Skip to content
Commits on Source (4)
Hide whitespace changes
Inline Side-by-side
jsonnetfile.json
View file @ aae76de6
......@@ -26,7 +26,7 @@
"subdir": "jsonnet/kube-prometheus"
}
},
"version": "release-0.10"
"version": "release-0.11"
},
{
"source": {
......@@ -35,7 +35,7 @@
"subdir": "postgres_mixin"
}
},
"version": "v0.10.0"
"version": "v0.11.1"
},
{
"source": {
......@@ -44,7 +44,16 @@
"subdir": "mysqld-mixin"
}
},
"version": "v0.13.0"
"version": "v0.14.0"
},
{
"source": {
"git": {
"remote": "https://github.com/etcd-io/etcd.git",
"subdir": "contrib/mixin"
}
},
"version": "v3.5.2"
}
],
"legacyImports": true
......
jsonnetfile.lock.json
View file @ aae76de6
......@@ -18,8 +18,8 @@
"subdir": "grafana"
}
},
"version": "199e363523104ff8b3a12483a4e3eca86372b078",
"sum": "/jDHzVAjHB4AOLkJHw1GyATX5ogZ1iMdcJXZAgaG3+g="
"version": "d039275e4916aceae1c137120882e01d857787ac",
"sum": "515vMn4x4tP8vegL4HLW0nDO5+njGTgnDZB5OOhtsCI="
},
{
"source": {
......@@ -28,9 +28,19 @@
"subdir": "contrib/mixin"
}
},
"version": "99018a77bea9a9d29962e5169876c64e02739c52",
"version": "e36327b1881837a5d579a3adc3ac324f0c2d5944",
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
},
{
"source": {
"git": {
"remote": "https://github.com/grafana/grafana.git",
"subdir": "grafana-mixin"
}
},
"version": "3eed09056849ab873b867b561b7ce580ef2c75ba",
"sum": "MkjR7zCgq6MUZgjDzop574tFKoTX2OBr7DTwm1K+Ofs="
},
{
"source": {
"git": {
......@@ -38,8 +48,8 @@
"subdir": "grafonnet"
}
},
"version": "6db00c292d3a1c71661fc875f90e0ec7caa538c2",
"sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
"version": "30280196507e0fe6fa978a3e0eaca3a62844f817",
"sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc="
},
{
"source": {
......@@ -48,8 +58,8 @@
"subdir": "grafana-builder"
}
},
"version": "03d32a72a2a0bf0ee00ffc853be5f07ad3bafcbe",
"sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc="
"version": "dbf6fc14105c28b6fd0253005f7ca2da37d3d4e1",
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
},
{
"source": {
......@@ -58,8 +68,8 @@
"subdir": ""
}
},
"version": "b538a10c89508f8d12885680cca72a134d3127f5",
"sum": "GLt5T2k4RKg36Gfcaf9qlTfVumDitqotVD0ipz/bPJ4="
"version": "b8f44bb7be728423836bef0e904ec7166895a34b",
"sum": "LCgSosxceeYuoau5fYSPtE5eXOFe46DxexfkrctUv7c="
},
{
"source": {
......@@ -68,7 +78,7 @@
"subdir": "lib/promgrafonnet"
}
},
"version": "2b33b82dfe04e4b37d62008ead7a04272a0fb42d",
"version": "5e44626d70c2bf2d35c37f3fee5a6261a5335cc6",
"sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps="
},
{
......@@ -78,8 +88,8 @@
"subdir": "jsonnet/kube-state-metrics"
}
},
"version": "e080c3ce73ad514254e38dccb37c93bec6b257ae",
"sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y="
"version": "0567e1e1b981755e563d2244fa1659563f2cddbc",
"sum": "P0dCnbzyPScQGNXwXRcwiPkMLeTq0IPNbSTysDbySnM="
},
{
"source": {
......@@ -88,7 +98,7 @@
"subdir": "jsonnet/kube-state-metrics-mixin"
}
},
"version": "e080c3ce73ad514254e38dccb37c93bec6b257ae",
"version": "0567e1e1b981755e563d2244fa1659563f2cddbc",
"sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk="
},
{
......@@ -108,8 +118,8 @@
"subdir": "postgres_mixin"
}
},
"version": "8b79a99cc4b0924e30c257869d91e8ef4bac24be",
"sum": "0Kz185DwXwm6gX/G9/dlJRM+YpdXgW+db+tLyynjNQ0="
"version": "5cca7617abdfc2632beedef51b60c14b8aff8416",
"sum": "H+okh0mBSyJSyvkCadCXck1ouZUhdokidsoDGA9h25c="
},
{
"source": {
......@@ -118,8 +128,8 @@
"subdir": "jsonnet/kube-prometheus"
}
},
"version": "5b9aa36169af47a1fb938cc7984d4ee59588fe2a",
"sum": "/vWBtOTq4/zPmoSKHwh/3jYUAzWeNNyq4rYmErEb9wU="
"version": "e3066575dc8be21f578f12887563bda3ee7a2eff",
"sum": "nNEMDrb5sQDOxJ20ITDvldyfIbbiGcVr8Bq46PH2ww8="
},
{
"source": {
......@@ -128,8 +138,8 @@
"subdir": "jsonnet/mixin"
}
},
"version": "d8ba1c766a141cb35072ae2f2578ec8588c9efcd",
"sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=",
"version": "5db6996d3ca995e66301c53c33959fd64c3f6ae6",
"sum": "GQmaVFJwKMiD/P4n3N2LrAZVcwutriWrP8joclDtBYQ=",
"name": "prometheus-operator-mixin"
},
{
......@@ -139,8 +149,8 @@
"subdir": "jsonnet/prometheus-operator"
}
},
"version": "d8ba1c766a141cb35072ae2f2578ec8588c9efcd",
"sum": "yjdwZ+5UXL42EavJleAJmd8Ou6MSDfExvlKAxFCxXVE="
"version": "5db6996d3ca995e66301c53c33959fd64c3f6ae6",
"sum": "pUggCYwO/3Y/p6Vgryx8Y4KO3QkJ+GqimrZtn/luzzI="
},
{
"source": {
......@@ -149,8 +159,8 @@
"subdir": "doc/alertmanager-mixin"
}
},
"version": "16fa045db47d68a09a102c7b80b8899c1f57c153",
"sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=",
"version": "14b01e6a34dd3155768c7e9bd5c4376055de9419",
"sum": "f3iZDUXQ/YWB5yDCY7VLD5bs442+3CdJgXJhJyWhNf8=",
"name": "alertmanager"
},
{
......@@ -160,8 +170,8 @@
"subdir": "mysqld-mixin"
}
},
"version": "1f5a0d1c552b20305d7217aa355a9ccddd362d6f",
"sum": "0DlSTrzHW1CSts0diGgQ03WR6NCElXBuQZLgNTGQ12I="
"version": "04b8416b4edb0c340a9e0d45edd3b01f9132c9a3",
"sum": "uNB+GRFGMIx2PtqxWBnoPDALhQayI0TF+aK2U6KbDP0="
},
{
"source": {
......@@ -180,10 +190,20 @@
"subdir": "documentation/prometheus-mixin"
}
},
"version": "41f1a8125e664985dd30674e5bdf6b683eff5d32",
"sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=",
"version": "d7e7b8e04b5ecdc1dd153534ba376a622b72741b",
"sum": "APXOIP3B3dZ3Tyh7L2UhyWR8Vbf5+9adTLz/ya7n6uU=",
"name": "prometheus"
},
{
"source": {
"git": {
"remote": "https://github.com/pyrra-dev/pyrra.git",
"subdir": "config/crd/bases"
}
},
"version": "3738a607a42a0c9566587a49cec7587cc92d61bd",
"sum": "GQ0GFKGdIWKx1b78VRs6jtC4SMqkBjT5jl65QUjPKK4="
},
{
"source": {
"git": {
......@@ -191,8 +211,8 @@
"subdir": "mixin"
}
},
"version": "fb97c9a5ef51849ccb7960abbeb9581ad7f511b9",
"sum": "X+060DnePPeN/87fgj0SrfxVitywTk8hZA9V4nHxl1g=",
"version": "17c576472d80972bfd3705e1e0a08e6f8da8e04b",
"sum": "dBm9ML50quhu6dwTIgfNmVruMqfaUeQVCO/6EKtQLxE=",
"name": "thanos-mixin"
}
],
......
kube-prometheus.jsonnet
View file @ aae76de6
......@@ -294,6 +294,12 @@ local elasticsearchMixin = addMixin({
_config+: {}, // mixin configuration object
},
});
local etcdMixin = addMixin({
name: 'etcd',
mixin: (import 'mixin/mixin.libsonnet') + {
_config+: {}, // mixin configuration object
},
});
local kp =
(import 'kube-prometheus/main.libsonnet') +
......@@ -305,6 +311,7 @@ local kp =
// (import 'kube-prometheus/addons/thanos-sidecar.libsonnet') +
// (import 'kube-prometheus/addons/custom-metrics.libsonnet') +
// (import 'kube-prometheus/addons/external-metrics.libsonnet') +
(import 'kube-prometheus/addons/pyrra.libsonnet') +
{
values+:: {
common+: {
......@@ -313,7 +320,7 @@ local kp =
},
grafana+: {
plugins: ['grafana-piechart-panel'],
dashboards+: corednsMixin.grafanaDashboards /*mysqldMixin.dashboards, postgresMixin.dashboards,*/ + elasticsearchMixin.grafanaDashboards,
dashboards+: corednsMixin.grafanaDashboards /*mysqldMixin.dashboards, postgresMixin.dashboards,*/ + elasticsearchMixin.grafanaDashboards + etcdMixin.grafanaDashboards,
config+: {
sections+: {
analytics+: {
......@@ -412,10 +419,11 @@ local kp =
},
},
},
prometheusAlerts+:: corednsMixin.prometheusAlerts +
elasticsearchMixin.prometheusAlerts +
etcdMixin.prometheusAlerts,
},
prometheusAlerts+:: corednsMixin.prometheusAlerts +
elasticsearchMixin.prometheusAlerts,
ingress+:: {
grafana: ingress('grafana', $.values.common.namespace, [], [{
......@@ -435,7 +443,24 @@ local kp =
}],
},
}], false),
backend: ingress('backend', $.values.common.namespace, ['prometheus.monitoring.' + domain, 'alertmanager.monitoring.' + domain, 'monitoring.' + domain], [
backend: ingress('backend', $.values.common.namespace, ['pyrra.monitoring.' + domain, 'prometheus.monitoring.' + domain, 'alertmanager.monitoring.' + domain, 'monitoring.' + domain], [
{
host: 'pyrra.monitoring.' + domain,
http: {
paths: [{
path: '/',
pathType: 'Prefix',
backend: {
service: {
name: 'pyrra-api',
port: {
name: 'http',
},
},
},
}],
},
},
{
host: 'alertmanager.monitoring.' + domain,
http: {
......@@ -504,10 +529,12 @@ local manifests =
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
} +
{ 'setup/pyrra-slo-CustomResourceDefinition': kp.pyrra.crd } +
// serviceMonitor is separated so that it can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['grafana-' + name]: modifiedGrafana[name] for name in std.objectFields(modifiedGrafana) } +
{ ['pyrra-' + name]: kp.pyrra[name] for name in std.objectFields(kp.pyrra) if name != 'crd' } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +
......@@ -519,7 +546,8 @@ local manifests =
{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) } +
//{ 'external-mixins/mysqld-mixin-prometheus-rules': mysqldMixin.prometheusRules }
//{ 'external-mixins/postgres-mixin-prometheus-rules': postgresMixin.prometheusRules }
{ 'elasticsearch-mixin-prometheus-rules': elasticsearchMixin.prometheusRules };
{ 'elasticsearch-mixin-prometheus-rules': elasticsearchMixin.prometheusRules }
{ 'etcd-mixin-prometheus-rules': etcdMixin.prometheusRules };
local kustomizationResourceFile(name) = './manifests/' + name + '.yaml';
local kustomization = {
......
kustomization.yaml
View file @ aae76de6
......@@ -5,6 +5,7 @@ resources:
- ./manifests/alertmanager-discord-deployment.yaml
- ./manifests/alertmanager-discord-networkPolicy.yaml
- ./manifests/alertmanager-discord-service.yaml
- ./manifests/alertmanager-networkPolicy.yaml
- ./manifests/alertmanager-podDisruptionBudget.yaml
- ./manifests/alertmanager-prometheusRule.yaml
- ./manifests/alertmanager-secret.yaml
......@@ -16,22 +17,27 @@ resources:
- ./manifests/blackbox-exporter-clusterRoleBinding.yaml
- ./manifests/blackbox-exporter-configuration.yaml
- ./manifests/blackbox-exporter-deployment.yaml
- ./manifests/blackbox-exporter-networkPolicy.yaml
- ./manifests/blackbox-exporter-service.yaml
- ./manifests/blackbox-exporter-serviceAccount.yaml
- ./manifests/blackbox-exporter-serviceMonitor.yaml
- ./manifests/elasticsearch-mixin-prometheus-rules.yaml
- ./manifests/etcd-mixin-prometheus-rules.yaml
- ./manifests/grafana-config.yaml
- ./manifests/grafana-dashboardDatasources.yaml
- ./manifests/grafana-dashboardDefinitions.yaml
- ./manifests/grafana-dashboardSources.yaml
- ./manifests/grafana-deployment.yaml
- ./manifests/grafana-ingress.yaml
- ./manifests/grafana-networkPolicy.yaml
- ./manifests/grafana-prometheusRule.yaml
- ./manifests/grafana-service.yaml
- ./manifests/grafana-serviceAccount.yaml
- ./manifests/grafana-serviceMonitor.yaml
- ./manifests/kube-state-metrics-clusterRole.yaml
- ./manifests/kube-state-metrics-clusterRoleBinding.yaml
- ./manifests/kube-state-metrics-deployment.yaml
- ./manifests/kube-state-metrics-networkPolicy.yaml
- ./manifests/kube-state-metrics-prometheusRule.yaml
- ./manifests/kube-state-metrics-service.yaml
- ./manifests/kube-state-metrics-serviceAccount.yaml
......@@ -50,6 +56,7 @@ resources:
- ./manifests/node-exporter-clusterRole.yaml
- ./manifests/node-exporter-clusterRoleBinding.yaml
- ./manifests/node-exporter-daemonset.yaml
- ./manifests/node-exporter-networkPolicy.yaml
- ./manifests/node-exporter-prometheusRule.yaml
- ./manifests/node-exporter-service.yaml
- ./manifests/node-exporter-serviceAccount.yaml
......@@ -62,6 +69,7 @@ resources:
- ./manifests/prometheus-adapter-clusterRoleServerResources.yaml
- ./manifests/prometheus-adapter-configMap.yaml
- ./manifests/prometheus-adapter-deployment.yaml
- ./manifests/prometheus-adapter-networkPolicy.yaml
- ./manifests/prometheus-adapter-podDisruptionBudget.yaml
- ./manifests/prometheus-adapter-roleBindingAuthReader.yaml
- ./manifests/prometheus-adapter-service.yaml
......@@ -69,6 +77,7 @@ resources:
- ./manifests/prometheus-adapter-serviceMonitor.yaml
- ./manifests/prometheus-clusterRole.yaml
- ./manifests/prometheus-clusterRoleBinding.yaml
- ./manifests/prometheus-networkPolicy.yaml
- ./manifests/prometheus-operator-serviceMonitor.yaml
- ./manifests/prometheus-podDisruptionBudget.yaml
- ./manifests/prometheus-prometheus.yaml
......@@ -78,6 +87,27 @@ resources:
- ./manifests/prometheus-service.yaml
- ./manifests/prometheus-serviceAccount.yaml
- ./manifests/prometheus-serviceMonitor.yaml
- ./manifests/pyrra-apiDeployment.yaml
- ./manifests/pyrra-apiService.yaml
- ./manifests/pyrra-kubernetesClusterRole.yaml
- ./manifests/pyrra-kubernetesClusterRoleBinding.yaml
- ./manifests/pyrra-kubernetesDeployment.yaml
- ./manifests/pyrra-kubernetesService.yaml
- ./manifests/pyrra-kubernetesServiceAccount.yaml
- ./manifests/pyrra-slo-apiserver-read-cluster-latency.yaml
- ./manifests/pyrra-slo-apiserver-read-namespace-latency.yaml
- ./manifests/pyrra-slo-apiserver-read-resource-latency.yaml
- ./manifests/pyrra-slo-apiserver-read-response-errors.yaml
- ./manifests/pyrra-slo-apiserver-write-response-errors.yaml
- ./manifests/pyrra-slo-coredns-response-errors.yaml
- ./manifests/pyrra-slo-kubelet-request-errors.yaml
- ./manifests/pyrra-slo-kubelet-runtime-errors.yaml
- ./manifests/pyrra-slo-prometheus-notification-errors.yaml
- ./manifests/pyrra-slo-prometheus-operator-http-errors.yaml
- ./manifests/pyrra-slo-prometheus-operator-reconcile-errors.yaml
- ./manifests/pyrra-slo-prometheus-query-errors.yaml
- ./manifests/pyrra-slo-prometheus-rule-evaluation-failures.yaml
- ./manifests/pyrra-slo-prometheus-sd-kubernetes-errors.yaml
- ./manifests/setup/0namespace-namespace.yaml
- ./manifests/setup/0namespace-prometheusRule.yaml
- ./manifests/setup/prometheus-operator-0alertmanagerConfigCustomResourceDefinition.yaml
......@@ -91,6 +121,8 @@ resources:
- ./manifests/setup/prometheus-operator-clusterRole.yaml
- ./manifests/setup/prometheus-operator-clusterRoleBinding.yaml
- ./manifests/setup/prometheus-operator-deployment.yaml
- ./manifests/setup/prometheus-operator-networkPolicy.yaml
- ./manifests/setup/prometheus-operator-prometheusRule.yaml
- ./manifests/setup/prometheus-operator-service.yaml
- ./manifests/setup/prometheus-operator-serviceAccount.yaml
- ./manifests/setup/pyrra-slo-CustomResourceDefinition.yaml
manifests/alertmanager-alertmanager.yaml
View file @ aae76de6
......@@ -6,11 +6,11 @@ metadata:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
name: main
namespace: monitoring
spec:
image: quay.io/prometheus/alertmanager:v0.23.0
image: quay.io/prometheus/alertmanager:v0.24.0
nodeSelector:
kubernetes.io/os: linux
podMetadata:
......@@ -19,7 +19,7 @@ spec:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
replicas: 3
resources:
limits:
......@@ -33,4 +33,4 @@ spec:
runAsNonRoot: true
runAsUser: 1000
serviceAccountName: alertmanager-main
version: 0.23.0
version: 0.24.0
manifests/alertmanager-networkPolicy.yaml 0 → 100644
View file @ aae76de6
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.24.0
name: alertmanager-main
namespace: monitoring
spec:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- port: 9093
protocol: TCP
- port: 8080
protocol: TCP
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: alertmanager
ports:
- port: 9094
protocol: TCP
- port: 9094
protocol: UDP
podSelector:
matchLabels:
app.kubernetes.io/component: alert-router
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
policyTypes:
- Egress
- Ingress
manifests/alertmanager-podDisruptionBudget.yaml
View file @ aae76de6
......@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
name: alertmanager-main
namespace: monitoring
spec:
......
manifests/alertmanager-prometheusRule.yaml
View file @ aae76de6
......@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
prometheus: k8s
role: alert-rules
name: alertmanager-main-rules
......
manifests/alertmanager-secret.yaml
View file @ aae76de6
......@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
name: alertmanager-main
namespace: monitoring
stringData:
......
manifests/alertmanager-service.yaml
View file @ aae76de6
......@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
name: alertmanager-main
namespace: monitoring
spec:
......
manifests/alertmanager-serviceAccount.yaml
View file @ aae76de6
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
......@@ -6,6 +7,6 @@ metadata:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
name: alertmanager-main
namespace: monitoring
manifests/alertmanager-serviceMonitor.yaml
View file @ aae76de6
......@@ -6,7 +6,7 @@ metadata:
app.kubernetes.io/instance: main
app.kubernetes.io/name: alertmanager
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.23.0
app.kubernetes.io/version: 0.24.0
name: alertmanager-main
namespace: monitoring
spec:
......
manifests/backend-ingress.yaml
View file @ aae76de6
......@@ -10,6 +10,16 @@ metadata:
spec:
ingressClassName: traefik
rules:
- host: pyrra.monitoring.tdude.co
http:
paths:
- backend:
service:
name: pyrra-api
port:
name: http
path: /
pathType: Prefix
- host: alertmanager.monitoring.tdude.co
http:
paths:
......@@ -32,6 +42,7 @@ spec:
pathType: Prefix
tls:
- hosts:
- pyrra.monitoring.tdude.co
- prometheus.monitoring.tdude.co
- alertmanager.monitoring.tdude.co
- monitoring.tdude.co
......
manifests/blackbox-exporter-clusterRoleBinding.yaml
View file @ aae76de6
......@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
app.kubernetes.io/version: 0.21.0
name: blackbox-exporter
namespace: monitoring
roleRef:
......
manifests/blackbox-exporter-configuration.yaml
View file @ aae76de6
......@@ -46,6 +46,6 @@ metadata:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
app.kubernetes.io/version: 0.21.0
name: blackbox-exporter-configuration
namespace: monitoring
manifests/blackbox-exporter-deployment.yaml
View file @ aae76de6
......@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
app.kubernetes.io/version: 0.21.0
name: blackbox-exporter
namespace: monitoring
spec:
......@@ -23,13 +23,14 @@ spec:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
app.kubernetes.io/version: 0.21.0
spec:
automountServiceAccountToken: true
containers:
- args:
- --config.file=/etc/blackbox_exporter/config.yml
- --web.listen-address=:19115
image: quay.io/prometheus/blackbox-exporter:v0.19.0
image: quay.io/prometheus/blackbox-exporter:v0.21.0
name: blackbox-exporter
ports:
- containerPort: 19115
......@@ -42,6 +43,11 @@ spec:
cpu: 10m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
volumeMounts:
......@@ -61,6 +67,11 @@ spec:
cpu: 10m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
terminationMessagePath: /dev/termination-log
......@@ -74,7 +85,7 @@ spec:
- --secure-listen-address=:9115
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- --upstream=http://127.0.0.1:19115/
image: quay.io/brancz/kube-rbac-proxy:v0.11.0
image: quay.io/brancz/kube-rbac-proxy:v0.12.0
name: kube-rbac-proxy
ports:
- containerPort: 9115
......@@ -87,6 +98,11 @@ spec:
cpu: 10m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
......
manifests/blackbox-exporter-networkPolicy.yaml 0 → 100644
View file @ aae76de6
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.21.0
name: blackbox-exporter
namespace: monitoring
spec:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- port: 9115
protocol: TCP
- port: 19115
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
policyTypes:
- Egress
- Ingress
manifests/blackbox-exporter-service.yaml
View file @ aae76de6
......@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
app.kubernetes.io/version: 0.21.0
name: blackbox-exporter
namespace: monitoring
spec:
......
manifests/blackbox-exporter-serviceAccount.yaml
View file @ aae76de6
apiVersion: v1
automountServiceAccountToken: false
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
app.kubernetes.io/version: 0.21.0
name: blackbox-exporter
namespace: monitoring
manifests/blackbox-exporter-serviceMonitor.yaml
View file @ aae76de6
......@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.19.0
app.kubernetes.io/version: 0.21.0
name: blackbox-exporter
namespace: monitoring
spec:
......