* charts: Add Core DNS Support
With CoreDNS becoming a first class citizen it should be an optional part
of the kube-prometheus deployment.
Fixes: #1174
* added kube-prometheus service and service monitor
In order to work directly with a cluster created by bootkube used port 9153,
and created a service exposing metrics since bootkube does does not. Also in
the helm chart changed the default port to 9153 since that is the coredns
plugins default port and to be consistent throughout the repo.
The current example-app setup in the kube-prometheus project is able to
discover scraping targets in the default namespace. It is not able to
discover the configured Alertmanager in the monitoring namespace.
This patch adds an alertmanager-discovery rbac role, to permit the
above described action. In addition it does the following cleanups:
- Remove kubeconfig configuration in deploy and teardown script. kubectl
chooses .kube/config whenever KUBECONFIG is not set by default
- Remove namespace specification option via NAMESPACE env var. In most
of the manifests the metadata/namespace was hardcoded anyways, in
addition in the promtheus frontend role binding the service account
namespace is hardcoded to default as well.
- Instead of `kubectl {apply,delete}` individual manifests, the deploy
and teardown shell scripts {apply,delete} on the entire folder.
In some cases we have been using `alert-rules` in some cases
`prometheus-rulefiles`. This led to confusion [1]. Instead, unify the
Prometheus rules configmap labels to:
```yaml
labels:
role: alert-rules
```
[1] https://github.com/coreos/prometheus-operator/issues/1102
The `prometheus-frontend` role of the example app kubeprometheus section
is scoped to the default namespace. Thereby the frontend Prometheus
instance is not able to discover anything outside of the default
namespace. We might as well restrict the front end service monitor to
the default namespace too.
One of the `sed` commands for updating the kubeadm systemd
file (`/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`)
was missing a `-i` reference to the file itself, causing it
to hang indefinitely if ran as declared.
I also wrapped this second `sed` in an `if grep ...` check,
in order to make the operation idempotent.
added service account, role and role binding for the prometheus frontend
example, also updated prometheus to use the correct service account
fixes#1049
Add a missing 'prometheuses/finalizers' resource to the operator cluster role.
Without this role, the operator will fail to create a default secret for a
Prometheus instance in the absence of any service monitors.
The fix seems to already be present in the `examples` version of the role; this
patch brings the contrib version in line with the example.
