From 9cf2ce9ffc320b9cf3dd02495b5af3d0e68b21c8 Mon Sep 17 00:00:00 2001
From: paulfantom <pawel@krupa.net.pl>
Date: Wed, 13 Jan 2021 09:53:03 +0100
Subject: [PATCH] jsonnet: create function responsible for prometheus objects
Signed-off-by: paulfantom <pawel@krupa.net.pl>
---
.../kube-prometheus/kube-prometheus.libsonnet | 59 +-
.../prometheus/prometheus.libsonnet | 812 +++++++++---------
2 files changed, 439 insertions(+), 432 deletions(-)
diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
index 58392cc0..d5811aef 100644
--- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
@@ -5,16 +5,15 @@ local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet
local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet';
local nodeExporter = import './node-exporter/node-exporter.libsonnet';
local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet';
+local prometheus = import './prometheus/prometheus.libsonnet';
local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') +
-(import './prometheus/prometheus.libsonnet') +
-
{
alertmanager: alertmanager({
- name: 'main',
+ name: $._config.alertmanagerName,
namespace: $._config.namespace,
version: '0.21.0',
image: 'quay.io/prometheus/alertmanager:v0.21.0',
@@ -34,6 +33,14 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
version: '1.0.1',
image: 'quay.io/prometheus/node-exporter:v1.0.1',
}),
+ prometheus: prometheus({
+ namespace: $._config.namespace,
+ version: '2.24.0',
+ image: 'quay.io/prometheus/prometheus:v2.24.0',
+ name: $._config.prometheusName,
+ alertmanagerName: $._config.alertmanagerName,
+ rules: $.allRules,
+ }),
prometheusAdapter: prometheusAdapter({
namespace: $._config.namespace,
version: '0.8.2',
@@ -42,9 +49,24 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
}),
mixins+:: monitoringMixins({
namespace: $._config.namespace,
- alertmanagerName: 'main',
- prometheusName: 'k8s',
+ alertmanagerName: $._config.alertmanagerName,
+ prometheusName: $._config.prometheusName,
}),
+
+ // FIXME(paulfantom) Remove this variable by moving each mixin to its own component
+ // Example: node_exporter mixin could be added in ./node-exporter/node-exporter.libsonnet
+ allRules::
+ $.mixins.nodeExporter.prometheusRules +
+ $.mixins.kubernetes.prometheusRules +
+ $.mixins.base.prometheusRules +
+ $.mixins.kubeStateMetrics.prometheusAlerts +
+ $.mixins.nodeExporter.prometheusAlerts +
+ $.mixins.alertmanager.prometheusAlerts +
+ $.mixins.prometheusOperator.prometheusAlerts +
+ $.mixins.kubernetes.prometheusAlerts +
+ $.mixins.prometheus.prometheusAlerts +
+ $.mixins.base.prometheusAlerts,
+
kubePrometheus+:: {
namespace: {
apiVersion: 'v1',
@@ -143,6 +165,8 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
} + {
_config+:: {
namespace: 'default',
+ prometheusName: 'k8s',
+ alertmanagerName: 'main',
versions+:: { grafana: '7.3.5', kubeRbacProxy: 'v0.8.0' },
imageRepos+:: { kubeRbacProxy: 'quay.io/brancz/kube-rbac-proxy' },
@@ -187,24 +211,6 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
},
},
- local allRules =
- $.mixins.nodeExporter.prometheusRules +
- $.mixins.kubernetes.prometheusRules +
- $.mixins.base.prometheusRules +
- $.mixins.kubeStateMetrics.prometheusAlerts +
- $.mixins.nodeExporter.prometheusAlerts +
- $.mixins.alertmanager.prometheusAlerts +
- $.mixins.prometheusOperator.prometheusAlerts +
- $.mixins.kubernetes.prometheusAlerts +
- $.mixins.prometheus.prometheusAlerts +
- $.mixins.base.prometheusAlerts,
-
- local allDashboards =
- $.mixins.nodeExporter.grafanaDashboards +
- $.mixins.kubernetes.grafanaDashboards +
- $.mixins.prometheus.grafanaDashboards,
-
- prometheus+:: { rules: allRules },
grafana+:: {
labels: {
'app.kubernetes.io/name': 'grafana',
@@ -212,7 +218,12 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
'app.kubernetes.io/component': 'grafana',
'app.kubernetes.io/part-of': 'kube-prometheus',
},
- dashboards: allDashboards,
+ // FIXME(paulfantom): Same as with rules and alerts.
+ // This should be gathering all dashboards from components without having to enumerate all dashboards.
+ dashboards:
+ $.mixins.nodeExporter.grafanaDashboards +
+ $.mixins.kubernetes.grafanaDashboards +
+ $.mixins.prometheus.grafanaDashboards,
},
},
}
diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
index fc99add3..e1b66923 100644
--- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
@@ -1,488 +1,484 @@
local relabelings = import 'kube-prometheus/dropping-deprecated-metrics-relabelings.libsonnet';
-{
- _config+:: {
- namespace: 'default',
-
- versions+:: { prometheus: 'v2.22.1' },
- imageRepos+:: { prometheus: 'quay.io/prometheus/prometheus' },
- alertmanager+:: { name: 'main' },
+local defaults = {
+ local defaults = self,
+ namespace: error 'must provide namespace',
+ version: error 'must provide version',
+ image: error 'must provide image',
+ resources: {
+ requests: { memory: '400Mi' },
+ },
- prometheus+:: {
- name: 'k8s',
- replicas: 2,
- rules: {},
- namespaces: ['default', 'kube-system', $._config.namespace],
- labels: {
- 'app.kubernetes.io/name': 'prometheus',
- 'app.kubernetes.io/version': $._config.versions.prometheus,
- 'app.kubernetes.io/component': 'prometheus',
- 'app.kubernetes.io/part-of': 'kube-prometheus',
- },
- selectorLabels: {
- [labelName]: $._config.prometheus.labels[labelName]
- for labelName in std.objectFields($._config.prometheus.labels)
- if !std.setMember(labelName, ['app.kubernetes.io/version'])
- },
- },
+ name: error 'must provide name',
+ alertmanagerName: error 'must provide alertmanagerName',
+ namespaces: ['default', 'kube-system', defaults.namespace],
+ replicas: 2,
+ rules: {
+ groups: [],
+ },
+ commonLabels:: {
+ 'app.kubernetes.io/name': 'prometheus',
+ 'app.kubernetes.io/version': defaults.version,
+ 'app.kubernetes.io/component': 'prometheus',
+ 'app.kubernetes.io/part-of': 'kube-prometheus',
},
+ selectorLabels:: {
+ [labelName]: defaults.commonLabels[labelName]
+ for labelName in std.objectFields(defaults.commonLabels)
+ if !std.setMember(labelName, ['app.kubernetes.io/version'])
+ } + { prometheus: defaults.name },
+};
- prometheus+:: {
- local p = self,
- name:: $._config.prometheus.name,
- namespace:: $._config.namespace,
- roleBindingNamespaces:: $._config.prometheus.namespaces,
- replicas:: $._config.prometheus.replicas,
- prometheusRules:: $._config.prometheus.rules,
- alertmanagerName:: $.alertmanager.service.metadata.name,
+function(params) {
+ local p = self,
+ config:: defaults + params,
+ // Safety check
+ assert std.isObject(p.config.resources),
- serviceAccount: {
- apiVersion: 'v1',
- kind: 'ServiceAccount',
- metadata: {
- name: 'prometheus-' + p.name,
- namespace: p.namespace,
- labels: $._config.prometheus.labels,
- },
- },
-
- service: {
- apiVersion: 'v1',
- kind: 'Service',
- metadata: {
- name: 'prometheus-' + p.name,
- namespace: p.namespace,
- labels: { prometheus: p.name } + $._config.prometheus.labels,
- },
- spec: {
- ports: [
- { name: 'web', targetPort: 'web', port: 9090 },
- ],
- selector: { app: 'prometheus', prometheus: p.name } + $._config.prometheus.selectorLabels,
- sessionAffinity: 'ClientIP',
- },
+ serviceAccount: {
+ apiVersion: 'v1',
+ kind: 'ServiceAccount',
+ metadata: {
+ name: 'prometheus-' + p.config.name,
+ namespace: p.config.namespace,
+ labels: p.config.commonLabels,
},
+ },
- rules: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'PrometheusRule',
- metadata: {
- labels: {
- prometheus: p.name,
- role: 'alert-rules',
- } + $._config.prometheus.labels,
- name: 'prometheus-' + p.name + '-rules',
- namespace: p.namespace,
- },
- spec: {
- groups: p.prometheusRules.groups,
- },
+ service: {
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: 'prometheus-' + p.config.name,
+ namespace: p.config.namespace,
+ labels: { prometheus: p.config.name } + p.config.commonLabels,
},
-
- roleBindingSpecificNamespaces:
- local newSpecificRoleBinding(namespace) = {
- apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'RoleBinding',
- metadata: {
- name: 'prometheus-' + p.name,
- namespace: namespace,
- labels: $._config.prometheus.labels,
- },
- roleRef: {
- apiGroup: 'rbac.authorization.k8s.io',
- kind: 'Role',
- name: 'prometheus-' + p.name,
- },
- subjects: [{
- kind: 'ServiceAccount',
- name: 'prometheus-' + p.name,
- namespace: p.namespace,
- }],
- };
- {
- apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'RoleBindingList',
- items: [newSpecificRoleBinding(x) for x in p.roleBindingNamespaces],
- },
-
- clusterRole: {
- apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'ClusterRole',
- metadata: {
- name: 'prometheus-' + p.name,
- labels: $._config.prometheus.labels,
- },
- rules: [
- {
- apiGroups: [''],
- resources: ['nodes/metrics'],
- verbs: ['get'],
- },
- {
- nonResourceURLs: ['/metrics'],
- verbs: ['get'],
- },
+ spec: {
+ ports: [
+ { name: 'web', targetPort: 'web', port: 9090 },
],
+ selector: { app: 'prometheus' } + p.config.selectorLabels,
+ sessionAffinity: 'ClientIP',
},
+ },
- roleConfig: {
- apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'Role',
- metadata: {
- name: 'prometheus-' + p.name + '-config',
- namespace: p.namespace,
- labels: $._config.prometheus.labels,
- },
- rules: [{
- apiGroups: [''],
- resources: ['configmaps'],
- verbs: ['get'],
- }],
+ rules: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'PrometheusRule',
+ metadata: {
+ labels: {
+ prometheus: p.config.name,
+ role: 'alert-rules',
+ } + p.config.commonLabels,
+ name: 'prometheus-' + p.config.name + '-rules',
+ namespace: p.config.namespace,
+ },
+ spec: {
+ groups: p.config.rules.groups,
},
+ },
- roleBindingConfig: {
+ roleBindingSpecificNamespaces:
+ local newSpecificRoleBinding(namespace) = {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
- name: 'prometheus-' + p.name + '-config',
- namespace: p.namespace,
- labels: $._config.prometheus.labels,
+ name: 'prometheus-' + p.config.name,
+ namespace: namespace,
+ labels: p.config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
- name: 'prometheus-' + p.name + '-config',
+ name: 'prometheus-' + p.config.name,
},
subjects: [{
kind: 'ServiceAccount',
- name: 'prometheus-' + p.name,
- namespace: p.namespace,
+ name: 'prometheus-' + p.config.name,
+ namespace: p.config.namespace,
}],
+ };
+ {
+ apiVersion: 'rbac.authorization.k8s.io/v1',
+ kind: 'RoleBindingList',
+ items: [newSpecificRoleBinding(x) for x in p.config.namespaces],
},
- clusterRoleBinding: {
- apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'ClusterRoleBinding',
- metadata: {
- name: 'prometheus-' + p.name,
- labels: $._config.prometheus.labels,
+ clusterRole: {
+ apiVersion: 'rbac.authorization.k8s.io/v1',
+ kind: 'ClusterRole',
+ metadata: {
+ name: 'prometheus-' + p.config.name,
+ labels: p.config.commonLabels,
+ },
+ rules: [
+ {
+ apiGroups: [''],
+ resources: ['nodes/metrics'],
+ verbs: ['get'],
},
- roleRef: {
- apiGroup: 'rbac.authorization.k8s.io',
- kind: 'ClusterRole',
- name: 'prometheus-' + p.name,
+ {
+ nonResourceURLs: ['/metrics'],
+ verbs: ['get'],
},
- subjects: [{
- kind: 'ServiceAccount',
- name: 'prometheus-' + p.name,
- namespace: p.namespace,
- }],
+ ],
+ },
+
+ roleConfig: {
+ apiVersion: 'rbac.authorization.k8s.io/v1',
+ kind: 'Role',
+ metadata: {
+ name: 'prometheus-' + p.config.name + '-config',
+ namespace: p.config.namespace,
+ labels: p.config.commonLabels,
},
+ rules: [{
+ apiGroups: [''],
+ resources: ['configmaps'],
+ verbs: ['get'],
+ }],
+ },
- roleSpecificNamespaces:
- local newSpecificRole(namespace) = {
- apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'Role',
- metadata: {
- name: 'prometheus-' + p.name,
- namespace: namespace,
- labels: $._config.prometheus.labels,
- },
- rules: [
- {
- apiGroups: [''],
- resources: ['services', 'endpoints', 'pods'],
- verbs: ['get', 'list', 'watch'],
- },
- {
- apiGroups: ['extensions'],
- resources: ['ingresses'],
- verbs: ['get', 'list', 'watch'],
- },
- ],
- };
- {
- apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'RoleList',
- items: [newSpecificRole(x) for x in p.roleBindingNamespaces],
- },
+ roleBindingConfig: {
+ apiVersion: 'rbac.authorization.k8s.io/v1',
+ kind: 'RoleBinding',
+ metadata: {
+ name: 'prometheus-' + p.config.name + '-config',
+ namespace: p.config.namespace,
+ labels: p.config.commonLabels,
+ },
+ roleRef: {
+ apiGroup: 'rbac.authorization.k8s.io',
+ kind: 'Role',
+ name: 'prometheus-' + p.config.name + '-config',
+ },
+ subjects: [{
+ kind: 'ServiceAccount',
+ name: 'prometheus-' + p.config.name,
+ namespace: p.config.namespace,
+ }],
+ },
- prometheus: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'Prometheus',
+ clusterRoleBinding: {
+ apiVersion: 'rbac.authorization.k8s.io/v1',
+ kind: 'ClusterRoleBinding',
+ metadata: {
+ name: 'prometheus-' + p.config.name,
+ labels: p.config.commonLabels,
+ },
+ roleRef: {
+ apiGroup: 'rbac.authorization.k8s.io',
+ kind: 'ClusterRole',
+ name: 'prometheus-' + p.config.name,
+ },
+ subjects: [{
+ kind: 'ServiceAccount',
+ name: 'prometheus-' + p.config.name,
+ namespace: p.config.namespace,
+ }],
+ },
+
+ roleSpecificNamespaces:
+ local newSpecificRole(namespace) = {
+ apiVersion: 'rbac.authorization.k8s.io/v1',
+ kind: 'Role',
metadata: {
- name: p.name,
- namespace: p.namespace,
- labels: { prometheus: p.name } + $._config.prometheus.labels,
+ name: 'prometheus-' + p.config.name,
+ namespace: namespace,
+ labels: p.config.commonLabels,
},
- spec: {
- replicas: p.replicas,
- version: $._config.versions.prometheus,
- image: $._config.imageRepos.prometheus + ':' + $._config.versions.prometheus,
- podMetadata: {
- labels: $._config.prometheus.labels,
- },
- serviceAccountName: 'prometheus-' + p.name,
- serviceMonitorSelector: {},
- podMonitorSelector: {},
- probeSelector: {},
- serviceMonitorNamespaceSelector: {},
- podMonitorNamespaceSelector: {},
- probeNamespaceSelector: {},
- nodeSelector: { 'kubernetes.io/os': 'linux' },
- ruleSelector: {
- matchLabels: {
- role: 'alert-rules',
- prometheus: p.name,
- },
- },
- resources: {
- requests: { memory: '400Mi' },
- },
- alerting: {
- alertmanagers: [{
- namespace: p.namespace,
- name: p.alertmanagerName,
- port: 'web',
- }],
+ rules: [
+ {
+ apiGroups: [''],
+ resources: ['services', 'endpoints', 'pods'],
+ verbs: ['get', 'list', 'watch'],
},
- securityContext: {
- runAsUser: 1000,
- runAsNonRoot: true,
- fsGroup: 2000,
+ {
+ apiGroups: ['extensions'],
+ resources: ['ingresses'],
+ verbs: ['get', 'list', 'watch'],
},
- },
+ ],
+ };
+ {
+ apiVersion: 'rbac.authorization.k8s.io/v1',
+ kind: 'RoleList',
+ items: [newSpecificRole(x) for x in p.config.namespaces],
},
- serviceMonitor: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'prometheus',
- namespace: p.namespace,
- labels: $._config.prometheus.labels,
+ prometheus: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'Prometheus',
+ metadata: {
+ name: p.config.name,
+ namespace: p.config.namespace,
+ labels: { prometheus: p.config.name } + p.config.commonLabels,
+ },
+ spec: {
+ replicas: p.config.replicas,
+ version: p.config.version,
+ image: p.config.image,
+ podMetadata: {
+ labels: p.config.commonLabels,
},
- spec: {
- selector: {
- matchLabels: { prometheus: p.name } + $._config.prometheus.selectorLabels,
+ serviceAccountName: 'prometheus-' + p.config.name,
+ serviceMonitorSelector: {},
+ podMonitorSelector: {},
+ probeSelector: {},
+ serviceMonitorNamespaceSelector: {},
+ podMonitorNamespaceSelector: {},
+ probeNamespaceSelector: {},
+ nodeSelector: { 'kubernetes.io/os': 'linux' },
+ ruleSelector: {
+ matchLabels: {
+ role: 'alert-rules',
+ prometheus: p.config.name,
},
- endpoints: [{
+ },
+ resources: p.config.resources,
+ alerting: {
+ alertmanagers: [{
+ namespace: p.config.namespace,
+ name: 'alertmanager-' + p.config.alertmanagerName,
port: 'web',
- interval: '30s',
}],
},
+ securityContext: {
+ runAsUser: 1000,
+ runAsNonRoot: true,
+ fsGroup: 2000,
+ },
},
+ },
- serviceMonitorKubeScheduler: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'kube-scheduler',
- namespace: p.namespace,
- labels: { 'app.kubernetes.io/name': 'kube-scheduler' },
- },
- spec: {
- jobLabel: 'app.kubernetes.io/name',
- endpoints: [{
- port: 'https-metrics',
- interval: '30s',
- scheme: 'https',
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- tlsConfig: { insecureSkipVerify: true },
- }],
- selector: {
- matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' },
- },
- namespaceSelector: {
- matchNames: ['kube-system'],
- },
+ serviceMonitor: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'prometheus',
+ namespace: p.config.namespace,
+ labels: p.config.commonLabels,
+ },
+ spec: {
+ selector: {
+ matchLabels: p.config.selectorLabels,
},
+ endpoints: [{
+ port: 'web',
+ interval: '30s',
+ }],
},
+ },
- serviceMonitorKubelet: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'kubelet',
- namespace: p.namespace,
- labels: { 'app.kubernetes.io/name': 'kubelet' },
+ serviceMonitorKubeScheduler: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'kube-scheduler',
+ namespace: p.config.namespace,
+ labels: { 'app.kubernetes.io/name': 'kube-scheduler' },
+ },
+ spec: {
+ jobLabel: 'app.kubernetes.io/name',
+ endpoints: [{
+ port: 'https-metrics',
+ interval: '30s',
+ scheme: 'https',
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ tlsConfig: { insecureSkipVerify: true },
+ }],
+ selector: {
+ matchLabels: { 'app.kubernetes.io/name': 'kube-scheduler' },
},
- spec: {
- jobLabel: 'k8s-app',
- endpoints: [
- {
- port: 'https-metrics',
- scheme: 'https',
- interval: '30s',
- honorLabels: true,
- tlsConfig: { insecureSkipVerify: true },
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- metricRelabelings: relabelings,
- relabelings: [{
- sourceLabels: ['__metrics_path__'],
- targetLabel: 'metrics_path',
- }],
- },
- {
- port: 'https-metrics',
- scheme: 'https',
- path: '/metrics/cadvisor',
- interval: '30s',
- honorLabels: true,
- honorTimestamps: false,
- tlsConfig: {
- insecureSkipVerify: true,
- },
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- relabelings: [{
- sourceLabels: ['__metrics_path__'],
- targetLabel: 'metrics_path',
- }],
- metricRelabelings: [
- // Drop a bunch of metrics which are disabled but still sent, see
- // https://github.com/google/cadvisor/issues/1925.
- {
- sourceLabels: ['__name__'],
- regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)',
- action: 'drop',
- },
- ],
- },
- {
- port: 'https-metrics',
- scheme: 'https',
- path: '/metrics/probes',
- interval: '30s',
- honorLabels: true,
- tlsConfig: { insecureSkipVerify: true },
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- relabelings: [{
- sourceLabels: ['__metrics_path__'],
- targetLabel: 'metrics_path',
- }],
- },
- ],
- selector: {
- matchLabels: { 'k8s-app': 'kubelet' },
- },
- namespaceSelector: {
- matchNames: ['kube-system'],
- },
+ namespaceSelector: {
+ matchNames: ['kube-system'],
},
},
+ },
- serviceMonitorKubeControllerManager: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'kube-controller-manager',
- namespace: p.namespace,
- labels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
- },
- spec: {
- jobLabel: 'app.kubernetes.io/name',
- endpoints: [{
+ serviceMonitorKubelet: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'kubelet',
+ namespace: p.config.namespace,
+ labels: { 'app.kubernetes.io/name': 'kubelet' },
+ },
+ spec: {
+ jobLabel: 'k8s-app',
+ endpoints: [
+ {
port: 'https-metrics',
- interval: '30s',
scheme: 'https',
+ interval: '30s',
+ honorLabels: true,
+ tlsConfig: { insecureSkipVerify: true },
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ metricRelabelings: relabelings,
+ relabelings: [{
+ sourceLabels: ['__metrics_path__'],
+ targetLabel: 'metrics_path',
+ }],
+ },
+ {
+ port: 'https-metrics',
+ scheme: 'https',
+ path: '/metrics/cadvisor',
+ interval: '30s',
+ honorLabels: true,
+ honorTimestamps: false,
tlsConfig: {
insecureSkipVerify: true,
},
- metricRelabelings: relabelings + [
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ relabelings: [{
+ sourceLabels: ['__metrics_path__'],
+ targetLabel: 'metrics_path',
+ }],
+ metricRelabelings: [
+ // Drop a bunch of metrics which are disabled but still sent, see
+ // https://github.com/google/cadvisor/issues/1925.
{
sourceLabels: ['__name__'],
- regex: 'etcd_(debugging|disk|request|server).*',
+ regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)',
action: 'drop',
},
],
- }],
- selector: {
- matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
},
- namespaceSelector: {
- matchNames: ['kube-system'],
+ {
+ port: 'https-metrics',
+ scheme: 'https',
+ path: '/metrics/probes',
+ interval: '30s',
+ honorLabels: true,
+ tlsConfig: { insecureSkipVerify: true },
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ relabelings: [{
+ sourceLabels: ['__metrics_path__'],
+ targetLabel: 'metrics_path',
+ }],
},
+ ],
+ selector: {
+ matchLabels: { 'k8s-app': 'kubelet' },
+ },
+ namespaceSelector: {
+ matchNames: ['kube-system'],
},
},
+ },
- serviceMonitorApiserver: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'kube-apiserver',
- namespace: p.namespace,
- labels: { 'app.kubernetes.io/name': 'apiserver' },
- },
- spec: {
- jobLabel: 'component',
- selector: {
- matchLabels: {
- component: 'apiserver',
- provider: 'kubernetes',
- },
- },
- namespaceSelector: {
- matchNames: ['default'],
+ serviceMonitorKubeControllerManager: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'kube-controller-manager',
+ namespace: p.config.namespace,
+ labels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
+ },
+ spec: {
+ jobLabel: 'app.kubernetes.io/name',
+ endpoints: [{
+ port: 'https-metrics',
+ interval: '30s',
+ scheme: 'https',
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ tlsConfig: {
+ insecureSkipVerify: true,
},
- endpoints: [{
- port: 'https',
- interval: '30s',
- scheme: 'https',
- tlsConfig: {
- caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
- serverName: 'kubernetes',
+ metricRelabelings: relabelings + [
+ {
+ sourceLabels: ['__name__'],
+ regex: 'etcd_(debugging|disk|request|server).*',
+ action: 'drop',
},
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- metricRelabelings: relabelings + [
- {
- sourceLabels: ['__name__'],
- regex: 'etcd_(debugging|disk|server).*',
- action: 'drop',
- },
- {
- sourceLabels: ['__name__'],
- regex: 'apiserver_admission_controller_admission_latencies_seconds_.*',
- action: 'drop',
- },
- {
- sourceLabels: ['__name__'],
- regex: 'apiserver_admission_step_admission_latencies_seconds_.*',
- action: 'drop',
- },
- {
- sourceLabels: ['__name__', 'le'],
- regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)',
- action: 'drop',
- },
- ],
- }],
+ ],
+ }],
+ selector: {
+ matchLabels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
+ },
+ namespaceSelector: {
+ matchNames: ['kube-system'],
},
},
+ },
- serviceMonitorCoreDNS: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'coredns',
- namespace: p.namespace,
- labels: { 'app.kubernetes.io/name': 'coredns' },
- },
- spec: {
- jobLabel: 'app.kubernetes.io/name',
- selector: {
- matchLabels: { 'app.kubernetes.io/name': 'kube-dns' },
+ serviceMonitorApiserver: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'kube-apiserver',
+ namespace: p.config.namespace,
+ labels: { 'app.kubernetes.io/name': 'apiserver' },
+ },
+ spec: {
+ jobLabel: 'component',
+ selector: {
+ matchLabels: {
+ component: 'apiserver',
+ provider: 'kubernetes',
},
- namespaceSelector: {
- matchNames: ['kube-system'],
+ },
+ namespaceSelector: {
+ matchNames: ['default'],
+ },
+ endpoints: [{
+ port: 'https',
+ interval: '30s',
+ scheme: 'https',
+ tlsConfig: {
+ caFile: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
+ serverName: 'kubernetes',
},
- endpoints: [{
- port: 'metrics',
- interval: '15s',
- bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
- }],
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ metricRelabelings: relabelings + [
+ {
+ sourceLabels: ['__name__'],
+ regex: 'etcd_(debugging|disk|server).*',
+ action: 'drop',
+ },
+ {
+ sourceLabels: ['__name__'],
+ regex: 'apiserver_admission_controller_admission_latencies_seconds_.*',
+ action: 'drop',
+ },
+ {
+ sourceLabels: ['__name__'],
+ regex: 'apiserver_admission_step_admission_latencies_seconds_.*',
+ action: 'drop',
+ },
+ {
+ sourceLabels: ['__name__', 'le'],
+ regex: 'apiserver_request_duration_seconds_bucket;(0.15|0.25|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2.5|3|3.5|4.5|6|7|8|9|15|25|30|50)',
+ action: 'drop',
+ },
+ ],
+ }],
+ },
+ },
+
+ serviceMonitorCoreDNS: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'coredns',
+ namespace: p.config.namespace,
+ labels: { 'app.kubernetes.io/name': 'coredns' },
+ },
+ spec: {
+ jobLabel: 'app.kubernetes.io/name',
+ selector: {
+ matchLabels: { 'app.kubernetes.io/name': 'kube-dns' },
+ },
+ namespaceSelector: {
+ matchNames: ['kube-system'],
},
+ endpoints: [{
+ port: 'metrics',
+ interval: '15s',
+ bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+ }],
},
},
}
--
GitLab