projects / osm / devops.git / blob
? search:


63ee77b2599f7af58e338aeef850460b58576caa
[osm/devops.git] /
1 #######################################################################################
2 # Copyright ETSI Contributors and Others.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #    http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13 # implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 #######################################################################################
17
18 ---
19 # Source: prometheus/templates/serviceaccount.yaml
20 apiVersion: v1
21 kind: ServiceAccount
22 metadata:
23   labels:
24     component: "server"
25     app: prometheus
26     release: prometheus
27     chart: prometheus-19.6.1
28     heritage: Helm
29   name: prometheus
30   namespace: istio-system
31   annotations:
32     {}
33 ---
34 # Source: prometheus/templates/cm.yaml
35 apiVersion: v1
36 kind: ConfigMap
37 metadata:
38   labels:
39     component: "server"
40     app: prometheus
41     release: prometheus
42     chart: prometheus-19.6.1
43     heritage: Helm
44   name: prometheus
45   namespace: istio-system
46 data:
47   allow-snippet-annotations: "false"
48   alerting_rules.yml: |
49     {}
50   alerts: |
51     {}
52   prometheus.yml: |
53     global:
54       evaluation_interval: 1m
55       scrape_interval: 15s
56       scrape_timeout: 10s
57     rule_files:
58     - /etc/config/recording_rules.yml
59     - /etc/config/alerting_rules.yml
60     - /etc/config/rules
61     - /etc/config/alerts
62     scrape_configs:
63     - job_name: prometheus
64       static_configs:
65       - targets:
66         - localhost:9090
67     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
68       job_name: kubernetes-apiservers
69       kubernetes_sd_configs:
70       - role: endpoints
71       relabel_configs:
72       - action: keep
73         regex: default;kubernetes;https
74         source_labels:
75         - __meta_kubernetes_namespace
76         - __meta_kubernetes_service_name
77         - __meta_kubernetes_endpoint_port_name
78       scheme: https
79       tls_config:
80         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
81         insecure_skip_verify: true
82     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
83       job_name: kubernetes-nodes
84       kubernetes_sd_configs:
85       - role: node
86       relabel_configs:
87       - action: labelmap
88         regex: __meta_kubernetes_node_label_(.+)
89       - replacement: kubernetes.default.svc:443
90         target_label: __address__
91       - regex: (.+)
92         replacement: /api/v1/nodes/$1/proxy/metrics
93         source_labels:
94         - __meta_kubernetes_node_name
95         target_label: __metrics_path__
96       scheme: https
97       tls_config:
98         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
99         insecure_skip_verify: true
100     - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
101       job_name: kubernetes-nodes-cadvisor
102       kubernetes_sd_configs:
103       - role: node
104       relabel_configs:
105       - action: labelmap
106         regex: __meta_kubernetes_node_label_(.+)
107       - replacement: kubernetes.default.svc:443
108         target_label: __address__
109       - regex: (.+)
110         replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
111         source_labels:
112         - __meta_kubernetes_node_name
113         target_label: __metrics_path__
114       scheme: https
115       tls_config:
116         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
117         insecure_skip_verify: true
118     - honor_labels: true
119       job_name: kubernetes-service-endpoints
120       kubernetes_sd_configs:
121       - role: endpoints
122       relabel_configs:
123       - action: keep
124         regex: true
125         source_labels:
126         - __meta_kubernetes_service_annotation_prometheus_io_scrape
127       - action: drop
128         regex: true
129         source_labels:
130         - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
131       - action: replace
132         regex: (https?)
133         source_labels:
134         - __meta_kubernetes_service_annotation_prometheus_io_scheme
135         target_label: __scheme__
136       - action: replace
137         regex: (.+)
138         source_labels:
139         - __meta_kubernetes_service_annotation_prometheus_io_path
140         target_label: __metrics_path__
141       - action: replace
142         regex: (.+?)(?::\d+)?;(\d+)
143         replacement: $1:$2
144         source_labels:
145         - __address__
146         - __meta_kubernetes_service_annotation_prometheus_io_port
147         target_label: __address__
148       - action: labelmap
149         regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
150         replacement: __param_$1
151       - action: labelmap
152         regex: __meta_kubernetes_service_label_(.+)
153       - action: replace
154         source_labels:
155         - __meta_kubernetes_namespace
156         target_label: namespace
157       - action: replace
158         source_labels:
159         - __meta_kubernetes_service_name
160         target_label: service
161       - action: replace
162         source_labels:
163         - __meta_kubernetes_pod_node_name
164         target_label: node
165     - honor_labels: true
166       job_name: kubernetes-service-endpoints-slow
167       kubernetes_sd_configs:
168       - role: endpoints
169       relabel_configs:
170       - action: keep
171         regex: true
172         source_labels:
173         - __meta_kubernetes_service_annotation_prometheus_io_scrape_slow
174       - action: replace
175         regex: (https?)
176         source_labels:
177         - __meta_kubernetes_service_annotation_prometheus_io_scheme
178         target_label: __scheme__
179       - action: replace
180         regex: (.+)
181         source_labels:
182         - __meta_kubernetes_service_annotation_prometheus_io_path
183         target_label: __metrics_path__
184       - action: replace
185         regex: (.+?)(?::\d+)?;(\d+)
186         replacement: $1:$2
187         source_labels:
188         - __address__
189         - __meta_kubernetes_service_annotation_prometheus_io_port
190         target_label: __address__
191       - action: labelmap
192         regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+)
193         replacement: __param_$1
194       - action: labelmap
195         regex: __meta_kubernetes_service_label_(.+)
196       - action: replace
197         source_labels:
198         - __meta_kubernetes_namespace
199         target_label: namespace
200       - action: replace
201         source_labels:
202         - __meta_kubernetes_service_name
203         target_label: service
204       - action: replace
205         source_labels:
206         - __meta_kubernetes_pod_node_name
207         target_label: node
208       scrape_interval: 5m
209       scrape_timeout: 30s
210     - honor_labels: true
211       job_name: prometheus-pushgateway
212       kubernetes_sd_configs:
213       - role: service
214       relabel_configs:
215       - action: keep
216         regex: pushgateway
217         source_labels:
218         - __meta_kubernetes_service_annotation_prometheus_io_probe
219     - honor_labels: true
220       job_name: kubernetes-services
221       kubernetes_sd_configs:
222       - role: service
223       metrics_path: /probe
224       params:
225         module:
226         - http_2xx
227       relabel_configs:
228       - action: keep
229         regex: true
230         source_labels:
231         - __meta_kubernetes_service_annotation_prometheus_io_probe
232       - source_labels:
233         - __address__
234         target_label: __param_target
235       - replacement: blackbox
236         target_label: __address__
237       - source_labels:
238         - __param_target
239         target_label: instance
240       - action: labelmap
241         regex: __meta_kubernetes_service_label_(.+)
242       - source_labels:
243         - __meta_kubernetes_namespace
244         target_label: namespace
245       - source_labels:
246         - __meta_kubernetes_service_name
247         target_label: service
248     - honor_labels: true
249       job_name: kubernetes-pods
250       kubernetes_sd_configs:
251       - role: pod
252       relabel_configs:
253       - action: keep
254         regex: true
255         source_labels:
256         - __meta_kubernetes_pod_annotation_prometheus_io_scrape
257       - action: drop
258         regex: true
259         source_labels:
260         - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
261       - action: replace
262         regex: (https?)
263         source_labels:
264         - __meta_kubernetes_pod_annotation_prometheus_io_scheme
265         target_label: __scheme__
266       - action: replace
267         regex: (.+)
268         source_labels:
269         - __meta_kubernetes_pod_annotation_prometheus_io_path
270         target_label: __metrics_path__
271       - action: replace
272         regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
273         replacement: '[$2]:$1'
274         source_labels:
275         - __meta_kubernetes_pod_annotation_prometheus_io_port
276         - __meta_kubernetes_pod_ip
277         target_label: __address__
278       - action: replace
279         regex: (\d+);((([0-9]+?)(\.|$)){4})
280         replacement: $2:$1
281         source_labels:
282         - __meta_kubernetes_pod_annotation_prometheus_io_port
283         - __meta_kubernetes_pod_ip
284         target_label: __address__
285       - action: labelmap
286         regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
287         replacement: __param_$1
288       - action: labelmap
289         regex: __meta_kubernetes_pod_label_(.+)
290       - action: replace
291         source_labels:
292         - __meta_kubernetes_namespace
293         target_label: namespace
294       - action: replace
295         source_labels:
296         - __meta_kubernetes_pod_name
297         target_label: pod
298       - action: drop
299         regex: Pending|Succeeded|Failed|Completed
300         source_labels:
301         - __meta_kubernetes_pod_phase
302     - honor_labels: true
303       job_name: kubernetes-pods-slow
304       kubernetes_sd_configs:
305       - role: pod
306       relabel_configs:
307       - action: keep
308         regex: true
309         source_labels:
310         - __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow
311       - action: replace
312         regex: (https?)
313         source_labels:
314         - __meta_kubernetes_pod_annotation_prometheus_io_scheme
315         target_label: __scheme__
316       - action: replace
317         regex: (.+)
318         source_labels:
319         - __meta_kubernetes_pod_annotation_prometheus_io_path
320         target_label: __metrics_path__
321       - action: replace
322         regex: (\d+);(([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4})
323         replacement: '[$2]:$1'
324         source_labels:
325         - __meta_kubernetes_pod_annotation_prometheus_io_port
326         - __meta_kubernetes_pod_ip
327         target_label: __address__
328       - action: replace
329         regex: (\d+);((([0-9]+?)(\.|$)){4})
330         replacement: $2:$1
331         source_labels:
332         - __meta_kubernetes_pod_annotation_prometheus_io_port
333         - __meta_kubernetes_pod_ip
334         target_label: __address__
335       - action: labelmap
336         regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+)
337         replacement: __param_$1
338       - action: labelmap
339         regex: __meta_kubernetes_pod_label_(.+)
340       - action: replace
341         source_labels:
342         - __meta_kubernetes_namespace
343         target_label: namespace
344       - action: replace
345         source_labels:
346         - __meta_kubernetes_pod_name
347         target_label: pod
348       - action: drop
349         regex: Pending|Succeeded|Failed|Completed
350         source_labels:
351         - __meta_kubernetes_pod_phase
352       scrape_interval: 5m
353       scrape_timeout: 30s
354   recording_rules.yml: |
355     {}
356   rules: |
357     {}
358 ---
359 # Source: prometheus/templates/clusterrole.yaml
360 apiVersion: rbac.authorization.k8s.io/v1
361 kind: ClusterRole
362 metadata:
363   labels:
364     component: "server"
365     app: prometheus
366     release: prometheus
367     chart: prometheus-19.6.1
368     heritage: Helm
369   name: prometheus
370 rules:
371   - apiGroups:
372       - ""
373     resources:
374       - nodes
375       - nodes/proxy
376       - nodes/metrics
377       - services
378       - endpoints
379       - pods
380       - ingresses
381       - configmaps
382     verbs:
383       - get
384       - list
385       - watch
386   - apiGroups:
387       - "extensions"
388       - "networking.k8s.io"
389     resources:
390       - ingresses/status
391       - ingresses
392     verbs:
393       - get
394       - list
395       - watch
396   - nonResourceURLs:
397       - "/metrics"
398     verbs:
399       - get
400 ---
401 # Source: prometheus/templates/clusterrolebinding.yaml
402 apiVersion: rbac.authorization.k8s.io/v1
403 kind: ClusterRoleBinding
404 metadata:
405   labels:
406     component: "server"
407     app: prometheus
408     release: prometheus
409     chart: prometheus-19.6.1
410     heritage: Helm
411   name: prometheus
412 subjects:
413   - kind: ServiceAccount
414     name: prometheus
415     namespace: istio-system
416 roleRef:
417   apiGroup: rbac.authorization.k8s.io
418   kind: ClusterRole
419   name: prometheus
420 ---
421 # Source: prometheus/templates/service.yaml
422 apiVersion: v1
423 kind: Service
424 metadata:
425   labels:
426     component: "server"
427     app: prometheus
428     release: prometheus
429     chart: prometheus-19.6.1
430     heritage: Helm
431   name: prometheus
432   namespace: istio-system
433 spec:
434   ports:
435     - name: http
436       port: 9090
437       protocol: TCP
438       targetPort: 9090
439   selector:
440     component: "server"
441     app: prometheus
442     release: prometheus
443   sessionAffinity: None
444   type: "ClusterIP"
445 ---
446 # Source: prometheus/templates/deploy.yaml
447 apiVersion: apps/v1
448 kind: Deployment
449 metadata:
450   labels:
451     component: "server"
452     app: prometheus
453     release: prometheus
454     chart: prometheus-19.6.1
455     heritage: Helm
456   name: prometheus
457   namespace: istio-system
458 spec:
459   selector:
460     matchLabels:
461       component: "server"
462       app: prometheus
463       release: prometheus
464   replicas: 1
465   strategy:
466     type: Recreate
467     rollingUpdate: null
468   template:
469     metadata:
470       labels:
471         component: "server"
472         app: prometheus
473         release: prometheus
474         chart: prometheus-19.6.1
475         heritage: Helm
476         
477         sidecar.istio.io/inject: "false"
478     spec:
479       enableServiceLinks: true
480       serviceAccountName: prometheus
481       containers:
482         - name: prometheus-server-configmap-reload
483           image: "jimmidyson/configmap-reload:v0.8.0"
484           imagePullPolicy: "IfNotPresent"
485           args:
486             - --volume-dir=/etc/config
487             - --webhook-url=http://127.0.0.1:9090/-/reload
488           resources:
489             {}
490           volumeMounts:
491             - name: config-volume
492               mountPath: /etc/config
493               readOnly: true
494
495         - name: prometheus-server
496           image: "prom/prometheus:v2.41.0"
497           imagePullPolicy: "IfNotPresent"
498           args:
499             - --storage.tsdb.retention.time=15d
500             - --config.file=/etc/config/prometheus.yml
501             - --storage.tsdb.path=/data
502             - --web.console.libraries=/etc/prometheus/console_libraries
503             - --web.console.templates=/etc/prometheus/consoles
504             - --web.enable-lifecycle
505           ports:
506             - containerPort: 9090
507           readinessProbe:
508             httpGet:
509               path: /-/ready
510               port: 9090
511               scheme: HTTP
512             initialDelaySeconds: 0
513             periodSeconds: 5
514             timeoutSeconds: 4
515             failureThreshold: 3
516             successThreshold: 1
517           livenessProbe:
518             httpGet:
519               path: /-/healthy
520               port: 9090
521               scheme: HTTP
522             initialDelaySeconds: 30
523             periodSeconds: 15
524             timeoutSeconds: 10
525             failureThreshold: 3
526             successThreshold: 1
527           resources:
528             {}
529           volumeMounts:
530             - name: config-volume
531               mountPath: /etc/config
532             - name: storage-volume
533               mountPath: /data
534               subPath: ""
535       dnsPolicy: ClusterFirst
536       securityContext:
537         fsGroup: 65534
538         runAsGroup: 65534
539         runAsNonRoot: true
540         runAsUser: 65534
541       terminationGracePeriodSeconds: 300
542       volumes:
543         - name: config-volume
544           configMap:
545             name: prometheus
546         - name: storage-volume
547           emptyDir:
548             {}