apiVersion: v1
kind: ConfigMap
metadata:
  name: prometheus-k8s
data:
  prometheus.yaml: |
    global:
      evaluation_interval: 30s

    rule_files:
      - /etc/prometheus/rules/*.rules

    scrape_configs:
    - job_name: kubelets
      scrape_interval: 20s
      scheme: https
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        # Skip verification until we have resolved why the certificate validation
        # for the kubelet on API server nodes fail.
        insecure_skip_verify: true
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

      kubernetes_sd_configs:
      - role: node

    # Scrapes the endpoint lists for the Kubernetes API server, kube-state-metrics,
    # and node-exporter, which we all consider part of a default setup.
    - job_name: standard-endpoints
      scrape_interval: 20s
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        # As for kubelets, certificate validation fails for the API server (node)
        # and we circumvent it for now.
        insecure_skip_verify: true
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

      kubernetes_sd_configs:
      - role: endpoints

      relabel_configs:
      - action: keep
        source_labels: [__meta_kubernetes_service_name]
        regex: kubernetes|node-exporter|kube-state-metrics|etcd-k8s
      - action: replace
        source_labels: [__meta_kubernetes_service_name]
        target_label: job
      - action: replace
        source_labels: [__meta_kubernetes_service_name]
        regex: kubernetes
        target_label: __scheme__
        replacement: https

    # Scrapes the endpoint lists for the kube-dns server. Which we consider
    # part of a default setup.
    - job_name: kube-components
      scrape_interval: 20s
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

      kubernetes_sd_configs:
      - role: endpoints

      relabel_configs:
      - action: replace
        source_labels: [__meta_kubernetes_service_name]
        target_label: job
        regex: "kube-(.*)-prometheus-discovery"
        replacement: "kube-${1}"
      - action: keep
        source_labels: [__meta_kubernetes_service_name]
        regex: "kube-(.*)-prometheus-discovery"
      - action: keep
        source_labels: [__meta_kubernetes_endpoint_port_name]
        regex: "prometheus"