easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kube-prometheus: Convert to jsonnet

Browse Source
This commit is contained in:
Frederic Branczyk
2018-04-08 14:53:30 +02:00
parent 0d142fe9da
commit d8692794a9
54 changed files with 1249 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
jsonnet/prometheus-operator/prometheus-operator-cluster-role-binding.libsonnet Normal file
View File

@@ -0,0 +1,12 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
{
new(namespace)::
clusterRoleBinding.new() +
clusterRoleBinding.mixin.metadata.withName("prometheus-operator") +
clusterRoleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
clusterRoleBinding.mixin.roleRef.withName("prometheus-operator") +
clusterRoleBinding.mixin.roleRef.mixinInstance({kind: "ClusterRole"}) +
clusterRoleBinding.withSubjects([{kind: "ServiceAccount", name: "prometheus-operator", namespace: namespace}])
}

80
jsonnet/prometheus-operator/prometheus-operator-cluster-role.libsonnet Normal file
View File

@@ -0,0 +1,80 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local extensionsRule = policyRule.new() +
policyRule.withApiGroups(["extensions"]) +
policyRule.withResources([
"thirdpartyresources",
]) +
policyRule.withVerbs(["*"]);
local apiExtensionsRule = policyRule.new() +
policyRule.withApiGroups(["apiextensions.k8s.io"]) +
policyRule.withResources([
"customresourcedefinitions",
]) +
policyRule.withVerbs(["*"]);
local monitoringRule = policyRule.new() +
policyRule.withApiGroups(["monitoring.coreos.com"]) +
policyRule.withResources([
"alertmanagers",
"prometheuses",
"prometheuses/finalizers",
"alertmanagers/finalizers",
"servicemonitors",
]) +
policyRule.withVerbs(["*"]);
local appsRule = policyRule.new() +
policyRule.withApiGroups(["apps"]) +
policyRule.withResources([
"statefulsets",
]) +
policyRule.withVerbs(["*"]);
local coreRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"configmaps",
"secrets",
]) +
policyRule.withVerbs(["*"]);
local podRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"pods",
]) +
policyRule.withVerbs(["list", "delete"]);
local routingRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"services",
]) +
policyRule.withVerbs(["get", "create", "update"]);
local nodeRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"nodes",
]) +
policyRule.withVerbs(["list", "watch"]);
local namespaceRule = policyRule.new() +
policyRule.withApiGroups([""]) +
policyRule.withResources([
"namespaces",
]) +
policyRule.withVerbs(["list"]);
local rules = [extensionsRule, apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
{
new()::
clusterRole.new() +
clusterRole.mixin.metadata.withName("prometheus-operator") +
clusterRole.withRules(rules)
}

30
jsonnet/prometheus-operator/prometheus-operator-deployment.libsonnet Normal file
View File

@@ -0,0 +1,30 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local rawVersion = importstr "../../../../VERSION";
local removeLineBreaks = function(str) std.join("", std.filter(function(c) c != "\n", std.stringChars(str)));
local version = removeLineBreaks(rawVersion);
local deployment = k.apps.v1beta2.deployment;
local container = k.apps.v1beta2.deployment.mixin.spec.template.spec.containersType;
local containerPort = container.portsType;
local targetPort = 8080;
local podLabels = {"k8s-app": "prometheus-operator"};
local operatorContainer =
container.new("prometheus-operator", "quay.io/coreos/prometheus-operator:v" + version) +
container.withPorts(containerPort.newNamed("http", targetPort)) +
container.withArgs(["--kubelet-service=kube-system/kubelet", "--config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1"]) +
container.mixin.resources.withRequests({cpu: "100m", memory: "50Mi"}) +
container.mixin.resources.withLimits({cpu: "200m", memory: "100Mi"});
{
new(namespace)::
deployment.new("prometheus-operator", 1, operatorContainer, podLabels) +
deployment.mixin.metadata.withNamespace(namespace) +
deployment.mixin.metadata.withLabels(podLabels) +
deployment.mixin.spec.selector.withMatchLabels(podLabels) +
deployment.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
deployment.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
deployment.mixin.spec.template.spec.withServiceAccountName("prometheus-operator")
}

8
jsonnet/prometheus-operator/prometheus-operator-service-account.libsonnet Normal file
View File

@@ -0,0 +1,8 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local serviceAccount = k.core.v1.serviceAccount;
{
new(namespace)::
serviceAccount.new("prometheus-operator") +
serviceAccount.mixin.metadata.withNamespace(namespace)
}

14
jsonnet/prometheus-operator/prometheus-operator-service.libsonnet Normal file
View File

@@ -0,0 +1,14 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local service = k.core.v1.service;
local servicePort = k.core.v1.service.mixin.spec.portsType;
local poDeployment = import "prometheus-operator-deployment.libsonnet";
local poServicePort = servicePort.newNamed("http", 8080, "http");
{
new(namespace)::
service.new("prometheus-operator", poDeployment.new(namespace).spec.selector.matchLabels, [poServicePort]) +
service.mixin.metadata.withNamespace(namespace)
}

7
jsonnet/prometheus-operator/prometheus-operator.libsonnet Normal file
View File

@@ -0,0 +1,7 @@
{
clusterRoleBinding:: import "prometheus-operator-cluster-role-binding.libsonnet",
clusterRole:: import "prometheus-operator-cluster-role.libsonnet",
deployment:: import "prometheus-operator-deployment.libsonnet",
serviceAccount:: import "prometheus-operator-service-account.libsonnet",
service:: import "prometheus-operator-service.libsonnet",
}