Created
October 20, 2022 23:37
-
-
Save fabricioveronez/a9bceb94065d4689dcadd6c2a09d7322 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# # | |
# # | |
# # | |
# # | |
# Instalação do Prometheus # | |
# # | |
# # | |
# # | |
# # | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
labels: | |
helm.sh/chart: kube-state-metrics-4.13.0 | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: metrics | |
app.kubernetes.io/part-of: kube-state-metrics | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
app.kubernetes.io/version: "2.5.0" | |
name: prometheus-kube-state-metrics | |
namespace: default | |
imagePullSecrets: | |
[] | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
labels: | |
component: "node-exporter" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-node-exporter | |
namespace: default | |
annotations: | |
{} | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
labels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-server | |
namespace: default | |
annotations: | |
{} | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
labels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-server | |
namespace: default | |
data: | |
allow-snippet-annotations: "false" | |
alerting_rules.yml: | | |
{} | |
alerts: | | |
{} | |
prometheus.yml: | | |
global: | |
evaluation_interval: 1m | |
scrape_interval: 10s | |
scrape_timeout: 10s | |
rule_files: | |
- /etc/config/recording_rules.yml | |
- /etc/config/alerting_rules.yml | |
- /etc/config/rules | |
- /etc/config/alerts | |
scrape_configs: | |
- job_name: prometheus | |
static_configs: | |
- targets: | |
- localhost:9090 | |
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
job_name: kubernetes-apiservers | |
kubernetes_sd_configs: | |
- role: endpoints | |
relabel_configs: | |
- action: keep | |
regex: default;kubernetes;https | |
source_labels: | |
- __meta_kubernetes_namespace | |
- __meta_kubernetes_service_name | |
- __meta_kubernetes_endpoint_port_name | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
insecure_skip_verify: true | |
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
job_name: kubernetes-nodes | |
kubernetes_sd_configs: | |
- role: node | |
relabel_configs: | |
- action: labelmap | |
regex: __meta_kubernetes_node_label_(.+) | |
- replacement: kubernetes.default.svc:443 | |
target_label: __address__ | |
- regex: (.+) | |
replacement: /api/v1/nodes/$1/proxy/metrics | |
source_labels: | |
- __meta_kubernetes_node_name | |
target_label: __metrics_path__ | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
insecure_skip_verify: true | |
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | |
job_name: kubernetes-nodes-cadvisor | |
kubernetes_sd_configs: | |
- role: node | |
relabel_configs: | |
- action: labelmap | |
regex: __meta_kubernetes_node_label_(.+) | |
- replacement: kubernetes.default.svc:443 | |
target_label: __address__ | |
- regex: (.+) | |
replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor | |
source_labels: | |
- __meta_kubernetes_node_name | |
target_label: __metrics_path__ | |
scheme: https | |
tls_config: | |
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
insecure_skip_verify: true | |
- honor_labels: true | |
job_name: kubernetes-service-endpoints | |
kubernetes_sd_configs: | |
- role: endpoints | |
relabel_configs: | |
- action: keep | |
regex: true | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_scrape | |
- action: drop | |
regex: true | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_scrape_slow | |
- action: replace | |
regex: (https?) | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_scheme | |
target_label: __scheme__ | |
- action: replace | |
regex: (.+) | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_path | |
target_label: __metrics_path__ | |
- action: replace | |
regex: (.+?)(?::\d+)?;(\d+) | |
replacement: $1:$2 | |
source_labels: | |
- __address__ | |
- __meta_kubernetes_service_annotation_prometheus_io_port | |
target_label: __address__ | |
- action: labelmap | |
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) | |
replacement: __param_$1 | |
- action: labelmap | |
regex: __meta_kubernetes_service_label_(.+) | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_namespace | |
target_label: namespace | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_service_name | |
target_label: service | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_pod_node_name | |
target_label: node | |
- honor_labels: true | |
job_name: kubernetes-service-endpoints-slow | |
kubernetes_sd_configs: | |
- role: endpoints | |
relabel_configs: | |
- action: keep | |
regex: true | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_scrape_slow | |
- action: replace | |
regex: (https?) | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_scheme | |
target_label: __scheme__ | |
- action: replace | |
regex: (.+) | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_path | |
target_label: __metrics_path__ | |
- action: replace | |
regex: (.+?)(?::\d+)?;(\d+) | |
replacement: $1:$2 | |
source_labels: | |
- __address__ | |
- __meta_kubernetes_service_annotation_prometheus_io_port | |
target_label: __address__ | |
- action: labelmap | |
regex: __meta_kubernetes_service_annotation_prometheus_io_param_(.+) | |
replacement: __param_$1 | |
- action: labelmap | |
regex: __meta_kubernetes_service_label_(.+) | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_namespace | |
target_label: namespace | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_service_name | |
target_label: service | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_pod_node_name | |
target_label: node | |
scrape_interval: 5m | |
scrape_timeout: 30s | |
- honor_labels: true | |
job_name: prometheus-pushgateway | |
kubernetes_sd_configs: | |
- role: service | |
relabel_configs: | |
- action: keep | |
regex: pushgateway | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_probe | |
- honor_labels: true | |
job_name: kubernetes-services | |
kubernetes_sd_configs: | |
- role: service | |
metrics_path: /probe | |
params: | |
module: | |
- http_2xx | |
relabel_configs: | |
- action: keep | |
regex: true | |
source_labels: | |
- __meta_kubernetes_service_annotation_prometheus_io_probe | |
- source_labels: | |
- __address__ | |
target_label: __param_target | |
- replacement: blackbox | |
target_label: __address__ | |
- source_labels: | |
- __param_target | |
target_label: instance | |
- action: labelmap | |
regex: __meta_kubernetes_service_label_(.+) | |
- source_labels: | |
- __meta_kubernetes_namespace | |
target_label: namespace | |
- source_labels: | |
- __meta_kubernetes_service_name | |
target_label: service | |
- honor_labels: true | |
job_name: kubernetes-pods | |
kubernetes_sd_configs: | |
- role: pod | |
relabel_configs: | |
- action: keep | |
regex: true | |
source_labels: | |
- __meta_kubernetes_pod_annotation_prometheus_io_scrape | |
- action: drop | |
regex: true | |
source_labels: | |
- __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow | |
- action: replace | |
regex: (https?) | |
source_labels: | |
- __meta_kubernetes_pod_annotation_prometheus_io_scheme | |
target_label: __scheme__ | |
- action: replace | |
regex: (.+) | |
source_labels: | |
- __meta_kubernetes_pod_annotation_prometheus_io_path | |
target_label: __metrics_path__ | |
- action: replace | |
regex: (.+?)(?::\d+)?;(\d+) | |
replacement: $1:$2 | |
source_labels: | |
- __address__ | |
- __meta_kubernetes_pod_annotation_prometheus_io_port | |
target_label: __address__ | |
- action: labelmap | |
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) | |
replacement: __param_$1 | |
- action: labelmap | |
regex: __meta_kubernetes_pod_label_(.+) | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_namespace | |
target_label: namespace | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_pod_name | |
target_label: pod | |
- action: drop | |
regex: Pending|Succeeded|Failed|Completed | |
source_labels: | |
- __meta_kubernetes_pod_phase | |
- honor_labels: true | |
job_name: kubernetes-pods-slow | |
kubernetes_sd_configs: | |
- role: pod | |
relabel_configs: | |
- action: keep | |
regex: true | |
source_labels: | |
- __meta_kubernetes_pod_annotation_prometheus_io_scrape_slow | |
- action: replace | |
regex: (https?) | |
source_labels: | |
- __meta_kubernetes_pod_annotation_prometheus_io_scheme | |
target_label: __scheme__ | |
- action: replace | |
regex: (.+) | |
source_labels: | |
- __meta_kubernetes_pod_annotation_prometheus_io_path | |
target_label: __metrics_path__ | |
- action: replace | |
regex: (.+?)(?::\d+)?;(\d+) | |
replacement: $1:$2 | |
source_labels: | |
- __address__ | |
- __meta_kubernetes_pod_annotation_prometheus_io_port | |
target_label: __address__ | |
- action: labelmap | |
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) | |
replacement: __param_$1 | |
- action: labelmap | |
regex: __meta_kubernetes_pod_label_(.+) | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_namespace | |
target_label: namespace | |
- action: replace | |
source_labels: | |
- __meta_kubernetes_pod_name | |
target_label: pod | |
- action: drop | |
regex: Pending|Succeeded|Failed|Completed | |
source_labels: | |
- __meta_kubernetes_pod_phase | |
scrape_interval: 5m | |
scrape_timeout: 30s | |
recording_rules.yml: | | |
{} | |
rules: | | |
{} | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
labels: | |
helm.sh/chart: kube-state-metrics-4.13.0 | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: metrics | |
app.kubernetes.io/part-of: kube-state-metrics | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
app.kubernetes.io/version: "2.5.0" | |
name: prometheus-kube-state-metrics | |
rules: | |
- apiGroups: ["certificates.k8s.io"] | |
resources: | |
- certificatesigningrequests | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
verbs: ["list", "watch"] | |
- apiGroups: ["batch"] | |
resources: | |
- cronjobs | |
verbs: ["list", "watch"] | |
- apiGroups: ["extensions", "apps"] | |
resources: | |
- daemonsets | |
verbs: ["list", "watch"] | |
- apiGroups: ["extensions", "apps"] | |
resources: | |
- deployments | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- endpoints | |
verbs: ["list", "watch"] | |
- apiGroups: ["autoscaling"] | |
resources: | |
- horizontalpodautoscalers | |
verbs: ["list", "watch"] | |
- apiGroups: ["extensions", "networking.k8s.io"] | |
resources: | |
- ingresses | |
verbs: ["list", "watch"] | |
- apiGroups: ["batch"] | |
resources: | |
- jobs | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- limitranges | |
verbs: ["list", "watch"] | |
- apiGroups: ["admissionregistration.k8s.io"] | |
resources: | |
- mutatingwebhookconfigurations | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- namespaces | |
verbs: ["list", "watch"] | |
- apiGroups: ["networking.k8s.io"] | |
resources: | |
- networkpolicies | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- nodes | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- persistentvolumeclaims | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- persistentvolumes | |
verbs: ["list", "watch"] | |
- apiGroups: ["policy"] | |
resources: | |
- poddisruptionbudgets | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- pods | |
verbs: ["list", "watch"] | |
- apiGroups: ["extensions", "apps"] | |
resources: | |
- replicasets | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- replicationcontrollers | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- resourcequotas | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- secrets | |
verbs: ["list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- services | |
verbs: ["list", "watch"] | |
- apiGroups: ["apps"] | |
resources: | |
- statefulsets | |
verbs: ["list", "watch"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: | |
- storageclasses | |
verbs: ["list", "watch"] | |
- apiGroups: ["admissionregistration.k8s.io"] | |
resources: | |
- validatingwebhookconfigurations | |
verbs: ["list", "watch"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: | |
- volumeattachments | |
verbs: ["list", "watch"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
labels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-server | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
- nodes/proxy | |
- nodes/metrics | |
- services | |
- endpoints | |
- pods | |
- ingresses | |
- configmaps | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "extensions" | |
- "networking.k8s.io" | |
resources: | |
- ingresses/status | |
- ingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- nonResourceURLs: | |
- "/metrics" | |
verbs: | |
- get | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
labels: | |
helm.sh/chart: kube-state-metrics-4.13.0 | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: metrics | |
app.kubernetes.io/part-of: kube-state-metrics | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
app.kubernetes.io/version: "2.5.0" | |
name: prometheus-kube-state-metrics | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus-kube-state-metrics | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus-kube-state-metrics | |
namespace: default | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
labels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-server | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus-server | |
namespace: default | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus-server | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: prometheus-kube-state-metrics | |
namespace: default | |
labels: | |
helm.sh/chart: kube-state-metrics-4.13.0 | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: metrics | |
app.kubernetes.io/part-of: kube-state-metrics | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
app.kubernetes.io/version: "2.5.0" | |
annotations: | |
prometheus.io/scrape: 'true' | |
spec: | |
type: "ClusterIP" | |
ports: | |
- name: "http" | |
protocol: TCP | |
port: 8080 | |
targetPort: 8080 | |
selector: | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
annotations: | |
prometheus.io/scrape: "true" | |
labels: | |
component: "node-exporter" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-node-exporter | |
namespace: default | |
spec: | |
ports: | |
- name: metrics | |
port: 9100 | |
protocol: TCP | |
targetPort: 9100 | |
selector: | |
component: "node-exporter" | |
app: prometheus | |
release: prometheus | |
type: "ClusterIP" | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-server | |
namespace: default | |
spec: | |
ports: | |
- name: http | |
port: 80 | |
protocol: TCP | |
targetPort: 9090 | |
selector: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
sessionAffinity: None | |
type: "LoadBalancer" | |
--- | |
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
labels: | |
component: "node-exporter" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-node-exporter | |
namespace: default | |
spec: | |
selector: | |
matchLabels: | |
component: "node-exporter" | |
app: prometheus | |
release: prometheus | |
updateStrategy: | |
type: RollingUpdate | |
template: | |
metadata: | |
labels: | |
component: "node-exporter" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
spec: | |
serviceAccountName: prometheus-node-exporter | |
containers: | |
- name: prometheus-node-exporter | |
image: "quay.io/prometheus/node-exporter:v1.3.1" | |
imagePullPolicy: "IfNotPresent" | |
args: | |
- --path.procfs=/host/proc | |
- --path.sysfs=/host/sys | |
- --path.rootfs=/host/root | |
- --web.listen-address=:9100 | |
ports: | |
- name: metrics | |
containerPort: 9100 | |
hostPort: 9100 | |
resources: | |
{} | |
securityContext: | |
allowPrivilegeEscalation: false | |
volumeMounts: | |
- name: proc | |
mountPath: /host/proc | |
readOnly: true | |
- name: sys | |
mountPath: /host/sys | |
readOnly: true | |
- name: root | |
mountPath: /host/root | |
mountPropagation: HostToContainer | |
readOnly: true | |
hostNetwork: true | |
hostPID: true | |
securityContext: | |
fsGroup: 65534 | |
runAsGroup: 65534 | |
runAsNonRoot: true | |
runAsUser: 65534 | |
volumes: | |
- name: proc | |
hostPath: | |
path: /proc | |
- name: sys | |
hostPath: | |
path: /sys | |
- name: root | |
hostPath: | |
path: / | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: prometheus-kube-state-metrics | |
namespace: default | |
labels: | |
helm.sh/chart: kube-state-metrics-4.13.0 | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: metrics | |
app.kubernetes.io/part-of: kube-state-metrics | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
app.kubernetes.io/version: "2.5.0" | |
spec: | |
selector: | |
matchLabels: | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
helm.sh/chart: kube-state-metrics-4.13.0 | |
app.kubernetes.io/managed-by: Helm | |
app.kubernetes.io/component: metrics | |
app.kubernetes.io/part-of: kube-state-metrics | |
app.kubernetes.io/name: kube-state-metrics | |
app.kubernetes.io/instance: prometheus | |
app.kubernetes.io/version: "2.5.0" | |
spec: | |
hostNetwork: false | |
serviceAccountName: prometheus-kube-state-metrics | |
securityContext: | |
fsGroup: 65534 | |
runAsGroup: 65534 | |
runAsUser: 65534 | |
containers: | |
- name: kube-state-metrics | |
args: | |
- --port=8080 | |
- --resources=certificatesigningrequests,configmaps,cronjobs,daemonsets,deployments,endpoints,horizontalpodautoscalers,ingresses,jobs,limitranges,mutatingwebhookconfigurations,namespaces,networkpolicies,nodes,persistentvolumeclaims,persistentvolumes,poddisruptionbudgets,pods,replicasets,replicationcontrollers,resourcequotas,secrets,services,statefulsets,storageclasses,validatingwebhookconfigurations,volumeattachments | |
- --telemetry-port=8081 | |
imagePullPolicy: IfNotPresent | |
image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.5.0" | |
ports: | |
- containerPort: 8080 | |
name: "http" | |
livenessProbe: | |
httpGet: | |
path: /healthz | |
port: 8080 | |
initialDelaySeconds: 5 | |
timeoutSeconds: 5 | |
readinessProbe: | |
httpGet: | |
path: / | |
port: 8080 | |
initialDelaySeconds: 5 | |
timeoutSeconds: 5 | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
name: prometheus-server | |
namespace: default | |
spec: | |
selector: | |
matchLabels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
component: "server" | |
app: prometheus | |
release: prometheus | |
chart: prometheus-15.16.1 | |
heritage: Helm | |
spec: | |
enableServiceLinks: true | |
serviceAccountName: prometheus-server | |
containers: | |
- name: prometheus-server-configmap-reload | |
image: "jimmidyson/configmap-reload:v0.5.0" | |
imagePullPolicy: "IfNotPresent" | |
securityContext: | |
{} | |
args: | |
- --volume-dir=/etc/config | |
- --webhook-url=http://127.0.0.1:9090/-/reload | |
resources: | |
{} | |
volumeMounts: | |
- name: config-volume | |
mountPath: /etc/config | |
readOnly: true | |
- name: prometheus-server | |
image: "quay.io/prometheus/prometheus:v2.39.1" | |
imagePullPolicy: "IfNotPresent" | |
args: | |
- --storage.tsdb.retention.time=15d | |
- --config.file=/etc/config/prometheus.yml | |
- --storage.tsdb.path=/data | |
- --web.console.libraries=/etc/prometheus/console_libraries | |
- --web.console.templates=/etc/prometheus/consoles | |
- --web.enable-lifecycle | |
ports: | |
- containerPort: 9090 | |
readinessProbe: | |
httpGet: | |
path: /-/ready | |
port: 9090 | |
scheme: HTTP | |
initialDelaySeconds: 30 | |
periodSeconds: 5 | |
timeoutSeconds: 4 | |
failureThreshold: 3 | |
successThreshold: 1 | |
livenessProbe: | |
httpGet: | |
path: /-/healthy | |
port: 9090 | |
scheme: HTTP | |
initialDelaySeconds: 30 | |
periodSeconds: 15 | |
timeoutSeconds: 10 | |
failureThreshold: 3 | |
successThreshold: 1 | |
resources: | |
{} | |
volumeMounts: | |
- name: config-volume | |
mountPath: /etc/config | |
- name: storage-volume | |
mountPath: /data | |
subPath: "" | |
dnsPolicy: ClusterFirst | |
securityContext: | |
fsGroup: 65534 | |
runAsGroup: 65534 | |
runAsNonRoot: true | |
runAsUser: 65534 | |
terminationGracePeriodSeconds: 300 | |
volumes: | |
- name: config-volume | |
configMap: | |
name: prometheus-server | |
- name: storage-volume | |
emptyDir: | |
{} | |
--- | |
# # | |
# # | |
# # | |
# # | |
# Instalação do Grafana # | |
# # | |
# # | |
# # | |
# # | |
apiVersion: policy/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: grafana-test | |
annotations: | |
"helm.sh/hook": test-success | |
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
spec: | |
allowPrivilegeEscalation: true | |
privileged: false | |
hostNetwork: false | |
hostIPC: false | |
hostPID: false | |
fsGroup: | |
rule: RunAsAny | |
seLinux: | |
rule: RunAsAny | |
supplementalGroups: | |
rule: RunAsAny | |
runAsUser: | |
rule: RunAsAny | |
volumes: | |
- configMap | |
- downwardAPI | |
- emptyDir | |
- projected | |
- csi | |
- secret | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
name: grafana-test | |
namespace: default | |
annotations: | |
"helm.sh/hook": test-success | |
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: grafana-test | |
namespace: default | |
annotations: | |
"helm.sh/hook": test-success | |
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
data: | |
run.sh: |- | |
@test "Test Health" { | |
url="http://grafana/api/health" | |
code=$(wget --server-response --spider --timeout 90 --tries 10 ${url} 2>&1 | awk '/^ HTTP/{print $2}') | |
[ "$code" == "200" ] | |
} | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
name: grafana-test | |
namespace: default | |
annotations: | |
"helm.sh/hook": test-success | |
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
rules: | |
- apiGroups: ['policy'] | |
resources: ['podsecuritypolicies'] | |
verbs: ['use'] | |
resourceNames: [grafana-test] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: grafana-test | |
namespace: default | |
annotations: | |
"helm.sh/hook": test-success | |
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: grafana-test | |
subjects: | |
- kind: ServiceAccount | |
name: grafana-test | |
namespace: default | |
--- | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: grafana-test | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
annotations: | |
"helm.sh/hook": test-success | |
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" | |
namespace: default | |
spec: | |
serviceAccountName: grafana-test | |
containers: | |
- name: grafana-test | |
image: "bats/bats:v1.4.1" | |
imagePullPolicy: "IfNotPresent" | |
command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] | |
volumeMounts: | |
- mountPath: /tests | |
name: tests | |
readOnly: true | |
volumes: | |
- name: tests | |
configMap: | |
name: grafana-test | |
restartPolicy: Never | |
MANIFEST: | |
--- | |
apiVersion: policy/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: grafana | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
annotations: | |
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' | |
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' | |
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' | |
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' | |
spec: | |
privileged: false | |
allowPrivilegeEscalation: false | |
requiredDropCapabilities: | |
- ALL | |
volumes: | |
- 'configMap' | |
- 'emptyDir' | |
- 'projected' | |
- 'csi' | |
- 'secret' | |
- 'downwardAPI' | |
- 'persistentVolumeClaim' | |
hostNetwork: false | |
hostIPC: false | |
hostPID: false | |
runAsUser: | |
rule: 'RunAsAny' | |
seLinux: | |
rule: 'RunAsAny' | |
supplementalGroups: | |
rule: 'MustRunAs' | |
ranges: | |
- min: 1 | |
max: 65535 | |
fsGroup: | |
rule: 'MustRunAs' | |
ranges: | |
- min: 1 | |
max: 65535 | |
readOnlyRootFilesystem: false | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
name: grafana | |
namespace: default | |
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: grafana | |
namespace: default | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
type: Opaque | |
data: | |
admin-user: "YWRtaW4=" | |
admin-password: "elJSYW15bFVHT2ZrRzNSeW1aaUdNeHljYkNJdWFhMHBQMFdlVFVmNA==" | |
ldap-toml: "" | |
--- | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: grafana | |
namespace: default | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
data: | |
grafana.ini: | | |
[analytics] | |
check_for_updates = true | |
[grafana_net] | |
url = https://grafana.net | |
[log] | |
mode = console | |
[paths] | |
data = /var/lib/grafana/ | |
logs = /var/log/grafana | |
plugins = /var/lib/grafana/plugins | |
provisioning = /etc/grafana/provisioning | |
[server] | |
domain = '' | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
name: grafana-clusterrole | |
rules: [] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: grafana-clusterrolebinding | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
subjects: | |
- kind: ServiceAccount | |
name: grafana | |
namespace: default | |
roleRef: | |
kind: ClusterRole | |
name: grafana-clusterrole | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
name: grafana | |
namespace: default | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
rules: | |
- apiGroups: ['extensions'] | |
resources: ['podsecuritypolicies'] | |
verbs: ['use'] | |
resourceNames: [grafana] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: grafana | |
namespace: default | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: grafana | |
subjects: | |
- kind: ServiceAccount | |
name: grafana | |
namespace: default | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: grafana | |
namespace: default | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
spec: | |
type: LoadBalancer | |
ports: | |
- name: service | |
port: 80 | |
protocol: TCP | |
targetPort: 3000 | |
selector: | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: grafana | |
namespace: default | |
labels: | |
helm.sh/chart: grafana-6.42.3 | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
app.kubernetes.io/version: "9.2.0" | |
app.kubernetes.io/managed-by: Helm | |
spec: | |
replicas: 1 | |
revisionHistoryLimit: 10 | |
selector: | |
matchLabels: | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
strategy: | |
type: RollingUpdate | |
template: | |
metadata: | |
labels: | |
app.kubernetes.io/name: grafana | |
app.kubernetes.io/instance: grafana | |
annotations: | |
checksum/config: a8c8847238aeaa0d1355146b6c8e756ecb7e07efbbb41ac75aa2161d64b187c4 | |
checksum/dashboards-json-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b | |
checksum/sc-dashboard-provider-config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b | |
checksum/secret: 15caba8a376b523cef17172a7980899691cf78da1b509babef4d6f289612feb3 | |
spec: | |
serviceAccountName: grafana | |
automountServiceAccountToken: true | |
securityContext: | |
fsGroup: 472 | |
runAsGroup: 472 | |
runAsUser: 472 | |
enableServiceLinks: true | |
containers: | |
- name: grafana | |
image: "grafana/grafana:9.2.0" | |
imagePullPolicy: IfNotPresent | |
volumeMounts: | |
- name: config | |
mountPath: "/etc/grafana/grafana.ini" | |
subPath: grafana.ini | |
- name: storage | |
mountPath: "/var/lib/grafana" | |
ports: | |
- name: grafana | |
containerPort: 3000 | |
protocol: TCP | |
env: | |
- name: GF_SECURITY_ADMIN_USER | |
valueFrom: | |
secretKeyRef: | |
name: grafana | |
key: admin-user | |
- name: GF_SECURITY_ADMIN_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: grafana | |
key: admin-password | |
- name: GF_PATHS_DATA | |
value: /var/lib/grafana/ | |
- name: GF_PATHS_LOGS | |
value: /var/log/grafana | |
- name: GF_PATHS_PLUGINS | |
value: /var/lib/grafana/plugins | |
- name: GF_PATHS_PROVISIONING | |
value: /etc/grafana/provisioning | |
livenessProbe: | |
failureThreshold: 10 | |
httpGet: | |
path: /api/health | |
port: 3000 | |
initialDelaySeconds: 60 | |
timeoutSeconds: 30 | |
readinessProbe: | |
httpGet: | |
path: /api/health | |
port: 3000 | |
volumes: | |
- name: config | |
configMap: | |
name: grafana | |
- name: storage | |
emptyDir: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment