Last active
March 21, 2018 02:38
-
-
Save caarlos0/da39ac3925e953565f6cf9bbbcc4ebb4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: example-app | |
| spec: | |
| replicas: 2 | |
| template: | |
| metadata: | |
| labels: | |
| app: example-app | |
| spec: | |
| containers: | |
| - name: example-app | |
| image: fabxc/instrumented_app | |
| ports: | |
| - name: web | |
| containerPort: 8080 | |
| --- | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: example-app | |
| labels: | |
| app: example-app | |
| spec: | |
| selector: | |
| app: example-app | |
| ports: | |
| - name: web | |
| port: 8080 | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| name: example-app | |
| labels: | |
| team: frontend | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: example-app | |
| endpoints: | |
| - port: web |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: prometheus-operator | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: prometheus-operator | |
| subjects: | |
| - kind: ServiceAccount | |
| name: prometheus-operator | |
| namespace: default | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRole | |
| metadata: | |
| name: prometheus-operator | |
| rules: | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - thirdpartyresources | |
| verbs: | |
| - "*" | |
| - apiGroups: | |
| - apiextensions.k8s.io | |
| resources: | |
| - customresourcedefinitions | |
| verbs: | |
| - "*" | |
| - apiGroups: | |
| - monitoring.coreos.com | |
| resources: | |
| - alertmanagers | |
| - prometheuses | |
| - prometheuses/finalizers | |
| - alertmanagers/finalizers | |
| - servicemonitors | |
| verbs: | |
| - "*" | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - statefulsets | |
| verbs: ["*"] | |
| - apiGroups: [""] | |
| resources: | |
| - configmaps | |
| - secrets | |
| verbs: ["*"] | |
| - apiGroups: [""] | |
| resources: | |
| - pods | |
| verbs: ["list", "delete"] | |
| - apiGroups: [""] | |
| resources: | |
| - services | |
| - endpoints | |
| verbs: ["get", "create", "update"] | |
| - apiGroups: [""] | |
| resources: | |
| - nodes | |
| verbs: ["list", "watch"] | |
| - apiGroups: [""] | |
| resources: | |
| - namespaces | |
| verbs: ["list"] | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: prometheus-operator | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: prometheus-operator | |
| name: prometheus-operator | |
| spec: | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: prometheus-operator | |
| spec: | |
| containers: | |
| - args: | |
| - --kubelet-service=kube-system/kubelet | |
| - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 | |
| image: quay.io/coreos/prometheus-operator:v0.17.0 | |
| name: prometheus-operator | |
| ports: | |
| - containerPort: 8080 | |
| name: http | |
| resources: | |
| limits: | |
| cpu: 200m | |
| memory: 100Mi | |
| requests: | |
| cpu: 100m | |
| memory: 50Mi | |
| securityContext: | |
| runAsNonRoot: true | |
| runAsUser: 65534 | |
| serviceAccountName: prometheus-operator | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: prometheus | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRole | |
| metadata: | |
| name: prometheus | |
| rules: | |
| - apiGroups: [""] | |
| resources: | |
| - nodes | |
| - services | |
| - endpoints | |
| - pods | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: [""] | |
| resources: | |
| - configmaps | |
| verbs: ["get"] | |
| - nonResourceURLs: ["/metrics"] | |
| verbs: ["get"] | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: prometheus | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: prometheus | |
| subjects: | |
| - kind: ServiceAccount | |
| name: prometheus | |
| namespace: default | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: Prometheus | |
| metadata: | |
| name: main | |
| spec: | |
| replicas: 1 | |
| version: v2.2.1 | |
| resources: | |
| requests: | |
| memory: 400Mi | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: prometheus | |
| spec: | |
| type: NodePort | |
| ports: | |
| - name: web | |
| nodePort: 30900 | |
| port: 9090 | |
| protocol: TCP | |
| targetPort: web | |
| selector: | |
| prometheus: main | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| namespace: kube-system | |
| name: kube-scheduler-prometheus-discovery | |
| labels: | |
| app: kube-scheduler | |
| spec: | |
| selector: | |
| app: kube-scheduler | |
| type: ClusterIP | |
| clusterIP: None | |
| ports: | |
| - name: http-metrics | |
| port: 10251 | |
| targetPort: 10251 | |
| protocol: TCP | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| namespace: kube-system | |
| name: kube-controller-manager-prometheus-discovery | |
| labels: | |
| app: kube-controller-manager | |
| spec: | |
| selector: | |
| app: kube-controller-manager | |
| type: ClusterIP | |
| clusterIP: None | |
| ports: | |
| - name: http-metrics | |
| port: 10252 | |
| targetPort: 10252 | |
| protocol: TCP | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| name: node-exporter | |
| spec: | |
| updateStrategy: | |
| rollingUpdate: | |
| maxUnavailable: 1 | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| app: node-exporter | |
| name: node-exporter | |
| spec: | |
| serviceAccountName: node-exporter | |
| securityContext: | |
| runAsNonRoot: true | |
| runAsUser: 65534 | |
| hostNetwork: true | |
| hostPID: true | |
| containers: | |
| - image: quay.io/prometheus/node-exporter:v0.15.2 | |
| args: | |
| - "--web.listen-address=127.0.0.1:9101" | |
| - "--path.procfs=/host/proc" | |
| - "--path.sysfs=/host/sys" | |
| name: node-exporter | |
| resources: | |
| requests: | |
| memory: 30Mi | |
| cpu: 100m | |
| limits: | |
| memory: 50Mi | |
| cpu: 200m | |
| volumeMounts: | |
| - name: proc | |
| readOnly: true | |
| mountPath: /host/proc | |
| - name: sys | |
| readOnly: true | |
| mountPath: /host/sys | |
| - name: kube-rbac-proxy | |
| image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
| args: | |
| - "--secure-listen-address=:9100" | |
| - "--upstream=http://127.0.0.1:9101/" | |
| ports: | |
| - containerPort: 9100 | |
| hostPort: 9100 | |
| name: https | |
| resources: | |
| requests: | |
| memory: 20Mi | |
| cpu: 10m | |
| limits: | |
| memory: 40Mi | |
| cpu: 20m | |
| tolerations: | |
| - effect: NoSchedule | |
| operator: Exists | |
| volumes: | |
| - name: proc | |
| hostPath: | |
| path: /proc | |
| - name: sys | |
| hostPath: | |
| path: /sys | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| app: node-exporter | |
| app: node-exporter | |
| name: node-exporter | |
| spec: | |
| type: ClusterIP | |
| clusterIP: None | |
| ports: | |
| - name: https | |
| port: 9100 | |
| protocol: TCP | |
| selector: | |
| app: node-exporter | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Deployment | |
| metadata: | |
| name: kube-state-metrics | |
| spec: | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: kube-state-metrics | |
| spec: | |
| serviceAccountName: kube-state-metrics | |
| securityContext: | |
| runAsNonRoot: true | |
| runAsUser: 65534 | |
| containers: | |
| - name: kube-rbac-proxy-main | |
| image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
| args: | |
| - "--secure-listen-address=:8443" | |
| - "--upstream=http://127.0.0.1:8081/" | |
| ports: | |
| - name: https-main | |
| containerPort: 8443 | |
| resources: | |
| requests: | |
| memory: 20Mi | |
| cpu: 10m | |
| limits: | |
| memory: 40Mi | |
| cpu: 20m | |
| - name: kube-rbac-proxy-self | |
| image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
| args: | |
| - "--secure-listen-address=:9443" | |
| - "--upstream=http://127.0.0.1:8082/" | |
| ports: | |
| - name: https-self | |
| containerPort: 9443 | |
| resources: | |
| requests: | |
| memory: 20Mi | |
| cpu: 10m | |
| limits: | |
| memory: 40Mi | |
| cpu: 20m | |
| - name: kube-state-metrics | |
| image: quay.io/coreos/kube-state-metrics:v1.2.0 | |
| args: | |
| - "--host=127.0.0.1" | |
| - "--port=8081" | |
| - "--telemetry-host=127.0.0.1" | |
| - "--telemetry-port=8082" | |
| - name: addon-resizer | |
| image: gcr.io/google_containers/addon-resizer:1.0 | |
| resources: | |
| limits: | |
| cpu: 100m | |
| memory: 30Mi | |
| requests: | |
| cpu: 100m | |
| memory: 30Mi | |
| env: | |
| - name: MY_POD_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.name | |
| - name: MY_POD_NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| command: | |
| - /pod_nanny | |
| - --container=kube-state-metrics | |
| - --cpu=100m | |
| - --extra-cpu=2m | |
| - --memory=150Mi | |
| - --extra-memory=30Mi | |
| - --threshold=5 | |
| - --deployment=kube-state-metrics | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| app: kube-state-metrics | |
| app: kube-state-metrics | |
| name: kube-state-metrics | |
| spec: | |
| clusterIP: None | |
| ports: | |
| - name: https-main | |
| port: 8443 | |
| targetPort: https-main | |
| protocol: TCP | |
| - name: https-self | |
| port: 9443 | |
| targetPort: https-self | |
| protocol: TCP | |
| selector: | |
| app: kube-state-metrics | |
| --- | |
| # apiVersion: monitoring.coreos.com/v1 | |
| # kind: Prometheus | |
| # metadata: | |
| # name: k8s | |
| # labels: | |
| # prometheus: k8s | |
| # spec: | |
| # replicas: 2 | |
| # version: v2.2.0-rc.0 | |
| # serviceAccountName: prometheus-k8s | |
| # serviceMonitorSelector: | |
| # matchExpressions: | |
| # - {key: app, operator: Exists} | |
| # ruleSelector: | |
| # matchLabels: | |
| # role: prometheus-rulefiles | |
| # prometheus: k8s | |
| # resources: | |
| # requests: | |
| # 2Gi is default, but won't schedule if you don't have a node with >2Gi | |
| # memory. Modify based on your target and time-series count for | |
| # production use. This value is mainly meant for demonstration/testing | |
| # purposes. | |
| # memory: 400Mi | |
| # alerting: | |
| # alertmanagers: | |
| # - namespace: monitoring | |
| # name: alertmanager-main | |
| # port: web | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| name: kube-apiserver | |
| labels: | |
| app: apiserver | |
| spec: | |
| jobLabel: component | |
| selector: | |
| matchLabels: | |
| component: apiserver | |
| provider: kubernetes | |
| namespaceSelector: | |
| matchNames: | |
| - default | |
| endpoints: | |
| - port: https | |
| interval: 30s | |
| scheme: https | |
| tlsConfig: | |
| caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| serverName: kubernetes | |
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| name: kubelet | |
| labels: | |
| app: kubelet | |
| spec: | |
| jobLabel: app | |
| endpoints: | |
| - port: https-metrics | |
| scheme: https | |
| interval: 30s | |
| tlsConfig: | |
| insecureSkipVerify: true | |
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| - port: https-metrics | |
| scheme: https | |
| path: /metrics/cadvisor | |
| interval: 30s | |
| honorLabels: true | |
| tlsConfig: | |
| insecureSkipVerify: true | |
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| selector: | |
| matchLabels: | |
| app: kubelet | |
| namespaceSelector: | |
| matchNames: | |
| - kube-system | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| name: kube-controller-manager | |
| labels: | |
| app: kube-controller-manager | |
| spec: | |
| jobLabel: app | |
| endpoints: | |
| - port: http-metrics | |
| interval: 30s | |
| selector: | |
| matchLabels: | |
| app: kube-controller-manager | |
| namespaceSelector: | |
| matchNames: | |
| - kube-system | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| name: kube-scheduler | |
| labels: | |
| app: kube-scheduler | |
| spec: | |
| jobLabel: app | |
| endpoints: | |
| - port: http-metrics | |
| interval: 30s | |
| selector: | |
| matchLabels: | |
| app: kube-scheduler | |
| namespaceSelector: | |
| matchNames: | |
| - kube-system | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| name: kube-state-metrics | |
| labels: | |
| app: kube-state-metrics | |
| spec: | |
| jobLabel: app | |
| selector: | |
| matchLabels: | |
| app: kube-state-metrics | |
| namespaceSelector: | |
| matchNames: | |
| - monitoring | |
| endpoints: | |
| - port: https-main | |
| scheme: https | |
| interval: 30s | |
| honorLabels: true | |
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| tlsConfig: | |
| insecureSkipVerify: true | |
| - port: https-self | |
| scheme: https | |
| interval: 30s | |
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| tlsConfig: | |
| insecureSkipVerify: true | |
| --- | |
| apiVersion: monitoring.coreos.com/v1 | |
| kind: ServiceMonitor | |
| metadata: | |
| name: node-exporter | |
| labels: | |
| app: node-exporter | |
| spec: | |
| jobLabel: app | |
| selector: | |
| matchLabels: | |
| app: node-exporter | |
| namespaceSelector: | |
| matchNames: | |
| - monitoring | |
| endpoints: | |
| - port: https | |
| scheme: https | |
| interval: 30s | |
| bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| tlsConfig: | |
| insecureSkipVerify: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment