kube-state-metrics
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for kube-state-metrics.
2
prometheusScrape: true
3
image:
4
registry: cgr.dev
5
repository: scratch-images/test-tmp/kube-state-metrics
6
# If unset use v + .Charts.appVersion
7
tag: 2.18.0-r13
8
sha: sha256:210a45dafb9ad8611d1d1b7286a8405f7b447e45fd91f8e8e936c0ac61934372
9
pullPolicy: IfNotPresent
10
imagePullSecrets: []
11
# - name: "image-pull-secret"
12
13
global:
14
# To help compatibility with other charts which use global.imagePullSecrets.
15
# Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
16
# global:
17
# imagePullSecrets:
18
# - name: pullSecret1
19
# - name: pullSecret2
20
# or
21
# global:
22
# imagePullSecrets:
23
# - pullSecret1
24
# - pullSecret2
25
imagePullSecrets: []
26
#
27
# Allow parent charts to override registry hostname
28
imageRegistry: ""
29
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
30
# will be automatically sharded across <.Values.replicas> pods using the built-in
31
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
32
# This is an experimental feature and there are no stability guarantees.
33
autosharding:
34
enabled: false
35
replicas: 1
36
# Change the deployment strategy when autosharding is disabled.
37
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
38
# The default is "RollingUpdate" as per Kubernetes defaults.
39
# During a release, 'RollingUpdate' can lead to two running instances for a short period of time while 'Recreate' can create a small gap in data.
40
# updateStrategy: Recreate
41
42
# Number of old history to retain to allow rollback
43
# Default Kubernetes value is set to 10
44
revisionHistoryLimit: 10
45
# List of additional cli arguments to configure kube-state-metrics
46
# for example: --enable-gzip-encoding, --log-file, etc.
47
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/main/docs/developer/cli-arguments.md
48
extraArgs: []
49
# If false then the user will opt out of automounting API credentials.
50
automountServiceAccountToken: true
51
service:
52
port: 8080
53
# Default to clusterIP for backward compatibility
54
type: ClusterIP
55
ipDualStack:
56
enabled: false
57
ipFamilies: ["IPv6", "IPv4"]
58
ipFamilyPolicy: "PreferDualStack"
59
nodePort: 0
60
loadBalancerIP: ""
61
# Only allow access to the loadBalancerIP from these IPs
62
loadBalancerSourceRanges: []
63
clusterIP: ""
64
annotations: {}
65
## Additional labels to add to all resources
66
customLabels: {}
67
# app: kube-state-metrics
68
69
## Override selector labels
70
selectorOverride: {}
71
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
72
releaseLabel: false
73
hostNetwork: false
74
rbac:
75
# If true, create & use RBAC resources
76
create: true
77
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
78
# useExistingRole: your-existing-role
79
80
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
81
useClusterRole: true
82
# Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration
83
# Example:
84
# - apiGroups: ["monitoring.coreos.com"]
85
# resources: ["prometheuses"]
86
# verbs: ["list", "watch"]
87
extraRules: []
88
# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled).
89
# The requests are served through the same service but requests are then HTTPS.
90
kubeRBACProxy:
91
enabled: false
92
image:
93
registry: cgr.dev
94
repository: scratch-images/test-tmp/kube-rbac-proxy
95
tag: 0.22.0-r0
96
sha: sha256:910f21d91afc35b914309c7e3caed27d7f85cfa437bf60142c6e8f22681cd9b9
97
pullPolicy: IfNotPresent
98
# This set --ignore-paths=/livez,/readyz to kubeRBACProxy container args
99
# to allow the pod probes working properly with kubeRBACProxy enabled.
100
ignoreProbePaths: true
101
# List of additional cli arguments to configure kube-rbac-prxy
102
# for example: --tls-cipher-suites, --log-file, etc.
103
# all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
104
extraArgs: []
105
## Specify security settings for a Container
106
## Allows overrides and additional options compared to (Pod) securityContext
107
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
108
containerSecurityContext:
109
readOnlyRootFilesystem: true
110
allowPrivilegeEscalation: false
111
capabilities:
112
drop:
113
- ALL
114
# Configure specific upstream port for kube-state-metrics container
115
port: 9090
116
# Configure specific proxy endpoints port
117
# This port is for healthz on readinessProbe kube-rbac-proxy-http container
118
proxyEndpointsPort: 8888
119
resources: {}
120
# We usually recommend not to specify default resources and to leave this as a conscious
121
# choice for the user. This also increases chances charts run on environments with little
122
# resources, such as Minikube. If you do want to specify resources, uncomment the following
123
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
124
# limits:
125
# cpu: 100m
126
# memory: 64Mi
127
# requests:
128
# cpu: 10m
129
# memory: 32Mi
130
131
## volumeMounts enables mounting custom volumes in rbac-proxy containers
132
## Useful for TLS certificates and keys
133
volumeMounts: []
134
# - mountPath: /etc/tls
135
# name: kube-rbac-proxy-tls
136
# readOnly: true
137
serviceAccount:
138
# Specifies whether a ServiceAccount should be created, require rbac true
139
create: true
140
# The name of the ServiceAccount to use.
141
# If not set and create is true, a name is generated using the fullname template
142
name:
143
# Reference to one or more secrets to be used when pulling images
144
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
145
imagePullSecrets: []
146
# ServiceAccount annotations.
147
# Use case: AWS EKS IAM roles for service accounts
148
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
149
annotations: {}
150
# If false then the user will opt out of automounting API credentials.
151
automountServiceAccountToken: true
152
# Additional Environment variables
153
env: []
154
# - name: GOMAXPROCS
155
# valueFrom:
156
# resourceFieldRef:
157
# resource: limits.cpu
158
159
prometheus:
160
monitor:
161
enabled: false
162
annotations: {}
163
additionalLabels: {}
164
namespace: ""
165
namespaceSelector: []
166
jobLabel: ""
167
targetLabels: []
168
podTargetLabels: []
169
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
170
##
171
sampleLimit: 0
172
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
173
##
174
targetLimit: 0
175
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
176
##
177
labelLimit: 0
178
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
179
##
180
labelNameLengthLimit: 0
181
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
182
##
183
labelValueLengthLimit: 0
184
selectorOverride: {}
185
## kube-state-metrics endpoint
186
http:
187
interval: ""
188
scrapeTimeout: ""
189
proxyUrl: ""
190
## Whether to enable HTTP2 for servicemonitor
191
enableHttp2: false
192
honorLabels: false
193
metricRelabelings: []
194
relabelings: []
195
scheme: ""
196
## File to read bearer token for scraping targets
197
bearerTokenFile: ""
198
## Secret to mount to read bearer token for scraping targets. The secret needs
199
## to be in the same namespace as the service monitor and accessible by the
200
## Prometheus Operator
201
bearerTokenSecret: {}
202
# name: secret-name
203
# key: key-name
204
tlsConfig: {}
205
## selfMonitor endpoint
206
metrics:
207
interval: ""
208
scrapeTimeout: ""
209
proxyUrl: ""
210
## Whether to enable HTTP2 for servicemonitor
211
enableHttp2: false
212
honorLabels: false
213
metricRelabelings: []
214
relabelings: []
215
scheme: ""
216
## File to read bearer token for scraping targets
217
bearerTokenFile: ""
218
## Secret to mount to read bearer token for scraping targets. The secret needs
219
## to be in the same namespace as the service monitor and accessible by the
220
## Prometheus Operator
221
bearerTokenSecret: {}
222
# name: secret-name
223
# key: key-name
224
tlsConfig: {}
225
## Create a scrapeConfig resource for scraping the kube-state-metrics service. Use this instead of serviceMonitor
226
## to have more instances of kube-state-metrics safety.
227
scrapeconfig:
228
## To avoid duplicate metrics, first disable the serviceMonitor creation via prometheus.monitor.enabled=false
229
enabled: false
230
annotations: {}
231
additionalLabels: {}
232
jobName: kube-state-metrics
233
## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
234
##
235
sampleLimit: 0
236
## TargetLimit defines a limit on the number of scraped targets that will be accepted.
237
##
238
targetLimit: 0
239
## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
240
##
241
labelLimit: 0
242
## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
243
##
244
labelNameLengthLimit: 0
245
## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
246
##
247
labelValueLengthLimit: 0
248
## StaticConfigLabels defines the labels to be used in the Prometheus static configuration for scraping.
249
staticConfigLabels: {}
250
scrapeInterval: ""
251
scrapeTimeout: ""
252
proxyUrl: ""
253
## Whether to enable HTTP2 for scrapeconfig
254
enableHttp2: false
255
honorLabels: true
256
metricRelabelings: []
257
relabelings: []
258
scheme: ""
259
tlsConfig: {}
260
## Configure network policy for kube-state-metrics
261
networkPolicy:
262
enabled: false
263
# networkPolicy.flavor -- Flavor of the network policy to use.
264
# Can be:
265
# * kubernetes for networking.k8s.io/v1/NetworkPolicy
266
# * cilium for cilium.io/v2/CiliumNetworkPolicy
267
flavor: kubernetes
268
## Configure the cilium network policy kube-apiserver selector
269
# cilium:
270
# kubeApiServerSelector:
271
# - toEntities:
272
# - kube-apiserver
273
274
# egress:
275
# - {}
276
# ingress:
277
# - {}
278
# podSelector:
279
# matchLabels:
280
# app.kubernetes.io/name: kube-state-metrics
281
securityContext:
282
enabled: true
283
runAsGroup: 65534
284
runAsUser: 65534
285
fsGroup: 65534
286
runAsNonRoot: true
287
seccompProfile:
288
type: RuntimeDefault
289
## Specify security settings for a Container
290
## Allows overrides and additional options compared to (Pod) securityContext
291
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
292
containerSecurityContext:
293
readOnlyRootFilesystem: true
294
allowPrivilegeEscalation: false
295
capabilities:
296
drop:
297
- ALL
298
## Node labels for pod assignment
299
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
300
nodeSelector: {}
301
## Affinity settings for pod assignment
302
## Can be defined as either a dict or string. String is useful for `tpl` templating.
303
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
304
affinity: {}
305
# affinity: |
306
# podAntiAffinity:
307
# requiredDuringSchedulingIgnoredDuringExecution:
308
# - labelSelector:
309
# matchLabels:
310
# {{- include "kube-state-metrics.selectorLabels" . | indent 10 }}
311
# topologyKey: kubernetes.io/hostname
312
313
## Tolerations for pod assignment
314
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
315
tolerations: []
316
## Topology spread constraints for pod assignment
317
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
318
topologySpreadConstraints: []
319
# Annotations to be added to the deployment/statefulset
320
annotations: {}
321
# Labels to be added to the deployment/statefulset
322
labels: {}
323
# Annotations to be added to the pod
324
podAnnotations: {}
325
# Labels to be added to the pod
326
podLabels: {}
327
## Assign a PriorityClassName to pods if set
328
# priorityClassName: ""
329
330
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
331
podDisruptionBudget: {}
332
# Comma-separated list of metrics to be exposed.
333
# This list comprises of exact metric names and/or regex patterns.
334
# The allowlist and denylist are mutually exclusive.
335
metricAllowlist: []
336
# Comma-separated list of metrics not to be enabled.
337
# This list comprises of exact metric names and/or regex patterns.
338
# The allowlist and denylist are mutually exclusive.
339
metricDenylist: []
340
# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
341
# labels metric. By default the metric contains only name and namespace labels.
342
# To include additional labels, provide a list of resource names in their plural form and Kubernetes
343
# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
344
# A single '*' can be provided per resource instead to allow any labels, but that has
345
# severe performance implications (Example: '=pods=[*]').
346
metricLabelsAllowlist: []
347
# - namespaces=[k8s-label-1,k8s-label-n]
348
349
# Comma-separated list of Kubernetes annotations keys that will be used in the resource'
350
# labels metric. By default the metric contains only name and namespace labels.
351
# To include additional annotations provide a list of resource names in their plural form and Kubernetes
352
# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'.
353
# A single '*' can be provided per resource instead to allow any annotations, but that has
354
# severe performance implications (Example: '=pods=[*]').
355
metricAnnotationsAllowList: []
356
# - pods=[k8s-annotation-1,k8s-annotation-n]
357
358
# Available collectors for kube-state-metrics.
359
# By default, all available resources are enabled, comment out to disable.
360
collectors:
361
- certificatesigningrequests
362
- configmaps
363
- cronjobs
364
- daemonsets
365
- deployments
366
- endpointslices
367
- horizontalpodautoscalers
368
- ingresses
369
- jobs
370
- leases
371
- limitranges
372
- mutatingwebhookconfigurations
373
- namespaces
374
- networkpolicies
375
- nodes
376
- persistentvolumeclaims
377
- persistentvolumes
378
- poddisruptionbudgets
379
- pods
380
- replicasets
381
- replicationcontrollers
382
- resourcequotas
383
- secrets
384
- services
385
- statefulsets
386
- storageclasses
387
- validatingwebhookconfigurations
388
- volumeattachments
389
# - ingressclasses
390
# - clusterrolebindings
391
# - clusterroles
392
# - roles
393
# Enabling kubeconfig will pass the --kubeconfig argument to the container
394
kubeconfig:
395
enabled: false
396
# base64 encoded kube-config file
397
secret:
398
# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics
399
customResourceState:
400
# Whether to enable support for CustomResourceStateMetrics.
401
enabled: false
402
# Whether to create the ConfigMap that holds the config.
403
create: true
404
# Name of the ConfigMap that holds the config. If empty, name will be generated based on the release name.
405
name: ""
406
# ConfigMap key that holds the config.
407
key: config.yaml
408
# Definition of the CustomResourceStateMetrics. Add (Cluster)Role permissions to list/watch the resources defined in the config to rbac.extraRules.
409
config: {}
410
# Enable only the release namespace for collecting resources. By default all namespaces are collected.
411
# If releaseNamespace and namespaces are both set a merged list will be collected.
412
releaseNamespace: false
413
# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
414
namespaces: ""
415
# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
416
# only namespaces that are excluded in namespaces-denylist will be used.
417
namespacesDenylist: ""
418
## Override the deployment namespace
419
##
420
namespaceOverride: ""
421
resources: {}
422
# We usually recommend not to specify default resources and to leave this as a conscious
423
# choice for the user. This also increases chances charts run on environments with little
424
# resources, such as Minikube. If you do want to specify resources, uncomment the following
425
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
426
# limits:
427
# cpu: 100m
428
# memory: 64Mi
429
# requests:
430
# cpu: 10m
431
# memory: 32Mi
432
433
# Enable self metrics configuration for service and Service Monitor
434
# Default values for telemetry configuration can be overridden
435
# If you set telemetryNodePort, you must also set service.type to NodePort
436
selfMonitor:
437
enabled: false
438
# telemetryHost: 0.0.0.0
439
# telemetryPort: 8081
440
# telemetryNodePort: 0
441
# Enable vertical pod autoscaler support for kube-state-metrics
442
verticalPodAutoscaler:
443
enabled: false
444
# Recommender responsible for generating recommendation for the object.
445
# List should be empty (then the default recommender will generate the recommendation)
446
# or contain exactly one recommender.
447
# recommenders: []
448
# - name: custom-recommender-performance
449
450
# List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
451
controlledResources: []
452
# Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
453
# controlledValues: RequestsAndLimits
454
455
# Define the max allowed resources for the pod
456
maxAllowed: {}
457
# cpu: 200m
458
# memory: 100Mi
459
# Define the min allowed resources for the pod
460
minAllowed: {}
461
# cpu: 200m
462
# memory: 100Mi
463
# updatePolicy:
464
# Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
465
# minReplicas: 1
466
# Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
467
# are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
468
# updateMode: Auto
469
470
# volumeMounts are used to add custom volume mounts to deployment.
471
# See example below
472
volumeMounts: []
473
# - mountPath: /etc/config
474
# name: config-volume
475
476
# volumes are used to add custom volumes to deployment
477
# See example below
478
volumes: []
479
# - configMap:
480
# name: cm-for-volume
481
# name: config-volume
482
483
# Extra manifests to deploy as an array
484
extraManifests: []
485
# - apiVersion: v1
486
# kind: ConfigMap
487
# metadata:
488
# labels:
489
# name: prometheus-extra
490
# data:
491
# extra-data: "value"
492
493
## Containers allows injecting additional containers.
494
containers: []
495
# - name: crd-init
496
# image: kiwigrid/k8s-sidecar:latest
497
498
## InitContainers allows injecting additional initContainers.
499
initContainers: []
500
# - name: crd-sidecar
501
# image: kiwigrid/k8s-sidecar:latest
502
503
## dnsPolicy allows to change the default DNS configuration for the pod
504
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
505
dnsPolicy: ClusterFirst
506
## dnsConfig allows setting up specific DNS configuration for the pod
507
## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
508
dnsConfig: {}
509
## Settings for startup, liveness and readiness probes
510
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
511
##
512
513
## Startup probe can optionally be enabled.
514
##
515
startupProbe:
516
enabled: false
517
failureThreshold: 3
518
httpGet:
519
httpHeaders: []
520
scheme: http
521
initialDelaySeconds: 0
522
periodSeconds: 10
523
successThreshold: 1
524
timeoutSeconds: 5
525
## Liveness probe
526
##
527
livenessProbe:
528
failureThreshold: 3
529
httpGet:
530
httpHeaders: []
531
scheme: http
532
initialDelaySeconds: 5
533
periodSeconds: 10
534
successThreshold: 1
535
timeoutSeconds: 5
536
## Readiness probe
537
##
538
readinessProbe:
539
failureThreshold: 3
540
httpGet:
541
httpHeaders: []
542
scheme: http
543
initialDelaySeconds: 5
544
periodSeconds: 10
545
successThreshold: 1
546
timeoutSeconds: 5
547
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.