Skip to content

promtail values.yaml📜

nameOverride📜

Type: string

Default value
nil

Description: Overrides the chart’s name

fullnameOverride📜

Type: string

Default value
nil

Description: Overrides the chart’s computed fullname

vpa📜

Type: object

Default value
annotations: {}
controlledResources: []
enabled: false
kind: DaemonSet
maxAllowed: {}
minAllowed: {}
updatePolicy:
  updateMode: Auto

Description: config for VerticalPodAutoscaler

daemonset.enabled📜

Type: bool

Default value
true

Description: Deploys Promtail as a DaemonSet

daemonset.autoscaling.enabled📜

Type: bool

Default value
false

Description: Creates a VerticalPodAutoscaler for the daemonset

daemonset.autoscaling.controlledResources📜

Type: list

Default value
[]

Description: List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory

daemonset.autoscaling.maxAllowed📜

Type: object

Default value
{}

Description: Defines the max allowed resources for the pod

daemonset.autoscaling.minAllowed📜

Type: object

Default value
{}

Description: Defines the min allowed resources for the pod

deployment.enabled📜

Type: bool

Default value
false

Description: Deploys Promtail as a Deployment

deployment.replicaCount📜

Type: int

Default value
1

deployment.autoscaling.enabled📜

Type: bool

Default value
false

Description: Creates a HorizontalPodAutoscaler for the deployment

deployment.autoscaling.minReplicas📜

Type: int

Default value
1

deployment.autoscaling.maxReplicas📜

Type: int

Default value
10

deployment.autoscaling.targetCPUUtilizationPercentage📜

Type: int

Default value
80

deployment.autoscaling.targetMemoryUtilizationPercentage📜

Type: string

Default value
nil

deployment.autoscaling.strategy📜

Type: object

Default value
type: RollingUpdate

Description: Set deployment object update strategy

secret.labels📜

Type: object

Default value
{}

Description: Labels for the Secret

secret.annotations📜

Type: object

Default value
{}

Description: Annotations for the Secret

configmap.enabled📜

Type: bool

Default value
false

Description: If enabled, promtail config will be created as a ConfigMap instead of a secret

initContainer📜

Type: list

Default value
[]

image.registry📜

Type: string

Default value
"registry1.dso.mil"

Description: The Docker registry

image.repository📜

Type: string

Default value
"ironbank/opensource/grafana/promtail"

Description: Docker image repository

image.tag📜

Type: string

Default value
"v2.9.4"

Description: Overrides the image tag whose default is the chart’s appVersion

image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

Description: Docker image pull policy

imagePullSecrets📜

Type: list

Default value
- name: private-registry

Description: Image pull secrets for Docker images

hostAliases📜

Type: list

Default value
[]

Description: hostAliases to add

hostNetwork📜

Type: string

Default value
nil

Description: Controls whether the pod has the hostNetwork flag set.

annotations📜

Type: object

Default value
{}

Description: Annotations for the DaemonSet

updateStrategy📜

Type: object

Default value
{}

Description: The update strategy for the DaemonSet

podLabels📜

Type: object

Default value
{}

Description: Pod labels

podAnnotations📜

Type: object

Default value
{}

Description: Pod annotations

priorityClassName📜

Type: string

Default value
nil

Description: The name of the PriorityClass

livenessProbe📜

Type: object

Default value
{}

Description: Liveness probe

resources📜

Type: object

Default value
limits:
  cpu: 200m
  memory: 128Mi
requests:
  cpu: 200m
  memory: 128Mi

Description: Resource requests and limits

podSecurityContext📜

Type: object

Default value
runAsGroup: 0
runAsUser: 0

Description: The security context for pods

containerSecurityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 0
seLinuxOptions:
  type: spc_t

Description: The security context for containers

rbac.create📜

Type: bool

Default value
true

Description: Specifies whether RBAC resources are to be created

rbac.pspEnabled📜

Type: bool

Default value
false

Description: Specifies whether a PodSecurityPolicy is to be created

namespace📜

Type: string

Default value
nil

Description: The name of the Namespace to deploy If not set, .Release.Namespace is used

serviceAccount.create📜

Type: bool

Default value
true

Description: Specifies whether a ServiceAccount should be created

serviceAccount.name📜

Type: string

Default value
nil

Description: The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template

serviceAccount.imagePullSecrets📜

Type: list

Default value
[]

Description: Image pull secrets for the service account

serviceAccount.annotations📜

Type: object

Default value
{}

Description: Annotations for the service account

nodeSelector📜

Type: object

Default value
{}

Description: Node selector for pods

affinity📜

Type: object

Default value
{}

Description: Affinity configuration for pods

tolerations📜

Type: list

Default value
- effect: NoSchedule
  key: node-role.kubernetes.io/master
  operator: Exists
- effect: NoSchedule
  key: node-role.kubernetes.io/control-plane
  operator: Exists

Description: Tolerations for pods. By default, pods will be scheduled on master/control-plane nodes.

extraVolumes[0].name📜

Type: string

Default value
"varlog"

extraVolumes[0].hostPath.path📜

Type: string

Default value
"/var/log"

extraVolumeMounts[0].name📜

Type: string

Default value
"varlog"

extraVolumeMounts[0].mountPath📜

Type: string

Default value
"/var/log"

extraVolumeMounts[0].readOnly📜

Type: bool

Default value
true

extraArgs📜

Type: list

Default value
- -config.expand-env=true

Description: - -client.external-labels=hostname=$(HOSTNAME)

extraEnv📜

Type: list

Default value
- name: NODE_HOSTNAME
  valueFrom:
    fieldRef:
      fieldPath: spec.nodeName

Description: Extra environment variables

extraEnvFrom📜

Type: list

Default value
[]

Description: Extra environment variables from secrets or configmaps

Type: bool

Default value
true

Description: Configure enableServiceLinks in pod

serviceMonitor.enabled📜

Type: bool

Default value
false

Description: If enabled, ServiceMonitor resources for Prometheus Operator are created

serviceMonitor.namespace📜

Type: string

Default value
nil

Description: Alternative namespace for ServiceMonitor resources

serviceMonitor.namespaceSelector📜

Type: object

Default value
{}

Description: Namespace selector for ServiceMonitor resources

serviceMonitor.annotations📜

Type: object

Default value
{}

Description: ServiceMonitor annotations

serviceMonitor.labels📜

Type: object

Default value
{}

Description: Additional ServiceMonitor labels

serviceMonitor.interval📜

Type: string

Default value
nil

Description: ServiceMonitor scrape interval

serviceMonitor.scrapeTimeout📜

Type: string

Default value
nil

Description: ServiceMonitor scrape timeout in Go duration format (e.g. 15s)

serviceMonitor.relabelings📜

Type: list

Default value
[]

Description: ServiceMonitor relabel configs to apply to samples before scraping https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig (defines relabel_configs)

serviceMonitor.metricRelabelings📜

Type: list

Default value
[]

Description: ServiceMonitor relabel configs to apply to samples as the last step before ingestion https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig (defines metric_relabel_configs)

serviceMonitor.targetLabels📜

Type: list

Default value
[]

Description: ServiceMonitor will add labels from the service to the Prometheus metric https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec

serviceMonitor.scheme📜

Type: string

Default value
"http"

Description: ServiceMonitor will use http by default, but you can pick https as well

serviceMonitor.tlsConfig📜

Type: string

Default value
nil

Description: ServiceMonitor will use these tlsConfig settings to make the health check requests

serviceMonitor.prometheusRule📜

Type: object

Default value
additionalLabels: {}
enabled: false
rules: []

Description: Prometheus rules will be deployed for alerting purposes

extraContainers📜

Type: object

Default value
{}

extraPorts📜

Type: object

Default value
{}

Description: Configure additional ports and services. For each configured port, a corresponding service is created. See values.yaml for details

config.enabled📜

Type: bool

Default value
true

Description: Enable Promtail config from Helm chart Set configmap.enabled: true and this to false to manage your own Promtail config See default config in values.yaml

config.logLevel📜

Type: string

Default value
"info"

Description: The log level of the Promtail server Must be reference in config.file to configure server.log_level See default config in values.yaml

config.logFormat📜

Type: string

Default value
"logfmt"

Description: The log format of the Promtail server Must be reference in config.file to configure server.log_format Valid formats: logfmt, json See default config in values.yaml

config.serverPort📜

Type: int

Default value
3101

Description: The port of the Promtail server Must be reference in config.file to configure server.http_listen_port See default config in values.yaml

config.positions📜

Type: object

Default value
filename: /run/promtail/positions.yaml

Description: Configures where Promtail will save it’s positions file, to resume reading after restarts. Must be referenced in config.file to configure positions

config.enableTracing📜

Type: bool

Default value
false

Description: The config to enable tracing

config.snippets.extraRelabelConfigs📜

Type: list

Default value
[]

Description: You can put here any additional relabel_configs to “kubernetes-pods” job

networkPolicy.enabled📜

Type: bool

Default value
false

Description: Specifies whether Network Policies should be created

networkPolicy.metrics.podSelector📜

Type: object

Default value
{}

Description: Specifies the Pods which are allowed to access the metrics port. As this is cross-namespace communication, you also neeed the namespaceSelector.

networkPolicy.metrics.namespaceSelector📜

Type: object

Default value
{}

Description: Specifies the namespaces which are allowed to access the metrics port

networkPolicy.metrics.cidrs📜

Type: list

Default value
[]

Description: Specifies specific network CIDRs which are allowed to access the metrics port. In case you use namespaceSelector, you also have to specify your kubelet networks here. The metrics ports are also used for probes.

networkPolicy.k8sApi.port📜

Type: int

Default value
8443

Description: Specify the k8s API endpoint port

networkPolicy.k8sApi.cidrs📜

Type: list

Default value
[]

Description: Specifies specific network CIDRs you want to limit access to

httpPathPrefix📜

Type: string

Default value
""

Description: Base path to server all API routes fro

sidecar.configReloader.enabled📜

Type: bool

Default value
false

sidecar.configReloader.image.registry📜

Type: string

Default value
"registry1.dso.mil"

Description: The Docker registry for sidecar config-reloader

sidecar.configReloader.image.repository📜

Type: string

Default value
"ironbank/opensource/jimmidyson/configmap-reload"

Description: Docker image repository for sidecar config-reloader

sidecar.configReloader.image.tag📜

Type: string

Default value
"v0.12.0"

Description: Docker image tag for sidecar config-reloader

sidecar.configReloader.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

Description: Docker image pull policy for sidecar config-reloader

sidecar.configReloader.extraArgs📜

Type: list

Default value
[]

sidecar.configReloader.extraEnv📜

Type: list

Default value
[]

Description: Extra environment variables for sidecar config-reloader

sidecar.configReloader.extraEnvFrom📜

Type: list

Default value
[]

Description: Extra environment variables from secrets or configmaps for sidecar config-reloader

sidecar.configReloader.containerSecurityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL
readOnlyRootFilesystem: true

Description: The security context for containers for sidecar config-reloader

sidecar.configReloader.readinessProbe📜

Type: object

Default value
{}

Description: Readiness probe for sidecar config-reloader

sidecar.configReloader.livenessProbe📜

Type: object

Default value
{}

Description: Liveness probe for sidecar config-reloader

sidecar.configReloader.resources📜

Type: object

Default value
{}

Description: Resource requests and limits for sidecar config-reloader

sidecar.configReloader.config.serverPort📜

Type: int

Default value
9533

Description: The port of the config-reloader server

sidecar.configReloader.serviceMonitor.enabled📜

Type: bool

Default value
true

extraObjects📜

Type: list

Default value
[]

Description: Extra K8s manifests to deploy

istio.enabled📜

Type: bool

Default value
false

Description: Toggle interaction with Istio

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.prometheus.enabled📜

Type: bool

Default value
true

istio.hardened.prometheus.namespaces[0]📜

Type: string

Default value
"monitoring"

istio.hardened.prometheus.principals[0]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.prometheus.principals[1]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.prometheus.principals[2]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.prometheus.principals[3]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.prometheus.principals[4]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.prometheus.principals[5]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic PERMISSIVE = Allow both plain text and mutual TLS traffic

networkPolicies.enabled📜

Type: bool

Default value
false

Description: Toggle networkPolicies

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

Description: Control Plane CIDR, defaults to 0.0.0.0/0, use kubectl get endpoints -n default kubernetes to get the CIDR range needed for your cluster Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints) Used by package NetworkPolicies to allow Kube API access

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

openshift📜

Type: bool

Default value
false

Description: Toggle or openshift specific config

loki📜

Type: object

Default value
enabled: false

Description: Toggle Loki network policy enabling