values.yaml

# Settings for the k8s-monitoring chart for gathering, scraping, and forwarding Kubernetes telemetry data to a Grafana Stack .
# -- See https://github.com/grafana/k8s-monitoring-helm/blob/main/charts/k8s-monitoring-v1/values.yaml for available values.
# @default -- Our overrides are defined in charts/values.yaml file.
k8s-monitoring:
  
  cluster:
    name: bigbang
    
  global:
    image:
      registry: "registry1.dso.mil"
      pullSecrets:
      - name: private-registry
    podSecurityContext:
      runAsUser: 473
      runAsGroup: 473
      fsGroup: 473
      runAsNonRoot: true
      seccompProfile:
        type: RuntimeDefault

  externalServices:
    prometheus:
      host: http://monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090
      authMode: none
      writeEndpoint: /api/v1/write
    loki:
      host: logging-loki.logging.svc.cluster.local:3100
      authMode: none
    tempo:
      host: tempo-tempo.tempo.svc.cluster.local:4317
      authMode: none
      tls:
        insecure: true

  alloy:
    image:
      repository: "ironbank/opensource/grafana/alloy"
      tag: "v1.5.1"
    configReloader:
      image:
        repository: "ironbank/opensource/jimmidyson/configmap-reload"
        tag: "v0.14.0"
      securityContext:
        capabilities:
          drop:
          - ALL
    alloy:
      securityContext:
        capabilities:
          drop:
          - ALL
    controller:
      securityContext:
        capabilities:
          drop:
          - ALL
  
  alloy-logs:
    image:
      repository: "ironbank/opensource/grafana/alloy"
    configReloader:
      image:
        repository: "ironbank/opensource/jimmidyson/configmap-reload"
        tag: "v0.14.0"
      securityContext:
        capabilities:
          drop:
          - ALL
    alloy:
      securityContext:
        capabilities:
          drop:
          - ALL
    controller:
      securityContext:
        capabilities:
          drop:
          - ALL

  alloy-events:
    image:
      repository: "ironbank/opensource/grafana/alloy"
    configReloader:
      image:
        repository: "ironbank/opensource/jimmidyson/configmap-reload"
        tag: "v0.14.0"
      securityContext:
        capabilities:
          drop:
          - ALL
    alloy:
      securityContext:
        capabilities:
          drop:
          - ALL
    controller:
      securityContext:
        capabilities:
          drop:
          - ALL

  traces:
    enabled: true

  logs:
    cluster_events:
      enabled: false
    pod_logs:
      enabled: false

  metrics:
    enabled: true
    # disable scraping serviceMonitors until we disable prometheus-operator
    serviceMonitors:
      enabled: false

  prometheus-operator-crds:
    enabled: false

  kube-state-metrics:
    enabled: false

  prometheus-node-exporter:
    enabled: false

  opencost:
    enabled: false

  configValidator:
    enabled: false

  configAnalysis:
    enabled: false

  test:
    enabled: false

networkPolicies:
  # -- Toggle networkPolicies
  enabled: false
  # -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
  # Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
  # Used by package NetworkPolicies to allow Kube API access
  controlPlaneCidr: 0.0.0.0/0
  additionalPolicies: []

  # -- NetworkPolicy selectors and ports for
  # egress to downstream telemetry ingestion services.
  # These should be uncommented and overridden if any
  # of these values deviate from the Big Bang defaults.
  egress: {}
    #
    # prometheus:
    #   ports:
    #     - 9090
    #   namespaceSelector:
    #     matchLabels:
    #       app.kubernetes.io/name: monitoring
    #   podSelector:
    #     matchLabels:
    #       app.kubernetes.io/name: prometheus
    # loki:
    #   ports:
    #     - 3100
    #   namespaceSelector:
    #     matchLabels:
    #       app.kubernetes.io/name: logging
    #   podSelector:
    #     matchLabels:
    #       app.kubernetes.io/name: loki-logging
    # tempo:
    #   ports:
    #     - 4317
    #   namespaceSelector:
    #     matchLabels:
    #       app.kubernetes.io/name: tempo
    #   podSelector:
    #     matchLabels:
    #       app.kubernetes.io/name: tempo

istio:
  # -- Toggle istio configuration
  enabled: false
  # -- Default peer authentication values
  hardened:
    enabled: false
    outboundTrafficPolicyMode: "REGISTRY_ONLY"
    customServiceEntries: []
      # - name: "allow-google"
      #   enabled: true
      #   spec:
      #     hosts:
      #       - google.com
      #     location: MESH_EXTERNAL
      #     ports:
      #       - number: 443
      #         protocol: TLS
      #         name: https
      #     resolution: DNS

  mtls:
    # -- STRICT = Allow only mutual TLS traffic,
    # PERMISSIVE = Allow both plain text and mutual TLS traffic
    mode: STRICT