New prometheus-operator structure using jsonnet build

This commit is contained in:
CarlosEDP 2018-12-12 15:18:00 -02:00
parent 5413555f77
commit f59ff6aece
139 changed files with 17175 additions and 106 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
vendor

43
Makefile Normal file
View File

@ -0,0 +1,43 @@
JSONNET_FMT := jsonnet fmt -n 2 --max-blank-lines 2 --string-style s --comment-style s
JB_BINARY:=$(GOPATH)/bin/jb
.PHONY: generate vendor fmt manifests
all: generate
generate: manifests
manifests: $(JSONNET)
rm -rf manifests
./build.sh main.jsonnet
update:
jb update
vendor: $(JB_BINARY) jsonnetfile.json jsonnetfile.lock.json
rm -rf vendor
$(JB_BINARY) install
fmt:
find . -name 'vendor' -prune -o -name '*.libsonnet' -o -name '*.jsonnet' -print | xargs -n 1 -- $(JSONNET_FMT) -i
deploy:
kubectl apply -f ./manifests/
echo "Will wait 40 seconds to reapply manifests"
sleep 40
kubectl apply -f ./manifests/
teardown:
kubectl delete -f ./manifests/
tar: manifests
rm -rf manifests.tar
tar -cf manifests.tar manifests
$(JB_BINARY):
go get -u github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb
$(JSONNET):
go get github.com/google/go-jsonnet/jsonnet
go get github.com/brancz/gojsontoyaml

95
arm_exporter.jsonnet Normal file
View File

@ -0,0 +1,95 @@
local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
_config+:: {
namespace: 'monitoring',
versions+:: {
armExporter: 'latest',
kubeRbacProxy: 'v0.4.0',
},
imageRepos+:: {
armExporter: 'carlosedp/arm_exporter',
kubeRbacProxy: 'carlosedp/kube-rbac-proxy',
},
},
armExporter+:: {
daemonset:
local daemonset = k.apps.v1beta2.daemonSet;
local container = daemonset.mixin.spec.template.spec.containersType;
local containerPort = container.portsType;
local podLabels = { 'k8s-app': 'arm-exporter' };
local armExporter =
container.new('arm-exporter', $._config.imageRepos.armExporter + ':' + $._config.versions.armExporter) +
container.mixin.resources.withRequests({ cpu: '100m', memory: '180Mi' }) +
container.mixin.resources.withLimits({ cpu: '200m', memory: '180Mi' });
local proxy =
container.new('kube-rbac-proxy', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
container.withArgs([
'--secure-listen-address=$(IP):9243',
'--upstream=http://127.0.0.1:9243/',
]) +
container.withPorts(containerPort.new(9243) + containerPort.withHostPort(9243) + containerPort.withName('https')) +
container.mixin.resources.withRequests({ cpu: '10m', memory: '20Mi' }) +
container.mixin.resources.withLimits({ cpu: '20m', memory: '40Mi' });
local c = [armExporter, proxy];
daemonset.new() +
daemonset.mixin.metadata.withName('arm-exporter') +
daemonset.mixin.metadata.withNamespace($._config.namespace) +
daemonset.mixin.metadata.withLabels(podLabels) +
daemonset.mixin.spec.selector.withMatchLabels(podLabels) +
daemonset.mixin.spec.template.metadata.withLabels(podLabels) +
daemonset.mixin.spec.template.spec.withNodeSelector({ 'beta.kubernetes.io/os': 'linux' }) +
daemonset.mixin.spec.template.spec.withContainers(c),
serviceMonitor:
{
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'arm-exporter',
namespace: $._config.namespace,
labels: {
'k8s-app': 'arm-exporter',
},
},
spec: {
jobLabel: 'k8s-app',
selector: {
matchLabels: {
'k8s-app': 'arm-exporter',
},
},
endpoints: [
{
port: 'https',
scheme: 'https',
interval: '30s',
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: {
insecureSkipVerify: true,
},
},
],
},
},
service:
local service = k.core.v1.service;
local servicePort = k.core.v1.service.mixin.spec.portsType;
local armExporterPort = servicePort.newNamed('https', 9243, 'https');
service.new('arm-exporter', $.armExporter.daemonset.spec.selector.matchLabels, armExporterPort) +
service.mixin.metadata.withNamespace($._config.namespace) +
service.mixin.metadata.withLabels({ 'k8s-app': 'arm-exporter' }) +
service.mixin.spec.withClusterIp('None'),
},
};
{ ['arm-exporter-' + name]: kp.armExporter[name] for name in std.objectFields(kp.armExporter) }

16
build.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
# This script uses arg $1 (name of *.jsonnet file to use) to generate the manifests/*.yaml files.
set -e
set -x
# only exit with zero if all commands of the pipeline exit successfully
set -o pipefail
# Make sure to start with a clean 'manifests' dir
rm -rf manifests
mkdir manifests
# optional, but we would like to generate yaml, not json
jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml; rm -f {}' -- {}

View File

@ -3,43 +3,67 @@
REPO=carlosedp REPO=carlosedp
AOM_VERSION=2.1 AOM_VERSION=2.1
KSM_VERSION=v1.3.0 KSM_VERSION=v1.4.0
VERSION=v0.20.0 VERSION=v0.26.0
PROMCONFIGRELOADER_VERSION=v0.20.0 PROMCONFIGRELOADER_VERSION=v0.20.0
#-------------------------------------------------------------------------------
# Kubernetes addon-resizer # Kubernetes addon-resizer
# Retag Addon-resizer google images to have unified manifest on DockerHub # Retag Addon-resizer google images to have unified manifest on DockerHub
docker pull gcr.io/google-containers/addon-resizer-arm64:$AOM_VERSION docker pull gcr.io/google-containers/addon-resizer-arm64:$AOM_VERSION
docker pull gcr.io/google-containers/addon-resizer-arm:$AOM_VERSION docker pull gcr.io/google-containers/addon-resizer-arm:$AOM_VERSION
docker pull gcr.io/google-containers/addon-resizer-amd64:$AOM_VERSION
docker tag gcr.io/google-containers/addon-resizer-arm64:$AOM_VERSION $REPO/addon-resizer:$AOM_VERSION-arm64 docker tag gcr.io/google-containers/addon-resizer-arm64:$AOM_VERSION $REPO/addon-resizer:$AOM_VERSION-arm64
docker tag gcr.io/google-containers/addon-resizer-amd64:$AOM_VERSION $REPO/addon-resizer:$AOM_VERSION-arm64
docker tag gcr.io/google-containers/addon-resizer-arm:$AOM_VERSION $REPO/addon-resizer:$AOM_VERSION-arm docker tag gcr.io/google-containers/addon-resizer-arm:$AOM_VERSION $REPO/addon-resizer:$AOM_VERSION-arm
docker push $REPO/addon-resizer:$AOM_VERSION-arm docker push $REPO/addon-resizer:$AOM_VERSION-arm
docker push $REPO/addon-resizer:$AOM_VERSION-arm64 docker push $REPO/addon-resizer:$AOM_VERSION-arm64
docker push $REPO/addon-resizer:$AOM_VERSION-amd64
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/addon-resizer:$AOM_VERSION-ARCH --target $REPO/addon-resizer:$AOM_VERSION manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/addon-resizer:$AOM_VERSION-ARCH --target $REPO/addon-resizer:$AOM_VERSION
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/addon-resizer:$AOM_VERSION-ARCH --target $REPO/addon-resizer:latest manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/addon-resizer:$AOM_VERSION-ARCH --target $REPO/addon-resizer:latest
#-------------------------------------------------------------------------------
# Kube-state-metrics # Kube-state-metrics
export DOCKER_CLI_EXPERIMENTAL=enabled
IMAGE=carlosedp/kube-state-metrics
ALL_ARCH='amd64 arm arm64'
go get github.com/kubernetes/kube-state-metrics go get github.com/kubernetes/kube-state-metrics
mv $HOME/go/src/github.com/kubernetes/kube-state-metrics $HOME/go/src/k8s.io/kube-state-metrics #mv $HOME/go/src/github.com/kubernetes/kube-state-metrics $HOME/go/src/k8s.io/kube-state-metrics
cd $HOME/go/src/k8s.io/kube-state-metrics cd $HOME/go/src/k8s.io/kube-state-metrics
git checkout ${KSM_VERSION} git checkout ${KSM_VERSION}
cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM arm32v6\/alpine:3.7/' > Dockerfile.arm
cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM arm64v8\/alpine:3.7/' > Dockerfile.arm64
GOOS=linux GOARCH=arm go build . GOOS=linux GOARCH=arm go build .
docker build -t $REPO/kube-state-metrics:${KSM_VERSION}-arm . docker build -t $REPO/kube-state-metrics:${KSM_VERSION}-arm -f Dockerfile.arm .
GOOS=linux GOARCH=arm64 go build . GOOS=linux GOARCH=arm64 go build .
docker build -t $REPO/kube-state-metrics:${KSM_VERSION}-arm64 . docker build -t $REPO/kube-state-metrics:${KSM_VERSION}-arm64 -f Dockerfile.arm64 .
GOOS=linux GOARCH=amd64 go build .
docker build -t $REPO/kube-state-metrics:${KSM_VERSION}-amd64 -f Dockerfile .
docker push $REPO/kube-state-metrics:$KSM_VERSION-arm docker push $REPO/kube-state-metrics:$KSM_VERSION-arm
docker push $REPO/kube-state-metrics:$KSM_VERSION-arm64 docker push $REPO/kube-state-metrics:$KSM_VERSION-arm64
docker push $REPO/kube-state-metrics:$KSM_VERSION-amd64
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/kube-state-metrics:$KSM_VERSION-ARCH --target $REPO/kube-state-metrics:$KSM_VERSION docker manifest create --amend $IMAGE:$KSM_VERSION `echo $ALL_ARCH | sed -e "s~[^ ]*~$IMAGE:$KSM_VERSION\-&~g"`
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/kube-state-metrics:$KSM_VERSION-ARCH --target $REPO/kube-state-metrics:latest for arch in $ALL_ARCH; do docker manifest annotate --arch $arch $IMAGE:$KSM_VERSION $IMAGE:$KSM_VERSION-$arch; done
docker manifest push $IMAGE:$KSM_VERSION
#-------------------------------------------------------------------------------
# Prometheus-operator # Prometheus-operator
export DOCKER_CLI_EXPERIMENTAL=enabled
IMAGE=carlosedp/prometheus-operator
ALL_ARCH='amd64 arm arm64'
go get github.com/coreos/prometheus-operator go get github.com/coreos/prometheus-operator
cd $HOME/go/src/github.com/coreos/prometheus-operator cd $HOME/go/src/github.com/coreos/prometheus-operator
@ -47,40 +71,168 @@ git checkout ${VERSION}
go get -u github.com/prometheus/promu go get -u github.com/prometheus/promu
cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM busybox/' > Dockerfile.arm cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM arm32v6\/busybox/' > Dockerfile.arm
cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM arm64v8\/busybox/' > Dockerfile.arm64
GOOS=linux GOARCH=arm $GOPATH/bin/promu build --prefix `pwd` GOOS=linux GOARCH=arm $GOPATH/bin/promu build --prefix `pwd`
docker build -t $REPO/prometheus-operator:${VERSION}-arm -f Dockerfile.arm . docker build -t $REPO/prometheus-operator:${VERSION}-arm -f Dockerfile.arm .
GOOS=linux GOARCH=arm64 $GOPATH/bin/promu build --prefix `pwd` GOOS=linux GOARCH=arm64 $GOPATH/bin/promu build --prefix `pwd`
docker build -t $REPO/prometheus-operator:${VERSION}-arm64 -f Dockerfile.arm . docker build -t $REPO/prometheus-operator:${VERSION}-arm64 -f Dockerfile.arm64 .
docker push $REPO/prometheus-operator:$VERSION-arm docker push $REPO/prometheus-operator:$VERSION-arm
docker push $REPO/prometheus-operator:$VERSION-arm64 docker push $REPO/prometheus-operator:$VERSION-arm64
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-operator:$VERSION-ARCH --target $REPO/prometheus-operator:$VERSION docker manifest create --amend $IMAGE:$VERSION `echo $ALL_ARCH | sed -e "s~[^ ]*~$IMAGE:$VERSION\-&~g"`
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-operator:$VERSION-ARCH --target $REPO/prometheus-operator:latest for arch in $ALL_ARCH; do docker manifest annotate --arch $arch $IMAGE:$VERSION $IMAGE:$VERSION-$arch; done
docker manifest push $IMAGE:$VERSION
rm Dockerfile.arm rm Dockerfile.arm
rm Dockerfile.arm64
#-------------------------------------------------------------------------------
# kube-rbac-proxy
export DOCKER_CLI_EXPERIMENTAL=enabled
IMAGE=carlosedp/kube-rbac-proxy
VERSION=v0.4.0
ALL_ARCH='amd64 arm arm64'
go get github.com/brancz/kube-rbac-proxy
cd $HOME/go/src/github.com/brancz/kube-rbac-proxy
git checkout ${VERSION}
cat > Dockerfile.arm <<EOF
FROM arm32v6/alpine:3.8
COPY qemu-arm-static /usr/bin/qemu-arm-static
RUN apk add -U --no-cache ca-certificates && rm -rf /var/cache/apk/*
COPY kube-rbac-proxy .
RUN rm /usr/bin/qemu-arm-static
ENTRYPOINT ["./kube-rbac-proxy"]
EXPOSE 8080
EOF
cat > Dockerfile.arm64 <<EOF
FROM arm64v8/alpine:3.8
COPY qemu-aarch64-static /usr/bin/qemu-aarch64-static
RUN apk add -U --no-cache ca-certificates && rm -rf /var/cache/apk/*
COPY kube-rbac-proxy .
ENTRYPOINT ["./kube-rbac-proxy"]
EXPOSE 8080
EOF
cat > Dockerfile.amd64 <<EOF
FROM alpine:3.8
RUN apk add -U --no-cache ca-certificates && rm -rf /var/cache/apk/*
COPY kube-rbac-proxy .
ENTRYPOINT ["./kube-rbac-proxy"]
EXPOSE 8080
EOF
docker run --rm --privileged multiarch/qemu-user-static:register --reset
wget https://github.com/multiarch/qemu-user-static/releases/download/v3.0.0/qemu-arm-static
chmod +x qemu-arm-static
GOOS=linux GOARCH=arm go build .
docker build -t $IMAGE:$VERSION-arm -f Dockerfile.arm .
wget https://github.com/multiarch/qemu-user-static/releases/download/v3.0.0/qemu-aarch64-static
chmod +x qemu-aarch64-static
GOOS=linux GOARCH=arm64 go build .
docker build -t $IMAGE:$VERSION-arm64 -f Dockerfile.arm64 .
GOOS=linux GOARCH=amd64 go build .
docker build -t $IMAGE:$VERSION-amd64 -f Dockerfile.amd64 .
docker push $IMAGE:$VERSION-arm
docker push $IMAGE:$VERSION-arm64
docker push $IMAGE:$VERSION-amd64
docker manifest create --amend $IMAGE:$VERSION `echo $ALL_ARCH | sed -e "s~[^ ]*~$IMAGE:$VERSION\-&~g"`
for arch in $ALL_ARCH; do docker manifest annotate --arch $arch $IMAGE:$VERSION $IMAGE:$VERSION-$arch; done
docker manifest push $IMAGE:$VERSION
#-------------------------------------------------------------------------------
# prometheus-config-reloader # prometheus-config-reloader
go get github.com/coreos/prometheus-operator export DOCKER_CLI_EXPERIMENTAL=enabled
cd $HOME/go/src/github.com/coreos/prometheus-operator/ IMAGE=carlosedp/prometheus-config-reloader
git checkout ${PROMCONFIGRELOADER_VERSION} VERSION=v0.26.0
cd $HOME/go/src/github.com/coreos/prometheus-operator/contrib/prometheus-config-reloader ALL_ARCH='amd64 arm arm64'
cat Dockerfile |sed -e 's/^FROM.*/FROM busybox/' > Dockerfile.arm go get github.com/coreos/prometheus-operator
cd $HOME/go/src/github.com/coreos/prometheus-operator/cmd/prometheus-config-reloader
git checkout ${VERSION}
cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM arm32v6\/busybox/' > Dockerfile.arm
cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM arm64v8\/busybox/' > Dockerfile.arm64
GOOS=linux GOARCH=arm CGO_ENABLED=0 go build -o prometheus-config-reloader main.go GOOS=linux GOARCH=arm CGO_ENABLED=0 go build -o prometheus-config-reloader main.go
docker build -t $REPO/prometheus-config-reloader:${PROMCONFIGRELOADER_VERSION}-arm -f Dockerfile.arm . docker build -t $IMAGE:$VERSION-arm -f Dockerfile.arm .
GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o prometheus-config-reloader main.go GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o prometheus-config-reloader main.go
docker build -t $REPO/prometheus-config-reloader:${PROMCONFIGRELOADER_VERSION}-arm64 -f Dockerfile.arm . docker build -t $IMAGE:$VERSION-arm64 -f Dockerfile.arm64 .
docker push $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-arm GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o prometheus-config-reloader main.go
docker push $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-arm64 docker build -t $IMAGE:$VERSION-amd64 -f Dockerfile .
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-ARCH --target $REPO/prometheus-config-reloader:$VERSION docker push $IMAGE:$VERSION-arm
manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-ARCH --target $REPO/prometheus-config-reloader:latest docker push $IMAGE:$VERSION-arm64
docker push $IMAGE:$VERSION-amd64
docker manifest create --amend $IMAGE:$VERSION `echo $ALL_ARCH | sed -e "s~[^ ]*~$IMAGE:$VERSION\-&~g"`
for arch in $ALL_ARCH; do docker manifest annotate --arch $arch $IMAGE:$VERSION $IMAGE:$VERSION-$arch; done
docker manifest push $IMAGE:$VERSION
rm Dockerfile.arm rm Dockerfile.arm
rm Dockerfile.arm64
#-------------------------------------------------------------------------------
# configmap-reload
export DOCKER_CLI_EXPERIMENTAL=enabled
IMAGE=carlosedp/configmap-reload
VERSION=v0.2.2
ALL_ARCH='amd64 arm arm64'
go get github.com/openshift/configmap-reload
cd $HOME/go/src/github.com/openshift/configmap-reload
#git checkout ${VERSION}
cat > Dockerfile.arm <<EOF
FROM arm32v6/busybox
COPY configmap-reload /configmap-reload
ENTRYPOINT ["/configmap-reload"]
EOF
cat > Dockerfile.arm64 <<EOF
FROM arm64v8/busybox
COPY configmap-reload /configmap-reload
ENTRYPOINT ["/configmap-reload"]
EOF
cat > Dockerfile.amd64 <<EOF
FROM busybox
COPY configmap-reload /configmap-reload
ENTRYPOINT ["/configmap-reload"]
EOF
GOOS=linux GOARCH=arm CGO_ENABLED=0 go build .
docker build -t $IMAGE:$VERSION-arm -f Dockerfile.arm .
GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build .
docker build -t $IMAGE:$VERSION-arm64 -f Dockerfile.arm64 .
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build .
docker build -t $IMAGE:$VERSION-amd64 -f Dockerfile.amd64 .
docker push $IMAGE:$VERSION-arm
docker push $IMAGE:$VERSION-arm64
docker push $IMAGE:$VERSION-amd64
docker manifest create --amend $IMAGE:$VERSION `echo $ALL_ARCH | sed -e "s~[^ ]*~$IMAGE:$VERSION\-&~g"`
for arch in $ALL_ARCH; do docker manifest annotate --arch $arch $IMAGE:$VERSION $IMAGE:$VERSION-$arch; done
docker manifest push $IMAGE:$VERSION

52
deploy
View File

@ -1,52 +0,0 @@
#!/usr/bin/env bash
if [ -z "${KUBECONFIG}" ]; then
export KUBECONFIG=~/.kube/config
fi
# CAUTION - setting NAMESPACE will deploy most components to the given namespace
# however some are hardcoded to 'monitoring'. Only use if you have reviewed all manifests.
if [ -z "${NAMESPACE}" ]; then
NAMESPACE=monitoring
fi
kubectl create namespace "$NAMESPACE"
kctl() {
kubectl --namespace "$NAMESPACE" "$@"
}
kubectl apply -f manifests/k8s
kctl apply -f manifests/prometheus-operator
# Wait for CRDs to be ready.
printf "Waiting for Operator to register custom resource definitions..."
until kctl get customresourcedefinitions servicemonitors.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
until kctl get customresourcedefinitions prometheuses.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
until kctl get customresourcedefinitions alertmanagers.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
until kctl get servicemonitors.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
until kctl get prometheuses.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
until kctl get alertmanagers.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
echo "done!"
kctl apply -f manifests/node-exporter
kctl apply -f manifests/armexporter/daemonset.yaml
kctl apply -f manifests/armexporter/service.yaml
kctl apply -f manifests/kube-state-metrics/kube-state-metrics-cluster-role.yaml
kctl apply -f manifests/kube-state-metrics/kube-state-metrics-cluster-role-binding.yaml
kctl apply -f manifests/kube-state-metrics/kube-state-metrics-role.yaml
kctl apply -f manifests/kube-state-metrics/kube-state-metrics-role-binding.yaml
kctl apply -f manifests/kube-state-metrics/kube-state-metrics-service-account.yaml
kctl apply -f manifests/kube-state-metrics/kube-state-metrics-service.yaml
kctl apply -f manifests/kube-state-metrics/kube-state-metrics-deployment.yaml
kctl apply -f manifests/grafana/grafana-credentials.yaml
kctl apply -f manifests/grafana
find manifests/prometheus -type f ! -name prometheus-k8s-roles.yaml ! -name prometheus-k8s-role-bindings.yaml -exec kubectl --namespace "$NAMESPACE" apply -f {} \;
kubectl apply -f manifests/prometheus/prometheus-k8s-roles.yaml
kubectl apply -f manifests/prometheus/prometheus-k8s-role-bindings.yaml
kctl apply -f manifests/alertmanager/
kctl apply -f manifests/smtp-server/smtp.yaml

14
example.jsonnet Normal file
View File

@ -0,0 +1,14 @@
local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + {
_config+:: {
namespace: 'monitoring',
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }

14
jsonnetfile.json Normal file
View File

@ -0,0 +1,14 @@
{
"dependencies": [
{
"name": "kube-prometheus",
"source": {
"git": {
"remote": "https://github.com/coreos/prometheus-operator",
"subdir": "contrib/kube-prometheus/jsonnet/kube-prometheus"
}
},
"version": "master"
}
]
}

84
jsonnetfile.lock.json Normal file
View File

@ -0,0 +1,84 @@
{
"dependencies": [
{
"name": "kube-prometheus",
"source": {
"git": {
"remote": "https://github.com/coreos/prometheus-operator",
"subdir": "contrib/kube-prometheus/jsonnet/kube-prometheus"
}
},
"version": "9536d7787789b74b692cd8a5482a2801b1aba232"
},
{
"name": "ksonnet",
"source": {
"git": {
"remote": "https://github.com/ksonnet/ksonnet-lib",
"subdir": ""
}
},
"version": "d03da231d6c8bd74437b74a1e9e8b966f13dffa2"
},
{
"name": "kubernetes-mixin",
"source": {
"git": {
"remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin",
"subdir": ""
}
},
"version": "4c23c06fff9ef50744f5ed306c9ab0c4bd78a144"
},
{
"name": "grafonnet",
"source": {
"git": {
"remote": "https://github.com/grafana/grafonnet-lib",
"subdir": "grafonnet"
}
},
"version": "eea8b5ba6b8883cf2df5a17c39a42c4b57c0d63e"
},
{
"name": "grafana-builder",
"source": {
"git": {
"remote": "https://github.com/kausalco/public",
"subdir": "grafana-builder"
}
},
"version": "c6932cf90bce4fef218b4308effc9f15c4219a01"
},
{
"name": "grafana",
"source": {
"git": {
"remote": "https://github.com/brancz/kubernetes-grafana",
"subdir": "grafana"
}
},
"version": "da19aef6f5b378fb5281e6f61dbadbbf734d45ee"
},
{
"name": "prometheus-operator",
"source": {
"git": {
"remote": "https://github.com/coreos/prometheus-operator",
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "72ec4b9b16ef11700724dc71fec77112536eed40"
},
{
"name": "etcd-mixin",
"source": {
"git": {
"remote": "https://github.com/coreos/etcd",
"subdir": "Documentation/etcd-mixin"
}
},
"version": "15b6a17be48dea91a11497980b9adab541add7f0"
}
]
}

2
main.jsonnet Normal file
View File

@ -0,0 +1,2 @@
(import 'operator_stack.jsonnet') +
(import 'arm_exporter.jsonnet')

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,342 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
kind: PrometheusRule
plural: prometheusrules
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
description: ObjectMeta is metadata that all persisted resources must have,
which includes all objects users must create.
properties:
annotations:
description: 'Annotations is an unstructured key value map stored with
a resource that may be set by external tools to store and retrieve
arbitrary metadata. They are not queryable and should be preserved
when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
clusterName:
description: The name of the cluster which the object belongs to. This
is used to distinguish resources with same name and namespace in different
clusters. This field is not set anywhere right now and apiserver is
going to ignore it if set in create or update request.
type: string
creationTimestamp:
description: Time is a wrapper around time.Time which supports correct
marshaling to YAML and JSON. Wrappers are provided for many of the
factory methods that the time package offers.
format: date-time
type: string
deletionGracePeriodSeconds:
description: Number of seconds allowed for this object to gracefully
terminate before it will be removed from the system. Only set when
deletionTimestamp is also set. May only be shortened. Read-only.
format: int64
type: integer
deletionTimestamp:
description: Time is a wrapper around time.Time which supports correct
marshaling to YAML and JSON. Wrappers are provided for many of the
factory methods that the time package offers.
format: date-time
type: string
finalizers:
description: Must be empty before the object is deleted from the registry.
Each entry is an identifier for the responsible component that will
remove the entry from the list. If the deletionTimestamp of the object
is non-nil, entries in this list can only be removed.
items:
type: string
type: array
generateName:
description: |-
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency
type: string
generation:
description: A sequence number representing a specific generation of
the desired state. Populated by the system. Read-only.
format: int64
type: integer
initializers:
description: Initializers tracks the progress of initialization.
properties:
pending:
description: Pending is a list of initializers that must execute
in order before this object is visible. When the last pending
initializer is removed, and no failing result is set, the initializers
struct will be set to nil and the object is considered as initialized
and visible to all clients.
items:
description: Initializer is information about an initializer that
has not yet completed.
properties:
name:
description: name of the process that is responsible for initializing
this object.
type: string
required:
- name
type: array
result:
description: Status is a return value for calls that don't return
other objects.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
code:
description: Suggested HTTP return code for this status, 0 if
not set.
format: int32
type: integer
details:
description: StatusDetails is a set of additional properties
that MAY be set by the server to provide additional information
about a response. The Reason field of a Status object defines
what attributes will be set. Clients must ignore fields that
do not match the defined type of each attribute, and should
assume that any attribute may be empty, invalid, or under
defined.
properties:
causes:
description: The Causes array includes more details associated
with the StatusReason failure. Not all StatusReasons may
provide detailed causes.
items:
description: StatusCause provides more information about
an api.Status failure, including cases when multiple
errors are encountered.
properties:
field:
description: |-
The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.
Examples:
"name" - the field "name" on the current resource
"items[0].name" - the field "name" on the first array entry in "items"
type: string
message:
description: A human-readable description of the cause
of the error. This field may be presented as-is
to a reader.
type: string
reason:
description: A machine-readable description of the
cause of the error. If this value is empty there
is no information available.
type: string
type: array
group:
description: The group attribute of the resource associated
with the status StatusReason.
type: string
kind:
description: 'The kind attribute of the resource associated
with the status StatusReason. On some operations may differ
from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
name:
description: The name attribute of the resource associated
with the status StatusReason (when there is a single name
which can be described).
type: string
retryAfterSeconds:
description: If specified, the time in seconds before the
operation should be retried. Some errors may indicate
the client must take an alternate action - for those errors
this field may indicate how long to wait before taking
the alternate action.
format: int32
type: integer
uid:
description: 'UID of the resource. (when there is a single
resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
message:
description: A human-readable description of the status of this
operation.
type: string
metadata:
description: ListMeta describes metadata that synthetic resources
must have, including lists and various status objects. A resource
may have only one of {ObjectMeta, ListMeta}.
properties:
continue:
description: continue may be set if the user set a limit
on the number of items returned, and indicates that the
server has more data available. The value is opaque and
may be used to issue another request to the endpoint that
served this list to retrieve the next set of available
objects. Continuing a consistent list may not be possible
if the server configuration has changed or more than a
few minutes have passed. The resourceVersion field returned
when using this continue value will be identical to the
value in the first response, unless you have received
this token from an error message.
type: string
resourceVersion:
description: 'String that identifies the server''s internal
version of this object that can be used by clients to
determine when objects have changed. Value must be treated
as opaque by clients and passed unmodified back to the
server. Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency'
type: string
selfLink:
description: selfLink is a URL representing this object.
Populated by the system. Read-only.
type: string
reason:
description: A machine-readable description of why this operation
is in the "Failure" status. If this value is empty there is
no information available. A Reason clarifies an HTTP status
code but does not override it.
type: string
status:
description: 'Status of the operation. One of: "Success" or
"Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status'
type: string
required:
- pending
labels:
description: 'Map of string keys and values that can be used to organize
and categorize (scope and select) objects. May match selectors of
replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
type: object
name:
description: 'Name must be unique within a namespace. Is required when
creating resources, although some resources may allow a client to
request the generation of an appropriate name automatically. Name
is primarily intended for creation idempotence and configuration definition.
Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
namespace:
description: |-
Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
type: string
ownerReferences:
description: List of objects depended by this object. If ALL objects
in the list have been deleted, this object will be garbage collected.
If this object is managed by a controller, then an entry in this list
will point to this controller, with the controller field set to true.
There cannot be more than one managing controller.
items:
description: OwnerReference contains enough information to let you
identify an owning object. Currently, an owning object must be in
the same namespace, so there is no namespace field.
properties:
apiVersion:
description: API version of the referent.
type: string
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
type: boolean
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
uid:
description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
type: string
required:
- apiVersion
- kind
- name
- uid
type: array
resourceVersion:
description: |-
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency
type: string
selfLink:
description: SelfLink is a URL representing this object. Populated by
the system. Read-only.
type: string
uid:
description: |-
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
type: string
spec:
description: PrometheusRuleSpec contains specification parameters for a
Rule.
properties:
groups:
description: Content of Prometheus rule file
items:
description: RuleGroup is a list of sequentially evaluated recording
and alerting rules.
properties:
interval:
type: string
name:
type: string
rules:
items:
description: Rule describes an alerting or recording rule.
properties:
alert:
type: string
annotations:
type: object
expr:
anyOf:
- type: string
- type: integer
for:
type: string
labels:
type: object
record:
type: string
required:
- expr
type: array
required:
- name
- rules
type: array
version: v1

View File

@ -0,0 +1,291 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: servicemonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
kind: ServiceMonitor
plural: servicemonitors
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
spec:
description: ServiceMonitorSpec contains specification parameters for a
ServiceMonitor.
properties:
endpoints:
description: A list of endpoints allowed as part of this ServiceMonitor.
items:
description: Endpoint defines a scrapeable endpoint serving Prometheus
metrics.
properties:
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over
basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
properties:
password:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or it's key must
be defined
type: boolean
required:
- key
username:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or it's key must
be defined
type: boolean
required:
- key
bearerTokenFile:
description: File to read bearer token for scraping targets.
type: string
honorLabels:
description: HonorLabels chooses the metric's labels on collisions
with target labels.
type: boolean
interval:
description: Interval at which metrics should be scraped
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It defines
`<metric_relabel_configs>`-section of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. defailt is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: array
params:
description: Optional HTTP URL parameters
type: object
path:
description: HTTP path to scrape for metrics.
type: string
port:
description: Name of the service port this endpoint refers to.
Mutually exclusive with targetPort.
type: string
proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
to proxy through this endpoint.
type: string
relabelings:
description: 'RelabelConfigs to apply to samples before ingestion.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#<relabel_config>'
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It defines
`<metric_relabel_configs>`-section of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. defailt is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: array
scheme:
description: HTTP scheme to use for scraping.
type: string
scrapeTimeout:
description: Timeout after which the scrape is ended
type: string
targetPort:
anyOf:
- type: string
- type: integer
tlsConfig:
description: TLSConfig specifies TLS configuration parameters.
properties:
caFile:
description: The CA cert to use for the targets.
type: string
certFile:
description: The client cert file for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: The client key file for the targets.
type: string
serverName:
description: Used to verify the hostname for the targets.
type: string
type: array
jobLabel:
description: The label to use to retrieve the job name from.
type: string
namespaceSelector:
description: NamespaceSelector is a selector for selecting either all
namespaces or a list of namespaces.
properties:
any:
description: Boolean describing whether all namespaces are selected
in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes Pod
onto the target.
items:
type: string
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
selector:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains
values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to a
set of values. Valid operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
is In or NotIn, the values array must be non-empty. If the
operator is Exists or DoesNotExist, the values array must
be empty. This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: array
matchLabels:
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator is
"In", and the values array contains only "value". The requirements
are ANDed.
type: object
targetLabels:
description: TargetLabels transfers labels on the Kubernetes Service
onto the target.
items:
type: string
type: array
required:
- endpoints
- selector
version: v1

View File

@ -0,0 +1,66 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus-operator
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
- prometheuses/finalizers
- alertmanagers/finalizers
- servicemonitors
- prometheusrules
verbs:
- '*'
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- create
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch

View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-operator
subjects:
- kind: ServiceAccount
name: prometheus-operator
namespace: monitoring

View File

@ -0,0 +1,44 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
labels:
k8s-app: prometheus-operator
name: prometheus-operator
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
k8s-app: prometheus-operator
template:
metadata:
labels:
k8s-app: prometheus-operator
spec:
containers:
- args:
- --kubelet-service=kube-system/kubelet
- --logtostderr=true
- --config-reloader-image=carlosedp/configmap-reload:v0.2.2
- --prometheus-config-reloader=carlosedp/prometheus-config-reloader:v0.26.0
image: carlosedp/prometheus-operator:v0.26.0
name: prometheus-operator
ports:
- containerPort: 8080
name: http
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: prometheus-operator

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: prometheus-operator
name: prometheus-operator
namespace: monitoring
spec:
clusterIP: None
ports:
- name: http
port: 8080
targetPort: http
selector:
k8s-app: prometheus-operator

View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus-operator
namespace: monitoring

View File

@ -0,0 +1,14 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
k8s-app: prometheus-operator
name: prometheus-operator
namespace: monitoring
spec:
endpoints:
- honorLabels: true
port: http
selector:
matchLabels:
k8s-app: prometheus-operator

View File

@ -0,0 +1,18 @@
apiVersion: monitoring.coreos.com/v1
kind: Alertmanager
metadata:
labels:
alertmanager: main
name: main
namespace: monitoring
spec:
baseImage: carlosedp/alertmanager
nodeSelector:
beta.kubernetes.io/os: linux
replicas: 1
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: alertmanager-main
version: v0.15.3

View File

@ -0,0 +1,8 @@
apiVersion: v1
data:
alertmanager.yaml: Z2xvYmFsOgogIHJlc29sdmVfdGltZW91dDogNW0Kcm91dGU6CiAgZ3JvdXBfYnk6IFsnam9iJ10KICBncm91cF93YWl0OiAzMHMKICBncm91cF9pbnRlcnZhbDogNW0KICByZXBlYXRfaW50ZXJ2YWw6IDEyaAogIHJlY2VpdmVyOiAnbnVsbCcKICByb3V0ZXM6CiAgLSBtYXRjaDoKICAgICAgYWxlcnRuYW1lOiBEZWFkTWFuc1N3aXRjaAogICAgcmVjZWl2ZXI6ICdudWxsJwpyZWNlaXZlcnM6Ci0gbmFtZTogJ251bGwnCg==
kind: Secret
metadata:
name: alertmanager-main
namespace: monitoring
type: Opaque

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
alertmanager: main
name: alertmanager-main
namespace: monitoring
spec:
ports:
- name: web
port: 9093
targetPort: web
selector:
alertmanager: main
app: alertmanager

View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: alertmanager-main
namespace: monitoring

View File

@ -0,0 +1,14 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
k8s-app: alertmanager
name: alertmanager
namespace: monitoring
spec:
endpoints:
- interval: 30s
port: web
selector:
matchLabels:
alertmanager: main

View File

@ -0,0 +1,44 @@
apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
labels:
k8s-app: arm-exporter
name: arm-exporter
namespace: monitoring
spec:
selector:
matchLabels:
k8s-app: arm-exporter
template:
metadata:
labels:
k8s-app: arm-exporter
spec:
containers:
- image: carlosedp/arm_exporter:latest
name: arm-exporter
resources:
limits:
cpu: 200m
memory: 180Mi
requests:
cpu: 100m
memory: 180Mi
- args:
- --secure-listen-address=$(IP):9243
- --upstream=http://127.0.0.1:9243/
image: carlosedp/kube-rbac-proxy:v0.4.0
name: kube-rbac-proxy
ports:
- containerPort: 9243
hostPort: 9243
name: https
resources:
limits:
cpu: 20m
memory: 40Mi
requests:
cpu: 10m
memory: 20Mi
nodeSelector:
beta.kubernetes.io/os: linux

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: arm-exporter
name: arm-exporter
namespace: monitoring
spec:
clusterIP: None
ports:
- name: https
port: 9243
targetPort: https
selector:
k8s-app: arm-exporter

View File

@ -0,0 +1,19 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
k8s-app: arm-exporter
name: arm-exporter
namespace: monitoring
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 30s
port: https
scheme: https
tlsConfig:
insecureSkipVerify: true
jobLabel: k8s-app
selector:
matchLabels:
k8s-app: arm-exporter

View File

@ -0,0 +1,8 @@
apiVersion: v1
data:
grafana.ini: W2F1dGguYW5vbnltb3VzXQplbmFibGVkID0gZmFsc2UKW2F1dGguYmFzaWNdCmVuYWJsZWQgPSBmYWxzZQpbZGF0YWJhc2VdCnBhdGggPSAvZGF0YS9ncmFmYW5hLmRiCltwYXRoc10KZGF0YSA9IC92YXIvbGliL2dyYWZhbmEKbG9ncyA9IC92YXIvbGliL2dyYWZhbmEvbG9nCnBsdWdpbnMgPSAvdmFyL2xpYi9ncmFmYW5hL3BsdWdpbnMKcHJvdmlzaW9uaW5nID0gL2V0Yy9ncmFmYW5hL3Byb3Zpc2lvbmluZwpbc2Vzc2lvbl0KcHJvdmlkZXIgPSBtZW1vcnkKW3NtdHBdCmVuYWJsZWQgPSB0cnVlCmZyb21fYWRkcmVzcyA9IGNhcmxvc2VkcEBnbWFpbC5jb20KZnJvbV9uYW1lID0gR3JhZmFuYSBBbGVydApob3N0ID0gc210cC1zZXJ2ZXIubW9uaXRvcmluZy5zdmM6MjUKcGFzc3dvcmQgPSAKc2tpcF92ZXJpZnkgPSB0cnVlCnVzZXIgPSAK
kind: Secret
metadata:
name: grafana-config
namespace: monitoring
type: Opaque

View File

@ -0,0 +1,8 @@
apiVersion: v1
data:
prometheus.yaml: ewogICAgImFwaVZlcnNpb24iOiAxLAogICAgImRhdGFzb3VyY2VzIjogWwogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJwcm9tZXRoZXVzIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAicHJvbWV0aGV1cyIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL3Byb21ldGhldXMtazhzLm1vbml0b3Jpbmcuc3ZjOjkwOTAiLAogICAgICAgICAgICAidmVyc2lvbiI6IDEKICAgICAgICB9CiAgICBdCn0=
kind: Secret
metadata:
name: grafana-datasources
namespace: monitoring
type: Opaque

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,21 @@
apiVersion: v1
data:
dashboards.yaml: |-
{
"apiVersion": 1,
"providers": [
{
"folder": "",
"name": "0",
"options": {
"path": "/grafana-dashboard-definitions/0"
},
"orgId": 1,
"type": "file"
}
]
}
kind: ConfigMap
metadata:
name: grafana-dashboards
namespace: monitoring

View File

@ -0,0 +1,132 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
labels:
app: grafana
name: grafana
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- args:
- -config=/etc/grafana/grafana.ini
image: carlosedp/monitoring-grafana:v5.4.0
name: grafana
ports:
- containerPort: 3000
name: http
readinessProbe:
httpGet:
path: /api/health
port: http
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- mountPath: /var/lib/grafana
name: grafana-storage
readOnly: false
- mountPath: /etc/grafana/provisioning/datasources
name: grafana-datasources
readOnly: false
- mountPath: /etc/grafana/provisioning/dashboards
name: grafana-dashboards
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/k8s-cluster-rsrc-use
name: grafana-dashboard-k8s-cluster-rsrc-use
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/k8s-node-rsrc-use
name: grafana-dashboard-k8s-node-rsrc-use
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/k8s-resources-cluster
name: grafana-dashboard-k8s-resources-cluster
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/k8s-resources-namespace
name: grafana-dashboard-k8s-resources-namespace
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/k8s-resources-pod
name: grafana-dashboard-k8s-resources-pod
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/nodes
name: grafana-dashboard-nodes
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/persistentvolumesusage
name: grafana-dashboard-persistentvolumesusage
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/pods
name: grafana-dashboard-pods
readOnly: false
- mountPath: /grafana-dashboard-definitions/0/statefulset
name: grafana-dashboard-statefulset
readOnly: false
- mountPath: /etc/grafana
name: grafana-config
readOnly: false
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: grafana
volumes:
- emptyDir: {}
name: grafana-storage
- name: grafana-datasources
secret:
secretName: grafana-datasources
- configMap:
name: grafana-dashboards
name: grafana-dashboards
- configMap:
name: grafana-dashboard-k8s-cluster-rsrc-use
name: grafana-dashboard-k8s-cluster-rsrc-use
- configMap:
name: grafana-dashboard-k8s-node-rsrc-use
name: grafana-dashboard-k8s-node-rsrc-use
- configMap:
name: grafana-dashboard-k8s-resources-cluster
name: grafana-dashboard-k8s-resources-cluster
- configMap:
name: grafana-dashboard-k8s-resources-namespace
name: grafana-dashboard-k8s-resources-namespace
- configMap:
name: grafana-dashboard-k8s-resources-pod
name: grafana-dashboard-k8s-resources-pod
- configMap:
name: grafana-dashboard-nodes
name: grafana-dashboard-nodes
- configMap:
name: grafana-dashboard-persistentvolumesusage
name: grafana-dashboard-persistentvolumesusage
- configMap:
name: grafana-dashboard-pods
name: grafana-dashboard-pods
- configMap:
name: grafana-dashboard-statefulset
name: grafana-dashboard-statefulset
- name: grafana-config
secret:
secretName: grafana-config
volumeClaimTemplate:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana-storage
namespace: monitoring
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
storageClassName: nfs-ssd-node1

View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: grafana
namespace: monitoring
spec:
ports:
- name: http
port: 3000
targetPort: http
selector:
app: grafana

View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: grafana
namespace: monitoring

View File

@ -0,0 +1,14 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: alertmanager-main
namespace: monitoring
spec:
rules:
- host: alertmanager.internal.carlosedp.com
http:
paths:
- backend:
serviceName: alertmanager-main
servicePort: web
path: /

View File

@ -0,0 +1,14 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: grafana
namespace: monitoring
spec:
rules:
- host: grafana.internal.carlosedp.com
http:
paths:
- backend:
serviceName: grafana
servicePort: http
path: /

View File

@ -0,0 +1,14 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: prometheus-k8s
namespace: monitoring
spec:
rules:
- host: prometheus.internal.carlosedp.com
http:
paths:
- backend:
serviceName: prometheus-k8s
servicePort: web
path: /

View File

@ -0,0 +1,69 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-state-metrics
rules:
- apiGroups:
- ""
resources:
- configmaps
- secrets
- nodes
- pods
- services
- resourcequotas
- replicationcontrollers
- limitranges
- persistentvolumeclaims
- persistentvolumes
- namespaces
- endpoints
verbs:
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- replicasets
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
- daemonsets
- deployments
- replicasets
verbs:
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kube-state-metrics
subjects:
- kind: ServiceAccount
name: kube-state-metrics
namespace: monitoring

View File

@ -0,0 +1,53 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
labels:
app: kube-state-metrics
name: kube-state-metrics
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
app: kube-state-metrics
template:
metadata:
labels:
app: kube-state-metrics
spec:
containers:
- command:
- /pod_nanny
- --container=kube-state-metrics
- --cpu=100m
- --extra-cpu=2m
- --memory=150Mi
- --extra-memory=30Mi
- --acceptance-offset=5
- --deployment=kube-state-metrics
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: carlosedp/addon-resizer:2.1
name: addon-resizer
resources:
limits:
cpu: 50m
memory: 30Mi
requests:
cpu: 10m
memory: 30Mi
nodeSelector:
beta.kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: kube-state-metrics

Some files were not shown because too many files have changed in this diff Show More