Created
September 18, 2017 15:51
-
-
Save ketzacoatl/db864935ba2fb3d8949505b476c09ef1 to your computer and use it in GitHub Desktop.
Prometheus on Kubernetes, based on deployments (no operator)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: prometheus | |
| namespace: ops | |
| data: | |
| prometheus.yml: | | |
| global: | |
| scrape_interval: 30s | |
| scrape_timeout: 30s | |
| scrape_configs: | |
| - job_name: 'kubernetes-apiservers' | |
| kubernetes_sd_configs: | |
| - role: endpoints | |
| # Default to scraping over https. If required, just disable this or change to | |
| # `http`. | |
| scheme: https | |
| # This TLS & bearer token file config is used to connect to the actual scrape | |
| # endpoints for cluster components. This is separate to discovery auth | |
| # configuration because discovery & scraping are two separate concerns in | |
| # Prometheus. The discovery auth config is automatic if Prometheus runs inside | |
| # the cluster. Otherwise, more config options have to be provided within the | |
| # <kubernetes_sd_config>. | |
| tls_config: | |
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| # If your node certificates are self-signed or use a different CA to the | |
| # master CA, then disable certificate verification below. Note that | |
| # certificate verification is an integral part of a secure infrastructure | |
| # so this should only be disabled in a controlled environment. You can | |
| # disable certificate verification by uncommenting the line below. | |
| # | |
| # insecure_skip_verify: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| # Keep only the default/kubernetes service endpoints for the https port. This | |
| # will add targets for each API server which Kubernetes adds an endpoint to | |
| # the default/kubernetes service. | |
| relabel_configs: | |
| - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] | |
| action: keep | |
| regex: default;kubernetes;https | |
| - job_name: 'kubernetes-nodes' | |
| # Default to scraping over https. If required, just disable this or change to | |
| # `http`. | |
| scheme: https | |
| # This TLS & bearer token file config is used to connect to the actual scrape | |
| # endpoints for cluster components. This is separate to discovery auth | |
| # configuration because discovery & scraping are two separate concerns in | |
| # Prometheus. The discovery auth config is automatic if Prometheus runs inside | |
| # the cluster. Otherwise, more config options have to be provided within the | |
| # <kubernetes_sd_config>. | |
| tls_config: | |
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| # If your node certificates are self-signed or use a different CA to the | |
| # master CA, then disable certificate verification below. Note that | |
| # certificate verification is an integral part of a secure infrastructure | |
| # so this should only be disabled in a controlled environment. You can | |
| # disable certificate verification by uncommenting the line below. | |
| # | |
| # insecure_skip_verify: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| kubernetes_sd_configs: | |
| - role: node | |
| relabel_configs: | |
| - action: labelmap | |
| regex: __meta_kubernetes_node_label_(.+) | |
| - target_label: __address__ | |
| replacement: kubernetes.default.svc:443 | |
| - source_labels: [__meta_kubernetes_node_name] | |
| regex: (.+) | |
| target_label: __metrics_path__ | |
| replacement: /api/v1/nodes/${1}/proxy/metrics | |
| # Example scrape config for pods | |
| # | |
| # The relabeling allows the actual pod scrape endpoint to be configured via the | |
| # following annotations: | |
| # | |
| # * `prometheus.io/scrape`: Only scrape pods that have a value of `true` | |
| # * `prometheus.io/path`: If the metrics path is not `/metrics` override this. | |
| # * `prometheus.io/port`: Scrape the pod on the indicated port instead of the | |
| # pod's declared ports (default is a port-free target if none are declared). | |
| - job_name: 'kubernetes-pods' | |
| kubernetes_sd_configs: | |
| - role: pod | |
| relabel_configs: | |
| - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] | |
| action: keep | |
| regex: true | |
| - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] | |
| action: replace | |
| target_label: __metrics_path__ | |
| regex: (.+) | |
| - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] | |
| action: replace | |
| regex: ([^:]+)(?::\d+)?;(\d+) | |
| replacement: $1:$2 | |
| target_label: __address__ | |
| - action: labelmap | |
| regex: __meta_kubernetes_pod_label_(.+) | |
| - source_labels: [__meta_kubernetes_namespace] | |
| action: replace | |
| target_label: kubernetes_namespace | |
| - source_labels: [__meta_kubernetes_pod_name] | |
| action: replace | |
| target_label: kubernetes_pod_name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: prometheus | |
| name: prometheus | |
| namespace: ops | |
| spec: | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: prometheus | |
| spec: | |
| containers: | |
| - image: quay.io/prometheus/prometheus:v1.7.0 | |
| name: prometheus | |
| command: | |
| - "/bin/prometheus" | |
| args: | |
| - "-config.file=/etc/prometheus/prometheus.yml" | |
| - "-storage.local.path=/prometheus" | |
| - "-storage.local.retention=24h" | |
| ports: | |
| - containerPort: 9090 | |
| protocol: TCP | |
| volumeMounts: | |
| - mountPath: "/prometheus" | |
| name: data | |
| - mountPath: "/etc/prometheus" | |
| name: config-volume | |
| resources: | |
| requests: | |
| cpu: 100m | |
| memory: 100Mi | |
| limits: | |
| cpu: 500m | |
| memory: 2500Mi | |
| volumes: | |
| - name: data | |
| persistentVolumeClaim: | |
| claimName: prometheus | |
| - configMap: | |
| name: prometheus | |
| name: config-volume |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This Ingress uses the Host header to route incoming requests to prometheus | |
| # | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: prometheus | |
| spec: | |
| rules: | |
| - host: prometheus.example.net | |
| http: | |
| paths: | |
| - backend: | |
| serviceName: prometheus | |
| servicePort: 80 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: prometheus | |
| labels: | |
| app: prometheus | |
| namespace: ops | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 15Gi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: prometheus | |
| namespace: ops | |
| labels: | |
| app: prometheus | |
| spec: | |
| type: ClusterIP | |
| selector: | |
| app: prometheus | |
| ports: | |
| - name: http | |
| port: 80 | |
| targetPort: 9090 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment