mirror of
https://github.com/prometheus-operator/prometheus-operator.git
synced 2025-04-21 11:48:53 +00:00
kube-prometheus: Convert to jsonnet
This commit is contained in:
Frederic Branczyk
parent
aae5278218
commit
8b54c34352
55 changed files with 1263 additions and 0 deletions
Documentation
contrib/kube-prometheus
.gitignorebuild.sh
jsonnet
alertmanager
alertmanager-main-secret.libsonnetalertmanager-main-service-account.libsonnetalertmanager-main-service.libsonnetalertmanager-main.libsonnetalertmanager.libsonnet
kube-prometheus.jsonnetkube-state-metrics
kube-state-metrics-cluster-role-binding.libsonnetkube-state-metrics-cluster-role.libsonnetkube-state-metrics-deployment.libsonnetkube-state-metrics-role-binding.libsonnetkube-state-metrics-role.libsonnetkube-state-metrics-service-account.libsonnetkube-state-metrics-service.libsonnetkube-state-metrics.libsonnet
node-exporter
node-exporter-cluster-role-binding.libsonnetnode-exporter-cluster-role.libsonnetnode-exporter-daemonset.libsonnetnode-exporter-service-account.libsonnetnode-exporter-service.libsonnetnode-exporter.libsonnet
prometheus-operator
prometheus-operator-cluster-role-binding.libsonnetprometheus-operator-cluster-role.libsonnetprometheus-operator-deployment.libsonnetprometheus-operator-service-account.libsonnetprometheus-operator-service.libsonnetprometheus-operator.libsonnet
prometheus
prometheus-k8s-cluster-role-binding.libsonnetprometheus-k8s-cluster-role.libsonnetprometheus-k8s-role-binding-config.libsonnetprometheus-k8s-role-binding-default.libsonnetprometheus-k8s-role-binding-kube-system.libsonnetprometheus-k8s-role-binding-namespace.libsonnetprometheus-k8s-role-config.libsonnetprometheus-k8s-role-default.libsonnetprometheus-k8s-role-kube-system.libsonnetprometheus-k8s-role-namespace.libsonnetprometheus-k8s-service-account.libsonnetprometheus-k8s-service-monitor-alertmanager.libsonnetprometheus-k8s-service-monitor-apiserver.libsonnetprometheus-k8s-service-monitor-coredns.libsonnetprometheus-k8s-service-monitor-kube-controller-manager.libsonnetprometheus-k8s-service-monitor-kube-scheduler.libsonnetprometheus-k8s-service-monitor-kube-state-metrics.libsonnetprometheus-k8s-service-monitor-kubelet.libsonnetprometheus-k8s-service-monitor-node-exporter.libsonnetprometheus-k8s-service-monitor-prometheus-operator.libsonnetprometheus-k8s-service-monitor-prometheus.libsonnetprometheus-k8s-service.libsonnetprometheus-k8s.libsonnetprometheus-namespace-role-binding.libsonnetprometheus-namespace-role.libsonnetprometheus.libsonnet
|
|
@ -34,3 +34,17 @@ Account: [myname@example.org]
|
|||
$ kubectl create clusterrolebinding myname-cluster-admin-binding --clusterrole=cluster-admin --user=myname@example.org
|
||||
Clusterrolebinding "myname-cluster-admin-binding" created
|
||||
```
|
||||
|
||||
### Troubleshooting ServiceMonitor changes
|
||||
|
||||
When creating/deleting/modifying `ServiceMonitor` objects it is sometimes not as obvious what piece is not working properly. This section gives a step by step guide how to troubleshoot such actions on a `ServiceMonitor` object.
|
||||
|
||||
#### Has my `ServiceMonitor` been picked up by Prometheus?
|
||||
|
||||
`ServiceMonitor` objects are selected by the `serviceMonitorSelector` of a Prometheus object. The name of a `ServiceMonitor` is encoded in the Prometheus configuration, so you can simply grep whether it is present there. The configuration generated by the Prometheus Operator is stored in a Kubernetes `Secret`, named after the Prometheus object name prefixed with `prometheus-` and is located in the same namespace as the Prometheus object. For example for a Prometheus object called `k8s` one can find out if the `ServiceMonitor` named `my-service-monitor` has been picked up with:
|
||||
|
||||
```
|
||||
kubectl -n monitoring get secret prometheus-k8s -ojson | jq -r '.data["prometheus.yaml"]' | base64 -d | grep "my-service-monitor"
|
||||
```
|
||||
|
||||
|
||||
|
|
|
|||
1
contrib/kube-prometheus/.gitignore
vendored
Normal file
1
contrib/kube-prometheus/.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
tmp/
|
||||
19
contrib/kube-prometheus/build.sh
Executable file
19
contrib/kube-prometheus/build.sh
Executable file
|
|
@ -0,0 +1,19 @@
|
|||
#!/usr/bin/env bash
|
||||
set -e
|
||||
set -x
|
||||
|
||||
prefix="tmp/manifests"
|
||||
json="tmp/manifests.json"
|
||||
|
||||
rm -rf ${prefix}
|
||||
mkdir -p $(dirname "${json}")
|
||||
jsonnet -J /home/brancz/.jsonnet-bundler/src/git/git@github.com-ksonnet-ksonnet-lib/master jsonnet/kube-prometheus.jsonnet > ${json}
|
||||
|
||||
files=$(jq -r 'keys[]' ${json})
|
||||
|
||||
for file in ${files}; do
|
||||
dir=$(dirname "${file}")
|
||||
path="${prefix}/${dir}"
|
||||
mkdir -p ${path}
|
||||
jq -r ".[\"${file}\"]" ${json} | yaml2json | json2yaml > "${prefix}/${file}"
|
||||
done
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local secret = k.core.v1.secret;
|
||||
|
||||
local plainConfig = "global:
|
||||
resolve_timeout: 5m
|
||||
route:
|
||||
group_by: ['job']
|
||||
group_wait: 30s
|
||||
group_interval: 5m
|
||||
repeat_interval: 12h
|
||||
receiver: 'null'
|
||||
routes:
|
||||
- match:
|
||||
alertname: DeadMansSwitch
|
||||
receiver: 'null'
|
||||
receivers:
|
||||
- name: 'null'";
|
||||
|
||||
local config = std.base64(plainConfig);
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
secret.new("alertmanager-main", {"alertmanager.yaml": config}) +
|
||||
secret.mixin.metadata.withNamespace(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local serviceAccount = k.core.v1.serviceAccount;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
serviceAccount.new("alertmanager-main") +
|
||||
serviceAccount.mixin.metadata.withNamespace(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local service = k.core.v1.service;
|
||||
local servicePort = k.core.v1.service.mixin.spec.portsType;
|
||||
|
||||
local alertmanagerPort = servicePort.newNamed("web", 9093, "web");
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
service.new("alertmanager-main", {app: "alertmanager", alertmanager: "main"}, alertmanagerPort) +
|
||||
service.mixin.metadata.withNamespace(namespace) +
|
||||
service.mixin.metadata.withLabels({alertmanager: "main"})
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
apiVersion: "monitoring.coreos.com/v1",
|
||||
kind: "Alertmanager",
|
||||
metadata: {
|
||||
name: "main",
|
||||
namespace: namespace,
|
||||
labels: {
|
||||
alertmanager: "main",
|
||||
},
|
||||
},
|
||||
spec: {
|
||||
replicas: 3,
|
||||
version: "v0.14.0",
|
||||
serviceAccountName: "alertmanager-main",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
config:: import "alertmanager-main-secret.libsonnet",
|
||||
serviceAccount:: import "alertmanager-main-service-account.libsonnet",
|
||||
service:: import "alertmanager-main-service.libsonnet",
|
||||
alertmanager:: import "alertmanager-main.libsonnet",
|
||||
}
|
||||
62
contrib/kube-prometheus/jsonnet/kube-prometheus.jsonnet
Normal file
62
contrib/kube-prometheus/jsonnet/kube-prometheus.jsonnet
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
|
||||
local alertmanager = import "alertmanager/alertmanager.libsonnet";
|
||||
local ksm = import "kube-state-metrics/kube-state-metrics.libsonnet";
|
||||
local nodeExporter = import "node-exporter/node-exporter.libsonnet";
|
||||
local po = import "prometheus-operator/prometheus-operator.libsonnet";
|
||||
local prometheus = import "prometheus/prometheus.libsonnet";
|
||||
|
||||
local namespace = "monitoring";
|
||||
|
||||
local objects = {
|
||||
"alertmanager-main/alertmanager-main-secret.yaml": alertmanager.config.new(namespace),
|
||||
"alertmanager-main/alertmanager-main-service-account.yaml": alertmanager.serviceAccount.new(namespace),
|
||||
"alertmanager-main/alertmanager-main-service.yaml": alertmanager.service.new(namespace),
|
||||
"alertmanager-main/alertmanager-main.yaml": alertmanager.alertmanager.new(namespace),
|
||||
|
||||
"kube-state-metrics/kube-state-metrics-cluster-role-binding": ksm.clusterRoleBinding.new(namespace),
|
||||
"kube-state-metrics/kube-state-metrics-cluster-role.yaml": ksm.clusterRole.new(),
|
||||
"kube-state-metrics/kube-state-metrics-deployment.yaml": ksm.deployment.new(namespace),
|
||||
"kube-state-metrics/kube-state-metrics-role-binding.yaml": ksm.roleBinding.new(namespace),
|
||||
"kube-state-metrics/kube-state-metrics-role.yaml": ksm.role.new(namespace),
|
||||
"kube-state-metrics/kube-state-metrics-service-account.yaml": ksm.serviceAccount.new(namespace),
|
||||
"kube-state-metrics/kube-state-metrics-service.yaml": ksm.service.new(namespace),
|
||||
|
||||
"node-exporter/node-exporter-cluster-role-binding.yaml": nodeExporter.clusterRoleBinding.new(namespace),
|
||||
"node-exporter/node-exporter-cluster-role.yaml": nodeExporter.clusterRole.new(),
|
||||
"node-exporter/node-exporter-daemonset.yaml": nodeExporter.daemonset.new(namespace),
|
||||
"node-exporter/node-exporter-service-account.yaml": nodeExporter.serviceAccount.new(namespace),
|
||||
"node-exporter/node-exporter-service.yaml": nodeExporter.service.new(namespace),
|
||||
|
||||
"prometheus-operator/prometheus-operator-cluster-role-binding.yaml": po.clusterRoleBinding.new(namespace),
|
||||
"prometheus-operator/prometheus-operator-cluster-role.yaml": po.clusterRole.new(),
|
||||
"prometheus-operator/prometheus-operator-deployment.yaml": po.deployment.new(namespace),
|
||||
"prometheus-operator/prometheus-operator-service.yaml": po.service.new(namespace),
|
||||
"prometheus-operator/prometheus-operator-service-account.yaml": po.serviceAccount.new(namespace),
|
||||
|
||||
"prometheus-k8s/prometheus-k8s-cluster-role-binding.yaml": prometheus.clusterRoleBinding.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-cluster-role.yaml": prometheus.clusterRole.new(),
|
||||
"prometheus-k8s/prometheus-k8s-service-account.yaml": prometheus.serviceAccount.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service.yaml": prometheus.service.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s.yaml": prometheus.prometheus.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-role-binding-config.yaml": prometheus.roleBindingConfig.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-role-binding-namespace.yaml": prometheus.roleBindingNamespace.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-role-binding-kube-system.yaml": prometheus.roleBindingKubeSystem.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-role-binding-default.yaml": prometheus.roleBindingDefault.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-role-config.yaml": prometheus.roleConfig.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-role-namespace.yaml": prometheus.roleNamespace.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-role-kube-system.yaml": prometheus.roleKubeSystem.new(),
|
||||
"prometheus-k8s/prometheus-k8s-role-default.yaml": prometheus.roleDefault.new(),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-alertmanager.yaml": prometheus.serviceMonitorAlertmanager.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-apiserver.yaml": prometheus.serviceMonitorApiserver.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-coredns.yaml": prometheus.serviceMonitorCoreDNS.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-kube-controller-manager.yaml": prometheus.serviceMonitorControllerManager.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-kube-scheduler.yaml": prometheus.serviceMonitorScheduler.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-kube-state-metrics.yaml": prometheus.serviceMonitorKubeStateMetrics.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-kubelet.yaml": prometheus.serviceMonitorKubelet.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-node-exporter.yaml": prometheus.serviceMonitorNodeExporter.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-prometheus-operator.yaml": prometheus.serviceMonitorPrometheusOperator.new(namespace),
|
||||
"prometheus-k8s/prometheus-k8s-service-monitor-prometheus.yaml": prometheus.serviceMonitorPrometheus.new(namespace),
|
||||
};
|
||||
|
||||
{[path]: std.manifestYamlDoc(objects[path]) for path in std.objectFields(objects)}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
clusterRoleBinding.new() +
|
||||
clusterRoleBinding.mixin.metadata.withName("kube-state-metrics") +
|
||||
clusterRoleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
|
||||
clusterRoleBinding.mixin.roleRef.withName("kube-state-metrics") +
|
||||
clusterRoleBinding.mixin.roleRef.mixinInstance({kind: "ClusterRole"}) +
|
||||
clusterRoleBinding.withSubjects([{kind: "ServiceAccount", name: "kube-state-metrics", namespace: namespace}])
|
||||
}
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRole = k.rbac.v1.clusterRole;
|
||||
local policyRule = clusterRole.rulesType;
|
||||
|
||||
local coreRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"configmaps",
|
||||
"secrets",
|
||||
"nodes",
|
||||
"pods",
|
||||
"services",
|
||||
"resourcequotas",
|
||||
"replicationcontrollers",
|
||||
"limitranges",
|
||||
"persistentvolumeclaims",
|
||||
"persistentvolumes",
|
||||
"namespaces",
|
||||
"endpoints",
|
||||
]) +
|
||||
policyRule.withVerbs(["list", "watch"]);
|
||||
|
||||
local extensionsRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["extensions"]) +
|
||||
policyRule.withResources([
|
||||
"daemonsets",
|
||||
"deployments",
|
||||
"replicasets",
|
||||
]) +
|
||||
policyRule.withVerbs(["list", "watch"]);
|
||||
|
||||
local appsRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["apps"]) +
|
||||
policyRule.withResources([
|
||||
"statefulsets",
|
||||
]) +
|
||||
policyRule.withVerbs(["list", "watch"]);
|
||||
|
||||
local batchRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["batch"]) +
|
||||
policyRule.withResources([
|
||||
"cronjobs",
|
||||
"jobs",
|
||||
]) +
|
||||
policyRule.withVerbs(["list", "watch"]);
|
||||
|
||||
local autoscalingRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["autoscaling"]) +
|
||||
policyRule.withResources([
|
||||
"horizontalpodautoscalers",
|
||||
]) +
|
||||
policyRule.withVerbs(["list", "watch"]);
|
||||
|
||||
local authenticationRole = policyRule.new() +
|
||||
policyRule.withApiGroups(["authentication.k8s.io"]) +
|
||||
policyRule.withResources([
|
||||
"tokenreviews",
|
||||
]) +
|
||||
policyRule.withVerbs(["create"]);
|
||||
|
||||
local authorizationRole = policyRule.new() +
|
||||
policyRule.withApiGroups(["authorization.k8s.io"]) +
|
||||
policyRule.withResources([
|
||||
"subjectaccessreviews",
|
||||
]) +
|
||||
policyRule.withVerbs(["create"]);
|
||||
|
||||
local rules = [coreRule, extensionsRule, appsRule, batchRule, autoscalingRule, authenticationRole, authorizationRole];
|
||||
|
||||
{
|
||||
new()::
|
||||
clusterRole.new() +
|
||||
clusterRole.mixin.metadata.withName("kube-state-metrics") +
|
||||
clusterRole.withRules(rules)
|
||||
}
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local deployment = k.apps.v1beta2.deployment;
|
||||
|
||||
local deployment = k.apps.v1beta2.deployment;
|
||||
local container = k.apps.v1beta2.deployment.mixin.spec.template.spec.containersType;
|
||||
local volume = k.apps.v1beta2.deployment.mixin.spec.template.spec.volumesType;
|
||||
local containerPort = container.portsType;
|
||||
local containerVolumeMount = container.volumeMountsType;
|
||||
local podSelector = deployment.mixin.spec.template.spec.selectorType;
|
||||
|
||||
local kubeStateMetricsVersion = "v1.3.0";
|
||||
local kubeRbacProxyVersion = "v0.3.0";
|
||||
local addonResizerVersion = "1.0";
|
||||
local podLabels = {"app": "kube-state-metrics"};
|
||||
|
||||
local proxyClusterMetrics =
|
||||
container.new("kube-rbac-proxy-main", "quay.io/coreos/kube-rbac-proxy:" + kubeRbacProxyVersion) +
|
||||
container.withArgs([
|
||||
"--secure-listen-address=:8443",
|
||||
"--upstream=http://127.0.0.1:8081/",
|
||||
]) +
|
||||
container.withPorts(containerPort.newNamed("https-main", 8443)) +
|
||||
container.mixin.resources.withRequests({cpu: "10m", memory: "20Mi"}) +
|
||||
container.mixin.resources.withLimits({cpu: "20m", memory: "40Mi"});
|
||||
|
||||
local proxySelfMetrics =
|
||||
container.new("kube-rbac-proxy-self", "quay.io/coreos/kube-rbac-proxy:" + kubeRbacProxyVersion) +
|
||||
container.withArgs([
|
||||
"--secure-listen-address=:9443",
|
||||
"--upstream=http://127.0.0.1:8082/",
|
||||
]) +
|
||||
container.withPorts(containerPort.newNamed("https-self", 9443)) +
|
||||
container.mixin.resources.withRequests({cpu: "10m", memory: "20Mi"}) +
|
||||
container.mixin.resources.withLimits({cpu: "20m", memory: "40Mi"});
|
||||
|
||||
local kubeStateMetrics =
|
||||
container.new("kube-state-metrics", "quay.io/coreos/kube-state-metrics:" + kubeStateMetricsVersion) +
|
||||
container.withArgs([
|
||||
"--host=127.0.0.1",
|
||||
"--port=8081",
|
||||
"--telemetry-host=127.0.0.1",
|
||||
"--telemetry-port=8082",
|
||||
]) +
|
||||
container.mixin.resources.withRequests({cpu: "102m", memory: "180Mi"}) +
|
||||
container.mixin.resources.withLimits({cpu: "102m", memory: "180Mi"});
|
||||
|
||||
local addonResizer =
|
||||
container.new("addon-resizer", "quay.io/coreos/addon-resizer:" + addonResizerVersion) +
|
||||
container.withCommand([
|
||||
"/pod_nanny",
|
||||
"--container=kube-state-metrics",
|
||||
"--cpu=100m",
|
||||
"--extra-cpu=2m",
|
||||
"--memory=150Mi",
|
||||
"--extra-memory=30Mi",
|
||||
"--threshold=5",
|
||||
"--deployment=kube-state-metrics",
|
||||
]) +
|
||||
container.withEnv([
|
||||
{
|
||||
name: "MY_POD_NAME",
|
||||
valueFrom: {
|
||||
fieldRef: {apiVersion: "v1", fieldPath: "metadata.name"}
|
||||
}
|
||||
}, {
|
||||
name: "MY_POD_NAMESPACE",
|
||||
valueFrom: {
|
||||
fieldRef: {apiVersion: "v1", fieldPath: "metadata.namespace"}
|
||||
}
|
||||
}
|
||||
]) +
|
||||
container.mixin.resources.withRequests({cpu: "10m", memory: "30Mi"}) +
|
||||
container.mixin.resources.withLimits({cpu: "10m", memory: "30Mi"});
|
||||
|
||||
local c = [proxyClusterMetrics, proxySelfMetrics, kubeStateMetrics, addonResizer];
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
deployment.new("kube-state-metrics", 1, c, podLabels) +
|
||||
deployment.mixin.metadata.withNamespace(namespace) +
|
||||
deployment.mixin.metadata.withLabels(podLabels) +
|
||||
deployment.mixin.spec.selector.withMatchLabels(podLabels) +
|
||||
deployment.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
|
||||
deployment.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
|
||||
deployment.mixin.spec.template.spec.withServiceAccountName("kube-state-metrics")
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local roleBinding = k.rbac.v1.roleBinding;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
roleBinding.new() +
|
||||
roleBinding.mixin.metadata.withName("kube-state-metrics") +
|
||||
roleBinding.mixin.metadata.withNamespace(namespace) +
|
||||
roleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
|
||||
roleBinding.mixin.roleRef.withName("kube-state-metrics-addon-resizer") +
|
||||
roleBinding.mixin.roleRef.mixinInstance({kind: "Role"}) +
|
||||
roleBinding.withSubjects([{kind: "ServiceAccount", name: "kube-state-metrics"}])
|
||||
}
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local role = k.rbac.v1.role;
|
||||
local policyRule = role.rulesType;
|
||||
|
||||
local coreRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"pods",
|
||||
]) +
|
||||
policyRule.withVerbs(["get"]);
|
||||
|
||||
local extensionsRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["extensions"]) +
|
||||
policyRule.withResources([
|
||||
"deployments",
|
||||
]) +
|
||||
policyRule.withVerbs(["get", "update"]) +
|
||||
policyRule.withResourceNames(["kube-state-metrics"]);
|
||||
|
||||
local rules = [coreRule, extensionsRule];
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
role.new() +
|
||||
role.mixin.metadata.withName("kube-state-metrics") +
|
||||
role.mixin.metadata.withNamespace(namespace) +
|
||||
role.withRules(rules)
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local serviceAccount = k.core.v1.serviceAccount;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
serviceAccount.new("kube-state-metrics") +
|
||||
serviceAccount.mixin.metadata.withNamespace(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local service = k.core.v1.service;
|
||||
local servicePort = k.core.v1.service.mixin.spec.portsType;
|
||||
|
||||
local ksmDeployment = import "kube-state-metrics-deployment.libsonnet";
|
||||
|
||||
local ksmServicePortMain = servicePort.newNamed("https-main", 8443, "https-main");
|
||||
local ksmServicePortSelf = servicePort.newNamed("https-self", 9443, "https-self");
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
service.new("kube-state-metrics", ksmDeployment.new(namespace).spec.selector.matchLabels, [ksmServicePortMain, ksmServicePortSelf]) +
|
||||
service.mixin.metadata.withNamespace(namespace) +
|
||||
service.mixin.metadata.withLabels({"k8s-app": "kube-state-metrics"})
|
||||
}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
clusterRoleBinding:: import "kube-state-metrics-cluster-role-binding.libsonnet",
|
||||
clusterRole:: import "kube-state-metrics-cluster-role.libsonnet",
|
||||
deployment:: import "kube-state-metrics-deployment.libsonnet",
|
||||
roleBinding:: import "kube-state-metrics-role-binding.libsonnet",
|
||||
role:: import "kube-state-metrics-role.libsonnet",
|
||||
serviceAccount:: import "kube-state-metrics-service-account.libsonnet",
|
||||
service:: import "kube-state-metrics-service.libsonnet",
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
clusterRoleBinding.new() +
|
||||
clusterRoleBinding.mixin.metadata.withName("node-exporter") +
|
||||
clusterRoleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
|
||||
clusterRoleBinding.mixin.roleRef.withName("node-exporter") +
|
||||
clusterRoleBinding.mixin.roleRef.mixinInstance({kind: "ClusterRole"}) +
|
||||
clusterRoleBinding.withSubjects([{kind: "ServiceAccount", name: "node-exporter", namespace: namespace}])
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRole = k.rbac.v1.clusterRole;
|
||||
local policyRule = clusterRole.rulesType;
|
||||
|
||||
local authenticationRole = policyRule.new() +
|
||||
policyRule.withApiGroups(["authentication.k8s.io"]) +
|
||||
policyRule.withResources([
|
||||
"tokenreviews",
|
||||
]) +
|
||||
policyRule.withVerbs(["create"]);
|
||||
|
||||
local authorizationRole = policyRule.new() +
|
||||
policyRule.withApiGroups(["authorization.k8s.io"]) +
|
||||
policyRule.withResources([
|
||||
"subjectaccessreviews",
|
||||
]) +
|
||||
policyRule.withVerbs(["create"]);
|
||||
|
||||
local rules = [authenticationRole, authorizationRole];
|
||||
|
||||
{
|
||||
new()::
|
||||
clusterRole.new() +
|
||||
clusterRole.mixin.metadata.withName("node-exporter") +
|
||||
clusterRole.withRules(rules)
|
||||
}
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
|
||||
local daemonset = k.apps.v1beta2.daemonSet;
|
||||
local container = daemonset.mixin.spec.template.spec.containersType;
|
||||
local volume = daemonset.mixin.spec.template.spec.volumesType;
|
||||
local containerPort = container.portsType;
|
||||
local containerVolumeMount = container.volumeMountsType;
|
||||
local podSelector = daemonset.mixin.spec.template.spec.selectorType;
|
||||
|
||||
local nodeExporterVersion = "v0.15.2";
|
||||
local kubeRbacProxyVersion = "v0.3.0";
|
||||
local podLabels = {"app": "node-exporter"};
|
||||
|
||||
local procVolumeName = "proc";
|
||||
local procVolume = volume.fromHostPath(procVolumeName, "/proc");
|
||||
local procVolumeMount = containerVolumeMount.new(procVolumeName, "/host/proc");
|
||||
|
||||
local sysVolumeName = "sys";
|
||||
local sysVolume = volume.fromHostPath(sysVolumeName, "/sys");
|
||||
local sysVolumeMount = containerVolumeMount.new(sysVolumeName, "/host/sys");
|
||||
|
||||
local nodeExporter =
|
||||
container.new("node-exporter", "quay.io/prometheus/node-exporter:" + nodeExporterVersion) +
|
||||
container.withArgs([
|
||||
"--web.listen-address=127.0.0.1:9101",
|
||||
"--path.procfs=/host/proc",
|
||||
"--path.sysfs=/host/sys",
|
||||
]) +
|
||||
container.withVolumeMounts([procVolumeMount, sysVolumeMount]) +
|
||||
container.mixin.resources.withRequests({cpu: "102m", memory: "180Mi"}) +
|
||||
container.mixin.resources.withLimits({cpu: "102m", memory: "180Mi"});
|
||||
|
||||
local proxy =
|
||||
container.new("kube-rbac-proxy", "quay.io/coreos/kube-rbac-proxy:" + kubeRbacProxyVersion) +
|
||||
container.withArgs([
|
||||
"--secure-listen-address=:9100",
|
||||
"--upstream=http://127.0.0.1:9101/",
|
||||
]) +
|
||||
container.withPorts(containerPort.newNamed("https", 9100)) +
|
||||
container.mixin.resources.withRequests({cpu: "10m", memory: "20Mi"}) +
|
||||
container.mixin.resources.withLimits({cpu: "20m", memory: "40Mi"});
|
||||
|
||||
local c = [nodeExporter, proxy];
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
daemonset.new() +
|
||||
daemonset.mixin.metadata.withName("node-exporter") +
|
||||
daemonset.mixin.metadata.withNamespace(namespace) +
|
||||
daemonset.mixin.metadata.withLabels(podLabels) +
|
||||
daemonset.mixin.spec.selector.withMatchLabels(podLabels) +
|
||||
daemonset.mixin.spec.template.metadata.withLabels(podLabels) +
|
||||
daemonset.mixin.spec.template.spec.withContainers(c) +
|
||||
daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume]) +
|
||||
daemonset.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
|
||||
daemonset.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
|
||||
daemonset.mixin.spec.template.spec.withServiceAccountName("node-exporter")
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local serviceAccount = k.core.v1.serviceAccount;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
serviceAccount.new("node-exporter") +
|
||||
serviceAccount.mixin.metadata.withNamespace(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local service = k.core.v1.service;
|
||||
local servicePort = k.core.v1.service.mixin.spec.portsType;
|
||||
|
||||
local nodeExporterDaemonset = import "node-exporter-daemonset.libsonnet";
|
||||
|
||||
local nodeExporterPort = servicePort.newNamed("https", 9100, "https");
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
service.new("node-exporter", nodeExporterDaemonset.new(namespace).spec.selector.matchLabels, nodeExporterPort) +
|
||||
service.mixin.metadata.withNamespace(namespace) +
|
||||
service.mixin.metadata.withLabels({"k8s-app": "node-exporter"})
|
||||
}
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
clusterRoleBinding:: import "node-exporter-cluster-role-binding.libsonnet",
|
||||
clusterRole:: import "node-exporter-cluster-role.libsonnet",
|
||||
daemonset:: import "node-exporter-daemonset.libsonnet",
|
||||
serviceAccount:: import "node-exporter-service-account.libsonnet",
|
||||
service:: import "node-exporter-service.libsonnet",
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
clusterRoleBinding.new() +
|
||||
clusterRoleBinding.mixin.metadata.withName("prometheus-operator") +
|
||||
clusterRoleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
|
||||
clusterRoleBinding.mixin.roleRef.withName("prometheus-operator") +
|
||||
clusterRoleBinding.mixin.roleRef.mixinInstance({kind: "ClusterRole"}) +
|
||||
clusterRoleBinding.withSubjects([{kind: "ServiceAccount", name: "prometheus-operator", namespace: namespace}])
|
||||
}
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRole = k.rbac.v1.clusterRole;
|
||||
local policyRule = clusterRole.rulesType;
|
||||
|
||||
local extensionsRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["extensions"]) +
|
||||
policyRule.withResources([
|
||||
"thirdpartyresources",
|
||||
]) +
|
||||
policyRule.withVerbs(["*"]);
|
||||
|
||||
local apiExtensionsRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["apiextensions.k8s.io"]) +
|
||||
policyRule.withResources([
|
||||
"customresourcedefinitions",
|
||||
]) +
|
||||
policyRule.withVerbs(["*"]);
|
||||
|
||||
local monitoringRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["monitoring.coreos.com"]) +
|
||||
policyRule.withResources([
|
||||
"alertmanagers",
|
||||
"prometheuses",
|
||||
"prometheuses/finalizers",
|
||||
"alertmanagers/finalizers",
|
||||
"servicemonitors",
|
||||
]) +
|
||||
policyRule.withVerbs(["*"]);
|
||||
|
||||
local appsRule = policyRule.new() +
|
||||
policyRule.withApiGroups(["apps"]) +
|
||||
policyRule.withResources([
|
||||
"statefulsets",
|
||||
]) +
|
||||
policyRule.withVerbs(["*"]);
|
||||
|
||||
local coreRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"configmaps",
|
||||
"secrets",
|
||||
]) +
|
||||
policyRule.withVerbs(["*"]);
|
||||
|
||||
local podRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"pods",
|
||||
]) +
|
||||
policyRule.withVerbs(["list", "delete"]);
|
||||
|
||||
local routingRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"services",
|
||||
]) +
|
||||
policyRule.withVerbs(["get", "create", "update"]);
|
||||
|
||||
local nodeRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"nodes",
|
||||
]) +
|
||||
policyRule.withVerbs(["list", "watch"]);
|
||||
|
||||
local namespaceRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"namespaces",
|
||||
]) +
|
||||
policyRule.withVerbs(["list"]);
|
||||
|
||||
local rules = [extensionsRule, apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
|
||||
|
||||
{
|
||||
new()::
|
||||
clusterRole.new() +
|
||||
clusterRole.mixin.metadata.withName("prometheus-operator") +
|
||||
clusterRole.withRules(rules)
|
||||
}
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local rawVersion = importstr "../../../../VERSION";
|
||||
|
||||
local removeLineBreaks = function(str) std.join("", std.filter(function(c) c != "\n", std.stringChars(str)));
|
||||
local version = removeLineBreaks(rawVersion);
|
||||
|
||||
local deployment = k.apps.v1beta2.deployment;
|
||||
local container = k.apps.v1beta2.deployment.mixin.spec.template.spec.containersType;
|
||||
local containerPort = container.portsType;
|
||||
|
||||
local targetPort = 8080;
|
||||
local podLabels = {"k8s-app": "prometheus-operator"};
|
||||
|
||||
local operatorContainer =
|
||||
container.new("prometheus-operator", "quay.io/coreos/prometheus-operator:v" + version) +
|
||||
container.withPorts(containerPort.newNamed("http", targetPort)) +
|
||||
container.withArgs(["--kubelet-service=kube-system/kubelet", "--config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1"]) +
|
||||
container.mixin.resources.withRequests({cpu: "100m", memory: "50Mi"}) +
|
||||
container.mixin.resources.withLimits({cpu: "200m", memory: "100Mi"});
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
deployment.new("prometheus-operator", 1, operatorContainer, podLabels) +
|
||||
deployment.mixin.metadata.withNamespace(namespace) +
|
||||
deployment.mixin.metadata.withLabels(podLabels) +
|
||||
deployment.mixin.spec.selector.withMatchLabels(podLabels) +
|
||||
deployment.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
|
||||
deployment.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
|
||||
deployment.mixin.spec.template.spec.withServiceAccountName("prometheus-operator")
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local serviceAccount = k.core.v1.serviceAccount;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
serviceAccount.new("prometheus-operator") +
|
||||
serviceAccount.mixin.metadata.withNamespace(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local service = k.core.v1.service;
|
||||
local servicePort = k.core.v1.service.mixin.spec.portsType;
|
||||
|
||||
local poDeployment = import "prometheus-operator-deployment.libsonnet";
|
||||
|
||||
local poServicePort = servicePort.newNamed("http", 8080, "http");
|
||||
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
service.new("prometheus-operator", poDeployment.new(namespace).spec.selector.matchLabels, [poServicePort]) +
|
||||
service.mixin.metadata.withNamespace(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
clusterRoleBinding:: import "prometheus-operator-cluster-role-binding.libsonnet",
|
||||
clusterRole:: import "prometheus-operator-cluster-role.libsonnet",
|
||||
deployment:: import "prometheus-operator-deployment.libsonnet",
|
||||
serviceAccount:: import "prometheus-operator-service-account.libsonnet",
|
||||
service:: import "prometheus-operator-service.libsonnet",
|
||||
}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
clusterRoleBinding.new() +
|
||||
clusterRoleBinding.mixin.metadata.withName("prometheus-k8s") +
|
||||
clusterRoleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
|
||||
clusterRoleBinding.mixin.roleRef.withName("prometheus-k8s") +
|
||||
clusterRoleBinding.mixin.roleRef.mixinInstance({kind: "ClusterRole"}) +
|
||||
clusterRoleBinding.withSubjects([{kind: "ServiceAccount", name: "prometheus-k8s", namespace: namespace}])
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local clusterRole = k.rbac.v1.clusterRole;
|
||||
local policyRule = clusterRole.rulesType;
|
||||
|
||||
local nodeMetricsRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources(["nodes/metrics"]) +
|
||||
policyRule.withVerbs(["get"]);
|
||||
|
||||
local metricsRule = policyRule.new() +
|
||||
policyRule.withNonResourceUrls("/metrics") +
|
||||
policyRule.withVerbs(["get"]);
|
||||
|
||||
local rules = [nodeMetricsRule, metricsRule];
|
||||
|
||||
{
|
||||
new()::
|
||||
clusterRole.new() +
|
||||
clusterRole.mixin.metadata.withName("prometheus-k8s") +
|
||||
clusterRole.withRules(rules)
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
local prometheusNamespaceRoleBinding = import "prometheus-namespace-role-binding.libsonnet";
|
||||
|
||||
{
|
||||
new(namespace):: prometheusNamespaceRoleBinding.new(namespace, namespace, "prometheus-k8s-config")
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
local prometheusNamespaceRoleBinding = import "prometheus-namespace-role-binding.libsonnet";
|
||||
|
||||
{
|
||||
new(namespace):: prometheusNamespaceRoleBinding.new(namespace, "default", "prometheus-k8s")
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
local prometheusNamespaceRoleBinding = import "prometheus-namespace-role-binding.libsonnet";
|
||||
|
||||
{
|
||||
new(namespace):: prometheusNamespaceRoleBinding.new(namespace, "kube-system", "prometheus-k8s")
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
local prometheusNamespaceRoleBinding = import "prometheus-namespace-role-binding.libsonnet";
|
||||
|
||||
{
|
||||
new(namespace):: prometheusNamespaceRoleBinding.new(namespace, namespace, "prometheus-k8s")
|
||||
}
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local role = k.rbac.v1.role;
|
||||
local policyRule = role.rulesType;
|
||||
|
||||
local configmapRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"configmaps",
|
||||
]) +
|
||||
policyRule.withVerbs(["get"]);
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
role.new() +
|
||||
role.mixin.metadata.withName("prometheus-k8s-config") +
|
||||
role.mixin.metadata.withNamespace(namespace) +
|
||||
role.withRules(configmapRule),
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
local prometheusNamespaceRole = import "prometheus-namespace-role.libsonnet";
|
||||
|
||||
{
|
||||
new():: prometheusNamespaceRole.new("default")
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
local prometheusNamespaceRole = import "prometheus-namespace-role.libsonnet";
|
||||
|
||||
{
|
||||
new():: prometheusNamespaceRole.new("kube-system")
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
local prometheusNamespaceRole = import "prometheus-namespace-role.libsonnet";
|
||||
|
||||
{
|
||||
new(namespace):: prometheusNamespaceRole.new(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local serviceAccount = k.core.v1.serviceAccount;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
serviceAccount.new("prometheus-k8s") +
|
||||
serviceAccount.mixin.metadata.withNamespace(namespace)
|
||||
}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "alertmanager",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "alertmanager"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"alertmanager": "main"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"monitoring"
|
||||
]
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "web",
|
||||
"interval": "30s"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "kube-apiserver",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "apiserver"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"jobLabel": "component",
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"component": "apiserver",
|
||||
"provider": "kubernetes"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"default"
|
||||
]
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "https",
|
||||
"interval": "30s",
|
||||
"scheme": "https",
|
||||
"tlsConfig": {
|
||||
"caFile": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
|
||||
"serverName": "kubernetes"
|
||||
},
|
||||
"bearerTokenFile": "/var/run/secrets/kubernetes.io/serviceaccount/token"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "coredns",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "coredns"
|
||||
},
|
||||
},
|
||||
"spec": {
|
||||
"jobLabel": "k8s-app",
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"k8s-app": "coredns",
|
||||
"component": "metrics"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"kube-system"
|
||||
]
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "http-metrics",
|
||||
"interval": "15s",
|
||||
"bearerTokenFile": "/var/run/secrets/kubernetes.io/serviceaccount/token"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "kube-controller-manager",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "kube-controller-manager"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"jobLabel": "k8s-app",
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "http-metrics",
|
||||
"interval": "30s"
|
||||
}
|
||||
],
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"k8s-app": "kube-controller-manager"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"kube-system"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "kube-scheduler",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "kube-scheduler"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"jobLabel": "k8s-app",
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "http-metrics",
|
||||
"interval": "30s"
|
||||
}
|
||||
],
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"k8s-app": "kube-scheduler"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"kube-system"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "kube-state-metrics",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"jobLabel": "k8s-app",
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"k8s-app": "kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"monitoring"
|
||||
]
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "https-main",
|
||||
"scheme": "https",
|
||||
"interval": "30s",
|
||||
"honorLabels": true,
|
||||
"bearerTokenFile": "/var/run/secrets/kubernetes.io/serviceaccount/token",
|
||||
"tlsConfig": {
|
||||
"insecureSkipVerify": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"port": "https-self",
|
||||
"scheme": "https",
|
||||
"interval": "30s",
|
||||
"bearerTokenFile": "/var/run/secrets/kubernetes.io/serviceaccount/token",
|
||||
"tlsConfig": {
|
||||
"insecureSkipVerify": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "kubelet",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "kubelet"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"jobLabel": "k8s-app",
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "https-metrics",
|
||||
"scheme": "https",
|
||||
"interval": "30s",
|
||||
"tlsConfig": {
|
||||
"insecureSkipVerify": true
|
||||
},
|
||||
"bearerTokenFile": "/var/run/secrets/kubernetes.io/serviceaccount/token"
|
||||
},
|
||||
{
|
||||
"port": "https-metrics",
|
||||
"scheme": "https",
|
||||
"path": "/metrics/cadvisor",
|
||||
"interval": "30s",
|
||||
"honorLabels": true,
|
||||
"tlsConfig": {
|
||||
"insecureSkipVerify": true
|
||||
},
|
||||
"bearerTokenFile": "/var/run/secrets/kubernetes.io/serviceaccount/token"
|
||||
}
|
||||
],
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"k8s-app": "kubelet"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"kube-system"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "node-exporter",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "node-exporter"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"jobLabel": "k8s-app",
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"k8s-app": "node-exporter"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"monitoring"
|
||||
]
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "https",
|
||||
"scheme": "https",
|
||||
"interval": "30s",
|
||||
"bearerTokenFile": "/var/run/secrets/kubernetes.io/serviceaccount/token",
|
||||
"tlsConfig": {
|
||||
"insecureSkipVerify": true
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "prometheus-operator",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "prometheus-operator"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "http"
|
||||
}
|
||||
],
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"k8s-app": "prometheus-operator"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
new(namespace)::
|
||||
{
|
||||
"apiVersion": "monitoring.coreos.com/v1",
|
||||
"kind": "ServiceMonitor",
|
||||
"metadata": {
|
||||
"name": "prometheus",
|
||||
"namespace": namespace,
|
||||
"labels": {
|
||||
"k8s-app": "prometheus"
|
||||
}
|
||||
},
|
||||
"spec": {
|
||||
"selector": {
|
||||
"matchLabels": {
|
||||
"prometheus": "k8s"
|
||||
}
|
||||
},
|
||||
"namespaceSelector": {
|
||||
"matchNames": [
|
||||
"monitoring"
|
||||
]
|
||||
},
|
||||
"endpoints": [
|
||||
{
|
||||
"port": "web",
|
||||
"interval": "30s"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local service = k.core.v1.service;
|
||||
local servicePort = k.core.v1.service.mixin.spec.portsType;
|
||||
|
||||
local prometheusPort = servicePort.newNamed("web", 9090, "web");
|
||||
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
service.new("prometheus-k8s", {app: "prometheus", prometheus: "k8s"}, prometheusPort) +
|
||||
service.mixin.metadata.withNamespace(namespace) +
|
||||
service.mixin.metadata.withLabels({prometheus: "k8s"})
|
||||
}
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
|
||||
local container = k.core.v1.pod.mixin.spec.containersType;
|
||||
local resourceRequirements = container.mixin.resourcesType;
|
||||
local selector = k.apps.v1beta2.deployment.mixin.spec.selectorType;
|
||||
|
||||
local resources = resourceRequirements.new() +
|
||||
resourceRequirements.withRequests({memory: "400Mi"});
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
{
|
||||
apiVersion: "monitoring.coreos.com/v1",
|
||||
kind: "Prometheus",
|
||||
metadata: {
|
||||
name: "k8s",
|
||||
namespace: namespace,
|
||||
labels: {
|
||||
prometheus: "k8s",
|
||||
},
|
||||
},
|
||||
spec: {
|
||||
replicas: 2,
|
||||
version: "v2.2.1",
|
||||
serviceAccountName: "prometheus-k8s",
|
||||
serviceMonitorSelector: selector.withMatchExpressions({key: "k8s-app", operator: "Exists"}),
|
||||
ruleSelector: selector.withMatchLabels({
|
||||
role: "alert-rules",
|
||||
prometheus: "k8s",
|
||||
}),
|
||||
resources: resources,
|
||||
alerting: {
|
||||
alertmanagers: [
|
||||
{
|
||||
namespace: "monitoring",
|
||||
name: "alertmanager-main",
|
||||
port: "web",
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local roleBinding = k.rbac.v1.roleBinding;
|
||||
|
||||
{
|
||||
new(serviceAccountNamespace, namespace, name)::
|
||||
roleBinding.new() +
|
||||
roleBinding.mixin.metadata.withName(name) +
|
||||
roleBinding.mixin.metadata.withNamespace(namespace) +
|
||||
roleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
|
||||
roleBinding.mixin.roleRef.withName(name) +
|
||||
roleBinding.mixin.roleRef.mixinInstance({kind: "Role"}) +
|
||||
roleBinding.withSubjects([{kind: "ServiceAccount", name: name, namespace: serviceAccountNamespace}])
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
local k = import "ksonnet.beta.3/k.libsonnet";
|
||||
local role = k.rbac.v1.role;
|
||||
local policyRule = role.rulesType;
|
||||
|
||||
{
|
||||
new(namespace)::
|
||||
local coreRule = policyRule.new() +
|
||||
policyRule.withApiGroups([""]) +
|
||||
policyRule.withResources([
|
||||
"nodes",
|
||||
"services",
|
||||
"endpoints",
|
||||
"pods",
|
||||
]) +
|
||||
policyRule.withVerbs(["get", "list", "watch"]);
|
||||
|
||||
role.new() +
|
||||
role.mixin.metadata.withName("prometheus-k8s") +
|
||||
role.mixin.metadata.withNamespace(namespace) +
|
||||
role.withRules(coreRule)
|
||||
}
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
{
|
||||
clusterRoleBinding:: import "prometheus-k8s-cluster-role-binding.libsonnet",
|
||||
clusterRole:: import "prometheus-k8s-cluster-role.libsonnet",
|
||||
roleBindingConfig:: import "prometheus-k8s-role-binding-config.libsonnet",
|
||||
roleBindingNamespace:: import "prometheus-k8s-role-binding-namespace.libsonnet",
|
||||
roleBindingKubeSystem:: import "prometheus-k8s-role-binding-kube-system.libsonnet",
|
||||
roleBindingDefault:: import "prometheus-k8s-role-binding-default.libsonnet",
|
||||
roleConfig:: import "prometheus-k8s-role-config.libsonnet",
|
||||
roleNamespace:: import "prometheus-k8s-role-namespace.libsonnet",
|
||||
roleKubeSystem:: import "prometheus-k8s-role-kube-system.libsonnet",
|
||||
roleDefault:: import "prometheus-k8s-role-default.libsonnet",
|
||||
serviceAccount:: import "prometheus-k8s-service-account.libsonnet",
|
||||
serviceMonitorAlertmanager:: import "prometheus-k8s-service-monitor-alertmanager.libsonnet",
|
||||
serviceMonitorApiserver:: import "prometheus-k8s-service-monitor-apiserver.libsonnet",
|
||||
serviceMonitorCoreDNS:: import "prometheus-k8s-service-monitor-coredns.libsonnet",
|
||||
serviceMonitorControllerManager:: import "prometheus-k8s-service-monitor-kube-controller-manager.libsonnet",
|
||||
serviceMonitorScheduler:: import "prometheus-k8s-service-monitor-kube-scheduler.libsonnet",
|
||||
serviceMonitorKubeStateMetrics:: import "prometheus-k8s-service-monitor-kube-state-metrics.libsonnet",
|
||||
serviceMonitorKubelet:: import "prometheus-k8s-service-monitor-kubelet.libsonnet",
|
||||
serviceMonitorNodeExporter:: import "prometheus-k8s-service-monitor-node-exporter.libsonnet",
|
||||
serviceMonitorPrometheusOperator:: import "prometheus-k8s-service-monitor-prometheus-operator.libsonnet",
|
||||
serviceMonitorPrometheus:: import "prometheus-k8s-service-monitor-prometheus.libsonnet",
|
||||
service:: import "prometheus-k8s-service.libsonnet",
|
||||
prometheus:: import "prometheus-k8s.libsonnet",
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue