From 2e73de0106b16d47970e89436bbb6703943a2360 Mon Sep 17 00:00:00 2001
From: Lili Cosic <cosiclili@gmail.com>
Date: Mon, 2 Mar 2020 14:39:01 +0100
Subject: [PATCH] manifests: Regenerate kube-state-metrics files
---
manifests/kube-state-metrics-deployment.yaml | 33 +++++++++++++++----
manifests/kube-state-metrics-service.yaml | 12 +++----
.../kube-state-metrics-serviceMonitor.yaml | 19 +++++++----
3 files changed, 46 insertions(+), 18 deletions(-)
diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml
index 7477545e..7c0398b6 100644
--- a/manifests/kube-state-metrics-deployment.yaml
+++ b/manifests/kube-state-metrics-deployment.yaml
@@ -18,7 +18,12 @@ spec:
app.kubernetes.io/version: v1.9.4
spec:
containers:
- - image: quay.io/coreos/kube-state-metrics:v1.9.4
+ - args:
+ - --host=127.0.0.1
+ - --port=8081
+ - --telemetry-host=127.0.0.1
+ - --telemetry-port=8082
+ image: quay.io/coreos/kube-state-metrics:v1.9.4
livenessProbe:
httpGet:
path: /healthz
@@ -26,11 +31,7 @@ spec:
initialDelaySeconds: 5
timeoutSeconds: 5
name: kube-state-metrics
- ports:
- - containerPort: 8080
- name: http-metrics
- - containerPort: 8081
- name: telemetry
+ ports: null
readinessProbe:
httpGet:
path: /
@@ -39,6 +40,26 @@ spec:
timeoutSeconds: 5
securityContext:
runAsUser: 65534
+ - args:
+ - --logtostderr
+ - --secure-listen-address=:8443
+ - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ - --upstream=http://127.0.0.1:8081/
+ image: quay.io/coreos/kube-rbac-proxy:v0.4.1
+ name: kube-rbac-proxy-main
+ ports:
+ - containerPort: 8443
+ name: https-main
+ - args:
+ - --logtostderr
+ - --secure-listen-address=:9443
+ - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ - --upstream=http://127.0.0.1:8082/
+ image: quay.io/coreos/kube-rbac-proxy:v0.4.1
+ name: kube-rbac-proxy-self
+ ports:
+ - containerPort: 9443
+ name: https-self
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics
diff --git a/manifests/kube-state-metrics-service.yaml b/manifests/kube-state-metrics-service.yaml
index fd4b655c..842e3293 100644
--- a/manifests/kube-state-metrics-service.yaml
+++ b/manifests/kube-state-metrics-service.yaml
@@ -9,11 +9,11 @@ metadata:
spec:
clusterIP: None
ports:
- - name: http-metrics
- port: 8080
- targetPort: http-metrics
- - name: telemetry
- port: 8081
- targetPort: telemetry
+ - name: https-main
+ port: 8443
+ targetPort: https-main
+ - name: https-self
+ port: 9443
+ targetPort: https-self
selector:
app.kubernetes.io/name: kube-state-metrics
diff --git a/manifests/kube-state-metrics-serviceMonitor.yaml b/manifests/kube-state-metrics-serviceMonitor.yaml
index b396ddcd..afb96734 100644
--- a/manifests/kube-state-metrics-serviceMonitor.yaml
+++ b/manifests/kube-state-metrics-serviceMonitor.yaml
@@ -3,22 +3,29 @@ kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: kube-state-metrics
- app.kubernetes.io/version: v1.9.4
+ app.kubernetes.io/version: 1.9.4
name: kube-state-metrics
namespace: monitoring
spec:
endpoints:
- - honorLabels: true
+ - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ honorLabels: true
interval: 30s
- port: http-metrics
+ port: https-main
relabelings:
- action: labeldrop
regex: (pod|service|endpoint|namespace)
+ scheme: https
scrapeTimeout: 30s
- - interval: 30s
- port: telemetry
+ tlsConfig:
+ insecureSkipVerify: true
+ - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+ interval: 30s
+ port: https-self
+ scheme: https
+ tlsConfig:
+ insecureSkipVerify: true
jobLabel: app.kubernetes.io/name
selector:
matchLabels:
app.kubernetes.io/name: kube-state-metrics
- app.kubernetes.io/version: v1.9.4
--
GitLab