fix: Fix NS labels and values

Author: pratik705

applications/base/services/opentelemetry-kube-stack/helm-values/hardened-values-v0.11.1 copy.yaml

@@ -0,0 +1,233 @@
+# Security configurations for OpenTelemetry Kube Stack
+# Version: 0.11.1
+
+# Cluster name for identification
+clusterName: "openCenter-cluster"
+
+# OpenTelemetry Operator configuration
+opentelemetry-operator:
+  enabled: true
+  manager:
+    # Security context for operator manager
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+      seccompProfile:
+        type: RuntimeDefault
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+      readOnlyRootFilesystem: true
+    # Resource limits for operator
+    resources:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "256Mi"
+        cpu: "500m"
+  # Admission webhooks configuration
+  admissionWebhooks:
+    failurePolicy: "Ignore"
+    # Security context for webhooks
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+      seccompProfile:
+        type: RuntimeDefault
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+      readOnlyRootFilesystem: true
+
+# Default collector configuration with security hardening
+defaultCRConfig:
+  enabled: true
+  mode: deployment
+  replicas: 2
+  
+  # Security contexts
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 65534
+    seccompProfile:
+      type: RuntimeDefault
+  
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 65534
+    fsGroup: 65534
+    seccompProfile:
+      type: RuntimeDefault
+  
+  # Container security context
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: true
+  
+  # Resource limits
+  resources:
+    requests:
+      memory: "128Mi"
+      cpu: "100m"
+    limits:
+      memory: "512Mi"
+      cpu: "500m"
+  
+  # Node selector for Linux nodes
+  nodeSelector:
+    kubernetes.io/os: linux
+  
+  # Basic OTLP configuration
+  config:
+    receivers:
+      otlp:
+        protocols:
+          grpc:
+            endpoint: ${env:MY_POD_IP}:4317
+          http:
+            endpoint: ${env:MY_POD_IP}:4318
+    processors:
+      batch:
+        timeout: 1s
+        send_batch_size: 1024
+      memory_limiter:
+        limit_mib: 400
+        spike_limit_mib: 100
+        check_interval: 5s
+    exporters:
+      logging:
+        loglevel: info
+    service:
+      pipelines:
+        traces:
+          receivers: [otlp]
+          processors: [memory_limiter, batch]
+          exporters: [logging]
+        metrics:
+          receivers: [otlp]
+          processors: [memory_limiter, batch]
+          exporters: [logging]
+        logs:
+          receivers: [otlp]
+          processors: [memory_limiter, batch]
+          exporters: [logging]
+
+# Kube State Metrics configuration
+kubeStateMetrics:
+  enabled: true
+
+kube-state-metrics:
+  # Security context
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 65534
+    seccompProfile:
+      type: RuntimeDefault
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: true
+  # Resource limits
+  resources:
+    requests:
+      memory: "64Mi"
+      cpu: "50m"
+    limits:
+      memory: "128Mi"
+      cpu: "200m"
+  # Node selector
+  nodeSelector:
+    kubernetes.io/os: linux
+  # Prometheus monitoring
+  prometheus:
+    monitor:
+      enabled: true
+      honorLabels: true
+
+# Node Exporter configuration
+nodeExporter:
+  enabled: true
+
+prometheus-node-exporter:
+  # Security context
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 65534
+    seccompProfile:
+      type: RuntimeDefault
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: true
+  # Resource limits
+  resources:
+    requests:
+      memory: "64Mi"
+      cpu: "50m"
+    limits:
+      memory: "128Mi"
+      cpu: "200m"
+  # Node selector
+  nodeSelector:
+    kubernetes.io/os: linux
+  # Prometheus monitoring
+  prometheus:
+    monitor:
+      enabled: true
+      jobLabel: node-exporter
+
+# Kubernetes service monitors (disabled to avoid conflicts with existing monitoring)
+kubernetesServiceMonitors:
+  enabled: false
+
+# Individual component monitors (disabled to avoid conflicts)
+kubeApiServer:
+  enabled: false
+kubelet:
+  enabled: false
+kubeControllerManager:
+  enabled: false
+coreDns:
+  enabled: false
+kubeEtcd:
+  enabled: false
+kubeScheduler:
+  enabled: false
+kubeProxy:
+  enabled: false
+
+# CRDs installation
+crds:
+  installOtel: true
+  installPrometheus: false  # Disabled to avoid conflicts with existing Prometheus stack
+
+# Cleanup job configuration
+cleanupJob:
+  enabled: true
+  image:
+    repository: rancher/kubectl
+    tag: v1.34.1
+  # Security context for cleanup job
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 65534
+    seccompProfile:
+      type: RuntimeDefault
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: true