apiVersion: v1
kind: ConfigMap
metadata:
  name: prometheus-k8s
data:
  prometheus.yaml: |
    global:
      evaluation_interval: 30s

    # Add your etcd scrape config here. We cannot default here as etcd is a
    # prerequisite for Kubernetes.
    # TODO(fabxc): potentially make this configurable via KPM in the future.

    scrape_configs:
    - job_name: kubelets
      scrape_interval: 20s
      scheme: https
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        # Skip verification until we have resolved why the certificate validation
        # for the kubelet on API server nodes fail.
        insecure_skip_verify: true
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

      kubernetes_sd_configs:
      - role: node

    # Scrapes the endpoint lists for the Kubernetes API server, kube-state-metrics,
    # and node-exporter, which we all consider part of a default setup.
    - job_name: standard-endpoints
      scrape_interval: 20s
      tls_config:
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        # As for kubelets, certificate validation fails for the API server (node)
        # and we circumvent it for now.
        insecure_skip_verify: true
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token

      kubernetes_sd_configs:
      - role: endpoints

      relabel_configs:
      - action: keep
        source_labels: [__meta_kubernetes_service_name]
        regex: kubernetes|node-exporter|kube-state-metrics
      - action: replace
        source_labels: [__meta_kubernetes_namespace]
        target_label: namespace
      - action: replace
        source_labels: [__meta_kubernetes_service_name]
        target_label: job
      - action: replace
        source_labels: [__meta_kubernetes_service_name]
        regex: kubernetes
        target_label: __scheme__
        replacement: https