diff --git a/jsonnetfile.json b/jsonnetfile.json
index ad5fe5bcde374c76bae252210ee2b77196a23005..73f156870b69fc7383a3a0b12f612989ac827b2f 100644
--- a/jsonnetfile.json
+++ b/jsonnetfile.json
@@ -1,7 +1,7 @@
{
+ "version": 1,
"dependencies": [
{
- "name": "kube-prometheus",
"source": {
"local": {
"directory": "jsonnet/kube-prometheus"
@@ -9,5 +9,6 @@
},
"version": ""
}
- ]
+ ],
+ "legacyImports": true
}
diff --git a/jsonnetfile.lock.json b/jsonnetfile.lock.json
index c887ca49b280cc46b31dba78a8de7701ff442d32..4939273854c14502ef1bc1c6b0d21c4b4f94c9d4 100644
--- a/jsonnetfile.lock.json
+++ b/jsonnetfile.lock.json
@@ -1,7 +1,17 @@
{
+ "version": 1,
"dependencies": [
{
- "name": "etcd-mixin",
+ "source": {
+ "git": {
+ "remote": "https://github.com/brancz/kubernetes-grafana",
+ "subdir": "grafana"
+ }
+ },
+ "version": "539a90dbf63c812ad0194d8078dd776868a11c81",
+ "sum": "b8faWX1qqLGyN67sA36oRqYZ5HX+tHBRMPtrWRqIysE="
+ },
+ {
"source": {
"git": {
"remote": "https://github.com/coreos/etcd",
@@ -12,18 +22,26 @@
"sum": "Ko3qhNfC2vN/houLh6C0Ryacjv70gl0DVPGU/PQ4OD0="
},
{
- "name": "grafana",
"source": {
"git": {
- "remote": "https://github.com/brancz/kubernetes-grafana",
- "subdir": "grafana"
+ "remote": "https://github.com/coreos/prometheus-operator",
+ "subdir": "jsonnet/prometheus-operator"
}
},
- "version": "539a90dbf63c812ad0194d8078dd776868a11c81",
- "sum": "b8faWX1qqLGyN67sA36oRqYZ5HX+tHBRMPtrWRqIysE="
+ "version": "378d36df448366414de53a66a64020cd053002b7",
+ "sum": "vegTm8VSDazwYflBQGLkjs3ystWahwUv0fUyuMbpNRg="
+ },
+ {
+ "source": {
+ "git": {
+ "remote": "https://github.com/grafana/grafonnet-lib",
+ "subdir": "grafonnet"
+ }
+ },
+ "version": "c459106d2d2b583dd3a83f6c75eb52abee3af764",
+ "sum": "CeM3LRgUCUJTolTdMnerfMPGYmhClx7gX5ajrQVEY2Y="
},
{
- "name": "grafana-builder",
"source": {
"git": {
"remote": "https://github.com/grafana/jsonnet-libs",
@@ -34,38 +52,37 @@
"sum": "slxrtftVDiTlQK22ertdfrg4Epnq97gdrLI63ftUfaE="
},
{
- "name": "grafonnet",
"source": {
"git": {
- "remote": "https://github.com/grafana/grafonnet-lib",
- "subdir": "grafonnet"
+ "remote": "https://github.com/ksonnet/ksonnet-lib",
+ "subdir": ""
}
},
- "version": "c459106d2d2b583dd3a83f6c75eb52abee3af764",
- "sum": "CeM3LRgUCUJTolTdMnerfMPGYmhClx7gX5ajrQVEY2Y="
+ "version": "0d2f82676817bbf9e4acf6495b2090205f323b9f",
+ "sum": "h28BXZ7+vczxYJ2sCt8JuR9+yznRtU/iA6DCpQUrtEg=",
+ "name": "ksonnet"
},
{
- "name": "ksonnet",
"source": {
"git": {
- "remote": "https://github.com/ksonnet/ksonnet-lib",
+ "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin",
"subdir": ""
}
},
- "version": "0d2f82676817bbf9e4acf6495b2090205f323b9f",
- "sum": "h28BXZ7+vczxYJ2sCt8JuR9+yznRtU/iA6DCpQUrtEg="
+ "version": "b2d7f762bd22be3ba5e7d54a1fcecfe1092f214b",
+ "sum": "NqrJQnQnRDzkCbrHg7L1zX8XPAzfoE4DS2XBEj6WC8g="
},
{
- "name": "kube-prometheus",
"source": {
- "local": {
- "directory": "jsonnet/kube-prometheus"
+ "git": {
+ "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin",
+ "subdir": "lib/promgrafonnet"
}
},
- "version": ""
+ "version": "b2d7f762bd22be3ba5e7d54a1fcecfe1092f214b",
+ "sum": "VhgBM39yv0f4bKv8VfGg4FXkg573evGDRalip9ypKbc="
},
{
- "name": "kube-state-metrics",
"source": {
"git": {
"remote": "https://github.com/kubernetes/kube-state-metrics",
@@ -76,7 +93,6 @@
"sum": "cJjGZaLBjcIGrLHZLjRPU9c3KL+ep9rZTb9dbALSKqA="
},
{
- "name": "kube-state-metrics-mixin",
"source": {
"git": {
"remote": "https://github.com/kubernetes/kube-state-metrics",
@@ -87,18 +103,16 @@
"sum": "E1GGavnf9PCWBm4WVrxWnc0FIj72UcbcweqGioWrOdU="
},
{
- "name": "kubernetes-mixin",
"source": {
"git": {
- "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin",
- "subdir": ""
+ "remote": "https://github.com/metalmatze/slo-libsonnet",
+ "subdir": "slo-libsonnet"
}
},
- "version": "b2d7f762bd22be3ba5e7d54a1fcecfe1092f214b",
- "sum": "NqrJQnQnRDzkCbrHg7L1zX8XPAzfoE4DS2XBEj6WC8g="
+ "version": "437c402c5f3ad86c3c16db8471f1649284fef0ee",
+ "sum": "2Zcyku1f558VrUpMaJnI78fahDksPLcS1idmxxwcQ7Q="
},
{
- "name": "node-mixin",
"source": {
"git": {
"remote": "https://github.com/prometheus/node_exporter",
@@ -109,7 +123,6 @@
"sum": "VKdF0zPMSCiuIuXWblSz2VOeBaXzQ7fp40vz9sxj+Bo="
},
{
- "name": "prometheus",
"source": {
"git": {
"remote": "https://github.com/prometheus/prometheus",
@@ -117,40 +130,17 @@
}
},
"version": "1c321ed047ac57e34688e40a55349c9dfe2b72c8",
- "sum": "u1YS9CVuBTcw2vks0PZbLb1gtlI/7bVGDVBZsjWFLTw="
- },
- {
- "name": "prometheus-operator",
- "source": {
- "git": {
- "remote": "https://github.com/coreos/prometheus-operator",
- "subdir": "jsonnet/prometheus-operator"
- }
- },
- "version": "378d36df448366414de53a66a64020cd053002b7",
- "sum": "vegTm8VSDazwYflBQGLkjs3ystWahwUv0fUyuMbpNRg="
+ "sum": "u1YS9CVuBTcw2vks0PZbLb1gtlI/7bVGDVBZsjWFLTw=",
+ "name": "prometheus"
},
{
- "name": "promgrafonnet",
"source": {
- "git": {
- "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin",
- "subdir": "lib/promgrafonnet"
- }
- },
- "version": "b2d7f762bd22be3ba5e7d54a1fcecfe1092f214b",
- "sum": "VhgBM39yv0f4bKv8VfGg4FXkg573evGDRalip9ypKbc="
- },
- {
- "name": "slo-libsonnet",
- "source": {
- "git": {
- "remote": "https://github.com/metalmatze/slo-libsonnet",
- "subdir": "slo-libsonnet"
+ "local": {
+ "directory": "jsonnet/kube-prometheus"
}
},
- "version": "437c402c5f3ad86c3c16db8471f1649284fef0ee",
- "sum": "2Zcyku1f558VrUpMaJnI78fahDksPLcS1idmxxwcQ7Q="
+ "version": ""
}
- ]
+ ],
+ "legacyImports": false
}
diff --git a/manifests/prometheus-operator-serviceMonitor.yaml b/manifests/prometheus-operator-serviceMonitor.yaml
index be604c37c16e89d36262fc4985fb208f24a6f19e..571f5e25564a1041d492b6d180166f77093d6034 100644
--- a/manifests/prometheus-operator-serviceMonitor.yaml
+++ b/manifests/prometheus-operator-serviceMonitor.yaml
@@ -9,8 +9,12 @@ metadata:
namespace: monitoring
spec:
endpoints:
- - honorLabels: true
- port: http
+ - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ honorLabels: true
+ port: https
+ scheme: https
+ tlsConfig:
+ insecureSkipVerify: true
selector:
matchLabels:
app.kubernetes.io/component: controller
diff --git a/manifests/setup/prometheus-operator-clusterRole.yaml b/manifests/setup/prometheus-operator-clusterRole.yaml
index 4bcb185d1fd1581a3b39ab7b67a00935351ea028..054414f22befde4f88d514699d88dcb676395f52 100644
--- a/manifests/setup/prometheus-operator-clusterRole.yaml
+++ b/manifests/setup/prometheus-operator-clusterRole.yaml
@@ -87,3 +87,15 @@ rules:
- get
- list
- watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml
index c595b0aeb4f4e674b23442ad18e6b44339f8a3de..2aeec68203434374111d7060c5c7feefd2b8031d 100644
--- a/manifests/setup/prometheus-operator-deployment.yaml
+++ b/manifests/setup/prometheus-operator-deployment.yaml
@@ -40,6 +40,18 @@ spec:
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
+ - args:
+ - --logtostderr
+ - --secure-listen-address=:8443
+ - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ - --upstream=http://127.0.0.1:8080/
+ image: quay.io/coreos/kube-rbac-proxy:v0.4.1
+ name: kube-rbac-proxy
+ ports:
+ - containerPort: 8443
+ name: https
+ securityContext:
+ runAsUser: 65534
nodeSelector:
beta.kubernetes.io/os: linux
securityContext:
diff --git a/manifests/setup/prometheus-operator-service.yaml b/manifests/setup/prometheus-operator-service.yaml
index 51f7a06c132427f5974209d39536fd9d54135ea8..fbb448d99f92d6dfb972bd449fa53d590aa9df96 100644
--- a/manifests/setup/prometheus-operator-service.yaml
+++ b/manifests/setup/prometheus-operator-service.yaml
@@ -10,9 +10,9 @@ metadata:
spec:
clusterIP: None
ports:
- - name: http
- port: 8080
- targetPort: http
+ - name: https
+ port: 8443
+ targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/name: prometheus-operator