/
prometheus.yaml
109 lines (109 loc) · 3.2 KB
/
prometheus.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
labels:
prometheus: k8s
name: k8s
namespace: openshift-monitoring
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: prometheus
operator: In
values:
- k8s
namespaces:
- openshift-monitoring
topologyKey: kubernetes.io/hostname
weight: 100
alerting:
alertmanagers:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
name: alertmanager-main
namespace: openshift-monitoring
port: web
scheme: https
tlsConfig:
caFile: /etc/prometheus/configmaps/prometheus-serving-certs-ca-bundle/service-ca.crt
serverName: alertmanager-main
baseImage: openshift/prometheus
configMaps:
- prometheus-serving-certs-ca-bundle
containers:
- args:
- -provider=openshift
- -https-address=:9091
- -http-address=
- -email-domain=*
- -upstream=http://localhost:9090
- -htpasswd-file=/etc/proxy/htpasswd/auth
- -openshift-service-account=prometheus-k8s
- '-openshift-sar={"resource": "namespaces", "verb": "get"}'
- '-openshift-delegate-urls={"/": {"resource": "namespaces", "verb": "get"}}'
- -tls-cert=/etc/tls/private/tls.crt
- -tls-key=/etc/tls/private/tls.key
- -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- -cookie-secret-file=/etc/proxy/secrets/session_secret
- -openshift-ca=/etc/pki/tls/cert.pem
- -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- -skip-auth-regex=^/metrics
image: openshift/oauth-proxy:v1.1.0
name: prometheus-proxy
ports:
- containerPort: 9091
name: web
resources: {}
volumeMounts:
- mountPath: /etc/tls/private
name: secret-prometheus-k8s-tls
- mountPath: /etc/proxy/secrets
name: secret-prometheus-k8s-proxy
- mountPath: /etc/proxy/htpasswd
name: secret-prometheus-k8s-htpasswd
- args:
- --secure-listen-address=0.0.0.0:9092
- --upstream=http://127.0.0.1:9095
- --config-file=/etc/kube-rbac-proxy/config.yaml
- --logtostderr=true
- --v=10
image: quay.io/coreos/kube-rbac-proxy:v0.4.0
name: kube-rbac-proxy
volumeMounts:
- mountPath: /etc/kube-rbac-proxy
name: secret-kube-rbac-proxy
- args:
- --insecure-listen-address=127.0.0.1:9095
- --upstream=http://127.0.0.1:9090
- --label=namespace
image: quay.io/coreos/prom-label-proxy:v0.1.0
name: prom-label-proxy
listenLocal: true
nodeSelector:
beta.kubernetes.io/os: linux
replicas: 2
resources: {}
ruleSelector:
matchLabels:
prometheus: k8s
role: alert-rules
secrets:
- kube-etcd-client-certs
- prometheus-k8s-tls
- prometheus-k8s-proxy
- prometheus-k8s-htpasswd
- kube-rbac-proxy
securityContext: {}
serviceAccountName: prometheus-k8s
serviceMonitorNamespaceSelector:
matchExpressions:
- key: openshift.io/cluster-monitoring
operator: Exists
serviceMonitorSelector:
matchExpressions:
- key: k8s-app
operator: Exists
version: v2.4.2