Skip to content

Commit 3052bd6

Browse files
smarterclaytonsmarterclayton
committed
Provide an all in one prometheus template example
1 parent 98e19bc commit 3052bd6

File tree

1 file changed

+216
-0
lines changed

1 file changed

+216
-0
lines changed

examples/prometheus/prometheus.yaml

+216
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,216 @@
1+
apiVersion: v1
2+
kind: Template
3+
metadata:
4+
name: prometheus
5+
annotations:
6+
"openshift.io/display-name": Prometheus
7+
description: |
8+
A monitoring solution for an OpenShift cluster - collect and gather metrics from nodes, services, and the infrastructure.
9+
iconClass: icon-cogs
10+
tags: "monitoring,prometheus,time-series"
11+
parameters:
12+
- name: NAMESPACE
13+
value: kube-system
14+
objects:
15+
- apiVersion: v1
16+
kind: ServiceAccount
17+
metadata:
18+
name: prometheus
19+
namespace: "${NAMESPACE}"
20+
- apiVersion: v1
21+
kind: ClusterRoleBinding
22+
metadata:
23+
name: prometheus-cluster-reader
24+
roleRef:
25+
name: cluster-reader
26+
subjects:
27+
- kind: ServiceAccount
28+
name: prometheus
29+
namespace: "${NAMESPACE}"
30+
- apiVersion: v1
31+
kind: Service
32+
metadata:
33+
annotations:
34+
prometheus.io/scrape: "true"
35+
labels:
36+
name: prometheus
37+
name: prometheus
38+
namespace: "${NAMESPACE}"
39+
spec:
40+
ports:
41+
- name: prometheus
42+
port: 9090
43+
protocol: TCP
44+
targetPort: 9090
45+
selector:
46+
app: prometheus
47+
- apiVersion: extensions/v1beta1
48+
kind: Deployment
49+
metadata:
50+
labels:
51+
app: prometheus
52+
name: prometheus
53+
namespace: "${NAMESPACE}"
54+
spec:
55+
replicas: 1
56+
selector:
57+
matchLabels:
58+
app: prometheus
59+
template:
60+
metadata:
61+
labels:
62+
app: prometheus
63+
name: prometheus
64+
spec:
65+
serviceAccountName: prometheus
66+
containers:
67+
- args:
68+
- -storage.local.retention=6h
69+
- -storage.local.memory-chunks=500000
70+
- -config.file=/etc/prometheus/prometheus.yml
71+
image: prom/prometheus
72+
imagePullPolicy: IfNotPresent
73+
name: prometheus
74+
ports:
75+
- containerPort: 9090
76+
name: web
77+
volumeMounts:
78+
- mountPath: /etc/prometheus
79+
name: config-volume
80+
- mountPath: /prometheus
81+
name: data-volume
82+
restartPolicy: Always
83+
volumes:
84+
- configMap:
85+
defaultMode: 420
86+
name: prometheus
87+
name: config-volume
88+
- emptyDir: {}
89+
name: data-volume
90+
- apiVersion: v1
91+
kind: ConfigMap
92+
metadata:
93+
name: prometheus
94+
namespace: "${NAMESPACE}"
95+
data:
96+
prometheus.yml: |
97+
# A scrape configuration for running Prometheus on a Kubernetes cluster.
98+
# This uses separate scrape configs for cluster components (i.e. API server, node)
99+
# and services to allow each to use different authentication configs.
100+
#
101+
# Kubernetes labels will be added as Prometheus labels on metrics via the
102+
# `labelmap` relabeling action.
103+
104+
# Scrape config for API servers.
105+
#
106+
# Kubernetes exposes API servers as endpoints to the default/kubernetes
107+
# service so this uses `endpoints` role and uses relabelling to only keep
108+
# the endpoints associated with the default/kubernetes service using the
109+
# default named port `https`. This works for single API server deployments as
110+
# well as HA API server deployments.
111+
scrape_configs:
112+
- job_name: 'kubernetes-apiservers'
113+
114+
kubernetes_sd_configs:
115+
- role: endpoints
116+
117+
# Default to scraping over https. If required, just disable this or change to
118+
# `http`.
119+
scheme: https
120+
121+
# This TLS & bearer token file config is used to connect to the actual scrape
122+
# endpoints for cluster components. This is separate to discovery auth
123+
# configuration because discovery & scraping are two separate concerns in
124+
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
125+
# the cluster. Otherwise, more config options have to be provided within the
126+
# <kubernetes_sd_config>.
127+
tls_config:
128+
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
129+
# If your node certificates are self-signed or use a different CA to the
130+
# master CA, then disable certificate verification below. Note that
131+
# certificate verification is an integral part of a secure infrastructure
132+
# so this should only be disabled in a controlled environment. You can
133+
# disable certificate verification by uncommenting the line below.
134+
#
135+
# insecure_skip_verify: true
136+
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
137+
138+
# Keep only the default/kubernetes service endpoints for the https port. This
139+
# will add targets for each API server which Kubernetes adds an endpoint to
140+
# the default/kubernetes service.
141+
relabel_configs:
142+
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
143+
action: keep
144+
regex: default;kubernetes;https
145+
146+
- job_name: 'kubernetes-nodes'
147+
148+
# Default to scraping over https. If required, just disable this or change to
149+
# `http`.
150+
scheme: https
151+
152+
# This TLS & bearer token file config is used to connect to the actual scrape
153+
# endpoints for cluster components. This is separate to discovery auth
154+
# configuration because discovery & scraping are two separate concerns in
155+
# Prometheus. The discovery auth config is automatic if Prometheus runs inside
156+
# the cluster. Otherwise, more config options have to be provided within the
157+
# <kubernetes_sd_config>.
158+
tls_config:
159+
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
160+
# If your node certificates are self-signed or use a different CA to the
161+
# master CA, then disable certificate verification below. Note that
162+
# certificate verification is an integral part of a secure infrastructure
163+
# so this should only be disabled in a controlled environment. You can
164+
# disable certificate verification by uncommenting the line below.
165+
#
166+
# insecure_skip_verify: true
167+
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
168+
169+
kubernetes_sd_configs:
170+
- role: node
171+
172+
relabel_configs:
173+
- action: labelmap
174+
regex: __meta_kubernetes_node_label_(.+)
175+
176+
# Scrape config for service endpoints.
177+
#
178+
# The relabeling allows the actual service scrape endpoint to be configured
179+
# via the following annotations:
180+
#
181+
# * `prometheus.io/scrape`: Only scrape services that have a value of `true`
182+
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
183+
# to set this to `https` & most likely set the `tls_config` of the scrape config.
184+
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
185+
# * `prometheus.io/port`: If the metrics are exposed on a different port to the
186+
# service then set this appropriately.
187+
- job_name: 'kubernetes-service-endpoints'
188+
189+
kubernetes_sd_configs:
190+
- role: endpoints
191+
192+
relabel_configs:
193+
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
194+
action: keep
195+
regex: true
196+
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
197+
action: replace
198+
target_label: __scheme__
199+
regex: (https?)
200+
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
201+
action: replace
202+
target_label: __metrics_path__
203+
regex: (.+)
204+
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
205+
action: replace
206+
target_label: __address__
207+
regex: (.+)(?::\d+);(\d+)
208+
replacement: $1:$2
209+
- action: labelmap
210+
regex: __meta_kubernetes_service_label_(.+)
211+
- source_labels: [__meta_kubernetes_namespace]
212+
action: replace
213+
target_label: kubernetes_namespace
214+
- source_labels: [__meta_kubernetes_service_name]
215+
action: replace
216+
target_label: kubernetes_name

0 commit comments

Comments
 (0)