/
deployment.yaml
143 lines (143 loc) · 5.36 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 2.8.2
name: kube-state-metrics
namespace: openshift-monitoring
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: openshift-monitoring
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: kube-state-metrics
target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/managed-by: cluster-monitoring-operator
app.kubernetes.io/name: kube-state-metrics
app.kubernetes.io/part-of: openshift-monitoring
app.kubernetes.io/version: 2.8.2
spec:
automountServiceAccountToken: true
containers:
- args:
- --host=127.0.0.1
- --port=8081
- --telemetry-host=127.0.0.1
- --telemetry-port=8082
- |
--metric-denylist=
^kube_secret_labels$,
^kube_.+_annotations$
- --metric-labels-allowlist=pods=[*],nodes=[*],namespaces=[*],persistentvolumes=[*],persistentvolumeclaims=[*],poddisruptionbudgets=[*]
- |
--metric-denylist=
^kube_.+_created$,
^kube_.+_metadata_resource_version$,
^kube_replicaset_metadata_generation$,
^kube_replicaset_status_observed_generation$,
^kube_pod_restart_policy$,
^kube_pod_init_container_status_terminated$,
^kube_pod_init_container_status_running$,
^kube_pod_container_status_terminated$,
^kube_pod_container_status_running$,
^kube_pod_completion_time$,
^kube_pod_status_scheduled$
image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.8.2
name: kube-state-metrics
resources:
requests:
cpu: 2m
memory: 80Mi
securityContext: {}
volumeMounts:
- mountPath: /tmp
name: volume-directive-shadow
readOnly: false
- args:
- --logtostderr
- --secure-listen-address=:8443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- --upstream=http://127.0.0.1:8081/
- --tls-cert-file=/etc/tls/private/tls.crt
- --tls-private-key-file=/etc/tls/private/tls.key
- --client-ca-file=/etc/tls/client/client-ca.crt
- --config-file=/etc/kube-rbac-policy/config.yaml
image: quay.io/brancz/kube-rbac-proxy:v0.14.1
name: kube-rbac-proxy-main
ports:
- containerPort: 8443
name: https-main
resources:
requests:
cpu: 1m
memory: 15Mi
securityContext: {}
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /etc/tls/private
name: kube-state-metrics-tls
readOnly: false
- mountPath: /etc/tls/client
name: metrics-client-ca
readOnly: false
- mountPath: /etc/kube-rbac-policy
name: kube-state-metrics-kube-rbac-proxy-config
readOnly: true
- args:
- --logtostderr
- --secure-listen-address=:9443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- --upstream=http://127.0.0.1:8082/
- --tls-cert-file=/etc/tls/private/tls.crt
- --tls-private-key-file=/etc/tls/private/tls.key
- --client-ca-file=/etc/tls/client/client-ca.crt
- --config-file=/etc/kube-rbac-policy/config.yaml
image: quay.io/brancz/kube-rbac-proxy:v0.14.1
name: kube-rbac-proxy-self
ports:
- containerPort: 9443
name: https-self
resources:
requests:
cpu: 1m
memory: 15Mi
securityContext: {}
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /etc/tls/private
name: kube-state-metrics-tls
readOnly: false
- mountPath: /etc/tls/client
name: metrics-client-ca
readOnly: false
- mountPath: /etc/kube-rbac-policy
name: kube-state-metrics-kube-rbac-proxy-config
readOnly: true
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
securityContext: {}
serviceAccountName: kube-state-metrics
volumes:
- emptyDir: {}
name: volume-directive-shadow
- name: kube-state-metrics-tls
secret:
secretName: kube-state-metrics-tls
- configMap:
name: metrics-client-ca
name: metrics-client-ca
- name: kube-state-metrics-kube-rbac-proxy-config
secret:
secretName: kube-state-metrics-kube-rbac-proxy-config