Permalink
Switch branches/tags
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
95 lines (94 sloc) 2.1 KB
# Create a service account for prometheus to run under
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus
labels:
app: cockroachdb
---
# Define the access permissions that prometheus will run with
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: prometheus
labels:
app: cockroachdb
rules:
- apiGroups: [""]
resources:
- nodes
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- configmaps
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
# Associate the service account with the role
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: prometheus
labels:
app: cockroachdb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: prometheus
namespace: default
---
# Select any services with the prometheus:cockroachdb label
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: cockroachdb
labels:
app: cockroachdb
prometheus: cockroachdb
spec:
serviceAccountName: prometheus
selector:
matchLabels:
prometheus: cockroachdb
endpoints:
- port: http
path: /_status/vars
tlsConfig:
# The HTTPS certs are signed by the kubernetes internal
# certificate authority.
caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
# This overrides the hostname verification check for the admin
# UI port to match our quickstart secure-mode cluster setup.
serverName: "127.0.0.1"
---
# Have prometheus-operator run a replicated Prometheus cluster
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: cockroachdb
labels:
app: cockroachdb
spec:
serviceAccountName: prometheus
alerting:
alertmanagers:
- namespace: default
name: alertmanager-cockroachdb
port: web
serviceMonitorSelector:
matchLabels:
prometheus: cockroachdb
resources:
requests:
memory: 400Mi
ruleSelector:
matchLabels:
role: alert-rules
prometheus: cockroachdb