From e1625fecba5ea9e989442482c79a3ab3d41e1240 Mon Sep 17 00:00:00 2001
From: Fabian Reinartz <fab.reinartz@gmail.com>
Date: Wed, 19 Oct 2016 17:58:43 +0200
Subject: [PATCH] Manifests for Kubernetes Prometheus

The Prometheus server monitoring Kubernetes should be default cover:
- node exporter
- kubelets
- kube-state-metrics
- apiservers

The version in this commit still has certificate issues with the API
server in minikube. Kubelet scraping likely only works in minikube as it
doesn't seem to use https.
---
 manifests/prometheus/prometheus-k8s-cm.yaml  | 55 ++++++++++++++++++++
 manifests/prometheus/prometheus-k8s-svc.yaml | 14 +++++
 manifests/prometheus/prometheus-k8s.yaml     |  7 +++
 3 files changed, 76 insertions(+)
 create mode 100644 manifests/prometheus/prometheus-k8s-cm.yaml
 create mode 100644 manifests/prometheus/prometheus-k8s-svc.yaml
 create mode 100644 manifests/prometheus/prometheus-k8s.yaml

diff --git a/manifests/prometheus/prometheus-k8s-cm.yaml b/manifests/prometheus/prometheus-k8s-cm.yaml
new file mode 100644
index 00000000..b7616cfe
--- /dev/null
+++ b/manifests/prometheus/prometheus-k8s-cm.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prometheus-k8s
+data:
+  prometheus.yaml: |
+    global:
+      evaluation_interval: 30s
+
+    # Add your etcd scrape config here. We cannot default here as etcd is a
+    # prerequisite for Kubernetes.
+    # TODO(fabxc): potentially make this configurable via KPM in the future.
+
+    scrape_configs:
+    - job_name: kubelets
+      scrape_interval: 20s
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+
+      kubernetes_sd_configs:
+      - role: node
+
+      relabel_configs:
+      - source_labels: [__address__]
+        regex: (.*):10250
+        replacement: ${1}:10255
+        target_label: __address__
+    
+    # Scrapes the endpoint lists for the Kubernetes API server, kube-state-metrics,
+    # and node-exporter, which we all consider part of a default setup.
+    - job_name: standard-endpoints
+      scrape_interval: 20s
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+
+      kubernetes_sd_configs:
+      - role: endpoints
+
+      relabel_configs:
+      - action: keep
+        source_labels: [__meta_kubernetes_service_name]
+        regex: kubernetes|node-exporter|kube-state-metrics
+      - action: replace
+        source_labels: [__meta_kubernetes_namespace]
+        target_label: namespace
+      - action: replace
+        source_labels: [__meta_kubernetes_service_name]
+        target_label: job
+      - action: replace
+        source_labels: [__meta_kubernetes_service_name]
+        regex: kubernetes
+        target_label: __scheme__
+        replacement: https
diff --git a/manifests/prometheus/prometheus-k8s-svc.yaml b/manifests/prometheus/prometheus-k8s-svc.yaml
new file mode 100644
index 00000000..c5d79d02
--- /dev/null
+++ b/manifests/prometheus/prometheus-k8s-svc.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: prometheus-k8s
+spec:
+  type: NodePort
+  ports:
+  - name: web
+    nodePort: 30900
+    port: 9090
+    protocol: TCP
+    targetPort: web
+  selector:
+    prometheus.coreos.com: prometheus-k8s
diff --git a/manifests/prometheus/prometheus-k8s.yaml b/manifests/prometheus/prometheus-k8s.yaml
new file mode 100644
index 00000000..68a5395c
--- /dev/null
+++ b/manifests/prometheus/prometheus-k8s.yaml
@@ -0,0 +1,7 @@
+apiVersion: prometheus.coreos.com/v1alpha1
+kind: Prometheus
+metadata:
+  name: prometheus-k8s
+  labels:
+    prometheus: k8s
+spec: {}
-- 
GitLab