Last active
June 7, 2020 04:43
-
-
Save alexeldeib/13fe49149c005fe55317ada1945a6a75 to your computer and use it in GitHub Desktop.
Prometheus install slim
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: system:aggregated-metrics-reader | |
labels: | |
rbac.authorization.k8s.io/aggregate-to-view: "true" | |
rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
rules: | |
- apiGroups: ["metrics.k8s.io"] | |
resources: ["pods", "nodes"] | |
verbs: ["get", "list", "watch"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: metrics-server:system:auth-delegator | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:auth-delegator | |
subjects: | |
- kind: ServiceAccount | |
name: metrics-server | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: metrics-server-auth-reader | |
namespace: kube-system | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: extension-apiserver-authentication-reader | |
subjects: | |
- kind: ServiceAccount | |
name: metrics-server | |
namespace: kube-system | |
--- | |
apiVersion: apiregistration.k8s.io/v1beta1 | |
kind: APIService | |
metadata: | |
name: v1beta1.metrics.k8s.io | |
spec: | |
service: | |
name: metrics-server | |
namespace: kube-system | |
group: metrics.k8s.io | |
version: v1beta1 | |
insecureSkipTLSVerify: true | |
groupPriorityMinimum: 100 | |
versionPriority: 100 | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: metrics-server | |
namespace: kube-system | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: metrics-server | |
namespace: kube-system | |
labels: | |
k8s-app: metrics-server | |
spec: | |
selector: | |
matchLabels: | |
k8s-app: metrics-server | |
template: | |
metadata: | |
name: metrics-server | |
labels: | |
k8s-app: metrics-server | |
spec: | |
serviceAccountName: metrics-server | |
volumes: | |
# mount in tmp so we can safely use from-scratch images and/or read-only containers | |
- name: tmp-dir | |
emptyDir: {} | |
containers: | |
- name: metrics-server | |
image: k8s.gcr.io/metrics-server-amd64:v0.3.6 | |
imagePullPolicy: IfNotPresent | |
args: | |
- --cert-dir=/tmp | |
- --secure-port=4443 | |
ports: | |
- name: main-port | |
containerPort: 4443 | |
protocol: TCP | |
securityContext: | |
readOnlyRootFilesystem: true | |
runAsNonRoot: true | |
runAsUser: 1000 | |
volumeMounts: | |
- name: tmp-dir | |
mountPath: /tmp | |
nodeSelector: | |
kubernetes.io/os: linux | |
kubernetes.io/arch: "amd64" | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: metrics-server | |
namespace: kube-system | |
labels: | |
kubernetes.io/name: "Metrics-server" | |
kubernetes.io/cluster-service: "true" | |
spec: | |
selector: | |
k8s-app: metrics-server | |
ports: | |
- port: 443 | |
protocol: TCP | |
targetPort: main-port | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: system:metrics-server | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- pods | |
- nodes | |
- nodes/stats | |
- namespaces | |
- configmaps | |
verbs: | |
- get | |
- list | |
- watch | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: system:metrics-server | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:metrics-server | |
subjects: | |
- kind: ServiceAccount | |
name: metrics-server | |
namespace: kube-system |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: prometheus | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
labels: | |
component: server | |
app: prometheus | |
name: metrics | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
- nodes/proxy | |
- services | |
- services/proxy | |
- endpoints | |
- pods | |
- pods/proxy | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- configmaps | |
verbs: | |
- get | |
- nonResourceURLs: | |
- "/metrics" | |
verbs: | |
- get | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
labels: | |
component: server | |
app: prometheus | |
name: metrics | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: metrics | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus | |
namespace: default | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
component: server | |
app: prometheus | |
name: prometheus-server | |
spec: | |
selector: | |
matchLabels: | |
component: server | |
app: prometheus | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
component: server | |
app: prometheus | |
spec: | |
serviceAccount: prometheus | |
containers: | |
- name: prometheus-server | |
image: "prom/prometheus:v2.17.1" | |
args: | |
- --config.file=/etc/config/prometheus.yml | |
- --storage.tsdb.path=/data | |
- --storage.tsdb.retention.time=2h | |
- --web.enable-lifecycle | |
ports: | |
- containerPort: 9090 | |
volumeMounts: | |
- name: config-out-volume | |
mountPath: /etc/config | |
# - name: rules-volume | |
# mountPath: /etc/config/rules | |
- name: storage-volume | |
mountPath: /data | |
- name: prom-config-reloader | |
image: keikumata/prometheus-config-reloader | |
command: | |
- /bin/prometheus-config-reloader | |
args: | |
- --log-format=logfmt | |
- --reload-url=http://127.0.0.1:9090/-/reload | |
- --config-file=/etc/config/prometheus.yml | |
- --config-envsubst-file=/etc/config_out/prometheus.yml | |
# - --rules-dir=/etc/config/rules | |
resources: | |
limits: | |
cpu: 100m | |
memory: 25Mi | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: FallbackToLogsOnError | |
volumeMounts: | |
- mountPath: /etc/config | |
name: config-volume | |
# - mountPath: /etc/config/rules | |
# name: rules-volume | |
- mountPath: /etc/config_out | |
name: config-out-volume | |
volumes: | |
- name: config-volume | |
configMap: | |
name: prometheus-server | |
# - name: rules-volume | |
# configMap: | |
# name: prometheus-rules | |
- name: config-out-volume | |
emptyDir: {} | |
- name: storage-volume | |
emptyDir: {} | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
component: server | |
app: prometheus | |
name: prometheus-server | |
spec: | |
ports: | |
- name: http | |
port: 9090 | |
protocol: TCP | |
targetPort: 9090 | |
selector: | |
component: server | |
app: prometheus | |
type: ClusterIP | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: prometheus-server | |
data: | |
prometheus.yml: | | |
global: | |
scrape_interval: 1m | |
scrape_configs: | |
- job_name: 'kubernetes-nodes' | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
kubernetes_sd_configs: | |
- role: node | |
relabel_configs: | |
- action: labelmap | |
regex: __meta_kubernetes_node_label_(.+) | |
- target_label: __address__ | |
replacement: kubernetes.default.svc:443 | |
- source_labels: [__meta_kubernetes_node_name] | |
regex: (.+) | |
target_label: __metrics_path__ | |
replacement: /api/v1/nodes/${1}/proxy/metrics | |
- job_name: 'kubernetes-cadvisor' | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
kubernetes_sd_configs: | |
- role: node | |
relabel_configs: | |
- action: labelmap | |
regex: __meta_kubernetes_node_label_(.+) | |
- target_label: __address__ | |
replacement: kubernetes.default.svc:443 | |
- source_labels: [__meta_kubernetes_node_name] | |
regex: (.+) | |
target_label: __metrics_path__ | |
replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor | |
- job_name: 'kubernetes-pods' | |
kubernetes_sd_configs: | |
- role: pod | |
relabel_configs: | |
# Example relabel to scrape only pods that have | |
# "example.io/should_be_scraped = true" annotation. | |
# - source_labels: [__meta_kubernetes_pod_annotation_example_io_should_be_scraped] | |
# action: keep | |
# regex: true | |
# | |
# Example relabel to customize metric path based on pod | |
# "example.io/metric_path = <metric path>" annotation. | |
# - source_labels: [__meta_kubernetes_pod_annotation_example_io_metric_path] | |
# action: replace | |
# target_label: __metrics_path__ | |
# regex: (.+) | |
# | |
# Example relabel to scrape only single, desired port for the pod | |
# based on pod "example.io/scrape_port = <port>" annotation. | |
# - source_labels: [__address__, __meta_kubernetes_pod_annotation_example_io_scrape_port] | |
# action: replace | |
# regex: ([^:]+)(?::\d+)?;(\d+) | |
# replacement: $1:$2 | |
# target_label: __address__ | |
- action: labelmap | |
regex: __meta_kubernetes_pod_label_(.+) | |
- source_labels: [__meta_kubernetes_namespace] | |
action: replace | |
target_label: kubernetes_namespace | |
- source_labels: [__meta_kubernetes_pod_name] | |
action: replace | |
target_label: kubernetes_pod_name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment