mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-08-31 19:31:23 +02:00
Code Issues Projects Releases Wiki Activity

jsonnet: create function responsible for prometheus objects

Browse Source 
Signed-off-by: paulfantom <pawel@krupa.net.pl>
This commit is contained in:
paulfantom 2021-01-13 09:53:03 +01:00
parent 6b11d79c4b
commit 9cf2ce9ffc
No known key found for this signature in database
GPG Key ID: 12AE0185401674E7
2 changed files with 483 additions and 476 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
jsonnet/kube-prometheus/kube-prometheus.libsonnet
View File

@ -5,16 +5,15 @@ local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet
local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet'; local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet';
local nodeExporter = import './node-exporter/node-exporter.libsonnet'; local nodeExporter = import './node-exporter/node-exporter.libsonnet';
local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet';
local prometheus = import './prometheus/prometheus.libsonnet';
local monitoringMixins = import './mixins/monitoring-mixins.libsonnet'; local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') +
(import './prometheus/prometheus.libsonnet') +
{ {
alertmanager: alertmanager({ alertmanager: alertmanager({
name: 'main', name: $._config.alertmanagerName,
namespace: $._config.namespace, namespace: $._config.namespace,
version: '0.21.0', version: '0.21.0',
image: 'quay.io/prometheus/alertmanager:v0.21.0', image: 'quay.io/prometheus/alertmanager:v0.21.0',
@ -34,6 +33,14 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
version: '1.0.1', version: '1.0.1',
image: 'quay.io/prometheus/node-exporter:v1.0.1', image: 'quay.io/prometheus/node-exporter:v1.0.1',
}), }),
prometheus: prometheus({
namespace: $._config.namespace,
version: '2.24.0',
image: 'quay.io/prometheus/prometheus:v2.24.0',
name: $._config.prometheusName,
alertmanagerName: $._config.alertmanagerName,
rules: $.allRules,
}),
prometheusAdapter: prometheusAdapter({ prometheusAdapter: prometheusAdapter({
namespace: $._config.namespace, namespace: $._config.namespace,
version: '0.8.2', version: '0.8.2',
@ -42,9 +49,24 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
}), }),
mixins+:: monitoringMixins({ mixins+:: monitoringMixins({
namespace: $._config.namespace, namespace: $._config.namespace,
alertmanagerName: 'main', alertmanagerName: $._config.alertmanagerName,
prometheusName: 'k8s', prometheusName: $._config.prometheusName,
}), }),
// FIXME(paulfantom) Remove this variable by moving each mixin to its own component
// Example: node_exporter mixin could be added in ./node-exporter/node-exporter.libsonnet
allRules::
$.mixins.nodeExporter.prometheusRules +
$.mixins.kubernetes.prometheusRules +
$.mixins.base.prometheusRules +
$.mixins.kubeStateMetrics.prometheusAlerts +
$.mixins.nodeExporter.prometheusAlerts +
$.mixins.alertmanager.prometheusAlerts +
$.mixins.prometheusOperator.prometheusAlerts +
$.mixins.kubernetes.prometheusAlerts +
$.mixins.prometheus.prometheusAlerts +
$.mixins.base.prometheusAlerts,
kubePrometheus+:: { kubePrometheus+:: {
namespace: { namespace: {
apiVersion: 'v1', apiVersion: 'v1',
@ -143,6 +165,8 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
} + { } + {
_config+:: { _config+:: {
namespace: 'default', namespace: 'default',
prometheusName: 'k8s',
alertmanagerName: 'main',
versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' }, versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' },
imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' }, imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' },
@ -187,24 +211,6 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
}, },
}, },
local allRules =
$.mixins.nodeExporter.prometheusRules +
$.mixins.kubernetes.prometheusRules +
$.mixins.base.prometheusRules +
$.mixins.kubeStateMetrics.prometheusAlerts +
$.mixins.nodeExporter.prometheusAlerts +
$.mixins.alertmanager.prometheusAlerts +
$.mixins.prometheusOperator.prometheusAlerts +
$.mixins.kubernetes.prometheusAlerts +
$.mixins.prometheus.prometheusAlerts +
$.mixins.base.prometheusAlerts,
local allDashboards =
$.mixins.nodeExporter.grafanaDashboards +
$.mixins.kubernetes.grafanaDashboards +
$.mixins.prometheus.grafanaDashboards,
prometheus+:: { rules: allRules },
grafana+:: { grafana+:: {
labels: { labels: {
'app.kubernetes.io/name': 'grafana', 'app.kubernetes.io/name': 'grafana',
@ -212,7 +218,12 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
'app.kubernetes.io/component': 'grafana', 'app.kubernetes.io/component': 'grafana',
'app.kubernetes.io/part-of': 'kube-prometheus', 'app.kubernetes.io/part-of': 'kube-prometheus',
}, },
dashboards: allDashboards, // FIXME(paulfantom): Same as with rules and alerts.
// This should be gathering all dashboards from components without having to enumerate all dashboards.
dashboards:
$.mixins.nodeExporter.grafanaDashboards +
$.mixins.kubernetes.grafanaDashboards +
$.mixins.prometheus.grafanaDashboards,
}, },
}, },
} }

900
jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
View File

@ -1,488 +1,484 @@
local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet'; local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet';
{ local defaults = {
_config+:: { local defaults = self,
namespace: 'default', namespace: error 'must provide namespace',
version: error 'must provide version',
image: error 'must provide image',
resources: {
requests: { memory: '400Mi' },
},
versions+:: { prometheus: 'v2.22.1' }, name: error 'must provide name',
imageRepos+:: { prometheus: 'quay.io/prometheus/prometheus' }, alertmanagerName: error 'must provide alertmanagerName',
alertmanager+:: { name: 'main' }, namespaces: ['default', 'kube-system', defaults.namespace],
replicas: 2,
rules: {
groups: [],
},
commonLabels:: {
'app.kubernetes.io/name': 'prometheus',
'app.kubernetes.io/version': defaults.version,
'app.kubernetes.io/component': 'prometheus',
'app.kubernetes.io/part-of': 'kube-prometheus',
},
selectorLabels:: {
[labelName]: defaults.commonLabels[labelName]
for labelName in std.objectFields(defaults.commonLabels)
if !std.setMember(labelName, ['app.kubernetes.io/version'])
} + { prometheus: defaults.name },
};
prometheus+:: {
name: 'k8s', function(params) {
replicas: 2, local p = self,
rules: {}, config:: defaults + params,
namespaces: ['default', 'kube-system', $._config.namespace], // Safety check
labels: { assert std.isObject(p.config.resources),
'app.kubernetes.io/name': 'prometheus',
'app.kubernetes.io/version': $._config.versions.prometheus, serviceAccount: {
'app.kubernetes.io/component': 'prometheus', apiVersion: 'v1',
'app.kubernetes.io/part-of': 'kube-prometheus', kind: 'ServiceAccount',
}, metadata: {
selectorLabels: { name: 'prometheus-' + p.config.name,
[labelName]: $._config.prometheus.labels[labelName] namespace: p.config.namespace,
for labelName in std.objectFields($._config.prometheus.labels) labels: p.config.commonLabels,
if !std.setMember(labelName, ['app.kubernetes.io/version'])
},
}, },
}, },
prometheus+:: { service: {
local p = self, apiVersion: 'v1',
kind: 'Service',
name:: $._config.prometheus.name, metadata: {
namespace:: $._config.namespace, name: 'prometheus-' + p.config.name,
roleBindingNamespaces:: $._config.prometheus.namespaces, namespace: p.config.namespace,
replicas:: $._config.prometheus.replicas, labels: { prometheus: p.config.name } + p.config.commonLabels,
prometheusRules:: $._config.prometheus.rules,
alertmanagerName:: $.alertmanager.service.metadata.name,
serviceAccount: {
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
name: 'prometheus-' + p.name,
namespace: p.namespace,
labels: $._config.prometheus.labels,
},
}, },
spec: {
service: { ports: [
apiVersion: 'v1', { name: 'web', targetPort: 'web', port: 9090 },
kind: 'Service', ],
metadata: { selector: { app: 'prometheus' } + p.config.selectorLabels,
name: 'prometheus-' + p.name, sessionAffinity: 'ClientIP',
namespace: p.namespace,
labels: { prometheus: p.name } + $._config.prometheus.labels,
},
spec: {
ports: [
{ name: 'web', targetPort: 'web', port: 9090 },
],
selector: { app: 'prometheus', prometheus: p.name } + $._config.prometheus.selectorLabels,
sessionAffinity: 'ClientIP',
},
}, },
},
rules: { rules: {
apiVersion: 'monitoring.coreos.com/v1', apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule', kind: 'PrometheusRule',
metadata: { metadata: {
labels: { labels: {
prometheus: p.name, prometheus: p.config.name,
role: 'alert-rules', role: 'alert-rules',
} + $._config.prometheus.labels, } + p.config.commonLabels,
name: 'prometheus-' + p.name + '-rules', name: 'prometheus-' + p.config.name + '-rules',
namespace: p.namespace, namespace: p.config.namespace,
},
spec: {
groups: p.prometheusRules.groups,
},
}, },
spec: {
groups: p.config.rules.groups,
},
},
roleBindingSpecificNamespaces: roleBindingSpecificNamespaces:
local newSpecificRoleBinding(namespace) = { local newSpecificRoleBinding(namespace) = {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
name: 'prometheus-' + p.name,
namespace: namespace,
labels: $._config.prometheus.labels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: 'prometheus-' + p.name,
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p.name,
namespace: p.namespace,
}],
};
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBindingList',
items: [newSpecificRoleBinding(x) for x in p.roleBindingNamespaces],
},
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole', kind: 'RoleBinding',
metadata: { metadata: {
name: 'prometheus-' + p.name, name: 'prometheus-' + p.config.name,
labels: $._config.prometheus.labels, namespace: namespace,
labels: p.config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: 'prometheus-' + p.config.name,
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p.config.name,
namespace: p.config.namespace,
}],
};
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBindingList',
items: [newSpecificRoleBinding(x) for x in p.config.namespaces],
},
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: 'prometheus-' + p.config.name,
labels: p.config.commonLabels,
},
rules: [
{
apiGroups: [''],
resources: ['nodes/metrics'],
verbs: ['get'],
},
{
nonResourceURLs: ['/metrics'],
verbs: ['get'],
},
],
},
roleConfig: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
name: 'prometheus-' + p.config.name + '-config',
namespace: p.config.namespace,
labels: p.config.commonLabels,
},
rules: [{
apiGroups: [''],
resources: ['configmaps'],
verbs: ['get'],
}],
},
roleBindingConfig: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
name: 'prometheus-' + p.config.name + '-config',
namespace: p.config.namespace,
labels: p.config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: 'prometheus-' + p.config.name + '-config',
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p.config.name,
namespace: p.config.namespace,
}],
},
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
metadata: {
name: 'prometheus-' + p.config.name,
labels: p.config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'prometheus-' + p.config.name,
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p.config.name,
namespace: p.config.namespace,
}],
},
roleSpecificNamespaces:
local newSpecificRole(namespace) = {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
name: 'prometheus-' + p.config.name,
namespace: namespace,
labels: p.config.commonLabels,
}, },
rules: [ rules: [
{ {
apiGroups: [''], apiGroups: [''],
resources: ['nodes/metrics'], resources: ['services', 'endpoints', 'pods'],
verbs: ['get'], verbs: ['get', 'list', 'watch'],
}, },
{ {
nonResourceURLs: ['/metrics'], apiGroups: ['extensions'],
verbs: ['get'], resources: ['ingresses'],
verbs: ['get', 'list', 'watch'],
}, },
], ],
}, };
{
roleConfig: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role', kind: 'RoleList',
metadata: { items: [newSpecificRole(x) for x in p.config.namespaces],
name: 'prometheus-' + p.name + '-config',
namespace: p.namespace,
labels: $._config.prometheus.labels,
},
rules: [{
apiGroups: [''],
resources: ['configmaps'],
verbs: ['get'],
}],
}, },
roleBindingConfig: { prometheus: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'monitoring.coreos.com/v1',
kind: 'RoleBinding', kind: 'Prometheus',
metadata: { metadata: {
name: 'prometheus-' + p.name + '-config', name: p.config.name,
namespace: p.namespace, namespace: p.config.namespace,
labels: $._config.prometheus.labels, labels: { prometheus: p.config.name } + p.config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: 'prometheus-' + p.name + '-config',
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p.name,
namespace: p.namespace,
}],
}, },
spec: {
clusterRoleBinding: { replicas: p.config.replicas,
apiVersion: 'rbac.authorization.k8s.io/v1', version: p.config.version,
kind: 'ClusterRoleBinding', image: p.config.image,
metadata: { podMetadata: {
name: 'prometheus-' + p.name, labels: p.config.commonLabels,
labels: $._config.prometheus.labels,
}, },
roleRef: { serviceAccountName: 'prometheus-' + p.config.name,
apiGroup: 'rbac.authorization.k8s.io', serviceMonitorSelector: {},
kind: 'ClusterRole', podMonitorSelector: {},
name: 'prometheus-' + p.name, probeSelector: {},
}, serviceMonitorNamespaceSelector: {},
subjects: [{ podMonitorNamespaceSelector: {},
kind: 'ServiceAccount', probeNamespaceSelector: {},
name: 'prometheus-' + p.name, nodeSelector: { 'kubernetes.io/os': 'linux' },
namespace: p.namespace, ruleSelector: {
}], matchLabels: {
}, role: 'alert-rules',
prometheus: p.config.name,
roleSpecificNamespaces:
local newSpecificRole(namespace) = {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
name: 'prometheus-' + p.name,
namespace: namespace,
labels: $._config.prometheus.labels,
},
rules: [
{
apiGroups: [''],
resources: ['services', 'endpoints', 'pods'],
verbs: ['get', 'list', 'watch'],
},
{
apiGroups: ['extensions'],
resources: ['ingresses'],
verbs: ['get', 'list', 'watch'],
},
],
};
{
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleList',
items: [newSpecificRole(x) for x in p.roleBindingNamespaces],
},
prometheus: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'Prometheus',
metadata: {
name: p.name,
namespace: p.namespace,
labels: { prometheus: p.name } + $._config.prometheus.labels,
},
spec: {
replicas: p.replicas,
version: $._config.versions.prometheus,
image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus,
podMetadata: {
labels: $._config.prometheus.labels,
},
serviceAccountName: 'prometheus-' + p.name,
serviceMonitorSelector: {},
podMonitorSelector: {},
probeSelector: {},
serviceMonitorNamespaceSelector: {},
podMonitorNamespaceSelector: {},
probeNamespaceSelector: {},
nodeSelector: { 'kubernetes.io/os': 'linux' },
ruleSelector: {
matchLabels: {
role: 'alert-rules',
prometheus: p.name,
},
},
resources: {
requests: { memory: '400Mi' },
},
alerting: {
alertmanagers: [{
namespace: p.namespace,
name: p.alertmanagerName,
port: 'web',
}],
},
securityContext: {
runAsUser: 1000,
runAsNonRoot: true,
fsGroup: 2000,
}, },
}, },
}, resources: p.config.resources,
alerting: {
serviceMonitor: { alertmanagers: [{
apiVersion: 'monitoring.coreos.com/v1', namespace: p.config.namespace,
kind: 'ServiceMonitor', name: 'alertmanager-' + p.config.alertmanagerName,
metadata: {
name: 'prometheus',
namespace: p.namespace,
labels: $._config.prometheus.labels,
},
spec: {
selector: {
matchLabels: { prometheus: p.name } + $._config.prometheus.selectorLabels,
},
endpoints: [{
port: 'web', port: 'web',
interval: '30s',
}], }],
}, },
}, securityContext: {
runAsUser: 1000,
serviceMonitorKubeScheduler: { runAsNonRoot: true,
apiVersion: 'monitoring.coreos.com/v1', fsGroup: 2000,
kind: 'ServiceMonitor',
metadata: {
name: 'kube-scheduler',
namespace: p.namespace,
labels: { 'app.kubernetes.io/name': 'kube-scheduler' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
endpoints: [{
port: 'https-metrics',
interval: '30s',
scheme: 'https',
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: { insecureSkipVerify: true },
}],
selector: {
matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
},
},
serviceMonitorKubelet: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kubelet',
namespace: p.namespace,
labels: { 'app.kubernetes.io/name': 'kubelet' },
},
spec: {
jobLabel: 'k8s-app',
endpoints: [
{
port: 'https-metrics',
scheme: 'https',
interval: '30s',
honorLabels: true,
tlsConfig: { insecureSkipVerify: true },
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
metricRelabelings: relabelings,
relabelings: [{
sourceLabels: ['__metrics_path__'],
targetLabel: 'metrics_path',
}],
},
{
port: 'https-metrics',
scheme: 'https',
path: '/metrics/cadvisor',
interval: '30s',
honorLabels: true,
honorTimestamps: false,
tlsConfig: {
insecureSkipVerify: true,
},
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
relabelings: [{
sourceLabels: ['__metrics_path__'],
targetLabel: 'metrics_path',
}],
metricRelabelings: [
// Drop a bunch of metrics which are disabled but still sent, see
// https://github.com/google/cadvisor/issues/1925.
{
sourceLabels: ['__name__'],
regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)',
action: 'drop',
},
],
},
{
port: 'https-metrics',
scheme: 'https',
path: '/metrics/probes',
interval: '30s',
honorLabels: true,
tlsConfig: { insecureSkipVerify: true },
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
relabelings: [{
sourceLabels: ['__metrics_path__'],
targetLabel: 'metrics_path',
}],
},
],
selector: {
matchLabels: { 'k8s-app': 'kubelet' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
},
},
serviceMonitorKubeControllerManager: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kube-controller-manager',
namespace: p.namespace,
labels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
endpoints: [{
port: 'https-metrics',
interval: '30s',
scheme: 'https',
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: {
insecureSkipVerify: true,
},
metricRelabelings: relabelings + [
{
sourceLabels: ['__name__'],
regex: 'etcd_(debugging|disk|request|server).*',
action: 'drop',
},
],
}],
selector: {
matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
},
},
serviceMonitorApiserver: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kube-apiserver',
namespace: p.namespace,
labels: { 'app.kubernetes.io/name': 'apiserver' },
},
spec: {
jobLabel: 'component',
selector: {
matchLabels: {
component: 'apiserver',
provider: 'kubernetes',
},
},
namespaceSelector: {
matchNames: ['default'],
},
endpoints: [{
port: 'https',
interval: '30s',
scheme: 'https',
tlsConfig: {
caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
serverName: 'kubernetes',
},
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
metricRelabelings: relabelings + [
{
sourceLabels: ['__name__'],
regex: 'etcd_(debugging|disk|server).*',
action: 'drop',
},
{
sourceLabels: ['__name__'],
regex: 'apiserver_admission_controller_admission_latencies_seconds_.*',
action: 'drop',
},
{
sourceLabels: ['__name__'],
regex: 'apiserver_admission_step_admission_latencies_seconds_.*',
action: 'drop',
},
{
sourceLabels: ['__name__', 'le'],
regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)',
action: 'drop',
},
],
}],
},
},
serviceMonitorCoreDNS: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'coredns',
namespace: p.namespace,
labels: { 'app.kubernetes.io/name': 'coredns' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
selector: {
matchLabels: { 'app.kubernetes.io/name': 'kube-dns' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
endpoints: [{
port: 'metrics',
interval: '15s',
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
}],
}, },
}, },
}, },
serviceMonitor: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'prometheus',
namespace: p.config.namespace,
labels: p.config.commonLabels,
},
spec: {
selector: {
matchLabels: p.config.selectorLabels,
},
endpoints: [{
port: 'web',
interval: '30s',
}],
},
},
serviceMonitorKubeScheduler: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kube-scheduler',
namespace: p.config.namespace,
labels: { 'app.kubernetes.io/name': 'kube-scheduler' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
endpoints: [{
port: 'https-metrics',
interval: '30s',
scheme: 'https',
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: { insecureSkipVerify: true },
}],
selector: {
matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
},
},
serviceMonitorKubelet: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kubelet',
namespace: p.config.namespace,
labels: { 'app.kubernetes.io/name': 'kubelet' },
},
spec: {
jobLabel: 'k8s-app',
endpoints: [
{
port: 'https-metrics',
scheme: 'https',
interval: '30s',
honorLabels: true,
tlsConfig: { insecureSkipVerify: true },
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
metricRelabelings: relabelings,
relabelings: [{
sourceLabels: ['__metrics_path__'],
targetLabel: 'metrics_path',
}],
},
{
port: 'https-metrics',
scheme: 'https',
path: '/metrics/cadvisor',
interval: '30s',
honorLabels: true,
honorTimestamps: false,
tlsConfig: {
insecureSkipVerify: true,
},
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
relabelings: [{
sourceLabels: ['__metrics_path__'],
targetLabel: 'metrics_path',
}],
metricRelabelings: [
// Drop a bunch of metrics which are disabled but still sent, see
// https://github.com/google/cadvisor/issues/1925.
{
sourceLabels: ['__name__'],
regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)',
action: 'drop',
},
],
},
{
port: 'https-metrics',
scheme: 'https',
path: '/metrics/probes',
interval: '30s',
honorLabels: true,
tlsConfig: { insecureSkipVerify: true },
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
relabelings: [{
sourceLabels: ['__metrics_path__'],
targetLabel: 'metrics_path',
}],
},
],
selector: {
matchLabels: { 'k8s-app': 'kubelet' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
},
},
serviceMonitorKubeControllerManager: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kube-controller-manager',
namespace: p.config.namespace,
labels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
endpoints: [{
port: 'https-metrics',
interval: '30s',
scheme: 'https',
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: {
insecureSkipVerify: true,
},
metricRelabelings: relabelings + [
{
sourceLabels: ['__name__'],
regex: 'etcd_(debugging|disk|request|server).*',
action: 'drop',
},
],
}],
selector: {
matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
},
},
serviceMonitorApiserver: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'kube-apiserver',
namespace: p.config.namespace,
labels: { 'app.kubernetes.io/name': 'apiserver' },
},
spec: {
jobLabel: 'component',
selector: {
matchLabels: {
component: 'apiserver',
provider: 'kubernetes',
},
},
namespaceSelector: {
matchNames: ['default'],
},
endpoints: [{
port: 'https',
interval: '30s',
scheme: 'https',
tlsConfig: {
caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
serverName: 'kubernetes',
},
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
metricRelabelings: relabelings + [
{
sourceLabels: ['__name__'],
regex: 'etcd_(debugging|disk|server).*',
action: 'drop',
},
{
sourceLabels: ['__name__'],
regex: 'apiserver_admission_controller_admission_latencies_seconds_.*',
action: 'drop',
},
{
sourceLabels: ['__name__'],
regex: 'apiserver_admission_step_admission_latencies_seconds_.*',
action: 'drop',
},
{
sourceLabels: ['__name__', 'le'],
regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)',
action: 'drop',
},
],
}],
},
},
serviceMonitorCoreDNS: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'coredns',
namespace: p.config.namespace,
labels: { 'app.kubernetes.io/name': 'coredns' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
selector: {
matchLabels: { 'app.kubernetes.io/name': 'kube-dns' },
},
namespaceSelector: {
matchNames: ['kube-system'],
},
endpoints: [{
port: 'metrics',
interval: '15s',
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
}],
},
},
} }