Last active
September 9, 2023 22:26
-
-
Save ahmedsbytes/ec75448b8c1565da0c66af73dffa0fad to your computer and use it in GitHub Desktop.
Adding prometheus to k8s
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: prometheus | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - secrets | |
| - nodes | |
| - pods | |
| - services | |
| - resourcequotas | |
| - replicationcontrollers | |
| - limitranges | |
| - persistentvolumeclaims | |
| - persistentvolumes | |
| - namespaces | |
| - endpoints | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - daemonsets | |
| - deployments | |
| - replicasets | |
| - ingresses | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - statefulsets | |
| - daemonsets | |
| - deployments | |
| - replicasets | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - cronjobs | |
| - jobs | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - authentication.k8s.io | |
| resources: | |
| - tokenreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - authorization.k8s.io | |
| resources: | |
| - subjectaccessreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - certificates.k8s.io | |
| resources: | |
| - certificatesigningrequests | |
| verbs: | |
| - list | |
| - watch | |
| - apiGroups: | |
| - storage.k8s.io | |
| resources: | |
| - storageclasses | |
| verbs: | |
| - list | |
| - watch | |
| - nonResourceURLs: | |
| - "/metrics" | |
| verbs: | |
| - get | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: prometheus | |
| namespace: monitoring | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: prometheus | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: prometheus | |
| subjects: | |
| - kind: ServiceAccount | |
| name: prometheus | |
| namespace: monitoring | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolume | |
| metadata: | |
| name: test-local-pv | |
| namespace: monitoring | |
| labels: | |
| app: prometheus-deployment | |
| spec: | |
| capacity: | |
| storage: 1Gi | |
| accessModes: | |
| - ReadWriteMany | |
| persistentVolumeReclaimPolicy: Retain | |
| storageClassName: local-storage | |
| local: | |
| path: /data/volumes/pv1 | |
| nodeAffinity: | |
| required: | |
| nodeSelectorTerms: | |
| - matchExpressions: | |
| - key: kubernetes.io/hostname | |
| operator: In | |
| values: | |
| - minikube | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: test-local-pv | |
| namespace: monitoring | |
| labels: | |
| app: prometheus-deployment | |
| spec: | |
| storageClassName: local-storage | |
| accessModes: | |
| - ReadWriteMany | |
| resources: | |
| requests: | |
| storage: 500Mi | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: prometheus-config | |
| namespace: monitoring | |
| data: | |
| prometheus.yml: | | |
| global: | |
| scrape_interval: 15s | |
| evaluation_interval: 15s | |
| alerting: | |
| alertmanagers: | |
| - static_configs: | |
| - targets: | |
| rule_files: | |
| # - "example-file.yml" | |
| scrape_configs: | |
| - job_name: 'prometheus' | |
| static_configs: | |
| - targets: ['localhost:9090'] | |
| - job_name: 'kubelet' | |
| kubernetes_sd_configs: | |
| - role: node | |
| scheme: https | |
| tls_config: | |
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| insecure_skip_verify: true # Required with Minikube. | |
| - job_name: 'cadvisor' | |
| kubernetes_sd_configs: | |
| - role: node | |
| scheme: https | |
| tls_config: | |
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| insecure_skip_verify: true # Required with Minikube. | |
| metrics_path: /metrics/cadvisor | |
| - job_name: 'k8apiserver' | |
| kubernetes_sd_configs: | |
| - role: endpoints | |
| scheme: https | |
| tls_config: | |
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| insecure_skip_verify: true # Required if using Minikube. | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| relabel_configs: | |
| - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] | |
| action: keep | |
| regex: default;kubernetes;https | |
| - job_name: 'k8services' | |
| kubernetes_sd_configs: | |
| - role: endpoints | |
| relabel_configs: | |
| - source_labels: | |
| - __meta_kubernetes_namespace | |
| - __meta_kubernetes_service_name | |
| action: drop | |
| regex: default;kubernetes | |
| - source_labels: | |
| - __meta_kubernetes_namespace | |
| regex: default | |
| action: keep | |
| - source_labels: [__meta_kubernetes_service_name] | |
| target_label: job | |
| - job_name: 'k8pods' | |
| kubernetes_sd_configs: | |
| - role: pod | |
| relabel_configs: | |
| - source_labels: [__meta_kubernetes_pod_container_port_name] | |
| regex: metrics | |
| action: keep | |
| - source_labels: [__meta_kubernetes_pod_container_name] | |
| target_label: job | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: prometheus | |
| namespace: monitoring | |
| labels: | |
| app: prometheus | |
| spec: | |
| replicas: 1 | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 1 | |
| maxUnavailable: 1 | |
| type: RollingUpdate | |
| selector: | |
| matchLabels: | |
| app: prometheus | |
| template: | |
| metadata: | |
| labels: | |
| app: prometheus | |
| annotations: | |
| prometheus.io/scrape: "true" | |
| prometheus.io/port: "9090" | |
| spec: | |
| serviceAccountName: prometheus | |
| containers: | |
| - name: prometheus | |
| image: prom/prometheus | |
| args: | |
| - '--storage.tsdb.retention=6h' | |
| - '--storage.tsdb.path=/prometheus' | |
| - '--config.file=/etc/prometheus/prometheus.yml' | |
| ports: | |
| - name: web | |
| containerPort: 9090 | |
| volumeMounts: | |
| - name: prometheus-config-volume | |
| mountPath: /etc/prometheus | |
| - name: prometheus-storage-volume | |
| mountPath: /prometheus | |
| restartPolicy: Always | |
| volumes: | |
| - name: prometheus-config-volume | |
| configMap: | |
| defaultMode: 420 | |
| name: prometheus-config | |
| - name: prometheus-storage-volume | |
| persistentVolumeClaim: | |
| claimName: test-local-pv | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: prometheus-service | |
| namespace: monitoring | |
| annotations: | |
| prometheus.io/scrape: 'true' | |
| prometheus.io/port: '9090' | |
| spec: | |
| selector: | |
| app: prometheus | |
| type: NodePort | |
| ports: | |
| - port: 8080 | |
| targetPort: 9090 | |
| nodePort: 30909 | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: grafana-pvc | |
| namespace: monitoring | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 1Gi | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: grafana | |
| name: grafana | |
| namespace: monitoring | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: grafana | |
| template: | |
| metadata: | |
| labels: | |
| app: grafana | |
| spec: | |
| securityContext: | |
| fsGroup: 472 | |
| supplementalGroups: | |
| - 0 | |
| containers: | |
| - name: grafana | |
| image: grafana/grafana:latest | |
| imagePullPolicy: IfNotPresent | |
| ports: | |
| - containerPort: 3000 | |
| name: http-grafana | |
| protocol: TCP | |
| readinessProbe: | |
| failureThreshold: 3 | |
| httpGet: | |
| path: /robots.txt | |
| port: 3000 | |
| scheme: HTTP | |
| initialDelaySeconds: 10 | |
| periodSeconds: 30 | |
| successThreshold: 1 | |
| timeoutSeconds: 2 | |
| livenessProbe: | |
| failureThreshold: 3 | |
| initialDelaySeconds: 30 | |
| periodSeconds: 10 | |
| successThreshold: 1 | |
| tcpSocket: | |
| port: 3000 | |
| timeoutSeconds: 1 | |
| resources: | |
| requests: | |
| cpu: 250m | |
| memory: 750Mi | |
| volumeMounts: | |
| - mountPath: /var/lib/grafana | |
| name: grafana-pv | |
| volumes: | |
| - name: grafana-pv | |
| persistentVolumeClaim: | |
| claimName: grafana-pvc | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: grafana | |
| namespace: monitoring | |
| spec: | |
| ports: | |
| - port: 3000 | |
| protocol: TCP | |
| targetPort: http-grafana | |
| selector: | |
| app: grafana | |
| sessionAffinity: None | |
| type: LoadBalancer | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment