Last active
September 9, 2023 22:26
-
-
Save ahmedsbytes/ec75448b8c1565da0c66af73dffa0fad to your computer and use it in GitHub Desktop.
Adding prometheus to k8s
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: prometheus | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
- secrets | |
- nodes | |
- pods | |
- services | |
- resourcequotas | |
- replicationcontrollers | |
- limitranges | |
- persistentvolumeclaims | |
- persistentvolumes | |
- namespaces | |
- endpoints | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- extensions | |
resources: | |
- daemonsets | |
- deployments | |
- replicasets | |
- ingresses | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- apps | |
resources: | |
- statefulsets | |
- daemonsets | |
- deployments | |
- replicasets | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- batch | |
resources: | |
- cronjobs | |
- jobs | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- autoscaling | |
resources: | |
- horizontalpodautoscalers | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- authentication.k8s.io | |
resources: | |
- tokenreviews | |
verbs: | |
- create | |
- apiGroups: | |
- authorization.k8s.io | |
resources: | |
- subjectaccessreviews | |
verbs: | |
- create | |
- apiGroups: | |
- policy | |
resources: | |
- poddisruptionbudgets | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- certificates.k8s.io | |
resources: | |
- certificatesigningrequests | |
verbs: | |
- list | |
- watch | |
- apiGroups: | |
- storage.k8s.io | |
resources: | |
- storageclasses | |
verbs: | |
- list | |
- watch | |
- nonResourceURLs: | |
- "/metrics" | |
verbs: | |
- get | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: prometheus | |
namespace: monitoring | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: prometheus | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus | |
namespace: monitoring | |
--- | |
apiVersion: v1 | |
kind: PersistentVolume | |
metadata: | |
name: test-local-pv | |
namespace: monitoring | |
labels: | |
app: prometheus-deployment | |
spec: | |
capacity: | |
storage: 1Gi | |
accessModes: | |
- ReadWriteMany | |
persistentVolumeReclaimPolicy: Retain | |
storageClassName: local-storage | |
local: | |
path: /data/volumes/pv1 | |
nodeAffinity: | |
required: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: kubernetes.io/hostname | |
operator: In | |
values: | |
- minikube | |
--- | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: test-local-pv | |
namespace: monitoring | |
labels: | |
app: prometheus-deployment | |
spec: | |
storageClassName: local-storage | |
accessModes: | |
- ReadWriteMany | |
resources: | |
requests: | |
storage: 500Mi | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: prometheus-config | |
namespace: monitoring | |
data: | |
prometheus.yml: | | |
global: | |
scrape_interval: 15s | |
evaluation_interval: 15s | |
alerting: | |
alertmanagers: | |
- static_configs: | |
- targets: | |
rule_files: | |
# - "example-file.yml" | |
scrape_configs: | |
- job_name: 'prometheus' | |
static_configs: | |
- targets: ['localhost:9090'] | |
- job_name: 'kubelet' | |
kubernetes_sd_configs: | |
- role: node | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
insecure_skip_verify: true # Required with Minikube. | |
- job_name: 'cadvisor' | |
kubernetes_sd_configs: | |
- role: node | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
insecure_skip_verify: true # Required with Minikube. | |
metrics_path: /metrics/cadvisor | |
- job_name: 'k8apiserver' | |
kubernetes_sd_configs: | |
- role: endpoints | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
insecure_skip_verify: true # Required if using Minikube. | |
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
relabel_configs: | |
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] | |
action: keep | |
regex: default;kubernetes;https | |
- job_name: 'k8services' | |
kubernetes_sd_configs: | |
- role: endpoints | |
relabel_configs: | |
- source_labels: | |
- __meta_kubernetes_namespace | |
- __meta_kubernetes_service_name | |
action: drop | |
regex: default;kubernetes | |
- source_labels: | |
- __meta_kubernetes_namespace | |
regex: default | |
action: keep | |
- source_labels: [__meta_kubernetes_service_name] | |
target_label: job | |
- job_name: 'k8pods' | |
kubernetes_sd_configs: | |
- role: pod | |
relabel_configs: | |
- source_labels: [__meta_kubernetes_pod_container_port_name] | |
regex: metrics | |
action: keep | |
- source_labels: [__meta_kubernetes_pod_container_name] | |
target_label: job | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: prometheus | |
namespace: monitoring | |
labels: | |
app: prometheus | |
spec: | |
replicas: 1 | |
strategy: | |
rollingUpdate: | |
maxSurge: 1 | |
maxUnavailable: 1 | |
type: RollingUpdate | |
selector: | |
matchLabels: | |
app: prometheus | |
template: | |
metadata: | |
labels: | |
app: prometheus | |
annotations: | |
prometheus.io/scrape: "true" | |
prometheus.io/port: "9090" | |
spec: | |
serviceAccountName: prometheus | |
containers: | |
- name: prometheus | |
image: prom/prometheus | |
args: | |
- '--storage.tsdb.retention=6h' | |
- '--storage.tsdb.path=/prometheus' | |
- '--config.file=/etc/prometheus/prometheus.yml' | |
ports: | |
- name: web | |
containerPort: 9090 | |
volumeMounts: | |
- name: prometheus-config-volume | |
mountPath: /etc/prometheus | |
- name: prometheus-storage-volume | |
mountPath: /prometheus | |
restartPolicy: Always | |
volumes: | |
- name: prometheus-config-volume | |
configMap: | |
defaultMode: 420 | |
name: prometheus-config | |
- name: prometheus-storage-volume | |
persistentVolumeClaim: | |
claimName: test-local-pv | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: prometheus-service | |
namespace: monitoring | |
annotations: | |
prometheus.io/scrape: 'true' | |
prometheus.io/port: '9090' | |
spec: | |
selector: | |
app: prometheus | |
type: NodePort | |
ports: | |
- port: 8080 | |
targetPort: 9090 | |
nodePort: 30909 | |
--- | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: grafana-pvc | |
namespace: monitoring | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: grafana | |
name: grafana | |
namespace: monitoring | |
spec: | |
selector: | |
matchLabels: | |
app: grafana | |
template: | |
metadata: | |
labels: | |
app: grafana | |
spec: | |
securityContext: | |
fsGroup: 472 | |
supplementalGroups: | |
- 0 | |
containers: | |
- name: grafana | |
image: grafana/grafana:latest | |
imagePullPolicy: IfNotPresent | |
ports: | |
- containerPort: 3000 | |
name: http-grafana | |
protocol: TCP | |
readinessProbe: | |
failureThreshold: 3 | |
httpGet: | |
path: /robots.txt | |
port: 3000 | |
scheme: HTTP | |
initialDelaySeconds: 10 | |
periodSeconds: 30 | |
successThreshold: 1 | |
timeoutSeconds: 2 | |
livenessProbe: | |
failureThreshold: 3 | |
initialDelaySeconds: 30 | |
periodSeconds: 10 | |
successThreshold: 1 | |
tcpSocket: | |
port: 3000 | |
timeoutSeconds: 1 | |
resources: | |
requests: | |
cpu: 250m | |
memory: 750Mi | |
volumeMounts: | |
- mountPath: /var/lib/grafana | |
name: grafana-pv | |
volumes: | |
- name: grafana-pv | |
persistentVolumeClaim: | |
claimName: grafana-pvc | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: grafana | |
namespace: monitoring | |
spec: | |
ports: | |
- port: 3000 | |
protocol: TCP | |
targetPort: http-grafana | |
selector: | |
app: grafana | |
sessionAffinity: None | |
type: LoadBalancer | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment