From 6f37ddbcf9a29affd133061ab01f924f71c14fb2 Mon Sep 17 00:00:00 2001
From: paulfantom <pawel@krupa.net.pl>
Date: Wed, 18 Mar 2020 13:39:02 +0100
Subject: [PATCH] jsonnet: expose prometheus-operator metrics over secure
channel
---
.../kube-prometheus/kube-prometheus.libsonnet | 57 ++++++++++++++++++-
1 file changed, 56 insertions(+), 1 deletion(-)
diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
index 71715250..92262460 100644
--- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
@@ -50,7 +50,62 @@ local configMapList = k3.core.v1.configMapList;
preserveUnknownFields: null,
}),
},
- },
+ service+: {
+ spec+: {
+ ports: [
+ {
+ name: 'https',
+ port: 8443,
+ targetPort: 'https',
+ },
+ ],
+ },
+ },
+ serviceMonitor+: {
+ spec+: {
+ endpoints: [
+ {
+ port: 'https',
+ scheme: 'https',
+ honorLabels: true,
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ tlsConfig: {
+ insecureSkipVerify: true,
+ },
+ },
+ ]
+ },
+ },
+ clusterRole+: {
+ rules+: [
+ {
+ apiGroups: ['authentication.k8s.io'],
+ resources: ['tokenreviews'],
+ verbs: ['create'],
+ },
+ {
+ apiGroups: ['authorization.k8s.io'],
+ resources: ['subjectaccessreviews'],
+ verbs: ['create'],
+ },
+ ],
+ },
+ } +
+ ((import 'kube-prometheus/kube-rbac-proxy/container.libsonnet') {
+ config+:: {
+ kubeRbacProxy: {
+ local cfg = self,
+ image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
+ name: 'kube-rbac-proxy',
+ securePortName: 'https',
+ securePort: 8443,
+ secureListenAddress: ':%d' % self.securePort,
+ upstream: 'http://127.0.0.1:8080/',
+ tlsCipherSuites: $._config.tlsCipherSuites,
+ },
+ },
+ }).deploymentMixin,
+
grafana+:: {
dashboardDefinitions: configMapList.new(super.dashboardDefinitions),
serviceMonitor: {
--
GitLab