{{- /* # Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. */}} apiVersion: v1 kind: Service metadata: name: alertmanager namespace: {{.Values.namespace.system}} {{- if .Values.commonLabels }} labels: {{- include "prometheus-engine.labels" . | nindent 4 }} {{- end }} spec: selector: {{- include "prometheus-engine.alertmanager.selectorLabels" . | nindent 4 }} ports: - name: alertmanager port: 9093 targetPort: 9093 clusterIP: None --- apiVersion: apps/v1 kind: StatefulSet metadata: name: alertmanager namespace: {{.Values.namespace.system}} {{- if .Values.commonLabels }} labels: {{- include "prometheus-engine.alertmanager.labels" . | nindent 4 }} {{- end }} spec: selector: matchLabels: # DO NOT MODIFY - label selectors are immutable by the Kubernetes API. # see: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-selector. {{- include "prometheus-engine.alertmanager.selectorLabels" . | nindent 6 }} template: metadata: labels: {{- include "prometheus-engine.alertmanager.templateLabels" . | nindent 8 }} annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" components.gke.io/component-name: managed_prometheus spec: priorityClassName: gmp-critical automountServiceAccountToken: false initContainers: - name: config-init image: {{.Values.images.bash.image}}:{{.Values.images.bash.tag}} command: ['/bin/bash', '-c', 'touch /alertmanager/config_out/config.yaml && echo -e "receivers:\n - name: noop\nroute:\n receiver: noop" > alertmanager/config_out/config.yaml'] volumeMounts: - name: alertmanager-config mountPath: /alertmanager/config_out securityContext: allowPrivilegeEscalation: false capabilities: drop: - all privileged: false readOnlyRootFilesystem: true containers: - name: alertmanager image: {{.Values.images.alertmanager.image}}:{{.Values.images.alertmanager.tag}} args: - --config.file=/alertmanager/config_out/config.yaml - --storage.path=/alertmanager-data - --cluster.listen-address=[$(POD_IP)]:9094 - --web.listen-address=:9093 - --log.format=json ports: - name: alertmanager containerPort: 9093 env: - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP resources: {{- toYaml $.Values.resources.alertManager | nindent 10 }} volumeMounts: - name: alertmanager-config readOnly: true mountPath: /alertmanager/config_out - name: alertmanager-data mountPath: /alertmanager-data securityContext: allowPrivilegeEscalation: false capabilities: drop: - all privileged: false readOnlyRootFilesystem: true - name: config-reloader image: {{.Values.images.configReloader.image}}:{{.Values.images.configReloader.tag}} args: - --config-file=/alertmanager/config.yaml - --config-file-output=/alertmanager/config_out/config.yaml - --reload-url=http://127.0.0.1:9093/-/reload - --ready-url=http://127.0.0.1:9093/-/ready - --listen-address=:19091 ports: - name: cfg-rel-metrics containerPort: 19091 env: - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName resources: {{- toYaml $.Values.resources.configReloader | nindent 10 }} volumeMounts: - name: config readOnly: true mountPath: /alertmanager - name: alertmanager-config mountPath: /alertmanager/config_out securityContext: allowPrivilegeEscalation: false capabilities: drop: - all privileged: false readOnlyRootFilesystem: true volumes: - name: config secret: secretName: alertmanager - name: alertmanager-data emptyDir: {} - name: alertmanager-config emptyDir: {} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: - arm64 - amd64 - key: kubernetes.io/os operator: In values: - linux tolerations: - key: "components.gke.io/gke-managed-components" operator: "Exists" - value: "amd64" effect: "NoSchedule" key: "kubernetes.io/arch" operator: "Equal" - value: "arm64" effect: "NoSchedule" key: "kubernetes.io/arch" operator: "Equal" securityContext: runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault serviceName: alertmanager