Created
July 8, 2021 16:10
-
-
Save denisgolius/97d1d5956c304650be3081177168bfa3 to your computer and use it in GitHub Desktop.
vmagent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
replicaCount: 1 | |
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ | |
deployment: | |
enabled: true | |
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | |
strategy: {} | |
# rollingUpdate: | |
# maxSurge: 25% | |
# maxUnavailable: 25% | |
# type: RollingUpdate | |
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ | |
statefulset: | |
enabled: false | |
# ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies | |
updateStrategy: {} | |
# type: RollingUpdate | |
image: | |
repository: victoriametrics/vmagent | |
tag: "" # rewrites Chart.AppVersion | |
pullPolicy: IfNotPresent | |
imagePullSecrets: [] | |
nameOverride: "" | |
fullnameOverride: "" | |
containerWorkingDir: "/" | |
rbac: | |
create: true | |
pspEnabled: true | |
annotations: {} | |
extraLabels: {} | |
serviceAccount: | |
# Specifies whether a service account should be created | |
create: true | |
# Annotations to add to the service account | |
annotations: {} | |
# The name of the service account to use. | |
# If not set and create is true, a name is generated using the fullname template | |
name: | |
## See `kubectl explain poddisruptionbudget.spec` for more | |
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | |
podDisruptionBudget: | |
enabled: false | |
# minAvailable: 1 | |
# maxUnavailable: 1 | |
labels: {} | |
# WARN: need to specify at least one remote write url | |
remoteWriteUrls: | |
- http://vmcluster-victoria-metrics-cluster-vminsert.default.svc.cluster.local:8480/insert/0/prometheus/ | |
extraArgs: | |
envflag.enable: "true" | |
envflag.prefix: VM_ | |
loggerFormat: json | |
# promscrape.maxScrapeSize: "167772160" | |
# Uncomment and specify the port if you want to support any of the protocols: | |
# https://victoriametrics.github.io/vmagent.html#features | |
# graphiteListenAddr: ":2003" | |
# influxListenAddr: ":8189" | |
# opentsdbHTTPListenAddr: ":4242" | |
# opentsdbListenAddr: ":4242" | |
### additional environment variables (ex.: secret tokens) | |
# https://github.com/VictoriaMetrics/VictoriaMetrics#environment-variables | |
env: | |
[] | |
# - name: VM_remoteWrite_basicAuth_password | |
# valueFrom: | |
# secretKeyRef: | |
# name: auth_secret | |
# key: password | |
# Additional hostPath mounts | |
extraHostPathMounts: | |
[] | |
# - name: certs-dir | |
# mountPath: /etc/kubernetes/certs | |
# subPath: "" | |
# hostPath: /etc/kubernetes/certs | |
# readOnly: true | |
# Extra Volumes for the pod | |
extraVolumes: | |
[] | |
# - name: example | |
# configMap: | |
# name: example | |
# Extra Volume Mounts for the container | |
extraVolumeMounts: | |
[] | |
# - name: example | |
# mountPath: /example | |
extraContainers: [] | |
# - name: config-reloader | |
# image: reloader-image | |
podSecurityContext: | |
{} | |
# fsGroup: 2000 | |
securityContext: | |
{} | |
# capabilities: | |
# drop: | |
# - ALL | |
# readOnlyRootFilesystem: true | |
# runAsNonRoot: true | |
# runAsUser: 1000 | |
service: | |
enabled: false | |
annotations: {} | |
extraLabels: {} | |
clusterIP: "" | |
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips | |
## | |
externalIPs: [] | |
loadBalancerIP: "" | |
loadBalancerSourceRanges: [] | |
servicePort: 8429 | |
type: ClusterIP | |
ingress: | |
enabled: false | |
annotations: {} | |
# kubernetes.io/ingress.class: nginx | |
# kubernetes.io/tls-acme: 'true' | |
extraLabels: {} | |
hosts: [] | |
# - name: vmagent.local | |
# path: / | |
# port: http | |
tls: [] | |
# - secretName: vmagent-ingress-tls | |
# hosts: | |
# - vmagent.local | |
resources: | |
{} | |
# We usually recommend not to specify default resources and to leave this as a conscious | |
# choice for the user. This also increases chances charts run on environments with little | |
# resources, such as Minikube. If you do want to specify resources, uncomment the following | |
# lines, adjust them as necessary, and remove the curly braces after 'resources:'. | |
# limits: | |
# cpu: 100m | |
# memory: 128Mi | |
# requests: | |
# cpu: 100m | |
# memory: 128Mi | |
# Annotations to be added to the deployment | |
annotations: {} | |
# Annotations to be added to pod | |
podAnnotations: {} | |
nodeSelector: {} | |
tolerations: [] | |
affinity: {} | |
# vmagent scraping configuration: | |
# https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/docs/vmagent.md#how-to-collect-metrics-in-prometheus-format | |
# use existing configmap if specified | |
# otherwise .config values will be used | |
configMap: "" | |
persistence: | |
enabled: false | |
# storageClassName: default | |
accessModes: | |
- ReadWriteOnce | |
size: 10Gi | |
annotations: {} | |
extraLabels: {} | |
existingClaim: "" | |
config: | |
global: | |
scrape_interval: 10s | |
# scrape self by default | |
scrape_configs: | |
- job_name: vmagent | |
static_configs: | |
- targets: ["localhost:8429"] | |
## COPY from Prometheus helm chart https://github.com/helm/charts/blob/master/stable/prometheus/values.yaml | |
# Scrape config for API servers. | |
# | |
# Kubernetes exposes API servers as endpoints to the default/kubernetes | |
# service so this uses `endpoints` role and uses relabelling to only keep | |
# the endpoints associated with the default/kubernetes service using the | |
# default named port `https`. This works for single API server deployments as | |
# well as HA API server deployments. | |
- job_name: "kubernetes-apiservers" | |
kubernetes_sd_configs: | |
- role: endpoints | |
# Default to scraping over https. If required, just disable this or change to | |
# `http`. | |
scheme: https | |
# This TLS & bearer token file config is used to connect to the actual scrape | |
# endpoints for cluster components. This is separate to discovery auth | |
# configuration because discovery & scraping are two separate concerns in | |
# Prometheus. The discovery auth config is automatic if Prometheus runs inside | |
# the cluster. Otherwise, more config options have to be provided within the | |
# <kubernetes_sd_config>. | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
# If your node certificates are self-signed or use a different CA to the | |
# master CA, then disable certificate verification below. Note that | |
# certificate verification is an integral part of a secure infrastructure | |
# so this should only be disabled in a controlled environment. You can | |
# disable certificate verification by uncommenting the line below. | |
# | |
insecure_skip_verify: true | |
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
# Keep only the default/kubernetes service endpoints for the https port. This | |
# will add targets for each API server which Kubernetes adds an endpoint to | |
# the default/kubernetes service. | |
relabel_configs: | |
- source_labels: | |
[ | |
__meta_kubernetes_namespace, | |
__meta_kubernetes_service_name, | |
__meta_kubernetes_endpoint_port_name, | |
] | |
action: keep | |
regex: default;kubernetes;https | |
- job_name: "kubernetes-nodes" | |
# Default to scraping over https. If required, just disable this or change to | |
# `http`. | |
scheme: https | |
# This TLS & bearer token file config is used to connect to the actual scrape | |
# endpoints for cluster components. This is separate to discovery auth | |
# configuration because discovery & scraping are two separate concerns in | |
# Prometheus. The discovery auth config is automatic if Prometheus runs inside | |
# the cluster. Otherwise, more config options have to be provided within the | |
# <kubernetes_sd_config>. | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
# If your node certificates are self-signed or use a different CA to the | |
# master CA, then disable certificate verification below. Note that | |
# certificate verification is an integral part of a secure infrastructure | |
# so this should only be disabled in a controlled environment. You can | |
# disable certificate verification by uncommenting the line below. | |
# | |
insecure_skip_verify: true | |
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
kubernetes_sd_configs: | |
- role: node | |
relabel_configs: | |
- action: labelmap | |
regex: __meta_kubernetes_node_label_(.+) | |
- target_label: __address__ | |
replacement: kubernetes.default.svc:443 | |
- source_labels: [__meta_kubernetes_node_name] | |
regex: (.+) | |
target_label: __metrics_path__ | |
replacement: /api/v1/nodes/$1/proxy/metrics | |
- job_name: "kubernetes-nodes-cadvisor" | |
# Default to scraping over https. If required, just disable this or change to | |
# `http`. | |
scheme: https | |
# This TLS & bearer token file config is used to connect to the actual scrape | |
# endpoints for cluster components. This is separate to discovery auth | |
# configuration because discovery & scraping are two separate concerns in | |
# Prometheus. The discovery auth config is automatic if Prometheus runs inside | |
# the cluster. Otherwise, more config options have to be provided within the | |
# <kubernetes_sd_config>. | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
# If your node certificates are self-signed or use a different CA to the | |
# master CA, then disable certificate verification below. Note that | |
# certificate verification is an integral part of a secure infrastructure | |
# so this should only be disabled in a controlled environment. You can | |
# disable certificate verification by uncommenting the line below. | |
# | |
insecure_skip_verify: true | |
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
kubernetes_sd_configs: | |
- role: node | |
# This configuration will work only on kubelet 1.7.3+ | |
# As the scrape endpoints for cAdvisor have changed | |
# if you are using older version you need to change the replacement to | |
# replacement: /api/v1/nodes/$1:4194/proxy/metrics | |
# more info here https://github.com/coreos/prometheus-operator/issues/633 | |
relabel_configs: | |
- action: labelmap | |
regex: __meta_kubernetes_node_label_(.+) | |
- target_label: __address__ | |
replacement: kubernetes.default.svc:443 | |
- source_labels: [__meta_kubernetes_node_name] | |
regex: (.+) | |
target_label: __metrics_path__ | |
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor | |
metric_relabel_configs: | |
- action: replace | |
source_labels: [pod] | |
regex: '(.+)' | |
target_label: pod_name | |
replacement: '${1}' | |
- action: replace | |
source_labels: [container] | |
regex: '(.+)' | |
target_label: container_name | |
replacement: '${1}' | |
- action: replace | |
target_label: name | |
replacement: k8s_stub | |
# Scrape config for service endpoints. | |
# | |
# The relabeling allows the actual service scrape endpoint to be configured | |
# via the following annotations: | |
# | |
# * `prometheus.io/scrape`: Only scrape services that have a value of `true` | |
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need | |
# to set this to `https` & most likely set the `tls_config` of the scrape config. | |
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this. | |
# * `prometheus.io/port`: If the metrics are exposed on a different port to the | |
# service then set this appropriately. | |
- job_name: "kubernetes-service-endpoints" | |
kubernetes_sd_configs: | |
- role: endpoints | |
relabel_configs: | |
- action: drop | |
source_labels: [__meta_kubernetes_pod_container_init] | |
regex: true | |
- action: keep_if_equal | |
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] | |
- source_labels: | |
[__meta_kubernetes_service_annotation_prometheus_io_scrape] | |
action: keep | |
regex: true | |
- source_labels: | |
[__meta_kubernetes_service_annotation_prometheus_io_scheme] | |
action: replace | |
target_label: __scheme__ | |
regex: (https?) | |
- source_labels: | |
[__meta_kubernetes_service_annotation_prometheus_io_path] | |
action: replace | |
target_label: __metrics_path__ | |
regex: (.+) | |
- source_labels: | |
[ | |
__address__, | |
__meta_kubernetes_service_annotation_prometheus_io_port, | |
] | |
action: replace | |
target_label: __address__ | |
regex: ([^:]+)(?::\d+)?;(\d+) | |
replacement: $1:$2 | |
- action: labelmap | |
regex: __meta_kubernetes_service_label_(.+) | |
- source_labels: [__meta_kubernetes_namespace] | |
action: replace | |
target_label: kubernetes_namespace | |
- source_labels: [__meta_kubernetes_service_name] | |
action: replace | |
target_label: kubernetes_name | |
- source_labels: [__meta_kubernetes_pod_node_name] | |
action: replace | |
target_label: kubernetes_node | |
# Scrape config for slow service endpoints; same as above, but with a larger | |
# timeout and a larger interval | |
# | |
# The relabeling allows the actual service scrape endpoint to be configured | |
# via the following annotations: | |
# | |
# * `prometheus.io/scrape-slow`: Only scrape services that have a value of `true` | |
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need | |
# to set this to `https` & most likely set the `tls_config` of the scrape config. | |
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this. | |
# * `prometheus.io/port`: If the metrics are exposed on a different port to the | |
# service then set this appropriately. | |
- job_name: "kubernetes-service-endpoints-slow" | |
scrape_interval: 5m | |
scrape_timeout: 30s | |
kubernetes_sd_configs: | |
- role: endpoints | |
relabel_configs: | |
- action: drop | |
source_labels: [__meta_kubernetes_pod_container_init] | |
regex: true | |
- action: keep_if_equal | |
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] | |
- source_labels: | |
[__meta_kubernetes_service_annotation_prometheus_io_scrape_slow] | |
action: keep | |
regex: true | |
- source_labels: | |
[__meta_kubernetes_service_annotation_prometheus_io_scheme] | |
action: replace | |
target_label: __scheme__ | |
regex: (https?) | |
- source_labels: | |
[__meta_kubernetes_service_annotation_prometheus_io_path] | |
action: replace | |
target_label: __metrics_path__ | |
regex: (.+) | |
- source_labels: | |
[ | |
__address__, | |
__meta_kubernetes_service_annotation_prometheus_io_port, | |
] | |
action: replace | |
target_label: __address__ | |
regex: ([^:]+)(?::\d+)?;(\d+) | |
replacement: $1:$2 | |
- action: labelmap | |
regex: __meta_kubernetes_service_label_(.+) | |
- source_labels: [__meta_kubernetes_namespace] | |
action: replace | |
target_label: kubernetes_namespace | |
- source_labels: [__meta_kubernetes_service_name] | |
action: replace | |
target_label: kubernetes_name | |
- source_labels: [__meta_kubernetes_pod_node_name] | |
action: replace | |
target_label: kubernetes_node | |
# Example scrape config for probing services via the Blackbox Exporter. | |
# | |
# The relabeling allows the actual service scrape endpoint to be configured | |
# via the following annotations: | |
# | |
# * `prometheus.io/probe`: Only probe services that have a value of `true` | |
- job_name: "kubernetes-services" | |
metrics_path: /probe | |
params: | |
module: [http_2xx] | |
kubernetes_sd_configs: | |
- role: service | |
relabel_configs: | |
- source_labels: | |
[__meta_kubernetes_service_annotation_prometheus_io_probe] | |
action: keep | |
regex: true | |
- source_labels: [__address__] | |
target_label: __param_target | |
- target_label: __address__ | |
replacement: blackbox | |
- source_labels: [__param_target] | |
target_label: instance | |
- action: labelmap | |
regex: __meta_kubernetes_service_label_(.+) | |
- source_labels: [__meta_kubernetes_namespace] | |
target_label: kubernetes_namespace | |
- source_labels: [__meta_kubernetes_service_name] | |
target_label: kubernetes_name | |
# Example scrape config for pods | |
# | |
# The relabeling allows the actual pod scrape endpoint to be configured via the | |
# following annotations: | |
# | |
# * `prometheus.io/scrape`: Only scrape pods that have a value of `true` | |
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this. | |
# * `prometheus.io/port`: Scrape the pod on the indicated port instead of the default of `9102`. | |
- job_name: "kubernetes-pods" | |
kubernetes_sd_configs: | |
- role: pod | |
relabel_configs: | |
- action: drop | |
source_labels: [__meta_kubernetes_pod_container_init] | |
regex: true | |
- action: keep_if_equal | |
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port, __meta_kubernetes_pod_container_port_number] | |
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] | |
action: keep | |
regex: true | |
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] | |
action: replace | |
target_label: __metrics_path__ | |
regex: (.+) | |
- source_labels: | |
[__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] | |
action: replace | |
regex: ([^:]+)(?::\d+)?;(\d+) | |
replacement: $1:$2 | |
target_label: __address__ | |
- action: labelmap | |
regex: __meta_kubernetes_pod_label_(.+) | |
- source_labels: [__meta_kubernetes_namespace] | |
action: replace | |
target_label: kubernetes_namespace | |
- source_labels: [__meta_kubernetes_pod_name] | |
action: replace | |
target_label: kubernetes_pod_name | |
## End of COPY |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment