Created
June 28, 2025 08:42
-
-
Save aojea/ecddfead96c639ea81a3800bc601952b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: monitoring | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: prometheus | |
| rules: | |
| - apiGroups: [""] | |
| resources: | |
| - nodes | |
| - nodes/proxy | |
| - services | |
| - endpoints | |
| - pods | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - ingresses | |
| verbs: ["get", "list", "watch"] | |
| - nonResourceURLs: ["/metrics"] | |
| verbs: ["get"] | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: prometheus | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: prometheus | |
| subjects: | |
| - kind: ServiceAccount | |
| name: default | |
| namespace: monitoring | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: prometheus-server-conf | |
| labels: | |
| name: prometheus-server-conf | |
| namespace: monitoring | |
| data: | |
| prometheus.yml: |- | |
| global: | |
| scrape_interval: 5s | |
| evaluation_interval: 5s | |
| scrape_configs: | |
| - job_name: 'kubernetes-pods' | |
| kubernetes_sd_configs: | |
| - role: pod | |
| relabel_configs: | |
| - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] | |
| action: keep | |
| regex: true | |
| - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] | |
| action: replace | |
| target_label: __metrics_path__ | |
| regex: (.+) | |
| - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] | |
| action: replace | |
| regex: ([^:]+)(?::\d+)?;(\d+) | |
| replacement: $1:$2 | |
| target_label: __address__ | |
| - action: labelmap | |
| regex: __meta_kubernetes_pod_label_(.+) | |
| - source_labels: [__meta_kubernetes_namespace] | |
| action: replace | |
| target_label: kubernetes_namespace | |
| - source_labels: [__meta_kubernetes_pod_name] | |
| action: replace | |
| target_label: kubernetes_pod_name | |
| - job_name: 'kubernetes-cadvisor' | |
| scheme: https | |
| tls_config: | |
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| insecure_skip_verify: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| kubernetes_sd_configs: | |
| - role: node | |
| relabel_configs: | |
| - action: labelmap | |
| regex: __meta_kubernetes_node_label_(.+) | |
| - target_label: __address__ | |
| replacement: kubernetes.default.svc.cluster.local:443 | |
| - source_labels: [__meta_kubernetes_node_name] | |
| regex: (.+) | |
| target_label: __metrics_path__ | |
| replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor | |
| - job_name: 'kubernetes-nodes' | |
| scheme: https | |
| tls_config: | |
| ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
| insecure_skip_verify: true | |
| bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
| kubernetes_sd_configs: | |
| - role: node | |
| relabel_configs: | |
| - action: labelmap | |
| regex: __meta_kubernetes_node_label_(.+) | |
| - target_label: __address__ | |
| replacement: kubernetes.default.svc.cluster.local:443 | |
| - source_labels: [__meta_kubernetes_node_name] | |
| regex: (.+) | |
| target_label: __metrics_path__ | |
| replacement: /api/v1/nodes/${1}/proxy/metrics | |
| - job_name: kube-proxy | |
| honor_labels: true | |
| kubernetes_sd_configs: | |
| - role: pod | |
| relabel_configs: | |
| - action: keep | |
| source_labels: | |
| - __meta_kubernetes_namespace | |
| - __meta_kubernetes_pod_name | |
| separator: '/' | |
| regex: 'kube-system/kube-proxy.+' | |
| - source_labels: | |
| - __address__ | |
| action: replace | |
| target_label: __address__ | |
| regex: (.+?)(\\:\\d+)? | |
| replacement: $1:10249 | |
| - job_name: 'node-exporter' | |
| kubernetes_sd_configs: | |
| - role: endpoints | |
| relabel_configs: | |
| - source_labels: [__meta_kubernetes_endpoints_name] | |
| regex: 'node-exporter' | |
| action: keep | |
| --- | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: prometheus | |
| namespace: monitoring | |
| labels: | |
| app: prometheus-server | |
| spec: | |
| nodeSelector: | |
| node-role.kubernetes.io/control-plane: "" | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| operator: Exists | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/master | |
| - effect: NoSchedule | |
| key: node-role.kubernetes.io/control-plane | |
| containers: | |
| - name: prometheus | |
| image: prom/prometheus:v2.26.0 | |
| args: | |
| - "--config.file=/etc/prometheus/prometheus.yml" | |
| - "--storage.tsdb.path=/prometheus/" | |
| - "--web.enable-admin-api" | |
| ports: | |
| - containerPort: 9090 | |
| volumeMounts: | |
| - name: prometheus-config-volume | |
| mountPath: /etc/prometheus/ | |
| - name: prometheus-storage-volume | |
| mountPath: /prometheus/ | |
| volumes: | |
| - name: prometheus-config-volume | |
| configMap: | |
| defaultMode: 420 | |
| name: prometheus-server-conf | |
| - name: prometheus-storage-volume | |
| emptyDir: {} | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: prometheus | |
| namespace: monitoring | |
| annotations: | |
| prometheus.io/scrape: 'true' | |
| prometheus.io/port: '9090' | |
| spec: | |
| selector: | |
| app: prometheus-server | |
| clusterIP: 10.96.0.20 | |
| type: NodePort | |
| ports: | |
| - port: 9090 | |
| nodePort: 30090 | |
| targetPort: 9090 | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: prometheus-grafana-datasource | |
| namespace: monitoring | |
| labels: | |
| grafana_datasource: '1' | |
| data: | |
| grafana.ini: |+ | |
| datasource.yml: |- | |
| apiVersion: 1 | |
| datasources: | |
| - name: Prometheus | |
| type: prometheus | |
| access: proxy | |
| orgId: 1 | |
| url: http://prometheus.monitoring.svc.cluster.local:9090 | |
| --- | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| labels: | |
| app: grafana | |
| name: grafana | |
| namespace: monitoring | |
| spec: | |
| containers: | |
| - name: grafana | |
| image: grafana/grafana:latest | |
| imagePullPolicy: IfNotPresent | |
| ports: | |
| - containerPort: 3000 | |
| name: http-grafana | |
| protocol: TCP | |
| volumeMounts: | |
| - name: grafana-config-volume | |
| mountPath: /etc/grafana/ | |
| volumes: | |
| - name: grafana-config-volume | |
| configMap: | |
| name: prometheus-grafana-datasource | |
| items: | |
| - key: grafana.ini | |
| path: grafana.ini | |
| - key: datasource.yml | |
| path: provisioning/datasources/datasource.yml | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: grafana | |
| namespace: monitoring | |
| spec: | |
| ports: | |
| - port: 3000 | |
| nodePort: 30030 | |
| protocol: TCP | |
| targetPort: http-grafana | |
| selector: | |
| app: grafana | |
| sessionAffinity: None | |
| type: NodePort | |
| --- | |
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| labels: | |
| app: node-exporter | |
| name: node-exporter | |
| namespace: monitoring | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: node-exporter | |
| template: | |
| metadata: | |
| annotations: | |
| cluster-autoscaler.kubernetes.io/safe-to-evict: "true" | |
| labels: | |
| app: node-exporter | |
| spec: | |
| containers: | |
| - args: | |
| - --web.listen-address=0.0.0.0:9100 | |
| - --path.procfs=/host/proc | |
| - --path.sysfs=/host/sys | |
| image: quay.io/prometheus/node-exporter:v1.8.2 | |
| imagePullPolicy: IfNotPresent | |
| name: node-exporter | |
| ports: | |
| - containerPort: 9100 | |
| hostPort: 9100 | |
| name: metrics | |
| protocol: TCP | |
| resources: | |
| limits: | |
| cpu: 200m | |
| memory: 50Mi | |
| requests: | |
| cpu: 100m | |
| memory: 30Mi | |
| volumeMounts: | |
| - mountPath: /host/proc | |
| name: proc | |
| readOnly: true | |
| - mountPath: /host/sys | |
| name: sys | |
| readOnly: true | |
| hostNetwork: true | |
| hostPID: true | |
| restartPolicy: Always | |
| tolerations: | |
| - effect: NoSchedule | |
| operator: Exists | |
| - effect: NoExecute | |
| operator: Exists | |
| volumes: | |
| - hostPath: | |
| path: /proc | |
| type: "" | |
| name: proc | |
| - hostPath: | |
| path: /sys | |
| type: "" | |
| name: sys | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| app: node-exporter | |
| name: node-exporter | |
| namespace: monitoring | |
| spec: | |
| ports: | |
| - name: node-exporter | |
| port: 9100 | |
| protocol: TCP | |
| targetPort: 9100 | |
| selector: | |
| app: node-exporter | |
| sessionAffinity: None | |
| type: ClusterIP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment