Skip to content
Snippets Groups Projects
Unverified Commit bed5cc8e authored by paulfantom's avatar paulfantom
Browse files

jsonnet/kube-prometheus: use refactored upstream prometheus-operator library

parent e2c50fa4
Branches
Tags
No related merge requests found
local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet';
local alertmanager = import './alertmanager/alertmanager.libsonnet';
local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet';
local kubeStateMetrics = import './kube-state-metrics/kube-state-metrics.libsonnet';
local nodeExporter = import './node-exporter/node-exporter.libsonnet';
local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet';
local prometheusOperator = import './prometheus-operator/prometheus-operator.libsonnet';
local prometheus = import './prometheus/prometheus.libsonnet';
local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') +
{
alertmanager: alertmanager({
name: $._config.alertmanagerName,
......@@ -47,6 +45,15 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
image: 'directxman12/k8s-prometheus-adapter:v0.8.2',
prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/',
}),
prometheusOperator: prometheusOperator({
namespace: $._config.namespace,
version: '0.45.0',
image: 'quay.io/prometheus-operator/prometheus-operator:v0.45.0',
configReloaderImage: 'quay.io/prometheus-operator/prometheus-config-reloader:v0.45.0',
commonLabels+: {
'app.kubernetes.io/part-of': 'kube-prometheus',
},
}),
mixins+:: monitoringMixins({
namespace: $._config.namespace,
alertmanagerName: $._config.alertmanagerName,
......@@ -76,62 +83,6 @@ local monitoringMixins = import './mixins/monitoring-mixins.libsonnet';
},
},
},
prometheusOperator+::
{
service+: {
spec+: {
ports: [
{
name: 'https',
port: 8443,
targetPort: 'https',
},
],
},
},
serviceMonitor+: {
spec+: {
endpoints: [
{
port: 'https',
scheme: 'https',
honorLabels: true,
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: {
insecureSkipVerify: true,
},
},
],
},
},
clusterRole+: {
rules+: [
{
apiGroups: ['authentication.k8s.io'],
resources: ['tokenreviews'],
verbs: ['create'],
},
{
apiGroups: ['authorization.k8s.io'],
resources: ['subjectaccessreviews'],
verbs: ['create'],
},
],
},
} +
(kubeRbacProxyContainer {
config+:: {
kubeRbacProxy: {
image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
name: 'kube-rbac-proxy',
securePortName: 'https',
securePort: 8443,
secureListenAddress: ':%d' % self.securePort,
upstream: 'http://127.0.0.1:8080/',
tlsCipherSuites: $._config.tlsCipherSuites,
},
},
}).deploymentMixin,
grafana+:: {
local dashboardDefinitions = super.dashboardDefinitions,
......
local krp = (import '../kube-rbac-proxy/container.libsonnet');
local prometheusOperator = import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet';
local defaults = {
local defaults = self,
name: 'prometheus-operator',
namespace: error 'must provide namespace',
version: error 'must provide version',
image: error 'must provide image',
configReloaderImage: error 'must provide config reloader image',
resources: {
limits: { cpu: '200m', memory: '200Mi' },
requests: { cpu: '100m', memory: '100Mi' },
},
commonLabels:: {
'app.kubernetes.io/name': defaults.name,
'app.kubernetes.io/version': defaults.version,
'app.kubernetes.io/component': 'controller',
'app.kubernetes.io/part-of': 'kube-prometheus',
},
selectorLabels:: {
[labelName]: defaults.commonLabels[labelName]
for labelName in std.objectFields(defaults.commonLabels)
if !std.setMember(labelName, ['app.kubernetes.io/version'])
},
};
function(params) {
local po = self,
config:: defaults + params,
// Safety check
assert std.isObject(po.config.resources),
//TODO(paulfantom): it would be better to include it on the same level as self.
local polib = prometheusOperator(po.config),
'0alertmanagerConfigCustomResourceDefinition': polib['0alertmanagerConfigCustomResourceDefinition'],
'0alertmanagerCustomResourceDefinition': polib['0alertmanagerCustomResourceDefinition'],
'0podmonitorCustomResourceDefinition': polib['0podmonitorCustomResourceDefinition'],
'0probeCustomResourceDefinition': polib['0probeCustomResourceDefinition'],
'0prometheusCustomResourceDefinition': polib['0prometheusCustomResourceDefinition'],
'0prometheusruleCustomResourceDefinition': polib['0prometheusruleCustomResourceDefinition'],
'0servicemonitorCustomResourceDefinition': polib['0servicemonitorCustomResourceDefinition'],
'0thanosrulerCustomResourceDefinition': polib['0thanosrulerCustomResourceDefinition'],
serviceAccount: polib.serviceAccount,
service: polib.service {
spec+: {
ports: [
{
name: 'https',
port: 8443,
targetPort: 'https',
},
],
},
},
serviceMonitor: polib.serviceMonitor {
spec+: {
endpoints: [
{
port: 'https',
scheme: 'https',
honorLabels: true,
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
tlsConfig: {
insecureSkipVerify: true,
},
},
],
},
},
clusterRoleBinding: polib.clusterRoleBinding,
clusterRole: polib.clusterRole {
rules+: [
{
apiGroups: ['authentication.k8s.io'],
resources: ['tokenreviews'],
verbs: ['create'],
},
{
apiGroups: ['authorization.k8s.io'],
resources: ['subjectaccessreviews'],
verbs: ['create'],
},
],
},
local kubeRbacProxy = krp({
name: 'kube-rbac-proxy',
upstream: 'http://127.0.0.1:8080/',
secureListenAddress: ':8443',
ports: [
{ name: 'https', containerPort: 8443 },
],
}),
deployment: polib.deployment {
spec+: {
template+: {
spec+: {
containers+: [kubeRbacProxy],
},
},
},
},
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment