Last active
March 21, 2018 02:38
-
-
Save caarlos0/da39ac3925e953565f6cf9bbbcc4ebb4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: example-app | |
spec: | |
replicas: 2 | |
template: | |
metadata: | |
labels: | |
app: example-app | |
spec: | |
containers: | |
- name: example-app | |
image: fabxc/instrumented_app | |
ports: | |
- name: web | |
containerPort: 8080 | |
--- | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: example-app | |
labels: | |
app: example-app | |
spec: | |
selector: | |
app: example-app | |
ports: | |
- name: web | |
port: 8080 | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: example-app | |
labels: | |
team: frontend | |
spec: | |
selector: | |
matchLabels: | |
app: example-app | |
endpoints: | |
- port: web |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: prometheus-operator | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus-operator | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus-operator | |
namespace: default | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: prometheus-operator | |
rules: | |
- apiGroups: | |
- extensions | |
resources: | |
- thirdpartyresources | |
verbs: | |
- "*" | |
- apiGroups: | |
- apiextensions.k8s.io | |
resources: | |
- customresourcedefinitions | |
verbs: | |
- "*" | |
- apiGroups: | |
- monitoring.coreos.com | |
resources: | |
- alertmanagers | |
- prometheuses | |
- prometheuses/finalizers | |
- alertmanagers/finalizers | |
- servicemonitors | |
verbs: | |
- "*" | |
- apiGroups: | |
- apps | |
resources: | |
- statefulsets | |
verbs: ["*"] | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
- secrets | |
verbs: ["*"] | |
- apiGroups: [""] | |
resources: | |
- pods | |
verbs: ["list", "delete"] | |
- apiGroups: [""] | |
resources: | |
- services | |
- endpoints | |
verbs: ["get", "create", "update"] | |
- apiGroups: [""] | |
resources: | |
- nodes | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- namespaces | |
verbs: ["list"] | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: prometheus-operator | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: prometheus-operator | |
name: prometheus-operator | |
spec: | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: prometheus-operator | |
spec: | |
containers: | |
- args: | |
- --kubelet-service=kube-system/kubelet | |
- --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 | |
image: quay.io/coreos/prometheus-operator:v0.17.0 | |
name: prometheus-operator | |
ports: | |
- containerPort: 8080 | |
name: http | |
resources: | |
limits: | |
cpu: 200m | |
memory: 100Mi | |
requests: | |
cpu: 100m | |
memory: 50Mi | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
serviceAccountName: prometheus-operator | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: prometheus | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: prometheus | |
rules: | |
- apiGroups: [""] | |
resources: | |
- nodes | |
- services | |
- endpoints | |
- pods | |
verbs: ["get", "list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
verbs: ["get"] | |
- nonResourceURLs: ["/metrics"] | |
verbs: ["get"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: prometheus | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus | |
namespace: default | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: Prometheus | |
metadata: | |
name: main | |
spec: | |
replicas: 1 | |
version: v2.2.1 | |
resources: | |
requests: | |
memory: 400Mi | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: prometheus | |
spec: | |
type: NodePort | |
ports: | |
- name: web | |
nodePort: 30900 | |
port: 9090 | |
protocol: TCP | |
targetPort: web | |
selector: | |
prometheus: main | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
namespace: kube-system | |
name: kube-scheduler-prometheus-discovery | |
labels: | |
app: kube-scheduler | |
spec: | |
selector: | |
app: kube-scheduler | |
type: ClusterIP | |
clusterIP: None | |
ports: | |
- name: http-metrics | |
port: 10251 | |
targetPort: 10251 | |
protocol: TCP | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
namespace: kube-system | |
name: kube-controller-manager-prometheus-discovery | |
labels: | |
app: kube-controller-manager | |
spec: | |
selector: | |
app: kube-controller-manager | |
type: ClusterIP | |
clusterIP: None | |
ports: | |
- name: http-metrics | |
port: 10252 | |
targetPort: 10252 | |
protocol: TCP | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: DaemonSet | |
metadata: | |
name: node-exporter | |
spec: | |
updateStrategy: | |
rollingUpdate: | |
maxUnavailable: 1 | |
type: RollingUpdate | |
template: | |
metadata: | |
labels: | |
app: node-exporter | |
name: node-exporter | |
spec: | |
serviceAccountName: node-exporter | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
hostNetwork: true | |
hostPID: true | |
containers: | |
- image: quay.io/prometheus/node-exporter:v0.15.2 | |
args: | |
- "--web.listen-address=127.0.0.1:9101" | |
- "--path.procfs=/host/proc" | |
- "--path.sysfs=/host/sys" | |
name: node-exporter | |
resources: | |
requests: | |
memory: 30Mi | |
cpu: 100m | |
limits: | |
memory: 50Mi | |
cpu: 200m | |
volumeMounts: | |
- name: proc | |
readOnly: true | |
mountPath: /host/proc | |
- name: sys | |
readOnly: true | |
mountPath: /host/sys | |
- name: kube-rbac-proxy | |
image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
args: | |
- "--secure-listen-address=:9100" | |
- "--upstream=http://127.0.0.1:9101/" | |
ports: | |
- containerPort: 9100 | |
hostPort: 9100 | |
name: https | |
resources: | |
requests: | |
memory: 20Mi | |
cpu: 10m | |
limits: | |
memory: 40Mi | |
cpu: 20m | |
tolerations: | |
- effect: NoSchedule | |
operator: Exists | |
volumes: | |
- name: proc | |
hostPath: | |
path: /proc | |
- name: sys | |
hostPath: | |
path: /sys | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: node-exporter | |
app: node-exporter | |
name: node-exporter | |
spec: | |
type: ClusterIP | |
clusterIP: None | |
ports: | |
- name: https | |
port: 9100 | |
protocol: TCP | |
selector: | |
app: node-exporter | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: kube-state-metrics | |
spec: | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: kube-state-metrics | |
spec: | |
serviceAccountName: kube-state-metrics | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
containers: | |
- name: kube-rbac-proxy-main | |
image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
args: | |
- "--secure-listen-address=:8443" | |
- "--upstream=http://127.0.0.1:8081/" | |
ports: | |
- name: https-main | |
containerPort: 8443 | |
resources: | |
requests: | |
memory: 20Mi | |
cpu: 10m | |
limits: | |
memory: 40Mi | |
cpu: 20m | |
- name: kube-rbac-proxy-self | |
image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
args: | |
- "--secure-listen-address=:9443" | |
- "--upstream=http://127.0.0.1:8082/" | |
ports: | |
- name: https-self | |
containerPort: 9443 | |
resources: | |
requests: | |
memory: 20Mi | |
cpu: 10m | |
limits: | |
memory: 40Mi | |
cpu: 20m | |
- name: kube-state-metrics | |
image: quay.io/coreos/kube-state-metrics:v1.2.0 | |
args: | |
- "--host=127.0.0.1" | |
- "--port=8081" | |
- "--telemetry-host=127.0.0.1" | |
- "--telemetry-port=8082" | |
- name: addon-resizer | |
image: gcr.io/google_containers/addon-resizer:1.0 | |
resources: | |
limits: | |
cpu: 100m | |
memory: 30Mi | |
requests: | |
cpu: 100m | |
memory: 30Mi | |
env: | |
- name: MY_POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: MY_POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
command: | |
- /pod_nanny | |
- --container=kube-state-metrics | |
- --cpu=100m | |
- --extra-cpu=2m | |
- --memory=150Mi | |
- --extra-memory=30Mi | |
- --threshold=5 | |
- --deployment=kube-state-metrics | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: kube-state-metrics | |
app: kube-state-metrics | |
name: kube-state-metrics | |
spec: | |
clusterIP: None | |
ports: | |
- name: https-main | |
port: 8443 | |
targetPort: https-main | |
protocol: TCP | |
- name: https-self | |
port: 9443 | |
targetPort: https-self | |
protocol: TCP | |
selector: | |
app: kube-state-metrics | |
--- | |
# apiVersion: monitoring.coreos.com/v1 | |
# kind: Prometheus | |
# metadata: | |
# name: k8s | |
# labels: | |
# prometheus: k8s | |
# spec: | |
# replicas: 2 | |
# version: v2.2.0-rc.0 | |
# serviceAccountName: prometheus-k8s | |
# serviceMonitorSelector: | |
# matchExpressions: | |
# - {key: app, operator: Exists} | |
# ruleSelector: | |
# matchLabels: | |
# role: prometheus-rulefiles | |
# prometheus: k8s | |
# resources: | |
# requests: | |
# 2Gi is default, but won't schedule if you don't have a node with >2Gi | |
# memory. Modify based on your target and time-series count for | |
# production use. This value is mainly meant for demonstration/testing | |
# purposes. | |
# memory: 400Mi | |
# alerting: | |
# alertmanagers: | |
# - namespace: monitoring | |
# name: alertmanager-main | |
# port: web | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: kube-apiserver | |
labels: | |
app: apiserver | |
spec: | |
jobLabel: component | |
selector: | |
matchLabels: | |
component: apiserver | |
provider: kubernetes | |
namespaceSelector: | |
matchNames: | |
- default | |
endpoints: | |
- port: https | |
interval: 30s | |
scheme: https | |
tlsConfig: | |
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
serverName: kubernetes | |
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: kubelet | |
labels: | |
app: kubelet | |
spec: | |
jobLabel: app | |
endpoints: | |
- port: https-metrics | |
scheme: https | |
interval: 30s | |
tlsConfig: | |
insecureSkipVerify: true | |
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
- port: https-metrics | |
scheme: https | |
path: /metrics/cadvisor | |
interval: 30s | |
honorLabels: true | |
tlsConfig: | |
insecureSkipVerify: true | |
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
selector: | |
matchLabels: | |
app: kubelet | |
namespaceSelector: | |
matchNames: | |
- kube-system | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: kube-controller-manager | |
labels: | |
app: kube-controller-manager | |
spec: | |
jobLabel: app | |
endpoints: | |
- port: http-metrics | |
interval: 30s | |
selector: | |
matchLabels: | |
app: kube-controller-manager | |
namespaceSelector: | |
matchNames: | |
- kube-system | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: kube-scheduler | |
labels: | |
app: kube-scheduler | |
spec: | |
jobLabel: app | |
endpoints: | |
- port: http-metrics | |
interval: 30s | |
selector: | |
matchLabels: | |
app: kube-scheduler | |
namespaceSelector: | |
matchNames: | |
- kube-system | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: kube-state-metrics | |
labels: | |
app: kube-state-metrics | |
spec: | |
jobLabel: app | |
selector: | |
matchLabels: | |
app: kube-state-metrics | |
namespaceSelector: | |
matchNames: | |
- monitoring | |
endpoints: | |
- port: https-main | |
scheme: https | |
interval: 30s | |
honorLabels: true | |
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
tlsConfig: | |
insecureSkipVerify: true | |
- port: https-self | |
scheme: https | |
interval: 30s | |
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
tlsConfig: | |
insecureSkipVerify: true | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: node-exporter | |
labels: | |
app: node-exporter | |
spec: | |
jobLabel: app | |
selector: | |
matchLabels: | |
app: node-exporter | |
namespaceSelector: | |
matchNames: | |
- monitoring | |
endpoints: | |
- port: https | |
scheme: https | |
interval: 30s | |
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
tlsConfig: | |
insecureSkipVerify: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment