From 0613e00dcc74d49dbf7f851e0717fb5469ffb50e Mon Sep 17 00:00:00 2001
From: Tobias Schmidt <tobidt@gmail.com>
Date: Wed, 2 Nov 2016 15:45:16 -0400
Subject: [PATCH] Extract prometheus.yaml into assets

It's a lot easier to show and explain the Prometheus config if available
in the standard yaml format. The Kubernetes ConfigMap specs can always
be auto-generated.
---
 assets/prometheus/prometheus.yaml             | 68 +++++++++++++++++++
 .../{alerts => prometheus/rules}/etcd2.rules  |  0
 .../rules}/kubernetes.rules                   |  0
 hack/scripts/generate-configmaps.sh           |  5 +-
 manifests/prometheus/prometheus-k8s-cm.yaml   | 15 ++--
 .../prometheus/prometheus-k8s-rules.yaml      |  2 +
 6 files changed, 81 insertions(+), 9 deletions(-)
 create mode 100644 assets/prometheus/prometheus.yaml
 rename assets/{alerts => prometheus/rules}/etcd2.rules (100%)
 rename assets/{alerts => prometheus/rules}/kubernetes.rules (100%)

diff --git a/assets/prometheus/prometheus.yaml b/assets/prometheus/prometheus.yaml
new file mode 100644
index 00000000..e0c6cb0e
--- /dev/null
+++ b/assets/prometheus/prometheus.yaml
@@ -0,0 +1,68 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+rule_files:
+- /etc/prometheus/rules/*.rules
+
+scrape_configs:
+- job_name: kubelets
+  scheme: https
+  tls_config:
+    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    # Skip verification until we have resolved why the certificate validation
+    # for the kubelet on API server nodes fail.
+    insecure_skip_verify: true
+  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+
+  kubernetes_sd_configs:
+  - role: node
+
+# Scrapes the endpoint lists for the Kubernetes API server, kube-state-metrics,
+# and node-exporter, which we all consider part of a default setup.
+- job_name: standard-endpoints
+  tls_config:
+    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    # As for kubelets, certificate validation fails for the API server (node)
+    # and we circumvent it for now.
+    insecure_skip_verify: true
+  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+
+  kubernetes_sd_configs:
+  - role: endpoints
+
+  relabel_configs:
+  - action: keep
+    source_labels: [__meta_kubernetes_service_name]
+    regex: kubernetes|node-exporter|kube-state-metrics|etcd-k8s
+  - action: replace
+    source_labels: [__meta_kubernetes_service_name]
+    target_label: job
+  - action: replace
+    source_labels: [__meta_kubernetes_service_name]
+    regex: kubernetes
+    target_label: __scheme__
+    replacement: https
+
+# Scrapes the endpoint lists for the kube-dns server. Which we consider
+# part of a default setup.
+- job_name: kube-components
+  tls_config:
+    ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+  bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+
+  kubernetes_sd_configs:
+  - role: endpoints
+
+  relabel_configs:
+  - action: replace
+    source_labels: [__meta_kubernetes_service_name]
+    target_label: job
+    regex: "kube-(.*)-prometheus-discovery"
+    replacement: "kube-${1}"
+  - action: keep
+    source_labels: [__meta_kubernetes_service_name]
+    regex: "kube-(.*)-prometheus-discovery"
+  - action: keep
+    source_labels: [__meta_kubernetes_endpoint_port_name]
+    regex: "prometheus"
diff --git a/assets/alerts/etcd2.rules b/assets/prometheus/rules/etcd2.rules
similarity index 100%
rename from assets/alerts/etcd2.rules
rename to assets/prometheus/rules/etcd2.rules
diff --git a/assets/alerts/kubernetes.rules b/assets/prometheus/rules/kubernetes.rules
similarity index 100%
rename from assets/alerts/kubernetes.rules
rename to assets/prometheus/rules/kubernetes.rules
diff --git a/hack/scripts/generate-configmaps.sh b/hack/scripts/generate-configmaps.sh
index a178878c..50f3c903 100755
--- a/hack/scripts/generate-configmaps.sh
+++ b/hack/scripts/generate-configmaps.sh
@@ -1,7 +1,10 @@
 #!/bin/bash
 
+# Generate Prometheus configuration ConfigMap
+kubectl create configmap --dry-run=true prometheus-k8s --from-file=assets/prometheus/prometheus.yaml -oyaml > manifests/prometheus/prometheus-k8s-cm.yaml
+
 # Generate Alert Rules ConfigMap
-kubectl create configmap --dry-run=true prometheus-k8s-rules --from-file=assets/alerts/ -oyaml > manifests/prometheus/prometheus-k8s-rules.yaml
+kubectl create configmap --dry-run=true prometheus-k8s-rules --from-file=assets/prometheus/rules/ -oyaml > manifests/prometheus/prometheus-k8s-rules.yaml
 
 # Generate Dashboard ConfigMap
 kubectl create configmap --dry-run=true grafana-dashboards --from-file=assets/grafana/ -oyaml > manifests/grafana/grafana-cm.yaml
diff --git a/manifests/prometheus/prometheus-k8s-cm.yaml b/manifests/prometheus/prometheus-k8s-cm.yaml
index 73389f51..16bf02ef 100644
--- a/manifests/prometheus/prometheus-k8s-cm.yaml
+++ b/manifests/prometheus/prometheus-k8s-cm.yaml
@@ -1,18 +1,15 @@
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: prometheus-k8s
 data:
   prometheus.yaml: |
     global:
-      evaluation_interval: 30s
+      scrape_interval: 15s
+      evaluation_interval: 15s
 
     rule_files:
-      - /etc/prometheus/rules/*.rules
+    - /etc/prometheus/rules/*.rules
 
     scrape_configs:
     - job_name: kubelets
-      scrape_interval: 20s
       scheme: https
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
@@ -27,7 +24,6 @@ data:
     # Scrapes the endpoint lists for the Kubernetes API server, kube-state-metrics,
     # and node-exporter, which we all consider part of a default setup.
     - job_name: standard-endpoints
-      scrape_interval: 20s
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
         # As for kubelets, certificate validation fails for the API server (node)
@@ -54,7 +50,6 @@ data:
     # Scrapes the endpoint lists for the kube-dns server. Which we consider
     # part of a default setup.
     - job_name: kube-components
-      scrape_interval: 20s
       tls_config:
         ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
       bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
@@ -74,3 +69,7 @@ data:
       - action: keep
         source_labels: [__meta_kubernetes_endpoint_port_name]
         regex: "prometheus"
+kind: ConfigMap
+metadata:
+  creationTimestamp: null
+  name: prometheus-k8s
diff --git a/manifests/prometheus/prometheus-k8s-rules.yaml b/manifests/prometheus/prometheus-k8s-rules.yaml
index db867d73..3ea2358a 100644
--- a/manifests/prometheus/prometheus-k8s-rules.yaml
+++ b/manifests/prometheus/prometheus-k8s-rules.yaml
@@ -53,6 +53,8 @@ data:
     \   summary = \"high fsync durations\",\n    description = \"ectd instance {{
     $labels.instance }} fync durations are high\",\n  }\n"
   kubernetes.rules: |+
+    # NOTE: These rules were kindly contributed by the SoundCloud engineering team.
+
     ### Container resources ###
 
     cluster_namespace_controller_pod_container:spec_memory_limit_bytes =
-- 
GitLab