector: 29 | {{- include "loki.ingesterSelectorLabels" . | nindent 4 }} 30 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/ingester/service-ingester.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "loki.ingesterFullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "loki.ingesterLabels" . | nindent 4 }} 8 | {{- with .Values.ingester.serviceLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.loki.serviceAnnotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - name: http 19 | port: 3100 20 | targetPort: http 21 | protocol: TCP 22 | - name: grpc 23 | port: 9095 24 | targetPort: grpc 25 | protocol: TCP 26 | {{- if .Values.ingester.appProtocol.grpc }} 27 | appProtocol: {{ .Values.ingester.appProtocol.grpc }} 28 | {{- end }} 29 | selector: 30 | {{- include "loki.ingesterSelectorLabels" . | nindent 4 }} 31 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-chunks/_helpers-memcached-chunks.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | memcached-chunks fullname 3 | */}} 4 | {{- define "loki.memcachedChunksFullname" -}} 5 | {{ include "loki.fullname" . }}-memcached-chunks 6 | {{- end }} 7 | 8 | {{/* 9 | memcached-chunks fullname 10 | */}} 11 | {{- define "loki.memcachedChunksLabels" -}} 12 | {{ include "loki.labels" . }} 13 | app.kubernetes.io/component: memcached-chunks 14 | {{- end }} 15 | 16 | {{/* 17 | memcached-chunks selector labels 18 | */}} 19 | {{- define "loki.memcachedChunksSelectorLabels" -}} 20 | {{ include "loki.selectorLabels" . }} 21 | app.kubernetes.io/component: memcached-chunks 22 | {{- end }} 23 | 24 | {{/* 25 | memcached-chunks priority class name 26 | */}} 27 | {{- define "loki.memcachedChunksPriorityClassName" -}} 28 | {{- $pcn := coalesce .Values.global.priorityClassName .Values.memcachedChunks.priorityClassName -}} 29 | {{- if $pcn }} 30 | priorityClassName: {{ $pcn }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-chunks/poddisruptionbudget-memcached-chunks.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.memcachedChunks.enabled (gt (int .Values.memcachedChunks.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.memcachedChunks.maxUnavailable }} 3 | {{- fail "`.Values.memcachedChunks.maxUnavailable` must be set when `.Values.memcachedChunks.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.memcachedChunksFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.memcachedChunksLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.memcachedChunksSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.memcachedChunks.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.memcachedChunks.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-frontend/_helpers-memcached-frontend.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | memcached-frontend fullname 3 | */}} 4 | {{- define "loki.memcachedFrontendFullname" -}} 5 | {{ include "loki.fullname" . }}-memcached-frontend 6 | {{- end }} 7 | 8 | {{/* 9 | memcached-frontend labels 10 | */}} 11 | {{- define "loki.memcachedFrontendLabels" -}} 12 | {{ include "loki.labels" . }} 13 | app.kubernetes.io/component: memcached-frontend 14 | {{- end }} 15 | 16 | {{/* 17 | memcached-frontend selector labels 18 | */}} 19 | {{- define "loki.memcachedFrontendSelectorLabels" -}} 20 | {{ include "loki.selectorLabels" . }} 21 | app.kubernetes.io/component: memcached-frontend 22 | {{- end }} 23 | 24 | {{/* 25 | memcached-frontend priority class name 26 | */}} 27 | {{- define "loki.memcachedFrontendPriorityClassName" -}} 28 | {{- $pcn := coalesce .Values.global.priorityClassName .Values.memcachedFrontend.priorityClassName -}} 29 | {{- if $pcn }} 30 | priorityClassName: {{ $pcn }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-frontend/poddisruptionbudget-memcached-frontend.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.memcachedFrontend.enabled (gt (int .Values.memcachedFrontend.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.memcachedFrontend.maxUnavailable }} 3 | {{- fail "`.Values.memcachedFrontend.maxUnavailable` must be set when `.Values.memcachedFrontend.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.memcachedFrontendFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.memcachedFrontendLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.memcachedFrontendSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.memcachedFrontend.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.memcachedFrontend.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-index-queries/_helpers-memcached-index-queries.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | memcached-index-queries fullname 3 | */}} 4 | {{- define "loki.memcachedIndexQueriesFullname" -}} 5 | {{ include "loki.fullname" . }}-memcached-index-queries 6 | {{- end }} 7 | 8 | {{/* 9 | memcached-index-queries fullname 10 | */}} 11 | {{- define "loki.memcachedIndexQueriesLabels" -}} 12 | {{ include "loki.labels" . }} 13 | app.kubernetes.io/component: memcached-index-queries 14 | {{- end }} 15 | 16 | {{/* 17 | memcached-index-queries selector labels 18 | */}} 19 | {{- define "loki.memcachedIndexQueriesSelectorLabels" -}} 20 | {{ include "loki.selectorLabels" . }} 21 | app.kubernetes.io/component: memcached-index-queries 22 | {{- end }} 23 | 24 | {{/* 25 | memcached-index-queries priority class name 26 | */}} 27 | {{- define "loki.memcachedIndexQueriesPriorityClassName" -}} 28 | {{- $pcn := coalesce .Values.global.priorityClassName .Values.memcachedIndexQueries.priorityClassName -}} 29 | {{- if $pcn }} 30 | priorityClassName: {{ $pcn }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-index-queries/poddisruptionbudget-memcached-index-queries.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.memcachedIndexQueries.enabled (gt (int .Values.memcachedIndexQueries.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.memcachedIndexQueries.maxUnavailable }} 3 | {{- fail "`.Values.memcachedIndexQueries.maxUnavailable` must be set when `.Values.memcachedIndexQueries.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.memcachedIndexQueriesFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.memcachedIndexQueriesLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.memcachedIndexQueriesSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.memcachedIndexQueries.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.memcachedIndexQueries.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-index-writes/_helpers-memcached-index-writes.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | memcached-index-writes fullname 3 | */}} 4 | {{- define "loki.memcachedIndexWritesFullname" -}} 5 | {{ include "loki.fullname" . }}-memcached-index-writes 6 | {{- end }} 7 | 8 | {{/* 9 | memcached-index-writes fullname 10 | */}} 11 | {{- define "loki.memcachedIndexWritesLabels" -}} 12 | {{ include "loki.labels" . }} 13 | app.kubernetes.io/component: memcached-index-writes 14 | {{- end }} 15 | 16 | {{/* 17 | memcached-index-writes selector labels 18 | */}} 19 | {{- define "loki.memcachedIndexWritesSelectorLabels" -}} 20 | {{ include "loki.selectorLabels" . }} 21 | app.kubernetes.io/component: memcached-index-writes 22 | {{- end }} 23 | 24 | {{/* 25 | memcached-index-writes priority class name 26 | */}} 27 | {{- define "loki.memcachedIndexWritesPriorityClassName" -}} 28 | {{- $pcn := coalesce .Values.global.priorityClassName .Values.memcachedIndexWrites.priorityClassName -}} 29 | {{- if $pcn }} 30 | priorityClassName: {{ $pcn }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/memcached-index-writes/poddisruptionbudget-memcached-index-writes.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.memcachedIndexWrites.enabled (gt (int .Values.memcachedIndexWrites.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.memcachedIndexWrites.maxUnavailable }} 3 | {{- fail "`.Values.memcachedIndexWrites.maxUnavailable` must be set when `.Values.memcachedIndexWrites.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.memcachedIndexWritesFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.memcachedIndexWritesLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.memcachedIndexWritesSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.memcachedIndexWrites.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.memcachedIndexWrites.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.pspEnabled }} 2 | {{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} 3 | apiVersion: policy/v1beta1 4 | kind: PodSecurityPolicy 5 | metadata: 6 | name: {{ include "loki.fullname" . }} 7 | labels: 8 | {{- include "loki.labels" . | nindent 4 }} 9 | spec: 10 | privileged: false 11 | allowPrivilegeEscalation: false 12 | volumes: 13 | - 'configMap' 14 | - 'emptyDir' 15 | - 'persistentVolumeClaim' 16 | - 'secret' 17 | hostNetwork: false 18 | hostIPC: false 19 | hostPID: false 20 | runAsUser: 21 | rule: 'MustRunAsNonRoot' 22 | seLinux: 23 | rule: 'RunAsAny' 24 | supplementalGroups: 25 | rule: 'MustRunAs' 26 | ranges: 27 | - min: 1 28 | max: 65535 29 | fsGroup: 30 | rule: 'MustRunAs' 31 | ranges: 32 | - min: 1 33 | max: 65535 34 | readOnlyRootFilesystem: true 35 | requiredDropCapabilities: 36 | - ALL 37 | {{- end }} 38 | {{- end }} 39 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- with .Values.prometheusRule }} 2 | {{- if .enabled }} 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: {{ include "loki.fullname" $ }} 7 | {{- with .namespace }} 8 | namespace: {{ . }} 9 | {{- end }} 10 | {{- with .annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | labels: 15 | {{- include "loki.labels" $ | nindent 4 }} 16 | {{- with .labels }} 17 | {{- toYaml . | nindent 4 }} 18 | {{- end }} 19 | spec: 20 | groups: 21 | {{- toYaml .groups | nindent 4 }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/querier/poddisruptionbudget-querier.yaml: -------------------------------------------------------------------------------- 1 | {{- if gt (int .Values.querier.replicas) 1 }} 2 | {{- if kindIs "invalid" .Values.querier.maxUnavailable }} 3 | {{- fail "`.Values.querier.maxUnavailable` must be set when `.Values.querier.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.querierFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.querierLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.querierSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.querier.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.querier.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/querier/service-querier-headless.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.indexGateway.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "loki.querierFullname" . }}-headless 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.querierSelectorLabels" . | nindent 4 }} 9 | prometheus.io/service-monitor: "false" 10 | spec: 11 | type: ClusterIP 12 | clusterIP: None 13 | ports: 14 | - name: http 15 | port: 3100 16 | targetPort: http 17 | protocol: TCP 18 | - name: grpc 19 | port: 9095 20 | targetPort: grpc 21 | protocol: TCP 22 | {{- if .Values.querier.appProtocol.grpc }} 23 | appProtocol: {{ .Values.querier.appProtocol.grpc }} 24 | {{- end }} 25 | selector: 26 | {{- include "loki.querierSelectorLabels" . | nindent 4 }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/querier/service-querier.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "loki.querierFullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "loki.querierLabels" . | nindent 4 }} 8 | {{- with .Values.querier.serviceLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.loki.serviceAnnotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | ports: 18 | - name: http 19 | port: 3100 20 | targetPort: http 21 | protocol: TCP 22 | - name: grpc 23 | port: 9095 24 | targetPort: grpc 25 | protocol: TCP 26 | {{- if .Values.querier.appProtocol.grpc }} 27 | appProtocol: {{ .Values.querier.appProtocol.grpc }} 28 | {{- end }} 29 | selector: 30 | {{- include "loki.querierSelectorLabels" . | nindent 4 }} 31 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/query-frontend/poddisruptionbudget-query-frontent.yaml: -------------------------------------------------------------------------------- 1 | {{- if gt (int .Values.queryFrontend.replicas) 1 }} 2 | {{- if kindIs "invalid" .Values.queryFrontend.maxUnavailable }} 3 | {{- fail "`.Values.queryFrontend.maxUnavailable` must be set when `.Values.queryFrontend.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.queryFrontendFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.queryFrontendLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.queryFrontendSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.queryFrontend.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.queryFrontend.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/query-scheduler/poddisruptionbudget-query-scheduler.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.queryScheduler.enabled (gt (int .Values.queryScheduler.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.queryScheduler.maxUnavailable }} 3 | {{- fail "`.Values.queryScheduler.maxUnavailable` must be set when `.Values.queryScheduler.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.querySchedulerFullname" . }} 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | {{- include "loki.querySchedulerLabels" . | nindent 4 }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | {{- include "loki.querySchedulerSelectorLabels" . | nindent 6 }} 16 | {{- with .Values.queryScheduler.maxUnavailable }} 17 | maxUnavailable: {{ . }} 18 | {{- end }} 19 | {{- with .Values.queryScheduler.minAvailable }} 20 | minAvailable: {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/query-scheduler/service-query-scheduler.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.queryScheduler.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "loki.querySchedulerFullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.querySchedulerLabels" . | nindent 4 }} 9 | {{- with .Values.queryScheduler.serviceLabels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.loki.serviceAnnotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | type: ClusterIP 18 | clusterIP: None 19 | publishNotReadyAddresses: true 20 | ports: 21 | - name: http 22 | port: 3100 23 | targetPort: http 24 | protocol: TCP 25 | - name: grpclb 26 | port: 9095 27 | targetPort: grpc 28 | protocol: TCP 29 | {{- with .Values.queryScheduler.appProtocol.grpc }} 30 | appProtocol: {{ . }} 31 | {{- end }} 32 | selector: 33 | {{- include "loki.querySchedulerSelectorLabels" . | nindent 4 }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.rbac.pspEnabled .Values.rbac.sccEnabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "loki.fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.labels" . | nindent 4 }} 9 | {{- if .Values.rbac.pspEnabled }} 10 | rules: 11 | - apiGroups: 12 | - policy 13 | resources: 14 | - podsecuritypolicies 15 | verbs: 16 | - use 17 | resourceNames: 18 | - {{ include "loki.fullname" . }} 19 | {{- end }} 20 | {{- if .Values.rbac.sccEnabled }} 21 | rules: 22 | - apiGroups: 23 | - security.openshift.io 24 | resources: 25 | - securitycontextconstraints 26 | verbs: 27 | - use 28 | resourceNames: 29 | - {{ include "loki.fullname" . }} 30 | {{- end }} 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.rbac.pspEnabled .Values.rbac.sccEnabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "loki.fullname" . }} 6 | labels: 7 | {{- include "loki.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ include "loki.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "loki.serviceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/ruler/configmap-ruler.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ruler.enabled }} 2 | {{- range $dir, $files := .Values.ruler.directories }} 3 | --- 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: {{ include "loki.rulerFullname" $ }}-{{ include "loki.rulerRulesDirName" $dir }} 8 | labels: 9 | {{- include "loki.rulerLabels" $ | nindent 4 }} 10 | data: 11 | {{- toYaml $files | nindent 2}} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/ruler/persistentvolumeclaim-ruler.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (eq .Values.ruler.kind "Deployment") .Values.ruler.enabled .Values.ruler.persistence.enabled }} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: data-{{ include "loki.rulerFullname" . }} 6 | labels: 7 | {{- include "loki.rulerLabels" . | nindent 4 }} 8 | {{- with .Values.ruler.persistence.annotations }} 9 | annotations: 10 | {{- . | toYaml | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | {{- with .Values.ruler.persistence.storageClass }} 16 | storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} 17 | {{- end }} 18 | resources: 19 | requests: 20 | storage: "{{ .Values.ruler.persistence.size }}" 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/ruler/poddisruptionbudget-ruler.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.ruler.enabled (gt (int .Values.ruler.replicas) 1) }} 2 | {{- if kindIs "invalid" .Values.ruler.maxUnavailable }} 3 | {{- fail "`.Values.ruler.maxUnavailable` must be set when `.Values.ruler.replicas` is greater than 1." }} 4 | {{- else }} 5 | apiVersion: {{ include "loki.pdb.apiVersion" . }} 6 | kind: PodDisruptionBudget 7 | metadata: 8 | name: {{ include "loki.rulerFullname" . }} 9 | labels: 10 | {{- include "loki.rulerLabels" . | nindent 4 }} 11 | spec: 12 | selector: 13 | matchLabels: 14 | {{- include "loki.rulerSelectorLabels" . | nindent 6 }} 15 | {{- with .Values.ruler.maxUnavailable }} 16 | maxUnavailable: {{ . }} 17 | {{- end }} 18 | {{- with .Values.ruler.minAvailable }} 19 | minAvailable: {{ . }} 20 | {{- end }} 21 | {{- end }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/ruler/service-ruler.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ruler.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "loki.rulerFullname" . }} 6 | labels: 7 | {{- include "loki.rulerSelectorLabels" . | nindent 4 }} 8 | {{- with .Values.ruler.serviceLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | {{- with .Values.loki.serviceAnnotations }} 12 | annotations: 13 | {{- toYaml . | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | clusterIP: None 18 | ports: 19 | - name: http 20 | port: 3100 21 | targetPort: http 22 | protocol: TCP 23 | - name: grpc 24 | port: 9095 25 | targetPort: grpc 26 | protocol: TCP 27 | {{- with .Values.ruler.appProtocol.grpc }} 28 | appProtocol: {{ . }} 29 | {{- end }} 30 | selector: 31 | {{- include "loki.rulerSelectorLabels" . | nindent 4 }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/runtime-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "loki.fullname" . }}-runtime 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "loki.labels" . | nindent 4 }} 8 | data: 9 | runtime.yaml: | 10 | {{ tpl (toYaml .Values.runtimeConfig) . | nindent 4 }} 11 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/securitycontextconstraints.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.sccEnabled }} 2 | apiVersion: security.openshift.io/v1 3 | kind: SecurityContextConstraints 4 | metadata: 5 | name: {{ include "loki.fullname" . }} 6 | labels: 7 | {{- include "loki.labels" . | nindent 4 }} 8 | allowHostDirVolumePlugin: false 9 | allowHostIPC: false 10 | allowHostNetwork: false 11 | allowHostPID: false 12 | allowHostPorts: false 13 | allowPrivilegeEscalation: true 14 | allowPrivilegedContainer: false 15 | allowedCapabilities: [] 16 | defaultAddCapabilities: null 17 | fsGroup: 18 | type: RunAsAny 19 | groups: [] 20 | priority: null 21 | readOnlyRootFilesystem: false 22 | requiredDropCapabilities: 23 | - ALL 24 | runAsUser: 25 | type: RunAsAny 26 | seLinuxContext: 27 | type: MustRunAs 28 | seccompProfiles: 29 | - '*' 30 | supplementalGroups: 31 | type: RunAsAny 32 | volumes: 33 | - configMap 34 | - downwardAPI 35 | - emptyDir 36 | - hostPath 37 | - persistentVolumeClaim 38 | - projected 39 | - secret 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/service-memberlist.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "loki.fullname" . }}-memberlist 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "loki.labels" . | nindent 4 }} 8 | spec: 9 | type: ClusterIP 10 | clusterIP: None 11 | ports: 12 | - name: tcp 13 | port: 7946 14 | targetPort: http-memberlist 15 | protocol: TCP 16 | {{- if .Values.loki.appProtocol }} 17 | appProtocol: {{ .Values.loki.appProtocol }} 18 | {{- end }} 19 | selector: 20 | {{- include "loki.selectorLabels" . | nindent 4 }} 21 | app.kubernetes.io/part-of: memberlist 22 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "loki.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "loki.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.labels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.serviceAccount.annotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 17 | {{- with .Values.serviceAccount.imagePullSecrets }} 18 | imagePullSecrets: 19 | {{- toYaml . | nindent 2 }} 20 | {{- end }} 21 | {{- end }} 22 | 23 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/table-manager/service-table-manager.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tableManager.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "loki.fullname" . }}-table-manager 6 | labels: 7 | {{- include "loki.labels" . | nindent 4 }} 8 | {{- with .Values.tableManager.serviceLabels }} 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | app.kubernetes.io/component: table-manager 12 | {{- with .Values.loki.serviceAnnotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | type: ClusterIP 18 | ports: 19 | - name: http 20 | port: 3100 21 | targetPort: http 22 | protocol: TCP 23 | - name: grpc 24 | port: 9095 25 | targetPort: grpc 26 | protocol: TCP 27 | selector: 28 | {{- include "loki.selectorLabels" . | nindent 4 }} 29 | app.kubernetes.io/component: table-manager 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/loki-distributed/templates/validate.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{- if and .Values.ingress.enabled .Values.gateway.enabled }} 3 | {{- fail "The 'top level' ingress and gateway service shouldn't both be enabled. If you'd like to use the gateway service, there's an ingress configuration under it. See values.yaml for further details" -}} 4 | {{- end }} 5 | -------------------------------------------------------------------------------- /charts/loki-distributed/values.test.yaml: -------------------------------------------------------------------------------- 1 | loki: 2 | annotations: 3 | foo: bar 4 | -------------------------------------------------------------------------------- /charts/loki-simple-scalable/README.md: -------------------------------------------------------------------------------- 1 | # ⚠️ DEPRECATED - Loki Simple Scalable chart 2 | 3 | This chart was moved to . The new chart is published to `grafana/loki` and this chart is deprecated and no longer maintained. 4 | 5 | Please file any issues with the new chart on the [Grafana Loki](https://github.com/grafana/loki) repository. 6 | 7 | The source code for this chart was removed from this repoistory after commit [b8a1b0cd](https://github.com/grafana/helm-charts/commit/b8a1b0cd8ffac1f5e6242d6aa1cba907cf2ec17f). 8 | -------------------------------------------------------------------------------- /charts/loki-stack/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/loki-stack/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | name: loki-stack 3 | version: 2.10.2 4 | appVersion: v2.9.3 5 | kubeVersion: "^1.10.0-0" 6 | description: "Loki: like Prometheus, but for logs." 7 | home: https://grafana.com/loki 8 | icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png 9 | sources: 10 | - https://github.com/grafana/loki 11 | maintainers: 12 | - name: Loki Maintainers 13 | email: lokiproject@googlegroups.com 14 | engine: gotpl 15 | -------------------------------------------------------------------------------- /charts/loki-stack/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: "loki" 3 | condition: loki.enabled 4 | repository: "https://grafana.github.io/helm-charts" 5 | version: "^2.15.2" 6 | - name: "promtail" 7 | condition: promtail.enabled 8 | repository: "https://grafana.github.io/helm-charts" 9 | version: "^6.7.4" 10 | - name: "fluent-bit" 11 | condition: fluent-bit.enabled 12 | repository: "https://grafana.github.io/helm-charts" 13 | version: "^2.3.0" 14 | - name: "grafana" 15 | condition: grafana.enabled 16 | version: "~6.43.0" 17 | repository: "https://grafana.github.io/helm-charts" 18 | - name: "prometheus" 19 | condition: prometheus.enabled 20 | version: "~19.7.2" 21 | repository: "https://prometheus-community.github.io/helm-charts" 22 | - name: "filebeat" 23 | condition: filebeat.enabled 24 | version: "~7.17.1" 25 | repository: "https://helm.elastic.co" 26 | - name: "logstash" 27 | condition: logstash.enabled 28 | version: "~7.17.1" 29 | repository: "https://helm.elastic.co" 30 | -------------------------------------------------------------------------------- /charts/loki-stack/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | The Loki stack has been deployed to your cluster. Loki can now be added as a datasource in Grafana. 2 | 3 | See http://docs.grafana.org/features/datasources/loki/ for more detail. 4 | -------------------------------------------------------------------------------- /charts/loki/README.md: -------------------------------------------------------------------------------- 1 | # Loki Helm chart 2 | 3 | The `loki` chart is the recommended Helm chart to install Grafana Loki. It is maintained by both Grafana Labs and the Loki community. 4 | 5 | The `loki` Helm chart at [https://grafana.github.io/helm-charts](https://grafana.github.io/helm-charts) is a publication of the source code at [**grafana/loki**](https://github.com/grafana/loki/tree/main/production/helm/loki). 6 | 7 | Please file any issues with this Helm chart in the [Grafana Loki](https://github.com/grafana/loki) repository. 8 | 9 | The source code for this chart was removed from this repository after commit [b8a1b0cd](https://github.com/grafana/helm-charts/commit/b8a1b0cd8ffac1f5e6242d6aa1cba907cf2ec17f) and moved to . 10 | -------------------------------------------------------------------------------- /charts/promtail/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/promtail/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: promtail 3 | description: Promtail is an agent which ships the contents of local logs to a Loki instance 4 | type: application 5 | appVersion: 3.5.1 6 | version: 6.17.0 7 | home: https://grafana.com/loki 8 | sources: 9 | - https://github.com/grafana/loki 10 | - https://grafana.com/oss/loki/ 11 | - https://grafana.com/docs/loki/latest/ 12 | icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png 13 | maintainers: 14 | - name: Loki Maintainers 15 | email: lokiproject@googlegroups.com 16 | - name: unguiculus 17 | -------------------------------------------------------------------------------- /charts/promtail/ci/autoscaled-deployment-values.yaml: -------------------------------------------------------------------------------- 1 | daemonset: 2 | enabled: false 3 | deployment: 4 | enabled: true 5 | autoscaling: 6 | enabled: true 7 | -------------------------------------------------------------------------------- /charts/promtail/ci/default-values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/grafana/helm-charts/e1178edc6e6bb7c0a32c7542d154747e6d9890c1/charts/promtail/ci/default-values.yaml -------------------------------------------------------------------------------- /charts/promtail/ci/deployment-values.yaml: -------------------------------------------------------------------------------- 1 | daemonset: 2 | enabled: false 3 | deployment: 4 | enabled: true 5 | -------------------------------------------------------------------------------- /charts/promtail/ci/service-values.yaml: -------------------------------------------------------------------------------- 1 | extraPorts: 2 | syslog: 3 | name: tcp-syslog 4 | containerPort: 1514 5 | service: 6 | port: 1234 7 | type: NodePort 8 | httpPush: 9 | name: http-push 10 | containerPort: 3500 11 | ingress: 12 | hosts: 13 | - chart-example.local 14 | grpcPush: 15 | name: grpc-push 16 | containerPort: 3600 17 | 18 | config: 19 | snippets: 20 | extraScrapeConfigs: | 21 | - job_name: syslog 22 | syslog: 23 | listen_address: 0.0.0.0:{{ .Values.extraPorts.syslog.containerPort }} 24 | labels: 25 | job: syslog 26 | relabel_configs: 27 | - source_labels: 28 | - __syslog_message_hostname 29 | target_label: host 30 | 31 | - job_name: push1 32 | loki_push_api: 33 | server: 34 | http_listen_port: {{ .Values.extraPorts.httpPush.containerPort }} 35 | grpc_listen_port: {{ .Values.extraPorts.grpcPush.containerPort }} 36 | labels: 37 | pushserver: push1 38 | -------------------------------------------------------------------------------- /charts/promtail/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | *********************************************************************** 2 | Welcome to Grafana Promtail 3 | Chart version: {{ .Chart.Version }} 4 | Promtail version: {{ .Values.image.tag | default .Chart.AppVersion }} 5 | *********************************************************************** 6 | 7 | Verify the application is working by running these commands: 8 | 9 | {{- if .Values.daemonset.enabled }} 10 | * kubectl --namespace {{ .Release.Namespace }} port-forward daemonset/{{ include "promtail.fullname" . }} {{ .Values.config.serverPort }} 11 | {{- end }} 12 | {{- if .Values.deployment.enabled }} 13 | * kubectl --namespace {{ .Release.Namespace }} port-forward deployment/{{ include "promtail.fullname" . }} {{ .Values.config.serverPort }} 14 | {{- end }} 15 | * curl http://127.0.0.1:{{ .Values.config.serverPort }}/metrics 16 | -------------------------------------------------------------------------------- /charts/promtail/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | labels: 7 | {{- include "promtail.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - nodes 13 | - nodes/proxy 14 | - services 15 | - endpoints 16 | - pods 17 | verbs: 18 | - get 19 | - watch 20 | - list 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/promtail/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | labels: 7 | {{- include "promtail.labels" . | nindent 4 }} 8 | subjects: 9 | - kind: ServiceAccount 10 | name: {{ include "promtail.serviceAccountName" . }} 11 | namespace: {{ include "promtail.namespaceName" . }} 12 | roleRef: 13 | kind: ClusterRole 14 | name: {{ include "promtail.fullname" . }} 15 | apiGroup: rbac.authorization.k8s.io 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/promtail/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.config.enabled .Values.configmap.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | data: 10 | promtail.yaml: | 11 | {{- tpl .Values.config.file . | nindent 4 }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/promtail/templates/daemonset.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.daemonset.enabled }} 2 | apiVersion: apps/v1 3 | kind: DaemonSet 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | {{- with .Values.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | {{- if .Values.revisionHistoryLimit }} 15 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 16 | {{- end }} 17 | selector: 18 | matchLabels: 19 | {{- include "promtail.selectorLabels" . | nindent 6 }} 20 | updateStrategy: 21 | {{- toYaml .Values.updateStrategy | nindent 4 }} 22 | template: 23 | {{- include "promtail.podTemplate" . | nindent 4 }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/promtail/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.deployment.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | {{- with .Values.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | spec: 14 | {{- if not .Values.deployment.autoscaling.enabled }} 15 | replicas: {{ .Values.deployment.replicaCount }} 16 | {{- end }} 17 | {{- if .Values.revisionHistoryLimit }} 18 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 19 | {{- end }} 20 | {{- with .Values.deployment.strategy }} 21 | strategy: 22 | {{- toYaml . | trim | nindent 4 }} 23 | {{- end }} 24 | selector: 25 | matchLabels: 26 | {{- include "promtail.selectorLabels" . | nindent 6 }} 27 | template: 28 | {{- include "promtail.podTemplate" . | nindent 4 }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/promtail/templates/extra-manifests.yaml: -------------------------------------------------------------------------------- 1 | {{ range .Values.extraObjects }} 2 | --- 3 | {{ tpl (toYaml .) $ }} 4 | {{ end }} 5 | -------------------------------------------------------------------------------- /charts/promtail/templates/podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.rbac.create .Values.rbac.pspEnabled }} 2 | apiVersion: policy/v1beta1 3 | kind: PodSecurityPolicy 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | labels: 7 | {{- include "promtail.labels" . | nindent 4 }} 8 | spec: 9 | {{- toYaml .Values.podSecurityPolicy | nindent 2 }} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/promtail/templates/prometheus-rules.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceMonitor.enabled .Values.serviceMonitor.prometheusRule.enabled -}} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | {{- with .Values.serviceMonitor.prometheusRule.namespace }} 7 | namespace: {{ . | quote }} 8 | {{- end }} 9 | labels: 10 | {{- include "promtail.labels" . | nindent 4 }} 11 | {{- with .Values.serviceMonitor.prometheusRule.additionalLabels }} 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | {{- if .Values.serviceMonitor.prometheusRule.rules }} 16 | groups: 17 | - name: {{ template "promtail.fullname" . }} 18 | rules: 19 | {{- toYaml .Values.serviceMonitor.prometheusRule.rules | nindent 4 }} 20 | {{- end }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/promtail/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.rbac.create .Values.rbac.pspEnabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "promtail.fullname" . }}-psp 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | rules: 10 | - apiGroups: 11 | - policy 12 | resources: 13 | - podsecuritypolicies 14 | verbs: 15 | - use 16 | resourceNames: 17 | - {{ include "promtail.fullname" . }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/promtail/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.rbac.create .Values.rbac.pspEnabled }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "promtail.fullname" . }}-psp 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: {{ include "promtail.fullname" . }}-psp 13 | subjects: 14 | - kind: ServiceAccount 15 | name: {{ include "promtail.serviceAccountName" . }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/promtail/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if not .Values.configmap.enabled }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "promtail.fullname" . }} 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | {{- with .Values.secret.labels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.secret.annotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | stringData: 17 | promtail.yaml: | 18 | {{- tpl .Values.config.file . | nindent 4 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/promtail/templates/service-metrics.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.serviceMonitor.enabled .Values.service.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "promtail.fullname" . }}-metrics 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | {{- with .Values.service.labels }} 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- with .Values.service.annotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | clusterIP: None 18 | ports: 19 | - name: http-metrics 20 | port: {{ .Values.config.serverPort }} 21 | targetPort: http-metrics 22 | protocol: TCP 23 | selector: 24 | {{- include "promtail.selectorLabels" . | nindent 4 }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/promtail/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create }} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "promtail.serviceAccountName" . }} 6 | namespace: {{ include "promtail.namespaceName" . }} 7 | labels: 8 | {{- include "promtail.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 14 | {{- with .Values.serviceAccount.imagePullSecrets }} 15 | imagePullSecrets: 16 | {{- toYaml . | nindent 2 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/rollout-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/rollout-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: rollout-operator 3 | description: "Grafana rollout-operator" 4 | type: application 5 | version: 0.29.0 6 | appVersion: v0.27.0 7 | home: https://github.com/grafana/rollout-operator 8 | kubeVersion: ^1.10.0-0 9 | -------------------------------------------------------------------------------- /charts/rollout-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Repo : {{ .Chart.Home }} 2 | 3 | Validation: 4 | 5 | Check the logs of the pod and ensure messages for reconcilliation of the statefulsets are present. 6 | ``` 7 | kubectl logs -n {{ .Release.Namespace }} -l {{ include "cli.labels" . }} 8 | ``` 9 | Example log line: 10 | level=debug ts=2022-04-20T13:59:52.783051541Z msg="reconciling StatefulSet" statefulset=mimir-store-gateway-zone-a 11 | -------------------------------------------------------------------------------- /charts/rollout-operator/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ include "rollout-operator.fullname" . }} 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{- include "rollout-operator.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - pods 13 | verbs: 14 | - list 15 | - get 16 | - watch 17 | - delete 18 | - apiGroups: 19 | - apps 20 | resources: 21 | - statefulsets 22 | verbs: 23 | - list 24 | - get 25 | - watch 26 | - patch 27 | - apiGroups: 28 | - apps 29 | resources: 30 | - statefulsets/status 31 | verbs: 32 | - update 33 | -------------------------------------------------------------------------------- /charts/rollout-operator/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ include "rollout-operator.fullname" . }} 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{- include "rollout-operator.labels" . | nindent 4 }} 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: {{ include "rollout-operator.fullname" . }} 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "rollout-operator.serviceAccountName" . }} 15 | -------------------------------------------------------------------------------- /charts/rollout-operator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceMonitor.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ include "rollout-operator.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{- include "rollout-operator.labels" . | nindent 4 }} 9 | spec: 10 | type: ClusterIP 11 | clusterIP: None 12 | ports: 13 | - port: 8001 14 | targetPort: http-metrics 15 | protocol: TCP 16 | name: http-metrics 17 | selector: 18 | {{- include "rollout-operator.selectorLabels" . | nindent 4 }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/rollout-operator/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "rollout-operator.serviceAccountName" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{- include "rollout-operator.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/snyk-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: snyk-exporter 3 | description: Prometheus exporter for Snyk. 4 | version: 0.1.0 5 | appVersion: v1.4.1 6 | home: https://github.com/grafana/snyk_exporter 7 | icon: https://res.cloudinary.com/snyk/image/upload/v1537346326/press-kit/brand/avatar.png 8 | maintainers: 9 | - name: jtyr 10 | email: jiri.tyr@gmail.com 11 | -------------------------------------------------------------------------------- /charts/snyk-exporter/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | {{ template "chart.header" . }} 2 | 3 | {{ template "chart.badgesSection" . }} 4 | 5 | {{ template "chart.description" . }} 6 | 7 | ## Usage 8 | 9 | The Helm chart can be installed like this: 10 | 11 | ```shell 12 | helm upgrade --install myrelease . 13 | ``` 14 | 15 | The Helm chart can be configured by providing an extra values: 16 | 17 | ```shell 18 | cat < 1)); then 24 | echo "This PR has changes to multiple charts. Please create individual PRs per chart." >&2 25 | exit 1 26 | fi 27 | 28 | # Strip charts directory 29 | changed="${changed##*/}" 30 | 31 | if [[ "$PR_TITLE" != "[$changed] "* ]]; then 32 | echo "PR title must start with '[$changed] '." >&2 33 | exit 1 34 | fi 35 | } 36 | 37 | main 38 | --------------------------------------------------------------------------------