57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: prometheus-k8s
|
|
data:
|
|
prometheus.yaml: |
|
|
global:
|
|
evaluation_interval: 30s
|
|
|
|
# Add your etcd scrape config here. We cannot default here as etcd is a
|
|
# prerequisite for Kubernetes.
|
|
# TODO(fabxc): potentially make this configurable via KPM in the future.
|
|
|
|
scrape_configs:
|
|
- job_name: kubelets
|
|
scrape_interval: 20s
|
|
scheme: https
|
|
tls_config:
|
|
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
# Skip verification until we have resolved why the certificate validation
|
|
# for the kubelet on API server nodes fail.
|
|
insecure_skip_verify: true
|
|
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
|
|
kubernetes_sd_configs:
|
|
- role: node
|
|
|
|
# Scrapes the endpoint lists for the Kubernetes API server, kube-state-metrics,
|
|
# and node-exporter, which we all consider part of a default setup.
|
|
- job_name: standard-endpoints
|
|
scrape_interval: 20s
|
|
tls_config:
|
|
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
# As for kubelets, certificate validation fails for the API server (node)
|
|
# and we circumvent it for now.
|
|
insecure_skip_verify: true
|
|
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
|
|
kubernetes_sd_configs:
|
|
- role: endpoints
|
|
|
|
relabel_configs:
|
|
- action: keep
|
|
source_labels: [__meta_kubernetes_service_name]
|
|
regex: kubernetes|node-exporter|kube-state-metrics
|
|
- action: replace
|
|
source_labels: [__meta_kubernetes_namespace]
|
|
target_label: namespace
|
|
- action: replace
|
|
source_labels: [__meta_kubernetes_service_name]
|
|
target_label: job
|
|
- action: replace
|
|
source_labels: [__meta_kubernetes_service_name]
|
|
regex: kubernetes
|
|
target_label: __scheme__
|
|
replacement: https
|