1apiVersion: v1
2kind: Namespace
3metadata:
4 name: external-prometheus
5 labels:
6 test.linkerd.io/is-test-data-plane: "true"
7---
8kind: ClusterRole
9apiVersion: rbac.authorization.k8s.io/v1
10metadata:
11 name: prometheus
12 labels:
13 test.linkerd.io/is-test-data-plane: "true"
14rules:
15- apiGroups: [""]
16 resources: ["nodes", "nodes/proxy", "pods"]
17 verbs: ["get", "list", "watch"]
18---
19kind: ClusterRoleBinding
20apiVersion: rbac.authorization.k8s.io/v1
21metadata:
22 name: prometheus
23 labels:
24 test.linkerd.io/is-test-data-plane: "true"
25roleRef:
26 apiGroup: rbac.authorization.k8s.io
27 kind: ClusterRole
28 name: prometheus
29subjects:
30- kind: ServiceAccount
31 name: prometheus
32 namespace: external-prometheus
33---
34kind: ServiceAccount
35apiVersion: v1
36metadata:
37 name: prometheus
38 namespace: external-prometheus
39---
40kind: ConfigMap
41apiVersion: v1
42metadata:
43 name: prometheus-config
44 namespace: external-prometheus
45data:
46 prometheus.yml: |-
47 global:
48 evaluation_interval: 10s
49 scrape_interval: 10s
50 scrape_timeout: 10s
51
52 rule_files:
53 - /etc/prometheus/*_rules.yml
54 - /etc/prometheus/*_rules.yaml
55
56 scrape_configs:
57 - job_name: 'prometheus'
58 static_configs:
59 - targets: ['localhost:9090']
60
61 - job_name: 'grafana'
62 kubernetes_sd_configs:
63 - role: pod
64 namespaces:
65 names: ['grafana']
66 relabel_configs:
67 - source_labels:
68 - __meta_kubernetes_pod_container_name
69 action: keep
70 regex: ^grafana$
71
72 # Required for: https://grafana.com/grafana/dashboards/315
73 - job_name: 'kubernetes-nodes-cadvisor'
74 scheme: https
75 tls_config:
76 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
77 insecure_skip_verify: true
78 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
79 kubernetes_sd_configs:
80 - role: node
81 relabel_configs:
82 - action: labelmap
83 regex: __meta_kubernetes_node_label_(.+)
84 - target_label: __address__
85 replacement: kubernetes.default.svc:443
86 - source_labels: [__meta_kubernetes_node_name]
87 regex: (.+)
88 target_label: __metrics_path__
89 replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor
90 metric_relabel_configs:
91 - source_labels: [__name__]
92 regex: '(container|machine)_(cpu|memory|network|fs)_(.+)'
93 action: keep
94 - source_labels: [__name__]
95 regex: 'container_memory_failures_total' # unneeded large metric
96 action: drop
97
98 - job_name: 'linkerd-controller'
99 kubernetes_sd_configs:
100 - role: pod
101 namespaces:
102 names: ['linkerd']
103 relabel_configs:
104 - source_labels:
105 - __meta_kubernetes_pod_label_linkerd_io_control_plane_component
106 - __meta_kubernetes_pod_container_port_name
107 action: keep
108 regex: (.*);admin-http$
109 - source_labels: [__meta_kubernetes_pod_container_name]
110 action: replace
111 target_label: component
112
113 - job_name: 'linkerd-service-mirror'
114 kubernetes_sd_configs:
115 - role: pod
116 relabel_configs:
117 - source_labels:
118 - __meta_kubernetes_pod_label_linkerd_io_control_plane_component
119 - __meta_kubernetes_pod_container_port_name
120 action: keep
121 regex: linkerd-service-mirror;admin-http$
122 - source_labels: [__meta_kubernetes_pod_container_name]
123 action: replace
124 target_label: component
125
126 - job_name: 'linkerd-proxy'
127 kubernetes_sd_configs:
128 - role: pod
129 relabel_configs:
130 - source_labels:
131 - __meta_kubernetes_pod_container_name
132 - __meta_kubernetes_pod_container_port_name
133 - __meta_kubernetes_pod_label_linkerd_io_control_plane_ns
134 action: keep
135 regex: ^linkerd-proxy;linkerd-admin;linkerd$
136 - source_labels: [__meta_kubernetes_namespace]
137 action: replace
138 target_label: namespace
139 - source_labels: [__meta_kubernetes_pod_name]
140 action: replace
141 target_label: pod
142 # special case k8s' "job" label, to not interfere with prometheus' "job"
143 # label
144 # __meta_kubernetes_pod_label_linkerd_io_proxy_job=foo =>
145 # k8s_job=foo
146 - source_labels: [__meta_kubernetes_pod_label_linkerd_io_proxy_job]
147 action: replace
148 target_label: k8s_job
149 # drop __meta_kubernetes_pod_label_linkerd_io_proxy_job
150 - action: labeldrop
151 regex: __meta_kubernetes_pod_label_linkerd_io_proxy_job
152 # __meta_kubernetes_pod_label_linkerd_io_proxy_deployment=foo =>
153 # deployment=foo
154 - action: labelmap
155 regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
156 # drop all labels that we just made copies of in the previous labelmap
157 - action: labeldrop
158 regex: __meta_kubernetes_pod_label_linkerd_io_proxy_(.+)
159 # __meta_kubernetes_pod_label_linkerd_io_foo=bar =>
160 # foo=bar
161 - action: labelmap
162 regex: __meta_kubernetes_pod_label_linkerd_io_(.+)
163 # Copy all pod labels to tmp labels
164 - action: labelmap
165 regex: __meta_kubernetes_pod_label_(.+)
166 replacement: __tmp_pod_label_$1
167 # Take `linkerd_io_` prefixed labels and copy them without the prefix
168 - action: labelmap
169 regex: __tmp_pod_label_linkerd_io_(.+)
170 replacement: __tmp_pod_label_$1
171 # Drop the `linkerd_io_` originals
172 - action: labeldrop
173 regex: __tmp_pod_label_linkerd_io_(.+)
174 # Copy tmp labels into real labels
175 - action: labelmap
176 regex: __tmp_pod_label_(.+)
177---
178kind: Service
179apiVersion: v1
180metadata:
181 name: prometheus
182 namespace: external-prometheus
183spec:
184 type: ClusterIP
185 selector:
186 app: prometheus
187 ports:
188 - name: admin-http
189 port: 9090
190 targetPort: 9090
191---
192apiVersion: apps/v1
193kind: Deployment
194metadata:
195 name: prometheus
196 namespace: external-prometheus
197spec:
198 replicas: 1
199 selector:
200 matchLabels:
201 app: prometheus
202 template:
203 metadata:
204 labels:
205 app: prometheus
206 linkerd.io/inject: "enabled"
207 spec:
208 nodeSelector:
209 kubernetes.io/os: linux
210 securityContext:
211 fsGroup: 65534
212 containers:
213 - args:
214 - --config.file=/etc/prometheus/prometheus.yml
215 - --log.level=info
216 - --storage.tsdb.path=/data
217 - --storage.tsdb.retention.time=6h
218 image: prom/prometheus:v2.19.3
219 imagePullPolicy: IfNotPresent
220 livenessProbe:
221 httpGet:
222 path: /-/healthy
223 port: 9090
224 initialDelaySeconds: 30
225 timeoutSeconds: 30
226 name: prometheus
227 ports:
228 - containerPort: 9090
229 name: admin-http
230 readinessProbe:
231 httpGet:
232 path: /-/ready
233 port: 9090
234 initialDelaySeconds: 30
235 timeoutSeconds: 30
236 securityContext:
237 runAsGroup: 65534
238 runAsNonRoot: true
239 runAsUser: 65534
240 volumeMounts:
241 - mountPath: /data
242 name: data
243 - mountPath: /etc/prometheus/prometheus.yml
244 name: prometheus-config
245 subPath: prometheus.yml
246 readOnly: true
247 serviceAccountName: prometheus
248 volumes:
249 - name: data
250 emptyDir: {}
251 - configMap:
252 name: prometheus-config
253 name: prometheus-config
View as plain text