diff --git a/jsonnet/kube-prometheus/jsonnetfile.json b/jsonnet/kube-prometheus/jsonnetfile.json
index 6fabeb583b0dc4a38f74c206dee9e7f7bfe59596..44e7f7fd890b78b42603fb7de0fe74e10d0bf610 100644
--- a/jsonnet/kube-prometheus/jsonnetfile.json
+++ b/jsonnet/kube-prometheus/jsonnetfile.json
@@ -69,6 +69,26 @@
}
},
"version": "master"
+ },
+ {
+ "name": "kube-state-metrics",
+ "source": {
+ "git": {
+ "remote": "https://github.com/kubernetes/kube-state-metrics",
+ "subdir": "jsonnet/kube-state-metrics"
+ }
+ },
+ "version": "master"
+ },
+ {
+ "name": "kube-state-metrics-mixin",
+ "source": {
+ "git": {
+ "remote": "https://github.com/kubernetes/kube-state-metrics",
+ "subdir": "jsonnet/kube-state-metrics-mixin"
+ }
+ },
+ "version": "master"
}
]
}
diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
index 0f3c5980143624f35e1951875cb6d3ee71f4e35f..00067dac4952285d83dbda584f22ef1e8edc17fd 100644
--- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
@@ -4,6 +4,7 @@ local configMapList = k3.core.v1.configMapList;
(import 'grafana/grafana.libsonnet') +
(import 'kube-state-metrics/kube-state-metrics.libsonnet') +
+(import 'kube-state-metrics-mixin/mixin.libsonnet') +
(import 'node-exporter/node-exporter.libsonnet') +
(import 'node-mixin/mixin.libsonnet') +
(import 'alertmanager/alertmanager.libsonnet') +
diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
index d7a4cd51674713966d9ede373f19a946adbc8861..3cde3aa15bc9e5117fcd71406dd6f358d706fc65 100644
--- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
@@ -1,316 +1,43 @@
-local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
-
{
- _config+:: {
- namespace: 'default',
-
- kubeStateMetrics+:: {
- collectors: '', // empty string gets a default set
- scrapeInterval: '30s',
- scrapeTimeout: '30s',
- },
-
- versions+:: {
- kubeStateMetrics: 'v1.9.3',
- kubeRbacProxy: 'v0.4.1',
- },
-
- imageRepos+:: {
- kubeStateMetrics: 'quay.io/coreos/kube-state-metrics',
- kubeRbacProxy: 'quay.io/coreos/kube-rbac-proxy',
- },
- },
-
- kubeStateMetrics+:: {
- clusterRoleBinding:
- local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
-
- clusterRoleBinding.new() +
- clusterRoleBinding.mixin.metadata.withName('kube-state-metrics') +
- clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
- clusterRoleBinding.mixin.roleRef.withName('kube-state-metrics') +
- clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) +
- clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'kube-state-metrics', namespace: $._config.namespace }]),
-
- clusterRole:
- local clusterRole = k.rbac.v1.clusterRole;
- local rulesType = clusterRole.rulesType;
-
- local rules = [
- rulesType.new() +
- rulesType.withApiGroups(['']) +
- rulesType.withResources([
- 'configmaps',
- 'secrets',
- 'nodes',
- 'pods',
- 'services',
- 'resourcequotas',
- 'replicationcontrollers',
- 'limitranges',
- 'persistentvolumeclaims',
- 'persistentvolumes',
- 'namespaces',
- 'endpoints',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['extensions']) +
- rulesType.withResources([
- 'daemonsets',
- 'deployments',
- 'replicasets',
- 'ingresses',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['apps']) +
- rulesType.withResources([
- 'statefulsets',
- 'daemonsets',
- 'deployments',
- 'replicasets',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['batch']) +
- rulesType.withResources([
- 'cronjobs',
- 'jobs',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['autoscaling']) +
- rulesType.withResources([
- 'horizontalpodautoscalers',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['authentication.k8s.io']) +
- rulesType.withResources([
- 'tokenreviews',
- ]) +
- rulesType.withVerbs(['create']),
-
- rulesType.new() +
- rulesType.withApiGroups(['authorization.k8s.io']) +
- rulesType.withResources([
- 'subjectaccessreviews',
- ]) +
- rulesType.withVerbs(['create']),
-
- rulesType.new() +
- rulesType.withApiGroups(['policy']) +
- rulesType.withResources([
- 'poddisruptionbudgets',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['certificates.k8s.io']) +
- rulesType.withResources([
- 'certificatesigningrequests',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['storage.k8s.io']) +
- rulesType.withResources([
- 'storageclasses',
- 'volumeattachments',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['admissionregistration.k8s.io']) +
- rulesType.withResources([
- 'validatingwebhookconfigurations',
- 'mutatingwebhookconfigurations',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
-
- rulesType.new() +
- rulesType.withApiGroups(['networking.k8s.io']) +
- rulesType.withResources([
- 'networkpolicies',
- ]) +
- rulesType.withVerbs(['list', 'watch']),
- ];
-
- clusterRole.new() +
- clusterRole.mixin.metadata.withName('kube-state-metrics') +
- clusterRole.withRules(rules),
- deployment:
- local deployment = k.apps.v1.deployment;
- local container = deployment.mixin.spec.template.spec.containersType;
- local volume = deployment.mixin.spec.template.spec.volumesType;
- local containerPort = container.portsType;
- local containerVolumeMount = container.volumeMountsType;
- local podSelector = deployment.mixin.spec.template.spec.selectorType;
-
- local podLabels = { app: 'kube-state-metrics' };
-
- local proxyClusterMetrics =
- container.new('kube-rbac-proxy-main', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
- container.withArgs([
- '--logtostderr',
- '--secure-listen-address=:8443',
- '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
- '--upstream=http://127.0.0.1:8081/',
- ]) +
- container.withPorts(containerPort.newNamed(8443, 'https-main',)) +
- container.mixin.resources.withRequests($._config.resources['kube-rbac-proxy'].requests) +
- container.mixin.resources.withLimits($._config.resources['kube-rbac-proxy'].limits);
-
- local proxySelfMetrics =
- container.new('kube-rbac-proxy-self', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
- container.withArgs([
- '--logtostderr',
- '--secure-listen-address=:9443',
- '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
- '--upstream=http://127.0.0.1:8082/',
- ]) +
- container.withPorts(containerPort.newNamed(9443, 'https-self',)) +
- container.mixin.resources.withRequests($._config.resources['kube-rbac-proxy'].requests) +
- container.mixin.resources.withLimits($._config.resources['kube-rbac-proxy'].limits);
-
- local kubeStateMetrics =
- container.new('kube-state-metrics', $._config.imageRepos.kubeStateMetrics + ':' + $._config.versions.kubeStateMetrics) +
- container.withArgs([
- '--host=127.0.0.1',
- '--port=8081',
- '--telemetry-host=127.0.0.1',
- '--telemetry-port=8082',
- ] + if $._config.kubeStateMetrics.collectors != '' then ['--collectors=' + $._config.kubeStateMetrics.collectors] else []) +
- container.mixin.resources.withRequests($._config.resources['kube-state-metrics'].requests) +
- container.mixin.resources.withLimits($._config.resources['kube-state-metrics'].limits);
-
- local c = [proxyClusterMetrics, proxySelfMetrics, kubeStateMetrics];
-
- deployment.new('kube-state-metrics', 1, c, podLabels) +
- deployment.mixin.metadata.withNamespace($._config.namespace) +
- deployment.mixin.metadata.withLabels(podLabels) +
- deployment.mixin.spec.selector.withMatchLabels(podLabels) +
- deployment.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) +
- deployment.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
- deployment.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
- deployment.mixin.spec.template.spec.withServiceAccountName('kube-state-metrics'),
-
- roleBinding:
- local roleBinding = k.rbac.v1.roleBinding;
-
- roleBinding.new() +
- roleBinding.mixin.metadata.withName('kube-state-metrics') +
- roleBinding.mixin.metadata.withNamespace($._config.namespace) +
- roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
- roleBinding.mixin.roleRef.withName('kube-state-metrics') +
- roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) +
- roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'kube-state-metrics' }]),
-
- role:
- local role = k.rbac.v1.role;
- local rulesType = role.rulesType;
-
- local coreRule = rulesType.new() +
- rulesType.withApiGroups(['']) +
- rulesType.withResources([
- 'pods',
- ]) +
- rulesType.withVerbs(['get']);
-
- local extensionsRule = rulesType.new() +
- rulesType.withApiGroups(['extensions']) +
- rulesType.withResources([
- 'deployments',
- ]) +
- rulesType.withVerbs(['get', 'update']) +
- rulesType.withResourceNames(['kube-state-metrics']);
-
- local appsRule = rulesType.new() +
- rulesType.withApiGroups(['apps']) +
- rulesType.withResources([
- 'deployments',
- ]) +
- rulesType.withVerbs(['get', 'update']) +
- rulesType.withResourceNames(['kube-state-metrics']);
-
- local rules = [coreRule, extensionsRule, appsRule];
-
- role.new() +
- role.mixin.metadata.withName('kube-state-metrics') +
- role.mixin.metadata.withNamespace($._config.namespace) +
- role.withRules(rules),
-
- serviceAccount:
- local serviceAccount = k.core.v1.serviceAccount;
-
- serviceAccount.new('kube-state-metrics') +
- serviceAccount.mixin.metadata.withNamespace($._config.namespace),
-
- service:
- local service = k.core.v1.service;
- local servicePort = service.mixin.spec.portsType;
-
- local ksmServicePortMain = servicePort.newNamed('https-main', 8443, 'https-main');
- local ksmServicePortSelf = servicePort.newNamed('https-self', 9443, 'https-self');
-
- service.new('kube-state-metrics', $.kubeStateMetrics.deployment.spec.selector.matchLabels, [ksmServicePortMain, ksmServicePortSelf]) +
- service.mixin.metadata.withNamespace($._config.namespace) +
- service.mixin.metadata.withLabels({ 'k8s-app': 'kube-state-metrics' }) +
- service.mixin.spec.withClusterIp('None'),
-
- serviceMonitor:
- {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'kube-state-metrics',
- namespace: $._config.namespace,
- labels: {
- 'k8s-app': 'kube-state-metrics',
- },
- },
- spec: {
- jobLabel: 'k8s-app',
- selector: {
- matchLabels: {
- 'k8s-app': 'kube-state-metrics',
- },
- },
- endpoints: [
- {
- port: 'https-main',
- scheme: 'https',
- interval: $._config.kubeStateMetrics.scrapeInterval,
- scrapeTimeout: $._config.kubeStateMetrics.scrapeTimeout,
- honorLabels: true,
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- relabelings: [
- {
- regex: '(pod|service|endpoint|namespace)',
- action: 'labeldrop',
- },
- ],
- tlsConfig: {
- insecureSkipVerify: true,
- },
- },
- {
- port: 'https-self',
- scheme: 'https',
- interval: '30s',
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- tlsConfig: {
- insecureSkipVerify: true,
- },
- },
- ],
- },
- },
- },
+ kubeStateMetrics+:: (import 'kube-state-metrics/kube-state-metrics.libsonnet') +
+ {
+ local ksm = self,
+ name:: 'kube-state-metrics',
+ namespace:: 'monitoring',
+ version:: '1.9.4', //$._config.versions.kubeStateMetrics,
+ image:: 'quay.io/coreos/kube-state-metrics:v' + ksm.version,
+ serviceMonitor: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: ksm.name,
+ namespace: ksm.namespace,
+ labels: ksm.commonLabels,
+ },
+ spec: {
+ jobLabel: 'app.kubernetes.io/name',
+ selector: {
+ matchLabels: ksm.commonLabels,
+ },
+ endpoints: [
+ {
+ port: 'http-metrics',
+ interval: '30s',
+ scrapeTimeout: '30s',
+ honorLabels: true,
+ relabelings: [
+ {
+ regex: '(pod|service|endpoint|namespace)',
+ action: 'labeldrop',
+ },
+ ],
+ },
+ {
+ port: 'telemetry',
+ interval: '30s',
+ },
+ ],
+ },
+ },
+ },
}
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index c7ffc0388f0ddfd421b9095823ec024c0d63fd6e..851e3520fbada1de86cab2a7bbfbb8f3b9d6347f 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -64,6 +64,28 @@
},
"version": ""
},
+ {
+ "name": "kube-state-metrics",
+ "source": {
+ "git": {
+ "remote": "https://github.com/kubernetes/kube-state-metrics",
+ "subdir": "jsonnet/kube-state-metrics"
+ }
+ },
+ "version": "2148cb9bd5ba51d3911a93c4d61ddf084999f8c7",
+ "sum": "a+rigolTUlmpxlwu2hxnPvZ50Cg5WYuuC7irTma5Xbo="
+ },
+ {
+ "name": "kube-state-metrics-mixin",
+ "source": {
+ "git": {
+ "remote": "https://github.com/kubernetes/kube-state-metrics",
+ "subdir": "jsonnet/kube-state-metrics-mixin"
+ }
+ },
+ "version": "2148cb9bd5ba51d3911a93c4d61ddf084999f8c7",
+ "sum": "E1GGavnf9PCWBm4WVrxWnc0FIj72UcbcweqGioWrOdU="
+ },
{
"name": "kubernetes-mixin",
"source": {
diff --git a/kustomization.yaml b/kustomization.yaml
index bd03a83e0008b4dc8340f71f5c1963a05b381f17..1e215b05a7dad87177b4558ac9e6eef81a089025 100644
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -16,8 +16,6 @@ resources:
- ./manifests/kube-state-metrics-clusterRole.yaml
- ./manifests/kube-state-metrics-clusterRoleBinding.yaml
- ./manifests/kube-state-metrics-deployment.yaml
-- ./manifests/kube-state-metrics-role.yaml
-- ./manifests/kube-state-metrics-roleBinding.yaml
- ./manifests/kube-state-metrics-service.yaml
- ./manifests/kube-state-metrics-serviceAccount.yaml
- ./manifests/kube-state-metrics-serviceMonitor.yaml
diff --git a/manifests/kube-state-metrics-clusterRole.yaml b/manifests/kube-state-metrics-clusterRole.yaml
index 6b3918f441fa40e8ef97ce8373a08ec239960729..e35169570e5e64a9d0f53f716926a4434e81ed44 100644
--- a/manifests/kube-state-metrics-clusterRole.yaml
+++ b/manifests/kube-state-metrics-clusterRole.yaml
@@ -1,6 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
+ labels:
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
name: kube-state-metrics
rules:
- apiGroups:
@@ -93,8 +96,8 @@ rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- - validatingwebhookconfigurations
- mutatingwebhookconfigurations
+ - validatingwebhookconfigurations
verbs:
- list
- watch
@@ -105,3 +108,10 @@ rules:
verbs:
- list
- watch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - list
+ - watch
diff --git a/manifests/kube-state-metrics-clusterRoleBinding.yaml b/manifests/kube-state-metrics-clusterRoleBinding.yaml
index 9a8f3111abb8f0f418960ff0cdd56aaf95037076..f1bbef8537b0667ab0426f4889ed1a4f9cde9a26 100644
--- a/manifests/kube-state-metrics-clusterRoleBinding.yaml
+++ b/manifests/kube-state-metrics-clusterRoleBinding.yaml
@@ -1,6 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
+ labels:
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
name: kube-state-metrics
roleRef:
apiGroup: rbac.authorization.k8s.io
diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml
index 24c1e0c537bfebb181cdaaba0b4a9b21c8289fe3..7477545e6c52f66f284bd28d01ed26cf1d1dfd04 100644
--- a/manifests/kube-state-metrics-deployment.yaml
+++ b/manifests/kube-state-metrics-deployment.yaml
@@ -2,71 +2,43 @@ apiVersion: apps/v1
kind: Deployment
metadata:
labels:
- app: kube-state-metrics
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
name: kube-state-metrics
namespace: monitoring
spec:
replicas: 1
selector:
matchLabels:
- app: kube-state-metrics
+ app.kubernetes.io/name: kube-state-metrics
template:
metadata:
labels:
- app: kube-state-metrics
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
spec:
containers:
- - args:
- - --logtostderr
- - --secure-listen-address=:8443
- - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- - --upstream=http://127.0.0.1:8081/
- image: quay.io/coreos/kube-rbac-proxy:v0.4.1
- name: kube-rbac-proxy-main
- ports:
- - containerPort: 8443
- name: https-main
- resources:
- limits:
- cpu: 20m
- memory: 40Mi
- requests:
- cpu: 10m
- memory: 20Mi
- - args:
- - --logtostderr
- - --secure-listen-address=:9443
- - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- - --upstream=http://127.0.0.1:8082/
- image: quay.io/coreos/kube-rbac-proxy:v0.4.1
- name: kube-rbac-proxy-self
- ports:
- - containerPort: 9443
- name: https-self
- resources:
- limits:
- cpu: 20m
- memory: 40Mi
- requests:
- cpu: 10m
- memory: 20Mi
- - args:
- - --host=127.0.0.1
- - --port=8081
- - --telemetry-host=127.0.0.1
- - --telemetry-port=8082
- image: quay.io/coreos/kube-state-metrics:v1.9.3
+ - image: quay.io/coreos/kube-state-metrics:v1.9.4
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
name: kube-state-metrics
- resources:
- limits:
- cpu: 100m
- memory: 150Mi
- requests:
- cpu: 100m
- memory: 150Mi
+ ports:
+ - containerPort: 8080
+ name: http-metrics
+ - containerPort: 8081
+ name: telemetry
+ readinessProbe:
+ httpGet:
+ path: /
+ port: 8081
+ initialDelaySeconds: 5
+ timeoutSeconds: 5
+ securityContext:
+ runAsUser: 65534
nodeSelector:
kubernetes.io/os: linux
- securityContext:
- runAsNonRoot: true
- runAsUser: 65534
serviceAccountName: kube-state-metrics
diff --git a/manifests/kube-state-metrics-role.yaml b/manifests/kube-state-metrics-role.yaml
deleted file mode 100644
index e03d889881fd2b0792e1a394d479e2c60c5a4cc2..0000000000000000000000000000000000000000
--- a/manifests/kube-state-metrics-role.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: kube-state-metrics
- namespace: monitoring
-rules:
-- apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
-- apiGroups:
- - extensions
- resourceNames:
- - kube-state-metrics
- resources:
- - deployments
- verbs:
- - get
- - update
-- apiGroups:
- - apps
- resourceNames:
- - kube-state-metrics
- resources:
- - deployments
- verbs:
- - get
- - update
diff --git a/manifests/kube-state-metrics-roleBinding.yaml b/manifests/kube-state-metrics-roleBinding.yaml
deleted file mode 100644
index 9c61143c24186d69d48af9a74171720de6e502cc..0000000000000000000000000000000000000000
--- a/manifests/kube-state-metrics-roleBinding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: kube-state-metrics
- namespace: monitoring
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kube-state-metrics
-subjects:
-- kind: ServiceAccount
- name: kube-state-metrics
diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml
index 84927af32351b71e0deddfaf19ba0c575c449cb0..fd4b655c603f4dce0237de14f6fa3ed7a9ffa408 100644
--- a/manifests/kube-state-metrics-service.yaml
+++ b/manifests/kube-state-metrics-service.yaml
@@ -2,17 +2,18 @@ apiVersion: v1
kind: Service
metadata:
labels:
- k8s-app: kube-state-metrics
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
name: kube-state-metrics
namespace: monitoring
spec:
clusterIP: None
ports:
- - name: https-main
- port: 8443
- targetPort: https-main
- - name: https-self
- port: 9443
- targetPort: https-self
+ - name: http-metrics
+ port: 8080
+ targetPort: http-metrics
+ - name: telemetry
+ port: 8081
+ targetPort: telemetry
selector:
- app: kube-state-metrics
+ app.kubernetes.io/name: kube-state-metrics
diff --git a/manifests/kube-state-metrics-serviceAccount.yaml b/manifests/kube-state-metrics-serviceAccount.yaml
index fff1028b442c69109cb8fa8e5f808f2a856838f8..98a4f81df368bd96180b95be406bd7a044bb0dac 100644
--- a/manifests/kube-state-metrics-serviceAccount.yaml
+++ b/manifests/kube-state-metrics-serviceAccount.yaml
@@ -1,5 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
+ labels:
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
name: kube-state-metrics
namespace: monitoring
diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml
index 4df66c090d293c668d2b0ea77df19a01d3d9519e..b396ddcd2816551a8f586da188955e80ffcf7728 100644
--- a/manifests/kube-state-metrics-serviceMonitor.yaml
+++ b/manifests/kube-state-metrics-serviceMonitor.yaml
@@ -2,29 +2,23 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
- k8s-app: kube-state-metrics
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
name: kube-state-metrics
namespace: monitoring
spec:
endpoints:
- - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- honorLabels: true
+ - honorLabels: true
interval: 30s
- port: https-main
+ port: http-metrics
relabelings:
- action: labeldrop
regex: (pod|service|endpoint|namespace)
- scheme: https
scrapeTimeout: 30s
- tlsConfig:
- insecureSkipVerify: true
- - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- interval: 30s
- port: https-self
- scheme: https
- tlsConfig:
- insecureSkipVerify: true
- jobLabel: k8s-app
+ - interval: 30s
+ port: telemetry
+ jobLabel: app.kubernetes.io/name
selector:
matchLabels:
- k8s-app: kube-state-metrics
+ app.kubernetes.io/name: kube-state-metrics
+ app.kubernetes.io/version: v1.9.4
diff --git a/manifests/prometheus-rules.yaml b/manifests/prometheus-rules.yaml
index 0428ebbb26849dbda846de38f9a52f9850a10d0f..a2344bde6f3ce686a46b6adf5385b8c8f8158867 100644
--- a/manifests/prometheus-rules.yaml
+++ b/manifests/prometheus-rules.yaml
@@ -271,6 +271,36 @@ spec:
record: count:up1
- expr: count without(instance, pod, node) (up == 0)
record: count:up0
+ - name: kube-state-metrics
+ rules:
+ - alert: KubeStateMetricsListErrors
+ annotations:
+ message: kube-state-metrics is experiencing errors at an elevated rate in
+ list operations. This is likely causing it to not be able to expose metrics
+ about Kubernetes objects correctly or at all.
+ runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatemetricslisterrors
+ expr: |
+ (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m]))
+ /
+ sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m])))
+ > 0.01
+ for: 15m
+ labels:
+ severity: critical
+ - alert: KubeStateMetricsWatchErrors
+ annotations:
+ message: kube-state-metrics is experiencing errors at an elevated rate in
+ watch operations. This is likely causing it to not be able to expose metrics
+ about Kubernetes objects correctly or at all.
+ runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubestatemetricswatcherrors
+ expr: |
+ (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m]))
+ /
+ sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m])))
+ > 0.01
+ for: 15m
+ labels:
+ severity: critical
- name: node-exporter
rules:
- alert: NodeFilesystemSpaceFillingUp