Last active
October 8, 2020 18:48
-
-
Save kleimkuhler/7de84e81b60e52354d09e218c385f4c4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: prometheus | |
rules: | |
- apiGroups: [""] | |
resources: ["nodes", "nodes/proxy", "pods"] | |
verbs: ["get", "list", "watch"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: prometheus | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus | |
namespace: default | |
--- | |
kind: ServiceAccount | |
apiVersion: v1 | |
metadata: | |
name: prometheus | |
namespace: default | |
--- | |
kind: ConfigMap | |
apiVersion: v1 | |
metadata: | |
name: prometheus-config | |
namespace: default | |
data: | |
prometheus.yml: |- | |
global: | |
evaluation_interval: 10s | |
scrape_interval: 10s | |
scrape_timeout: 10s | |
rule_files: | |
- /etc/prometheus/*_rules.yml | |
- /etc/prometheus/*_rules.yaml | |
remote_write: | |
- url: http://cortex-service.default.svc.cluster.local:9009/api/prom/push | |
scrape_configs: | |
- job_name: 'prometheus' | |
static_configs: | |
- targets: ['localhost:9090'] | |
- job_name: 'grafana' | |
kubernetes_sd_configs: | |
- role: pod | |
namespaces: | |
names: ['linkerd'] | |
relabel_configs: | |
- source_labels: | |
- __meta_kubernetes_pod_container_name | |
action: keep | |
regex: ^grafana$ | |
# Required for: https://grafana.com/grafana/dashboards/315 | |
- job_name: 'kubernetes-nodes-cadvisor' | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
insecure_skip_verify: true | |
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
kubernetes_sd_configs: | |
- role: node | |
relabel_configs: | |
- action: labelmap | |
regex: __meta_kubernetes_node_label_(.+) | |
- target_label: __address__ | |
replacement: kubernetes.default.svc:443 | |
- source_labels: [__meta_kubernetes_node_name] | |
regex: (.+) | |
target_label: __metrics_path__ | |
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor | |
metric_relabel_configs: | |
- source_labels: [__name__] | |
regex: '(container|machine)_(cpu|memory|network|fs)_(.+)' | |
action: keep | |
- source_labels: [__name__] | |
regex: 'container_memory_failures_total' # unneeded large metric | |
action: drop | |
- job_name: 'linkerd-controller' | |
kubernetes_sd_configs: | |
- role: pod | |
namespaces: | |
names: ['linkerd'] | |
relabel_configs: | |
- source_labels: | |
- __meta_kubernetes_pod_label_linkerd_io_control_plane_component | |
- __meta_kubernetes_pod_container_port_name | |
action: keep | |
regex: (.*);admin-http$ | |
- source_labels: [__meta_kubernetes_pod_container_name] | |
action: replace | |
target_label: component | |
- job_name: 'linkerd-service-mirror' | |
kubernetes_sd_configs: | |
- role: pod | |
relabel_configs: | |
- source_labels: | |
- __meta_kubernetes_pod_label_linkerd_io_control_plane_component | |
- __meta_kubernetes_pod_container_port_name | |
action: keep | |
regex: linkerd-service-mirror;admin-http$ | |
- source_labels: [__meta_kubernetes_pod_container_name] | |
action: replace | |
target_label: component | |
- job_name: 'linkerd-proxy' | |
kubernetes_sd_configs: | |
- role: pod | |
relabel_configs: | |
- source_labels: | |
- __meta_kubernetes_pod_container_name | |
- __meta_kubernetes_pod_container_port_name | |
- __meta_kubernetes_pod_label_linkerd_io_control_plane_ns | |
action: keep | |
regex: ^linkerd-proxy;linkerd-admin;linkerd$ | |
- source_labels: [__meta_kubernetes_namespace] | |
action: replace | |
target_label: namespace | |
- source_labels: [__meta_kubernetes_pod_name] | |
action: replace | |
target_label: pod | |
# special case k8s' "job" label, to not interfere with prometheus' "job" | |
# label | |
# __meta_kubernetes_pod_label_linkerd_io_proxy_job=foo => | |
# k8s_job=foo | |
- source_labels: [__meta_kubernetes_pod_label_linkerd_io_proxy_job] | |
action: replace | |
target_label: k8s_job | |
# drop __meta_kubernetes_pod_label_linkerd_io_proxy_job | |
- action: labeldrop | |
regex: __meta_kubernetes_pod_label_linkerd_io_proxy_job | |
# __meta_kubernetes_pod_label_linkerd_io_proxy_deployment=foo => | |
# deployment=foo | |
- action: labelmap | |
regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+) | |
# drop all labels that we just made copies of in the previous labelmap | |
- action: labeldrop | |
regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+) | |
# __meta_kubernetes_pod_label_linkerd_io_foo=bar => | |
# foo=bar | |
- action: labelmap | |
regex: __meta_kubernetes_pod_label_linkerd_io_(.+) | |
# Copy all pod labels to tmp labels | |
- action: labelmap | |
regex: __meta_kubernetes_pod_label_(.+) | |
replacement: __tmp_pod_label_$1 | |
# Take `linkerd_io_` prefixed labels and copy them without the prefix | |
- action: labelmap | |
regex: __tmp_pod_label_linkerd_io_(.+) | |
replacement: __tmp_pod_label_$1 | |
# Drop the `linkerd_io_` originals | |
- action: labeldrop | |
regex: __tmp_pod_label_linkerd_io_(.+) | |
# Copy tmp labels into real labels | |
- action: labelmap | |
regex: __tmp_pod_label_(.+) | |
--- | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: prometheus | |
namespace: default | |
spec: | |
type: ClusterIP | |
selector: | |
app: prometheus | |
ports: | |
- name: admin-http | |
port: 9090 | |
targetPort: 9090 | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: prometheus | |
namespace: default | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: prometheus | |
template: | |
metadata: | |
labels: | |
app: prometheus | |
spec: | |
nodeSelector: | |
beta.kubernetes.io/os: linux | |
securityContext: | |
fsGroup: 65534 | |
containers: | |
- args: | |
- --config.file=/etc/prometheus/prometheus.yml | |
- --log.level=info | |
- --storage.tsdb.path=/data | |
- --storage.tsdb.retention.time=6h | |
image: prom/prometheus:v2.19.3 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
httpGet: | |
path: /-/healthy | |
port: 9090 | |
initialDelaySeconds: 30 | |
timeoutSeconds: 30 | |
name: prometheus | |
ports: | |
- containerPort: 9090 | |
name: admin-http | |
readinessProbe: | |
httpGet: | |
path: /-/ready | |
port: 9090 | |
initialDelaySeconds: 30 | |
timeoutSeconds: 30 | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
runAsGroup: 65534 | |
volumeMounts: | |
- mountPath: /data | |
name: data | |
- mountPath: /etc/prometheus/prometheus.yml | |
name: prometheus-config | |
subPath: prometheus.yml | |
readOnly: true | |
serviceAccountName: prometheus | |
volumes: | |
- name: data | |
emptyDir: {} | |
- configMap: | |
name: prometheus-config | |
name: prometheus-config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment