1apiVersion: v1
2kind: ServiceAccount
3metadata:
4 labels:
5 app: node-exporter
6 app.kubernetes.io/version: 1.7.0
7 name: node-exporter
8---
9apiVersion: rbac.authorization.k8s.io/v1
10kind: ClusterRole
11metadata:
12 labels:
13 app: node-exporter
14 app.kubernetes.io/version: 1.7.0
15 name: node-exporter
16rules:
17- apiGroups:
18 - authentication.k8s.io
19 resources:
20 - tokenreviews
21 verbs:
22 - create
23- apiGroups:
24 - authorization.k8s.io
25 resources:
26 - subjectaccessreviews
27 verbs:
28 - create
29---
30apiVersion: rbac.authorization.k8s.io/v1
31kind: ClusterRoleBinding
32metadata:
33 labels:
34 app: node-exporter
35 app.kubernetes.io/version: 1.7.0
36 name: node-exporter
37roleRef:
38 apiGroup: rbac.authorization.k8s.io
39 kind: ClusterRole
40 name: node-exporter
41subjects:
42- kind: ServiceAccount
43 name: node-exporter
44 namespace: node-exporter
45---
46apiVersion: v1
47kind: Service
48metadata:
49 labels:
50 app: node-exporter
51 app.kubernetes.io/version: 1.7.0
52 name: node-exporter
53spec:
54 clusterIP: None
55 ports:
56 - name: https
57 port: 9100
58 targetPort: https
59 selector:
60 app: node-exporter
61 app.kubernetes.io/version: 1.7.0
62---
63apiVersion: apps/v1
64kind: DaemonSet
65metadata:
66 annotations:
67 linkerd.io/inject: disabled
68 labels:
69 app: node-exporter
70 app.kubernetes.io/version: 1.7.0
71 name: node-exporter
72spec:
73 selector:
74 matchLabels:
75 app: node-exporter
76 app.kubernetes.io/version: 1.7.0
77 template:
78 metadata:
79 annotations:
80 kubectl.kubernetes.io/default-container: node-exporter
81 labels:
82 app: node-exporter
83 app.kubernetes.io/version: 1.7.0
84 spec:
85 containers:
86 - args:
87 - --web.listen-address=127.0.0.1:9100
88 - --path.sysfs=/host/sys
89 - --path.rootfs=/host/root
90 - --path.udev.data=/host/root/run/udev/data
91 - --no-collector.wifi
92 - --no-collector.hwmon
93 - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run/k3s/containerd/.+|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
94 - --collector.netclass.ignored-devices=^(veth.*|[a-f0-9]{15})$
95 - --collector.netdev.device-exclude=^(veth.*|[a-f0-9]{15})$
96 - --collector.cpu.info
97 - --collector.cpufreq
98 - --collector.netdev.address-info
99 image: bzl://hack/deps:node_exporter_container_push
100 name: node-exporter
101 resources:
102 limits:
103 cpu: 250m
104 memory: 384Mi
105 requests:
106 cpu: 100m
107 memory: 192Mi
108 securityContext:
109 allowPrivilegeEscalation: false
110 volumeMounts:
111 - mountPath: /host/sys
112 mountPropagation: HostToContainer
113 name: sys
114 readOnly: true
115 - mountPath: /host/root
116 mountPropagation: HostToContainer
117 name: root
118 readOnly: true
119 - args:
120 - --secure-listen-address=[$(IP)]:9100
121 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
122 - --upstream=http://127.0.0.1:9100/
123 env:
124 - name: IP
125 valueFrom:
126 fieldRef:
127 fieldPath: status.podIP
128 image: bzl://hack/deps:kube_rbac_proxy_container_push
129 name: kube-rbac-proxy
130 ports:
131 - containerPort: 9100
132 hostPort: 9100
133 name: https
134 resources:
135 limits:
136 cpu: 20m
137 memory: 40Mi
138 requests:
139 cpu: 10m
140 memory: 20Mi
141 securityContext:
142 allowPrivilegeEscalation: false
143 runAsGroup: 65532
144 runAsNonRoot: true
145 runAsUser: 65532
146 hostNetwork: true
147 hostPID: true
148 nodeSelector:
149 kubernetes.io/os: linux
150 securityContext:
151 runAsNonRoot: true
152 runAsUser: 65534
153 serviceAccountName: node-exporter
154 tolerations:
155 - operator: Exists
156 volumes:
157 - hostPath:
158 path: /sys
159 name: sys
160 - hostPath:
161 path: /
162 name: root
163 updateStrategy:
164 rollingUpdate:
165 maxUnavailable: 10%
166 type: RollingUpdate
167---
168apiVersion: monitoring.coreos.com/v1
169kind: ServiceMonitor
170metadata:
171 annotations:
172 monitoring.edge.ncr.com/allowed-metrics: |
173 node_vmstat_oom_kill
174 node_boot_time_seconds
175 node_cpu_seconds_total
176 node_disk_io_time_seconds_total
177 node_disk_read_bytes_total
178 node_disk_written_bytes_total
179 node_filesystem_avail_bytes
180 node_filesystem_size_bytes
181 node_load1
182 node_load15
183 node_load5
184 node_memory_Buffers_bytes
185 node_memory_Cached_bytes
186 node_memory_MemAvailable_bytes
187 node_memory_MemFree_bytes
188 node_memory_MemTotal_bytes
189 node_network_receive_bytes_total
190 node_network_transmit_bytes_total
191 node_os_info
192 node_os_version
193 node_time_seconds
194 node_cpu_info
195 node_cpu_frequency_max_hertz
196 node_cpu_frequency_min_hertz
197 node_cpu_scaling_frequency_hertz
198 node_cpu_scaling_frequency_max_hertz
199 node_cpu_scaling_frequency_min_hertz
200 node_dmi_info
201 node_uname_info
202 node_network_global_address_info
203 node_logical_cores_total
204 node_physical_cores_total
205 labels:
206 app: node-exporter
207 app.kubernetes.io/version: 1.7.0
208 name: node-exporter
209spec:
210 endpoints:
211 - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
212 interval: 60s
213 metricRelabelings:
214 - action: keep
215 regex: node_.*
216 sourceLabels:
217 - __name__
218 port: https
219 relabelings:
220 - action: replace
221 regex: (.*)
222 replacement: $1
223 sourceLabels:
224 - __meta_kubernetes_pod_node_name
225 targetLabel: instance
226 - action: replace
227 regex: (.*)
228 replacement: $1
229 sourceLabels:
230 - __meta_kubernetes_pod_node_name
231 targetLabel: node
232 scheme: https
233 tlsConfig:
234 insecureSkipVerify: true
235 jobLabel: app.kubernetes.io/name
236 selector:
237 matchLabels:
238 app: node-exporter
239 app.kubernetes.io/version: 1.7.0
View as plain text