diff --git a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
index 7b017e74eebd630c22af4c6fbe02222feff13ae1..9bc77385f4b6d860abfdd40905e0e05d793c4803 100644
--- a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
@@ -12,82 +12,88 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
},
},
prometheus+:: {
- serviceEtcd:
- local service = k.core.v1.service;
- local servicePort = k.core.v1.service.mixin.spec.portsType;
-
- local etcdServicePort = servicePort.newNamed('metrics', 2379, 2379);
-
- service.new('etcd', null, etcdServicePort) +
- service.mixin.metadata.withNamespace('kube-system') +
- service.mixin.metadata.withLabels({ 'k8s-app': 'etcd' }) +
- service.mixin.spec.withClusterIp('None'),
- endpointsEtcd:
- local endpoints = k.core.v1.endpoints;
- local endpointSubset = endpoints.subsetsType;
- local endpointPort = endpointSubset.portsType;
-
- local etcdPort = endpointPort.new() +
- endpointPort.withName('metrics') +
- endpointPort.withPort(2379) +
- endpointPort.withProtocol('TCP');
-
- local subset = endpointSubset.new() +
- endpointSubset.withAddresses([
- { ip: etcdIP }
- for etcdIP in $._config.etcd.ips
- ]) +
- endpointSubset.withPorts(etcdPort);
-
- endpoints.new() +
- endpoints.mixin.metadata.withName('etcd') +
- endpoints.mixin.metadata.withNamespace('kube-system') +
- endpoints.mixin.metadata.withLabels({ 'k8s-app': 'etcd' }) +
- endpoints.withSubsets(subset),
- serviceMonitorEtcd:
- {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
+ serviceEtcd: {
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: 'etcd',
+ namespace: 'kube-system',
+ labels: { 'k8s-app': 'etcd' },
+ },
+ spec: {
+ ports: [
+ { name: 'metrics', targetPort: 2379, port: 2379 },
+ ],
+ clusterIP: 'None',
+ },
+ },
+ endpointsEtcd: {
+ apiVersion: 'v1',
+ kind: 'Endpoints',
metadata: {
name: 'etcd',
namespace: 'kube-system',
- labels: {
- 'k8s-app': 'etcd',
- },
+ labels: { 'k8s-app': 'etcd' },
},
- spec: {
- jobLabel: 'k8s-app',
- endpoints: [
- {
- port: 'metrics',
- interval: '30s',
- scheme: 'https',
- // Prometheus Operator (and Prometheus) allow us to specify a tlsConfig. This is required as most likely your etcd metrics end points is secure.
- tlsConfig: {
- caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt',
- keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key',
- certFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt',
- [if $._config.etcd.serverName != null then 'serverName']: $._config.etcd.serverName,
- [if $._config.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $._config.etcd.insecureSkipVerify,
- },
- },
+ subsets: [{
+ addresses: [
+ { ip: etcdIP }
+ for etcdIP in $._config.etcd.ips
+ ],
+ ports: [
+ { name: 'metrics', port: 2379, protocol: 'TCP' },
],
- selector: {
- matchLabels: {
- 'k8s-app': 'etcd',
+ }],
+ },
+ serviceMonitorEtcd: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'etcd',
+ namespace: 'kube-system',
+ labels: {
+ 'k8s-app': 'etcd',
+ },
+ },
+ spec: {
+ jobLabel: 'k8s-app',
+ endpoints: [
+ {
+ port: 'metrics',
+ interval: '30s',
+ scheme: 'https',
+ // Prometheus Operator (and Prometheus) allow us to specify a tlsConfig. This is required as most likely your etcd metrics end points is secure.
+ tlsConfig: {
+ caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt',
+ keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key',
+ certFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt',
+ [if $._config.etcd.serverName != null then 'serverName']: $._config.etcd.serverName,
+ [if $._config.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $._config.etcd.insecureSkipVerify,
},
},
+ ],
+ selector: {
+ matchLabels: {
+ 'k8s-app': 'etcd',
+ },
},
},
- secretEtcdCerts:
+ },
+ secretEtcdCerts: {
// Prometheus Operator allows us to mount secrets in the pod. By loading the secrets as files, they can be made available inside the Prometheus pod.
- local secret = k.core.v1.secret;
- secret.new('kube-etcd-client-certs', {
+ apiVersion: 'v1',
+ kind: 'Secret',
+ type: 'Opaque',
+ metadata: {
+ name: 'kube-etcd-client-certs',
+ namespace: $._config.namespace,
+ },
+ data: {
'etcd-client-ca.crt': std.base64($._config.etcd.clientCA),
'etcd-client.key': std.base64($._config.etcd.clientKey),
'etcd-client.crt': std.base64($._config.etcd.clientCert),
- }) +
- secret.mixin.metadata.withNamespace($._config.namespace),
+ },
+ },
prometheus+:
{
// Reference info: https://coreos.com/operators/prometheus/docs/latest/api.html#prometheusspec
diff --git a/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet
index b49e47293182e4433016be863e7845c22bf2d6a4..fbd40200a47c5592783cc75d4eb2a94dbe63b68b 100644
--- a/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus-strip-limits.libsonnet
@@ -23,9 +23,9 @@
template+: {
spec+: {
local addArgs(c) =
- if c.name == 'prometheus-operator'
- then c + {args+: ['--config-reloader-cpu=0']}
- else c,
+ if c.name == 'prometheus-operator'
+ then c { args+: ['--config-reloader-cpu=0'] }
+ else c,
containers: std.map(addArgs, super.containers),
},
},