easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1471 from paulfantom/metadata-management

Browse Source 
jsonnet: unify metadata management
This commit is contained in:
Paweł Krupa
2021-11-02 09:39:48 +01:00
committed by GitHub
parent 151032c8d4 25d8bb00dc
commit 33b58ae643
28 changed files with 206 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
jsonnet/kube-prometheus/components/alertmanager.libsonnet
View File

@@ -77,6 +77,11 @@ function(params) {
// Safety check
assert std.isObject(am._config.resources),
assert std.isObject(am._config.mixin._config),
_metadata:: {
name: 'alertmanager-' + am._config.name,
namespace: am._config.namespace,
labels: am._config.commonLabels,
},
mixin:: (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') +
(import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') {
@@ -86,10 +91,9 @@ function(params) {
prometheusRule: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: am._config.commonLabels + am._config.mixin.ruleLabels,
name: 'alertmanager-' + am._config.name + '-rules',
namespace: am._config.namespace,
metadata: am._metadata {
labels+: am._config.mixin.ruleLabels,
name: am._metadata.name + '-rules',
},
spec: {
local r = if std.objectHasAll(am.mixin, 'prometheusRules') then am.mixin.prometheusRules.groups else [],
@@ -102,10 +106,8 @@ function(params) {
apiVersion: 'v1',
kind: 'Secret',
type: 'Opaque',
metadata: {
name: 'alertmanager-' + am._config.name,
namespace: am._config.namespace,
labels: { alertmanager: am._config.name } + am._config.commonLabels,
metadata: am._metadata {
labels+: { alertmanager: am._config.name },
},
stringData: {
'alertmanager.yaml': if std.type(am._config.config) == 'object'
@@ -119,29 +121,25 @@ function(params) {
serviceAccount: {
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
name: 'alertmanager-' + am._config.name,
namespace: am._config.namespace,
labels: { alertmanager: am._config.name } + am._config.commonLabels,
metadata: am._metadata {
labels+: { alertmanager: am._config.name },
},
},
service: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: 'alertmanager-' + am._config.name,
namespace: am._config.namespace,
labels: { alertmanager: am._config.name } + am._config.commonLabels,
metadata: am._metadata {
labels+: { alertmanager: am._config.name },
},
spec: {
ports: [
{ name: 'web', targetPort: 'web', port: 9093 },
{ name: 'reloader-web', port: am._config.reloaderPort, targetPort: 'reloader-web' },
],
selector: {
selector: am._config.selectorLabels {
alertmanager: am._config.name,
} + am._config.selectorLabels,
},
sessionAffinity: 'ClientIP',
},
},
@@ -149,16 +147,12 @@ function(params) {
serviceMonitor: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'alertmanager',
namespace: am._config.namespace,
labels: am._config.commonLabels,
},
metadata: am._metadata,
spec: {
selector: {
matchLabels: {
matchLabels: am._config.selectorLabels {
alertmanager: am._config.name,
} + am._config.selectorLabels,
},
},
endpoints: [
{ port: 'web', interval: '30s' },
@@ -170,17 +164,13 @@ function(params) {
[if (defaults + params).replicas > 1 then 'podDisruptionBudget']: {
apiVersion: 'policy/v1',
kind: 'PodDisruptionBudget',
metadata: {
name: 'alertmanager-' + am._config.name,
namespace: am._config.namespace,
labels: am._config.commonLabels,
},
metadata: am._metadata,
spec: {
maxUnavailable: 1,
selector: {
matchLabels: {
matchLabels: am._config.selectorLabels {
alertmanager: am._config.name,
} + am._config.selectorLabels,
},
},
},
},
@@ -188,23 +178,22 @@ function(params) {
alertmanager: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'Alertmanager',
metadata: {
metadata: am._metadata {
name: am._config.name,
namespace: am._config.namespace,
labels: {
labels+: {
alertmanager: am._config.name,
} + am._config.commonLabels,
},
},
spec: {
replicas: am._config.replicas,
version: am._config.version,
image: am._config.image,
podMetadata: {
labels: am._config.commonLabels,
labels: am.alertmanager.metadata.labels,
},
resources: am._config.resources,
nodeSelector: { 'kubernetes.io/os': 'linux' },
serviceAccountName: 'alertmanager-' + am._config.name,
serviceAccountName: am.serviceAccount.metadata.name,
securityContext: {
runAsUser: 1000,
runAsNonRoot: true,

73
jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet
View File

@@ -92,14 +92,17 @@ function(params) {
_config:: defaults + params,
// Safety check
assert std.isObject(bb._config.resources),
_metadata:: {
name: 'blackbox-exporter',
namespace: bb._config.namespace,
labels: bb._config.commonLabels,
},
configuration: {
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
metadata: bb._metadata {
name: 'blackbox-exporter-configuration',
namespace: bb._config.namespace,
labels: bb._config.commonLabels,
},
data: {
'config.yml': std.manifestYamlDoc({ modules: bb._config.modules }),
@@ -109,10 +112,7 @@ function(params) {
serviceAccount: {
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
name: 'blackbox-exporter',
namespace: bb._config.namespace,
},
metadata: bb._metadata,
},
clusterRole: {
@@ -138,9 +138,7 @@ function(params) {
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
metadata: {
name: 'blackbox-exporter',
},
metadata: bb._metadata,
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
@@ -212,14 +210,12 @@ function(params) {
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
name: 'blackbox-exporter',
namespace: bb._config.namespace,
labels: bb._config.commonLabels,
},
metadata: bb._metadata,
spec: {
replicas: bb._config.replicas,
selector: { matchLabels: bb._config.selectorLabels },
selector: {
matchLabels: bb._config.selectorLabels,
},
template: {
metadata: {
labels: bb._config.commonLabels,
@@ -243,11 +239,7 @@ function(params) {
service: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: 'blackbox-exporter',
namespace: bb._config.namespace,
labels: bb._config.commonLabels,
},
metadata: bb._metadata,
spec: {
ports: [{
name: 'https',
@@ -262,29 +254,24 @@ function(params) {
},
},
serviceMonitor:
{
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'blackbox-exporter',
namespace: bb._config.namespace,
labels: bb._config.commonLabels,
},
spec: {
endpoints: [{
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
interval: '30s',
path: '/metrics',
port: 'https',
scheme: 'https',
tlsConfig: {
insecureSkipVerify: true,
},
}],
selector: {
matchLabels: bb._config.selectorLabels,
serviceMonitor: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: bb._metadata,
spec: {
endpoints: [{
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
interval: '30s',
path: '/metrics',
port: 'https',
scheme: 'https',
tlsConfig: {
insecureSkipVerify: true,
},
}],
selector: {
matchLabels: bb._config.selectorLabels,
},
},
},
}

11
jsonnet/kube-prometheus/components/grafana.libsonnet
View File

@@ -32,15 +32,16 @@ function(params)
kubernetesGrafana(config) {
local g = self,
_config+:: config,
_metadata:: {
name: 'grafana',
namespace: g._config.namespace,
labels: g._config.commonLabels,
},
serviceMonitor: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'grafana',
namespace: g._config.namespace,
labels: g._config.commonLabels,
},
metadata: g._metadata,
spec: {
selector: {
matchLabels: {

41
jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet
View File

@@ -28,6 +28,10 @@ local defaults = {
function(params) {
local k8s = self,
_config:: defaults + params,
_metadata:: {
labels: k8s._config.commonLabels,
namespace: k8s._config.namespace,
},
mixin:: (import 'github.com/kubernetes-monitoring/kubernetes-mixin/mixin.libsonnet') {
_config+:: k8s._config.mixin._config,
@@ -36,10 +40,9 @@ function(params) {
prometheusRule: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: k8s._config.commonLabels + k8s._config.mixin.ruleLabels,
metadata: k8s._metadata {
name: 'kubernetes-monitoring-rules',
namespace: k8s._config.namespace,
labels+: k8s._config.mixin.ruleLabels,
},
spec: {
local r = if std.objectHasAll(k8s.mixin, 'prometheusRules') then k8s.mixin.prometheusRules.groups else {},
@@ -51,10 +54,9 @@ function(params) {
serviceMonitorKubeScheduler: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
metadata: k8s._metadata {
name: 'kube-scheduler',
namespace: k8s._config.namespace,
labels: { 'app.kubernetes.io/name': 'kube-scheduler' },
labels+: { 'app.kubernetes.io/name': 'kube-scheduler' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
@@ -77,10 +79,9 @@ function(params) {
serviceMonitorKubelet: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
metadata: k8s._metadata {
name: 'kubelet',
namespace: k8s._config.namespace,
labels: { 'app.kubernetes.io/name': 'kubelet' },
labels+: { 'app.kubernetes.io/name': 'kubelet' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
@@ -172,10 +173,9 @@ function(params) {
serviceMonitorKubeControllerManager: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
metadata: k8s._metadata {
name: 'kube-controller-manager',
namespace: k8s._config.namespace,
labels: { 'app.kubernetes.io/name': 'kube-controller-manager' },
labels+: { 'app.kubernetes.io/name': 'kube-controller-manager' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',
@@ -207,10 +207,9 @@ function(params) {
serviceMonitorApiserver: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
metadata: k8s._metadata {
name: 'kube-apiserver',
namespace: k8s._config.namespace,
labels: { 'app.kubernetes.io/name': 'apiserver' },
labels+: { 'app.kubernetes.io/name': 'apiserver' },
},
spec: {
jobLabel: 'component',
@@ -261,12 +260,9 @@ function(params) {
[if (defaults + params).kubeProxy then 'podMonitorKubeProxy']: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PodMonitor',
metadata: {
labels: {
'k8s-app': 'kube-proxy',
},
metadata: k8s._metadata {
labels+: { 'k8s-app': 'kube-proxy' },
name: 'kube-proxy',
namespace: k8s._config.namespace,
},
spec: {
jobLabel: 'k8s-app',
@@ -300,10 +296,9 @@ function(params) {
serviceMonitorCoreDNS: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
metadata: k8s._metadata {
name: 'coredns',
namespace: k8s._config.namespace,
labels: { 'app.kubernetes.io/name': 'coredns' },
labels+: { 'app.kubernetes.io/name': 'coredns' },
},
spec: {
jobLabel: 'app.kubernetes.io/name',

21
jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
View File

@@ -54,6 +54,12 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
commonLabels:: ksm._config.commonLabels,
podLabels:: ksm._config.selectorLabels,
_metadata:: {
labels: ksm._config.commonLabels,
name: ksm._config.name,
namespace: ksm._config.namespace,
},
mixin:: (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') +
(import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') {
_config+:: ksm._config.mixin._config,
@@ -62,10 +68,9 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
prometheusRule: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: ksm._config.commonLabels + ksm._config.mixin.ruleLabels,
metadata: ksm._metadata {
labels+: ksm._config.mixin.ruleLabels,
name: ksm._config.name + '-rules',
namespace: ksm._config.namespace,
},
spec: {
local r = if std.objectHasAll(ksm.mixin, 'prometheusRules') then ksm.mixin.prometheusRules.groups else [],
@@ -135,14 +140,12 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
{
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: ksm.name,
namespace: ksm._config.namespace,
labels: ksm._config.commonLabels,
},
metadata: ksm._metadata,
spec: {
jobLabel: 'app.kubernetes.io/name',
selector: { matchLabels: ksm._config.selectorLabels },
selector: {
matchLabels: ksm._config.selectorLabels,
},
endpoints: [
{
port: 'https-main',

50
jsonnet/kube-prometheus/components/node-exporter.libsonnet
View File

@@ -49,6 +49,11 @@ function(params) {
// Safety check
assert std.isObject(ne._config.resources),
assert std.isObject(ne._config.mixin._config),
_metadata:: {
name: ne._config.name,
namespace: ne._config.namespace,
labels: ne._config.commonLabels,
},
mixin:: (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') +
(import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') {
@@ -58,10 +63,9 @@ function(params) {
prometheusRule: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: ne._config.commonLabels + ne._config.mixin.ruleLabels,
metadata: ne._metadata {
labels+: ne._config.mixin.ruleLabels,
name: ne._config.name + '-rules',
namespace: ne._config.namespace,
},
spec: {
local r = if std.objectHasAll(ne.mixin, 'prometheusRules') then ne.mixin.prometheusRules.groups else [],
@@ -73,10 +77,7 @@ function(params) {
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
metadata: {
name: ne._config.name,
labels: ne._config.commonLabels,
},
metadata: ne._metadata,
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
@@ -92,10 +93,7 @@ function(params) {
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: ne._config.name,
labels: ne._config.commonLabels,
},
metadata: ne._metadata,
rules: [
{
apiGroups: ['authentication.k8s.io'],
@@ -113,21 +111,13 @@ function(params) {
serviceAccount: {
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
name: ne._config.name,
namespace: ne._config.namespace,
labels: ne._config.commonLabels,
},
metadata: ne._metadata,
},
service: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: ne._config.name,
namespace: ne._config.namespace,
labels: ne._config.commonLabels,
},
metadata: ne._metadata,
spec: {
ports: [
{ name: 'https', targetPort: 'https', port: ne._config.port },
@@ -140,11 +130,7 @@ function(params) {
serviceMonitor: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: ne._config.name,
namespace: ne._config.namespace,
labels: ne._config.commonLabels,
},
metadata: ne._metadata,
spec: {
jobLabel: 'app.kubernetes.io/name',
selector: {
@@ -221,13 +207,11 @@ function(params) {
{
apiVersion: 'apps/v1',
kind: 'DaemonSet',
metadata: {
name: ne._config.name,
namespace: ne._config.namespace,
labels: ne._config.commonLabels,
},
metadata: ne._metadata,
spec: {
selector: { matchLabels: ne._config.selectorLabels },
selector: {
matchLabels: ne._config.selectorLabels,
},
updateStrategy: {
type: 'RollingUpdate',
rollingUpdate: { maxUnavailable: '10%' },
@@ -260,6 +244,4 @@ function(params) {
},
},
},
}

69
jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet
View File

@@ -120,6 +120,12 @@ function(params) {
// Safety check
assert std.isObject(pa._config.resources),
_metadata:: {
name: pa._config.name,
namespace: pa._config.namespace,
labels: pa._config.commonLabels,
},
apiService: {
apiVersion: 'apiregistration.k8s.io/v1',
kind: 'APIService',
@@ -143,10 +149,8 @@ function(params) {
configMap: {
apiVersion: 'v1',
kind: 'ConfigMap',
metadata: {
metadata: pa._metadata {
name: 'adapter-config',
namespace: pa._config.namespace,
labels: pa._config.commonLabels,
},
data: { 'config.yaml': std.manifestYamlDoc(pa._config.config) },
},
@@ -154,11 +158,7 @@ function(params) {
serviceMonitor: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: pa._config.name,
namespace: pa._config.namespace,
labels: pa._config.commonLabels,
},
metadata: pa._metadata,
spec: {
selector: {
matchLabels: pa._config.selectorLabels,
@@ -195,11 +195,7 @@ function(params) {
service: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: pa._config.name,
namespace: pa._config.namespace,
labels: pa._config.commonLabels,
},
metadata: pa._metadata,
spec: {
ports: [
{ name: 'https', targetPort: 6443, port: 443 },
@@ -233,14 +229,12 @@ function(params) {
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
name: pa._config.name,
namespace: pa._config.namespace,
labels: pa._config.commonLabels,
},
metadata: pa._metadata,
spec: {
replicas: pa._config.replicas,
selector: { matchLabels: pa._config.selectorLabels },
selector: {
matchLabels: pa._config.selectorLabels,
},
strategy: {
rollingUpdate: {
maxSurge: 1,
@@ -266,20 +260,13 @@ function(params) {
serviceAccount: {
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
name: pa._config.name,
namespace: pa._config.namespace,
labels: pa._config.commonLabels,
},
metadata: pa._metadata,
},
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: pa._config.name,
labels: pa._config.commonLabels,
},
metadata: pa._metadata,
rules: [{
apiGroups: [''],
resources: ['nodes', 'namespaces', 'pods', 'services'],
@@ -290,10 +277,7 @@ function(params) {
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
metadata: {
name: pa._config.name,
labels: pa._config.commonLabels,
},
metadata: pa._metadata,
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
@@ -309,9 +293,8 @@ function(params) {
clusterRoleBindingDelegator: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
metadata: {
metadata: pa._metadata {
name: 'resource-metrics:system:auth-delegator',
labels: pa._config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
@@ -328,9 +311,8 @@ function(params) {
clusterRoleServerResources: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
metadata: pa._metadata {
name: 'resource-metrics-server-resources',
labels: pa._config.commonLabels,
},
rules: [{
apiGroups: ['metrics.k8s.io'],
@@ -342,13 +324,13 @@ function(params) {
clusterRoleAggregatedMetricsReader: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
metadata: pa._metadata {
name: 'system:aggregated-metrics-reader',
labels: {
labels+: {
'rbac.authorization.k8s.io/aggregate-to-admin': 'true',
'rbac.authorization.k8s.io/aggregate-to-edit': 'true',
'rbac.authorization.k8s.io/aggregate-to-view': 'true',
} + pa._config.commonLabels,
},
},
rules: [{
apiGroups: ['metrics.k8s.io'],
@@ -360,10 +342,9 @@ function(params) {
roleBindingAuthReader: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
metadata: pa._metadata {
name: 'resource-metrics-auth-reader',
namespace: 'kube-system',
labels: pa._config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
@@ -380,11 +361,7 @@ function(params) {
[if (defaults + params).replicas > 1 then 'podDisruptionBudget']: {
apiVersion: 'policy/v1',
kind: 'PodDisruptionBudget',
metadata: {
name: pa._config.name,
namespace: pa._config.namespace,
labels: pa._config.commonLabels,
},
metadata: pa._metadata,
spec: {
minAvailable: 1,
selector: {

5
jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
View File

@@ -45,6 +45,11 @@ function(params)
local po = self,
// declare variable as a field to allow overriding options and to have unified API across all components
_config:: config,
_metadata:: {
labels: po._config.commonLabels,
name: po._config.name,
namespace: po._config.namespace,
},
mixin:: (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') +
(import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') {
_config+:: po._config.mixin._config,

110
jsonnet/kube-prometheus/components/prometheus.libsonnet
View File

@@ -45,6 +45,11 @@ function(params) {
// Safety check
assert std.isObject(p._config.resources),
assert std.isObject(p._config.mixin._config),
_metadata:: {
name: 'prometheus-' + p._config.name,
namespace: p._config.namespace,
labels: p._config.commonLabels,
},
mixin::
(import 'github.com/prometheus/prometheus/documentation/prometheus-mixin/mixin.libsonnet') +
@@ -67,10 +72,9 @@ function(params) {
prometheusRule: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: p._config.commonLabels + p._config.mixin.ruleLabels,
name: 'prometheus-' + p._config.name + '-prometheus-rules',
namespace: p._config.namespace,
metadata: p._metadata {
labels+: p._config.mixin.ruleLabels,
name: p._metadata.name + '-prometheus-rules',
},
spec: {
local r = if std.objectHasAll(p.mixin, 'prometheusRules') then p.mixin.prometheusRules.groups else [],
@@ -82,20 +86,14 @@ function(params) {
serviceAccount: {
apiVersion: 'v1',
kind: 'ServiceAccount',
metadata: {
name: 'prometheus-' + p._config.name,
namespace: p._config.namespace,
labels: p._config.commonLabels,
},
metadata: p._metadata,
},
service: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: 'prometheus-' + p._config.name,
namespace: p._config.namespace,
labels: { prometheus: p._config.name } + p._config.commonLabels,
metadata: p._metadata {
labels+: { prometheus: p._config.name },
},
spec: {
ports: [
@@ -116,19 +114,17 @@ function(params) {
local newSpecificRoleBinding(namespace) = {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
name: 'prometheus-' + p._config.name,
metadata: p._metadata {
namespace: namespace,
labels: p._config.commonLabels,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: 'prometheus-' + p._config.name,
name: p._metadata.name,
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p._config.name,
name: p.serviceAccount.metadata.name,
namespace: p._config.namespace,
}],
};
@@ -141,10 +137,7 @@ function(params) {
clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: 'prometheus-' + p._config.name,
labels: p._config.commonLabels,
},
metadata: p._metadata,
rules: [
{
apiGroups: [''],
@@ -161,10 +154,8 @@ function(params) {
roleConfig: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
name: 'prometheus-' + p._config.name + '-config',
namespace: p._config.namespace,
labels: p._config.commonLabels,
metadata: p._metadata {
name: p._metadata.name + '-config',
},
rules: [{
apiGroups: [''],
@@ -176,19 +167,17 @@ function(params) {
roleBindingConfig: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
name: 'prometheus-' + p._config.name + '-config',
namespace: p._config.namespace,
labels: p._config.commonLabels,
metadata: p._metadata {
name: p._metadata.name + '-config',
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: 'prometheus-' + p._config.name + '-config',
name: p._metadata.name + '-config',
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p._config.name,
name: p._metadata.name,
namespace: p._config.namespace,
}],
},
@@ -196,18 +185,15 @@ function(params) {
clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding',
metadata: {
name: 'prometheus-' + p._config.name,
labels: p._config.commonLabels,
},
metadata: p._metadata,
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'prometheus-' + p._config.name,
name: p._metadata.name,
},
subjects: [{
kind: 'ServiceAccount',
name: 'prometheus-' + p._config.name,
name: p._metadata.name,
namespace: p._config.namespace,
}],
},
@@ -216,10 +202,8 @@ function(params) {
local newSpecificRole(namespace) = {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
name: 'prometheus-' + p._config.name,
metadata: p._metadata {
namespace: namespace,
labels: p._config.commonLabels,
},
rules: [
{
@@ -248,17 +232,13 @@ function(params) {
[if (defaults + params).replicas > 1 then 'podDisruptionBudget']: {
apiVersion: 'policy/v1',
kind: 'PodDisruptionBudget',
metadata: {
name: 'prometheus-' + p._config.name,
namespace: p._config.namespace,
labels: p._config.commonLabels,
},
metadata: p._metadata,
spec: {
minAvailable: 1,
selector: {
matchLabels: {
matchLabels: p._config.selectorLabels {
prometheus: p._config.name,
} + p._config.selectorLabels,
},
},
},
},
@@ -266,21 +246,20 @@ function(params) {
prometheus: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'Prometheus',
metadata: {
metadata: p._metadata {
name: p._config.name,
namespace: p._config.namespace,
labels: { prometheus: p._config.name } + p._config.commonLabels,
labels+: { prometheus: p._config.name },
},
spec: {
replicas: p._config.replicas,
version: p._config.version,
image: p._config.image,
podMetadata: {
labels: p._config.commonLabels,
labels: p.prometheus.metadata.labels,
},
externalLabels: p._config.externalLabels,
enableFeatures: p._config.enableFeatures,
serviceAccountName: 'prometheus-' + p._config.name,
serviceAccountName: p.serviceAccount.metadata.name,
podMonitorSelector: {},
podMonitorNamespaceSelector: {},
probeSelector: {},
@@ -311,11 +290,7 @@ function(params) {
serviceMonitor: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'prometheus-' + p._config.name,
namespace: p._config.namespace,
labels: p._config.commonLabels,
},
metadata: p._metadata,
spec: {
selector: {
matchLabels: p._config.selectorLabels,
@@ -331,10 +306,9 @@ function(params) {
[if std.objectHas(params, 'thanos') && params.thanos != null then 'prometheusRuleThanosSidecar']: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
labels: p._config.commonLabels + p._config.mixin.ruleLabels,
name: 'prometheus-' + p._config.name + '-thanos-sidecar-rules',
namespace: p._config.namespace,
metadata: p._metadata {
labels+: p._config.mixin.ruleLabels,
name: p._metadata.name + '-thanos-sidecar-rules',
},
spec: {
local r = if std.objectHasAll(p.mixinThanos, 'prometheusRules') then p.mixinThanos.prometheusRules.groups else [],
@@ -347,10 +321,9 @@ function(params) {
[if std.objectHas(params, 'thanos') && params.thanos != null then 'serviceThanosSidecar']: {
apiVersion: 'v1',
kind: 'Service',
metadata+: {
name: 'prometheus-' + p._config.name + '-thanos-sidecar',
namespace: p._config.namespace,
labels+: p._config.commonLabels {
metadata+: p._metadata {
name: p._metadata.name + '-thanos-sidecar',
labels+: {
prometheus: p._config.name,
'app.kubernetes.io/component': 'thanos-sidecar',
},
@@ -372,10 +345,9 @@ function(params) {
[if std.objectHas(params, 'thanos') && params.thanos != null then 'serviceMonitorThanosSidecar']: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata+: {
metadata+: p._metadata {
name: 'thanos-sidecar',
namespace: p._config.namespace,
labels: p._config.commonLabels {
labels+: {
prometheus: p._config.name,
'app.kubernetes.io/component': 'thanos-sidecar',
},

1
manifests/alertmanager-alertmanager.yaml
View File

@@ -15,6 +15,7 @@ spec:
kubernetes.io/os: linux
podMetadata:
labels:
alertmanager: main
app.kubernetes.io/component: alert-router
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus

2
manifests/alertmanager-serviceMonitor.yaml
View File

@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
name: alertmanager
name: alertmanager-main
namespace: monitoring
spec:
endpoints:

6
manifests/blackbox-exporter-clusterRoleBinding.yaml
View File

@@ -1,7 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
name: blackbox-exporter
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

5
manifests/blackbox-exporter-serviceAccount.yaml
View File

@@ -1,5 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
name: blackbox-exporter
namespace: monitoring

1
manifests/kubernetes-serviceMonitorApiserver.yaml
View File

@@ -3,6 +3,7 @@ kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: apiserver
app.kubernetes.io/part-of: kube-prometheus
name: kube-apiserver
namespace: monitoring
spec:

1
manifests/kubernetes-serviceMonitorCoreDNS.yaml
View File

@@ -3,6 +3,7 @@ kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: coredns
app.kubernetes.io/part-of: kube-prometheus
name: coredns
namespace: monitoring
spec:

1
manifests/kubernetes-serviceMonitorKubeControllerManager.yaml
View File

@@ -3,6 +3,7 @@ kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: kube-controller-manager
app.kubernetes.io/part-of: kube-prometheus
name: kube-controller-manager
namespace: monitoring
spec:

1
manifests/kubernetes-serviceMonitorKubeScheduler.yaml
View File

@@ -3,6 +3,7 @@ kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: kube-scheduler
app.kubernetes.io/part-of: kube-prometheus
name: kube-scheduler
namespace: monitoring
spec:

1
manifests/kubernetes-serviceMonitorKubelet.yaml
View File

@@ -3,6 +3,7 @@ kind: ServiceMonitor
metadata:
labels:
app.kubernetes.io/name: kubelet
app.kubernetes.io/part-of: kube-prometheus
name: kubelet
namespace: monitoring
spec:

1
manifests/node-exporter-clusterRole.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 1.2.2
name: node-exporter
namespace: monitoring
rules:
- apiGroups:
- authentication.k8s.io

1
manifests/node-exporter-clusterRoleBinding.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 1.2.2
name: node-exporter
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

1
manifests/prometheus-adapter-clusterRole.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.9.1
name: prometheus-adapter
namespace: monitoring
rules:
- apiGroups:
- ""

1
manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml
View File

@@ -10,6 +10,7 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
namespace: monitoring
rules:
- apiGroups:
- metrics.k8s.io

1
manifests/prometheus-adapter-clusterRoleBinding.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.9.1
name: prometheus-adapter
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

1
manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.9.1
name: resource-metrics:system:auth-delegator
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

1
manifests/prometheus-adapter-clusterRoleServerResources.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.9.1
name: resource-metrics-server-resources
namespace: monitoring
rules:
- apiGroups:
- metrics.k8s.io

1
manifests/prometheus-clusterRole.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 2.30.3
name: prometheus-k8s
namespace: monitoring
rules:
- apiGroups:
- ""

1
manifests/prometheus-clusterRoleBinding.yaml
View File

@@ -7,6 +7,7 @@ metadata:
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 2.30.3
name: prometheus-k8s
namespace: monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

1
manifests/prometheus-prometheus.yaml
View File

@@ -27,6 +27,7 @@ spec:
app.kubernetes.io/name: prometheus
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 2.30.3
prometheus: k8s
podMonitorNamespaceSelector: {}
podMonitorSelector: {}
probeNamespaceSelector: {}