kleimkuhler/prometheus.yaml

## prometheus.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: prometheus
rules:
- apiGroups: [""]
  resources: ["nodes", "nodes/proxy", "pods"]
  verbs: ["get", "list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: default
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: prometheus
  namespace: default
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: prometheus-config
  namespace: default
data:
  prometheus.yml: |-
    global:
      evaluation_interval: 10s
      scrape_interval: 10s
      scrape_timeout: 10s

    rule_files:
    - /etc/prometheus/*_rules.yml
    - /etc/prometheus/*_rules.yaml

    remote_write:
    - url: http://cortex-service.default.svc.cluster.local:9009/api/prom/push

    scrape_configs:
    - job_name: 'prometheus'
      static_configs:
      - targets: ['localhost:9090']

    - job_name: 'grafana'
      kubernetes_sd_configs:
      - role: pod
        namespaces:
          names: ['linkerd']
      relabel_configs:
      - source_labels:
        - __meta_kubernetes_pod_container_name
        action: keep
        regex: ^grafana$

    #  Required for: https://grafana.com/grafana/dashboards/315
    - job_name: 'kubernetes-nodes-cadvisor'
      scheme: https
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        insecure_skip_verify: true
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
      kubernetes_sd_configs:
      - role: node
      relabel_configs:
      - action: labelmap
        regex: __meta_kubernetes_node_label_(.+)
      - target_label: __address__
        replacement: kubernetes.default.svc:443
      - source_labels: [__meta_kubernetes_node_name]
        regex: (.+)
        target_label: __metrics_path__
        replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
      metric_relabel_configs:
      - source_labels: [__name__]
        regex: '(container|machine)_(cpu|memory|network|fs)_(.+)'
        action: keep
      - source_labels: [__name__]
        regex: 'container_memory_failures_total' # unneeded large metric
        action: drop

    - job_name: 'linkerd-controller'
      kubernetes_sd_configs:
      - role: pod
        namespaces:
          names: ['linkerd']
      relabel_configs:
      - source_labels:
        - __meta_kubernetes_pod_label_linkerd_io_control_plane_component
        - __meta_kubernetes_pod_container_port_name
        action: keep
        regex: (.*);admin-http$
      - source_labels: [__meta_kubernetes_pod_container_name]
        action: replace
        target_label: component

    - job_name: 'linkerd-service-mirror'
      kubernetes_sd_configs:
      - role: pod
      relabel_configs:
      - source_labels:
        - __meta_kubernetes_pod_label_linkerd_io_control_plane_component
        - __meta_kubernetes_pod_container_port_name
        action: keep
        regex: linkerd-service-mirror;admin-http$
      - source_labels: [__meta_kubernetes_pod_container_name]
        action: replace
        target_label: component

    - job_name: 'linkerd-proxy'
      kubernetes_sd_configs:
      - role: pod
      relabel_configs:
      - source_labels:
        - __meta_kubernetes_pod_container_name
        - __meta_kubernetes_pod_container_port_name
        - __meta_kubernetes_pod_label_linkerd_io_control_plane_ns
        action: keep
        regex: ^linkerd-proxy;linkerd-admin;linkerd$
      - source_labels: [__meta_kubernetes_namespace]
        action: replace
        target_label: namespace
      - source_labels: [__meta_kubernetes_pod_name]
        action: replace
        target_label: pod
      # special case k8s' "job" label, to not interfere with prometheus' "job"
      # label
      # __meta_kubernetes_pod_label_linkerd_io_proxy_job=foo =>
      # k8s_job=foo
      - source_labels: [__meta_kubernetes_pod_label_linkerd_io_proxy_job]
        action: replace
        target_label: k8s_job
      # drop __meta_kubernetes_pod_label_linkerd_io_proxy_job
      - action: labeldrop
        regex: __meta_kubernetes_pod_label_linkerd_io_proxy_job
      # __meta_kubernetes_pod_label_linkerd_io_proxy_deployment=foo =>
      # deployment=foo
      - action: labelmap
        regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
      # drop all labels that we just made copies of in the previous labelmap
      - action: labeldrop
        regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
      # __meta_kubernetes_pod_label_linkerd_io_foo=bar =>
      # foo=bar
      - action: labelmap
        regex: __meta_kubernetes_pod_label_linkerd_io_(.+)
      # Copy all pod labels to tmp labels
      - action: labelmap
        regex: __meta_kubernetes_pod_label_(.+)
        replacement: __tmp_pod_label_$1
      # Take `linkerd_io_` prefixed labels and copy them without the prefix
      - action: labelmap
        regex: __tmp_pod_label_linkerd_io_(.+)
        replacement:  __tmp_pod_label_$1
      # Drop the `linkerd_io_` originals
      - action: labeldrop
        regex: __tmp_pod_label_linkerd_io_(.+)
      # Copy tmp labels into real labels
      - action: labelmap
        regex: __tmp_pod_label_(.+)
---
kind: Service
apiVersion: v1
metadata:
  name: prometheus
  namespace: default
spec:
  type: ClusterIP
  selector:
    app: prometheus
  ports:
  - name: admin-http
    port: 9090
    targetPort: 9090
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prometheus
  template:
    metadata:
      labels:
        app: prometheus
    spec:
      nodeSelector:
        beta.kubernetes.io/os: linux
      securityContext:
        fsGroup: 65534
      containers:
      - args:
        - --config.file=/etc/prometheus/prometheus.yml
        - --log.level=info
        - --storage.tsdb.path=/data
        - --storage.tsdb.retention.time=6h
        image: prom/prometheus:v2.19.3
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /-/healthy
            port: 9090
          initialDelaySeconds: 30
          timeoutSeconds: 30
        name: prometheus
        ports:
        - containerPort: 9090
          name: admin-http
        readinessProbe:
          httpGet:
            path: /-/ready
            port: 9090
          initialDelaySeconds: 30
          timeoutSeconds: 30
        securityContext:
          runAsNonRoot: true
          runAsUser: 65534
          runAsGroup: 65534
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /etc/prometheus/prometheus.yml
          name: prometheus-config
          subPath: prometheus.yml
          readOnly: true
      serviceAccountName: prometheus
      volumes:
      - name: data
        emptyDir: {}
      - configMap:
          name: prometheus-config
        name: prometheus-config
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: prometheus
	rules:
	- apiGroups: [""]
	resources: ["nodes", "nodes/proxy", "pods"]
	verbs: ["get", "list", "watch"]
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: prometheus
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: prometheus
	subjects:
	- kind: ServiceAccount
	name: prometheus
	namespace: default
	---
	kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: prometheus
	namespace: default
	---
	kind: ConfigMap
	apiVersion: v1
	metadata:
	name: prometheus-config
	namespace: default
	data:
	prometheus.yml: \|-
	global:
	evaluation_interval: 10s
	scrape_interval: 10s
	scrape_timeout: 10s

	rule_files:
	- /etc/prometheus/*_rules.yml
	- /etc/prometheus/*_rules.yaml

	remote_write:
	- url: http://cortex-service.default.svc.cluster.local:9009/api/prom/push

	scrape_configs:
	- job_name: 'prometheus'
	static_configs:
	- targets: ['localhost:9090']

	- job_name: 'grafana'
	kubernetes_sd_configs:
	- role: pod
	namespaces:
	names: ['linkerd']
	relabel_configs:
	- source_labels:
	- __meta_kubernetes_pod_container_name
	action: keep
	regex: ^grafana$

	# Required for: https://grafana.com/grafana/dashboards/315
	- job_name: 'kubernetes-nodes-cadvisor'
	scheme: https
	tls_config:
	ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	insecure_skip_verify: true
	bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
	kubernetes_sd_configs:
	- role: node
	relabel_configs:
	- action: labelmap
	regex: __meta_kubernetes_node_label_(.+)
	- target_label: __address__
	replacement: kubernetes.default.svc:443
	- source_labels: [__meta_kubernetes_node_name]
	regex: (.+)
	target_label: __metrics_path__
	replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
	metric_relabel_configs:
	- source_labels: [__name__]
	regex: '(container\|machine)_(cpu\|memory\|network\|fs)_(.+)'
	action: keep
	- source_labels: [__name__]
	regex: 'container_memory_failures_total' # unneeded large metric
	action: drop

	- job_name: 'linkerd-controller'
	kubernetes_sd_configs:
	- role: pod
	namespaces:
	names: ['linkerd']
	relabel_configs:
	- source_labels:
	- __meta_kubernetes_pod_label_linkerd_io_control_plane_component
	- __meta_kubernetes_pod_container_port_name
	action: keep
	regex: (.*);admin-http$
	- source_labels: [__meta_kubernetes_pod_container_name]
	action: replace
	target_label: component

	- job_name: 'linkerd-service-mirror'
	kubernetes_sd_configs:
	- role: pod
	relabel_configs:
	- source_labels:
	- __meta_kubernetes_pod_label_linkerd_io_control_plane_component
	- __meta_kubernetes_pod_container_port_name
	action: keep
	regex: linkerd-service-mirror;admin-http$
	- source_labels: [__meta_kubernetes_pod_container_name]
	action: replace
	target_label: component

	- job_name: 'linkerd-proxy'
	kubernetes_sd_configs:
	- role: pod
	relabel_configs:
	- source_labels:
	- __meta_kubernetes_pod_container_name
	- __meta_kubernetes_pod_container_port_name
	- __meta_kubernetes_pod_label_linkerd_io_control_plane_ns
	action: keep
	regex: ^linkerd-proxy;linkerd-admin;linkerd$
	- source_labels: [__meta_kubernetes_namespace]
	action: replace
	target_label: namespace
	- source_labels: [__meta_kubernetes_pod_name]
	action: replace
	target_label: pod
	# special case k8s' "job" label, to not interfere with prometheus' "job"
	# label
	# __meta_kubernetes_pod_label_linkerd_io_proxy_job=foo =>
	# k8s_job=foo
	- source_labels: [__meta_kubernetes_pod_label_linkerd_io_proxy_job]
	action: replace
	target_label: k8s_job
	# drop __meta_kubernetes_pod_label_linkerd_io_proxy_job
	- action: labeldrop
	regex: __meta_kubernetes_pod_label_linkerd_io_proxy_job
	# __meta_kubernetes_pod_label_linkerd_io_proxy_deployment=foo =>
	# deployment=foo
	- action: labelmap
	regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
	# drop all labels that we just made copies of in the previous labelmap
	- action: labeldrop
	regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
	# __meta_kubernetes_pod_label_linkerd_io_foo=bar =>
	# foo=bar
	- action: labelmap
	regex: __meta_kubernetes_pod_label_linkerd_io_(.+)
	# Copy all pod labels to tmp labels
	- action: labelmap
	regex: __meta_kubernetes_pod_label_(.+)
	replacement: __tmp_pod_label_$1
	# Take `linkerd_io_` prefixed labels and copy them without the prefix
	- action: labelmap
	regex: __tmp_pod_label_linkerd_io_(.+)
	replacement: __tmp_pod_label_$1
	# Drop the `linkerd_io_` originals
	- action: labeldrop
	regex: __tmp_pod_label_linkerd_io_(.+)
	# Copy tmp labels into real labels
	- action: labelmap
	regex: __tmp_pod_label_(.+)
	---
	kind: Service
	apiVersion: v1
	metadata:
	name: prometheus
	namespace: default
	spec:
	type: ClusterIP
	selector:
	app: prometheus
	ports:
	- name: admin-http
	port: 9090
	targetPort: 9090
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: prometheus
	namespace: default
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: prometheus
	template:
	metadata:
	labels:
	app: prometheus
	spec:
	nodeSelector:
	beta.kubernetes.io/os: linux
	securityContext:
	fsGroup: 65534
	containers:
	- args:
	- --config.file=/etc/prometheus/prometheus.yml
	- --log.level=info
	- --storage.tsdb.path=/data
	- --storage.tsdb.retention.time=6h
	image: prom/prometheus:v2.19.3
	imagePullPolicy: IfNotPresent
	livenessProbe:
	httpGet:
	path: /-/healthy
	port: 9090
	initialDelaySeconds: 30
	timeoutSeconds: 30
	name: prometheus
	ports:
	- containerPort: 9090
	name: admin-http
	readinessProbe:
	httpGet:
	path: /-/ready
	port: 9090
	initialDelaySeconds: 30
	timeoutSeconds: 30
	securityContext:
	runAsNonRoot: true
	runAsUser: 65534
	runAsGroup: 65534
	volumeMounts:
	- mountPath: /data
	name: data
	- mountPath: /etc/prometheus/prometheus.yml
	name: prometheus-config
	subPath: prometheus.yml
	readOnly: true
	serviceAccountName: prometheus
	volumes:
	- name: data
	emptyDir: {}
	- configMap:
	name: prometheus-config
	name: prometheus-config