promtail values.yaml📜
nameOverride📜
Type: string
nil
Description: Overrides the chart’s name
fullnameOverride📜
Type: string
nil
Description: Overrides the chart’s computed fullname
vpa📜
Type: object
{"annotations":{},"controlledResources":[],"enabled":false,"kind":"DaemonSet","maxAllowed":{},"minAllowed":{},"updatePolicy":{"updateMode":"Auto"}}
Default value (formatted)
{
"annotations": {},
"controlledResources": [],
"enabled": false,
"kind": "DaemonSet",
"maxAllowed": {},
"minAllowed": {},
"updatePolicy": {
"updateMode": "Auto"
}
}
Description: config for VerticalPodAutoscaler
daemonset.enabled📜
Type: bool
true
Description: Deploys Promtail as a DaemonSet
daemonset.autoscaling.enabled📜
Type: bool
false
Description: Creates a VerticalPodAutoscaler for the daemonset
daemonset.autoscaling.controlledResources📜
Type: list
[]
Default value (formatted)
[]
Description: List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
daemonset.autoscaling.maxAllowed📜
Type: object
{}
Default value (formatted)
{}
Description: Defines the max allowed resources for the pod
daemonset.autoscaling.minAllowed📜
Type: object
{}
Default value (formatted)
{}
Description: Defines the min allowed resources for the pod
deployment.enabled📜
Type: bool
false
Description: Deploys Promtail as a Deployment
deployment.replicaCount📜
Type: int
1
deployment.autoscaling.enabled📜
Type: bool
false
Description: Creates a HorizontalPodAutoscaler for the deployment
deployment.autoscaling.minReplicas📜
Type: int
1
deployment.autoscaling.maxReplicas📜
Type: int
10
deployment.autoscaling.targetCPUUtilizationPercentage📜
Type: int
80
deployment.autoscaling.targetMemoryUtilizationPercentage📜
Type: string
nil
deployment.autoscaling.strategy📜
Type: object
{"type":"RollingUpdate"}
Default value (formatted)
{
"type": "RollingUpdate"
}
Description: Set deployment object update strategy
secret.labels📜
Type: object
{}
Default value (formatted)
{}
Description: Labels for the Secret
secret.annotations📜
Type: object
{}
Default value (formatted)
{}
Description: Annotations for the Secret
configmap.enabled📜
Type: bool
false
Description: If enabled, promtail config will be created as a ConfigMap instead of a secret
initContainer📜
Type: list
[]
Default value (formatted)
[]
image.registry📜
Type: string
"registry1.dso.mil"
Description: The Docker registry
image.repository📜
Type: string
"ironbank/opensource/grafana/promtail"
Description: Docker image repository
image.tag📜
Type: string
"v2.9.2"
Description: Overrides the image tag whose default is the chart’s appVersion
image.pullPolicy📜
Type: string
"IfNotPresent"
Description: Docker image pull policy
imagePullSecrets📜
Type: list
[{"name":"private-registry"}]
Default value (formatted)
[
{
"name": "private-registry"
}
]
Description: Image pull secrets for Docker images
hostAliases📜
Type: list
[]
Default value (formatted)
[]
Description: hostAliases to add
hostNetwork📜
Type: string
nil
Description: Controls whether the pod has the hostNetwork flag set.
annotations📜
Type: object
{}
Default value (formatted)
{}
Description: Annotations for the DaemonSet
updateStrategy📜
Type: object
{}
Default value (formatted)
{}
Description: The update strategy for the DaemonSet
podLabels📜
Type: object
{}
Default value (formatted)
{}
Description: Pod labels
podAnnotations📜
Type: object
{}
Default value (formatted)
{}
Description: Pod annotations
priorityClassName📜
Type: string
nil
Description: The name of the PriorityClass
livenessProbe📜
Type: object
{}
Default value (formatted)
{}
Description: Liveness probe
resources📜
Type: object
{"limits":{"cpu":"200m","memory":"128Mi"},"requests":{"cpu":"200m","memory":"128Mi"}}
Default value (formatted)
{
"limits": {
"cpu": "200m",
"memory": "128Mi"
},
"requests": {
"cpu": "200m",
"memory": "128Mi"
}
}
Description: Resource requests and limits
podSecurityContext📜
Type: object
{"runAsGroup":0,"runAsUser":0}
Default value (formatted)
{
"runAsGroup": 0,
"runAsUser": 0
}
Description: The security context for pods
containerSecurityContext📜
Type: object
{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsUser":0,"seLinuxOptions":{"type":"spc_t"}}
Default value (formatted)
{
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"privileged": false,
"readOnlyRootFilesystem": true,
"runAsUser": 0,
"seLinuxOptions": {
"type": "spc_t"
}
}
Description: The security context for containers
rbac.create📜
Type: bool
true
Description: Specifies whether RBAC resources are to be created
rbac.pspEnabled📜
Type: bool
false
Description: Specifies whether a PodSecurityPolicy is to be created
namespace📜
Type: string
nil
Description: The name of the Namespace to deploy If not set, .Release.Namespace is used
serviceAccount.create📜
Type: bool
true
Description: Specifies whether a ServiceAccount should be created
serviceAccount.name📜
Type: string
nil
Description: The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template
serviceAccount.imagePullSecrets📜
Type: list
[]
Default value (formatted)
[]
Description: Image pull secrets for the service account
serviceAccount.annotations📜
Type: object
{}
Default value (formatted)
{}
Description: Annotations for the service account
nodeSelector📜
Type: object
{}
Default value (formatted)
{}
Description: Node selector for pods
affinity📜
Type: object
{}
Default value (formatted)
{}
Description: Affinity configuration for pods
tolerations📜
Type: list
[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"}]
Default value (formatted)
[
{
"effect": "NoSchedule",
"key": "node-role.kubernetes.io/master",
"operator": "Exists"
},
{
"effect": "NoSchedule",
"key": "node-role.kubernetes.io/control-plane",
"operator": "Exists"
}
]
Description: Tolerations for pods. By default, pods will be scheduled on master/control-plane nodes.
extraVolumes[0].name📜
Type: string
"varlog"
extraVolumes[0].hostPath.path📜
Type: string
"/var/log"
extraVolumes[1].name📜
Type: string
"machine-id"
extraVolumes[1].hostPath.path📜
Type: string
"/etc/machine-id"
extraVolumeMounts[0].name📜
Type: string
"varlog"
extraVolumeMounts[0].mountPath📜
Type: string
"/var/log"
extraVolumeMounts[0].readOnly📜
Type: bool
true
extraVolumeMounts[1].name📜
Type: string
"machine-id"
extraVolumeMounts[1].mountPath📜
Type: string
"/etc/machine-id"
extraVolumeMounts[1].readOnly📜
Type: bool
true
extraArgs📜
Type: list
["-config.expand-env=true"]
Default value (formatted)
[
"-config.expand-env=true"
]
Description: - -client.external-labels=hostname=$(HOSTNAME)
extraEnv📜
Type: list
[{"name":"NODE_HOSTNAME","valueFrom":{"fieldRef":{"fieldPath":"spec.nodeName"}}}]
Default value (formatted)
[
{
"name": "NODE_HOSTNAME",
"valueFrom": {
"fieldRef": {
"fieldPath": "spec.nodeName"
}
}
}
]
Description: Extra environment variables
extraEnvFrom📜
Type: list
[]
Default value (formatted)
[]
Description: Extra environment variables from secrets or configmaps
enableServiceLinks📜
Type: bool
true
Description: Configure enableServiceLinks in pod
serviceMonitor.enabled📜
Type: bool
false
Description: If enabled, ServiceMonitor resources for Prometheus Operator are created
serviceMonitor.namespace📜
Type: string
nil
Description: Alternative namespace for ServiceMonitor resources
serviceMonitor.namespaceSelector📜
Type: object
{}
Default value (formatted)
{}
Description: Namespace selector for ServiceMonitor resources
serviceMonitor.annotations📜
Type: object
{}
Default value (formatted)
{}
Description: ServiceMonitor annotations
serviceMonitor.labels📜
Type: object
{}
Default value (formatted)
{}
Description: Additional ServiceMonitor labels
serviceMonitor.interval📜
Type: string
nil
Description: ServiceMonitor scrape interval
serviceMonitor.scrapeTimeout📜
Type: string
nil
Description: ServiceMonitor scrape timeout in Go duration format (e.g. 15s)
serviceMonitor.relabelings📜
Type: list
[]
Default value (formatted)
[]
Description: ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig (defines relabel_configs)
serviceMonitor.metricRelabelings📜
Type: list
[]
Default value (formatted)
[]
Description: ServiceMonitor relabel configs to apply to samples as the last step before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig (defines metric_relabel_configs)
serviceMonitor.targetLabels📜
Type: list
[]
Default value (formatted)
[]
Description: ServiceMonitor will add labels from the service to the Prometheus metric https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec
serviceMonitor.scheme📜
Type: string
"http"
Description: ServiceMonitor will use http by default, but you can pick https as well
serviceMonitor.tlsConfig📜
Type: string
nil
Description: ServiceMonitor will use these tlsConfig settings to make the health check requests
serviceMonitor.prometheusRule📜
Type: object
{"additionalLabels":{},"enabled":false,"rules":[]}
Default value (formatted)
{
"additionalLabels": {},
"enabled": false,
"rules": []
}
Description: Prometheus rules will be deployed for alerting purposes
extraContainers📜
Type: object
{}
Default value (formatted)
{}
extraPorts📜
Type: object
{}
Default value (formatted)
{}
Description: Configure additional ports and services. For each configured port, a corresponding service is created. See values.yaml for details
config.enabled📜
Type: bool
true
Description: Enable Promtail config from Helm chart Set configmap.enabled: true and this to false to manage your own Promtail config See default config in values.yaml
config.logLevel📜
Type: string
"info"
Description: The log level of the Promtail server Must be reference in config.file to configure server.log_level See default config in values.yaml
config.logFormat📜
Type: string
"logfmt"
Description: The log format of the Promtail server Must be reference in config.file to configure server.log_format Valid formats: logfmt, json See default config in values.yaml
config.serverPort📜
Type: int
3101
Description: The port of the Promtail server Must be reference in config.file to configure server.http_listen_port See default config in values.yaml
config.positions📜
Type: object
{"filename":"/run/promtail/positions.yaml"}
Default value (formatted)
{
"filename": "/run/promtail/positions.yaml"
}
Description: Configures where Promtail will save it’s positions file, to resume reading after restarts. Must be referenced in config.file to configure positions
config.enableTracing📜
Type: bool
false
Description: The config to enable tracing
config.snippets.extraRelabelConfigs📜
Type: list
[]
Default value (formatted)
[]
Description: You can put here any additional relabel_configs to “kubernetes-pods” job
networkPolicy.enabled📜
Type: bool
false
Description: Specifies whether Network Policies should be created
networkPolicy.metrics.podSelector📜
Type: object
{}
Default value (formatted)
{}
Description: Specifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also neeed the namespaceSelector.
networkPolicy.metrics.namespaceSelector📜
Type: object
{}
Default value (formatted)
{}
Description: Specifies the namespaces which are allowed to access the metrics port
networkPolicy.metrics.cidrs📜
Type: list
[]
Default value (formatted)
[]
Description: Specifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes.
networkPolicy.k8sApi.port📜
Type: int
8443
Description: Specify the k8s API endpoint port
networkPolicy.k8sApi.cidrs📜
Type: list
[]
Default value (formatted)
[]
Description: Specifies specific network CIDRs you want to limit access to
httpPathPrefix📜
Type: string
""
Description: Base path to server all API routes fro
sidecar.configReloader.enabled📜
Type: bool
false
sidecar.configReloader.image.registry📜
Type: string
"registry1.dso.mil"
Description: The Docker registry for sidecar config-reloader
sidecar.configReloader.image.repository📜
Type: string
"ironbank/opensource/jimmidyson/configmap-reload"
Description: Docker image repository for sidecar config-reloader
sidecar.configReloader.image.tag📜
Type: string
"v0.12.0"
Description: Docker image tag for sidecar config-reloader
sidecar.configReloader.image.pullPolicy📜
Type: string
"IfNotPresent"
Description: Docker image pull policy for sidecar config-reloader
sidecar.configReloader.extraArgs📜
Type: list
[]
Default value (formatted)
[]
sidecar.configReloader.extraEnv📜
Type: list
[]
Default value (formatted)
[]
Description: Extra environment variables for sidecar config-reloader
sidecar.configReloader.extraEnvFrom📜
Type: list
[]
Default value (formatted)
[]
Description: Extra environment variables from secrets or configmaps for sidecar config-reloader
sidecar.configReloader.containerSecurityContext📜
Type: object
{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}
Default value (formatted)
{
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
}
Description: The security context for containers for sidecar config-reloader
sidecar.configReloader.readinessProbe📜
Type: object
{}
Default value (formatted)
{}
Description: Readiness probe for sidecar config-reloader
sidecar.configReloader.livenessProbe📜
Type: object
{}
Default value (formatted)
{}
Description: Liveness probe for sidecar config-reloader
sidecar.configReloader.resources📜
Type: object
{}
Default value (formatted)
{}
Description: Resource requests and limits for sidecar config-reloader
sidecar.configReloader.config.serverPort📜
Type: int
9533
Description: The port of the config-reloader server
sidecar.configReloader.serviceMonitor.enabled📜
Type: bool
true
extraObjects📜
Type: list
[]
Default value (formatted)
[]
Description: Extra K8s manifests to deploy
istio.enabled📜
Type: bool
false
Description: Toggle interaction with Istio
istio.hardened.enabled📜
Type: bool
false
istio.hardened.customAuthorizationPolicies📜
Type: list
[]
Default value (formatted)
[]
istio.hardened.prometheus.enabled📜
Type: bool
true
istio.hardened.prometheus.namespaces[0]📜
Type: string
"monitoring"
istio.hardened.prometheus.principals[0]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.prometheus.principals[1]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.prometheus.principals[2]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.prometheus.principals[3]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.prometheus.principals[4]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.prometheus.principals[5]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic PERMISSIVE = Allow both plain text and mutual TLS traffic
networkPolicies.enabled📜
Type: bool
false
Description: Toggle networkPolicies
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
Description: Control Plane CIDR, defaults to 0.0.0.0/0, use kubectl get endpoints -n default kubernetes to get the CIDR range needed for your cluster Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints) Used by package NetworkPolicies to allow Kube API access
openshift📜
Type: bool
false
Description: Toggle or openshift specific config
loki📜
Type: object
{"enabled":false}
Default value (formatted)
{
"enabled": false
}
Description: Toggle Loki network policy enabling