fix!: prometheus operator settings

EXAMPLES.md

@@ -758,3 +758,47 @@ image:
   repository: traefik/traefik
   tag: experimental-v3.0
 ```
+
+# Use Prometheus Operator
+
+An optional support of this operator is included in this Chart. See documentation of this operator for more details.
+
+It can be used with those _values_:
+
+```yaml
+metrics:
+  prometheus:
+    service:
+      enabled: true
+    disableAPICheck: false
+    serviceMonitor:
+      enabled: true
+      metricRelabelings:
+        - sourceLabels: [__name__]
+          separator: ;
+          regex: ^fluentd_output_status_buffer_(oldest|newest)_.+
+          replacement: $1
+          action: drop
+      relabelings:
+        - sourceLabels: [__meta_kubernetes_pod_node_name]
+          separator: ;
+          regex: ^(.*)$
+          targetLabel: nodename
+          replacement: $1
+          action: replace
+      jobLabel: traefik
+      interval: 30s
+      honorLabels: true
+    prometheusRule:
+      enabled: true
+      rules:
+        - alert: TraefikDown
+          expr: up{job="traefik"} == 0
+          for: 5m
+          labels:
+            context: traefik
+            severity: warning
+          annotations:
+            summary: "Traefik Down"
+            description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
+```

traefik/VALUES.md

@@ -84,7 +84,7 @@ Kubernetes: `>=1.22.0-0`
 | image.tag | string | `nil` | defaults to appVersion |
 | ingressClass | object | `{"enabled":true,"isDefaultClass":true}` | Create a default IngressClass for Traefik |
 | ingressRoute.dashboard.annotations | object | `{}` | Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) |
-| ingressRoute.dashboard.enabled | bool | `true` | Create an IngressRoute for the dashboard |
+| ingressRoute.dashboard.enabled | bool | `false` | Create an IngressRoute for the dashboard |
 | ingressRoute.dashboard.entryPoints | list | `["traefik"]` | Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure). By default, it's using traefik entrypoint, which is not exposed. /!\ Do not expose your dashboard without any protection over the internet /!\ |
 | ingressRoute.dashboard.labels | object | `{}` | Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) |
 | ingressRoute.dashboard.matchRule | string | `"PathPrefix(`/dashboard`) || PathPrefix(`/api`)"` | The router match rule used for the dashboard ingressRoute |
@@ -135,7 +135,27 @@ Kubernetes: `>=1.22.0-0`
 | metrics.otlp.http.tls.insecureSkipVerify | string | `nil` | When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers. |
 | metrics.otlp.http.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. |
 | metrics.otlp.pushInterval | string | `nil` | Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s |
+| metrics.prometheus.disableAPICheck | string | `nil` | When set to true, it won't check if Prometheus Operator CRDs are deployed |
 | metrics.prometheus.entryPoint | string | `"metrics"` | Entry point used to expose metrics. |
+| metrics.prometheus.prometheusRule.additionalLabels | string | `nil` |  |
+| metrics.prometheus.prometheusRule.enabled | bool | `false` | Enable optional CR for Prometheus Operator. See EXAMPLES.md for more details. |
+| metrics.prometheus.prometheusRule.namespace | string | `nil` |  |
+| metrics.prometheus.service.annotations | string | `nil` |  |
+| metrics.prometheus.service.enabled | string | `nil` | Create a dedicated metrics service to use with ServiceMonitor |
+| metrics.prometheus.service.labels | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.additionalLabels | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.enableHttp2 | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.enabled | bool | `false` | Enable optional CR for Prometheus Operator. See EXAMPLES.md for more details. |
+| metrics.prometheus.serviceMonitor.followRedirects | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.honorLabels | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.honorTimestamps | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.interval | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.jobLabel | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.metricRelabelings | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.namespace | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.namespaceSelector | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.relabelings | string | `nil` |  |
+| metrics.prometheus.serviceMonitor.scrapeTimeout | string | `nil` |  |
 | namespaceOverride | string | `nil` | This field override the default Release Namespace for Helm. It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules` |
 | nodeSelector | object | `{}` | nodeSelector is the simplest recommended form of node selection constraint. |
 | persistence.accessMode | string | `"ReadWriteOnce"` |  |

traefik/templates/_podtemplate.tpl

@@ -5,7 +5,7 @@
         {{- tpl (toYaml .Values.deployment.podAnnotations) . | nindent 8 }}
       {{- end }}
       {{- if .Values.metrics }}
-      {{- if and (.Values.metrics.prometheus) (not .Values.metrics.prometheus.serviceMonitor) }}
+      {{- if and (.Values.metrics.prometheus) (not (.Values.metrics.prometheus.serviceMonitor).enabled) }}
         prometheus.io/scrape: "true"
         prometheus.io/path: "/metrics"
         prometheus.io/port: {{ quote (index .Values.ports .Values.metrics.prometheus.entryPoint).port }}

traefik/templates/prometheusrules.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.metrics.prometheus }}
-{{- if .Values.metrics.prometheus.prometheusRule }}
+{{- if (.Values.metrics.prometheus.prometheusRule).enabled }}
   {{- if (not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")) }}
     {{- if (not (.Values.metrics.prometheus.disableAPICheck)) }}
       {{- fail "ERROR: You have to deploy monitoring.coreos.com/v1 first" }}

traefik/templates/servicemonitor.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.metrics.prometheus }}
-{{- if .Values.metrics.prometheus.serviceMonitor }}
+{{- if (.Values.metrics.prometheus.serviceMonitor).enabled }}
   {{- if (not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")) }}
     {{- if (not (.Values.metrics.prometheus.disableAPICheck)) }}
       {{- fail "ERROR: You have to deploy monitoring.coreos.com/v1 first" }}

traefik/tests/common-metadata_test.yaml

@@ -30,7 +30,9 @@ tests:
       autoscaling.enabled: true
       autoscaling.maxReplicas: 10
       podDisruptionBudget.enabled: true
+      metrics.prometheus.prometheusRule.enabled: true
       metrics.prometheus.prometheusRule.namespace: test
+      metrics.prometheus.serviceMonitor.enabled: true
       metrics.prometheus.serviceMonitor.namespace: test
       metrics.prometheus.service.enabled: true
       service.internal.a: {}

traefik/tests/values/servicemonitor.yaml

@@ -1,6 +1,7 @@
 metrics:
   prometheus:
     serviceMonitor:
+      enabled: true
       additionalLabels:
         release: traefik-release
       namespace: another-namespace

traefik/values.yaml

@@ -339,6 +339,34 @@ metrics:
     ## When manualRouting is true, it disables the default internal router in
     ## order to allow creating a custom router for prometheus@internal service.
     # manualRouting: true
+    service:
+      # -- Create a dedicated metrics service to use with ServiceMonitor
+      enabled:
+      labels:
+      annotations:
+    # -- When set to true, it won't check if Prometheus Operator CRDs are deployed
+    disableAPICheck:
+    serviceMonitor:
+      # -- Enable optional CR for Prometheus Operator. See EXAMPLES.md for more details.
+      enabled: false
+      metricRelabelings:
+      relabelings:
+      jobLabel:
+      interval:
+      honorLabels:
+      scrapeTimeout:
+      honorTimestamps:
+      enableHttp2:
+      followRedirects:
+      additionalLabels:
+      namespace:
+      namespaceSelector:
+    prometheusRule:
+      # -- Enable optional CR for Prometheus Operator. See EXAMPLES.md for more details.
+      enabled: false
+      additionalLabels:
+      namespace:
+
   #  datadog:
   #    ## Address instructs exporter to send metrics to datadog-agent at this address.
   #    address: "127.0.0.1:8125"
@@ -434,55 +462,6 @@ metrics:
         # -- When set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
         insecureSkipVerify:
 
-  ## -- enable optional CRDs for Prometheus Operator
-  ##
-  ## Create a dedicated metrics service for use with ServiceMonitor
-  #  service:
-  #    enabled: false
-  #    labels: {}
-  #    annotations: {}
-  ## When set to true, it won't check if Prometheus Operator CRDs are deployed
-  #  disableAPICheck: false
-  #  serviceMonitor:
-  #    metricRelabelings: []
-  #      - sourceLabels: [__name__]
-  #        separator: ;
-  #        regex: ^fluentd_output_status_buffer_(oldest|newest)_.+
-  #        replacement: $1
-  #        action: drop
-  #    relabelings: []
-  #      - sourceLabels: [__meta_kubernetes_pod_node_name]
-  #        separator: ;
-  #        regex: ^(.*)$
-  #        targetLabel: nodename
-  #        replacement: $1
-  #        action: replace
-  #    jobLabel: traefik
-  #    interval: 30s
-  #    honorLabels: true
-  #    # (Optional)
-  #    # scrapeTimeout: 5s
-  #    # honorTimestamps: true
-  #    # enableHttp2: true
-  #    # followRedirects: true
-  #    # additionalLabels:
-  #    #   foo: bar
-  #    # namespace: "another-namespace"
-  #    # namespaceSelector: {}
-  #  prometheusRule:
-  #    additionalLabels: {}
-  #    namespace: "another-namespace"
-  #    rules:
-  #      - alert: TraefikDown
-  #        expr: up{job="traefik"} == 0
-  #        for: 5m
-  #        labels:
-  #          context: traefik
-  #          severity: warning
-  #        annotations:
-  #          summary: "Traefik Down"
-  #          description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
-
 ## Tracing
 # -- https://doc.traefik.io/traefik/observability/tracing/overview/
 tracing: