1
0
Fork 0

add promtheus

This commit is contained in:
Massaki Archambault 2021-08-26 12:42:32 -04:00
parent 14342f2136
commit 0a38bbe0fe
38 changed files with 234 additions and 140 deletions

View File

@ -7,7 +7,7 @@
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -54,7 +54,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
@ -25,7 +25,7 @@
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -623,7 +623,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
@ -43,7 +43,7 @@
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -1831,7 +1831,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
@ -61,7 +61,7 @@
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -6291,7 +6291,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
@ -79,7 +79,7 @@
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -12115,7 +12115,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
@ -97,7 +97,7 @@
- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
labels:
app: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
app.kubernetes.io/name: 'cert-manager'
@@ -17940,7 +17940,7 @@
# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.

View File

@ -3,18 +3,18 @@ kind: Deployment
metadata:
name: drone-runner
labels:
app: drone
component: runner
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
spec:
selector:
matchLabels:
app: drone
component: runner
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
template:
metadata:
labels:
app: drone
component: runner
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
spec:
containers:
- name: drone
@ -31,7 +31,7 @@ spec:
key: rpc_secret
ports:
- name: http
containerPort: 80
containerPort: 3000
resources:
requests:
cpu: 2000m
@ -73,3 +73,21 @@ roleRef:
kind: Role
name: drone-runner-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
name: drone-runner
labels:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
# monitor: prometheus
spec:
selector:
app.kubernetes.io/name: drone
app.kubernetes.io/component: runner
ports:
- name: http
protocol: TCP
port: 3000
targetPort: http

View File

@ -3,18 +3,18 @@ kind: Deployment
metadata:
name: drone-server
labels:
app: drone
component: server
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
spec:
selector:
matchLabels:
app: drone
component: server
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
template:
metadata:
labels:
app: drone
component: server
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
spec:
containers:
- name: drone
@ -22,6 +22,8 @@ spec:
env:
- name: DRONE_SERVER_HOST
value: ${DRONE_EXTERNAL_HOST}
- name: DRONE_SERVER_PORT
value: ":80"
- name: DRONE_SERVER_PROTO
value: https
- name: DRONE_GITEA_SERVER
@ -41,6 +43,9 @@ spec:
secretKeyRef:
name: drone-secret
key: rpc_secret
ports:
- name: http
containerPort: 80
resources:
requests:
cpu: 500m
@ -49,13 +54,15 @@ spec:
apiVersion: v1
kind: Service
metadata:
name: drone
name: drone-server
labels:
app: drone
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
# monitor: prometheus
spec:
selector:
app: drone
component: server
app.kubernetes.io/name: drone
app.kubernetes.io/component: server
ports:
- name: http
protocol: TCP

View File

@ -3,7 +3,7 @@ kind: Ingress
metadata:
name: drone
labels:
app: drone
app.kubernetes.io/name: drone
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
@ -20,6 +20,6 @@ spec:
pathType: Prefix
backend:
service:
name: drone
name: drone-server
port:
name: http

View File

@ -3,16 +3,16 @@ kind: Deployment
metadata:
name: gitea
labels:
app: gitea
app.kubernetes.io/name: gitea
spec:
replicas: 1 # replica count must be set to 1 in database is sqlite
selector:
matchLabels:
app: gitea
app.kubernetes.io/name: gitea
template:
metadata:
labels:
app: gitea
app.kubernetes.io/name: gitea
spec:
containers:
- name: gitea
@ -30,6 +30,8 @@ spec:
value: https://${GITEA_EXTERNAL_HOST}
- name: SSH_DOMAIN
value: ${GITEA_EXTERNAL_HOST}
- name: GITEA__METRICS__ENABLED
value: "true"
# - name: DB_TYPE
# value: postgres
# - name: DB_HOST
@ -74,7 +76,7 @@ spec:
# metadata:
# name: gitea-data-nfs
# labels:
# app: gitea
# app.kubernetes.io/name: gitea
# spec:
# accessModes:
# - ReadWriteMany
@ -90,7 +92,7 @@ kind: PersistentVolumeClaim
metadata:
name: gitea-pvc
labels:
app: gitea
app.kubernetes.io/name: gitea
spec:
# storageClassName: ""
accessModes:
@ -100,17 +102,18 @@ spec:
storage: 10Gi
# selector:
# matchLabels:
# app: gitea
# app.kubernetes.io/name: gitea
---
apiVersion: v1
kind: Service
metadata:
name: gitea
labels:
app: gitea
app.kubernetes.io/name: gitea
monitor: prometheus
spec:
selector:
app: gitea
app.kubernetes.io/name: gitea
ports:
- name: http
protocol: TCP

View File

@ -3,7 +3,7 @@ kind: Ingress
metadata:
name: gitea
labels:
app: gitea
app.kubernetes.io/name: gitea
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt

View File

@ -3,15 +3,15 @@ kind: Deployment
metadata:
name: grafana
labels:
app: grafana
app.kubernetes.io/name: grafana
spec:
selector:
matchLabels:
app: grafana
app.kubernetes.io/name: grafana
template:
metadata:
labels:
app: grafana
app.kubernetes.io/name: grafana
spec:
containers:
- name: grafana
@ -97,10 +97,11 @@ kind: Service
metadata:
name: grafana
labels:
app: grafana
app.kubernetes.io/name: grafana
monitor: prometheus
spec:
selector:
app: grafana
app.kubernetes.io/name: grafana
ports:
- name: http
protocol: TCP

View File

@ -3,7 +3,7 @@ kind: Ingress
metadata:
name: grafana
labels:
app: grafana
app.kubernetes.io/name: grafana
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt

View File

@ -3,5 +3,5 @@ datasources:
- name: prometheus
type: prometheus
access: proxy
url: http://prometheus-main.monitoring.svc:9090
url: http://prometheus-operated.monitoring.svc:9090
is_default: true

View File

@ -3,13 +3,11 @@ kind: ServiceMonitor
metadata:
name: kube-state-metrics
labels:
monitor: main
monitor: prometheus
spec:
selector:
matchLabels:
managed-by: kustomize
app: kube-state-metrics
app.kubernetes.io/name: kube-state-metrics
endpoints:
- port: http-metrics
path: /metrics
honorLabels: true

View File

@ -0,0 +1,13 @@
resources:
- kube-state-metrics-servicemonitors.yaml
- https://raw.githubusercontent.com/kubernetes/kube-state-metrics/v2.1.1/examples/standard/cluster-role-binding.yaml
- https://raw.githubusercontent.com/kubernetes/kube-state-metrics/v2.1.1/examples/standard/cluster-role.yaml
- https://raw.githubusercontent.com/kubernetes/kube-state-metrics/v2.1.1/examples/standard/deployment.yaml
- https://raw.githubusercontent.com/kubernetes/kube-state-metrics/v2.1.1/examples/standard/service-account.yaml
- https://raw.githubusercontent.com/kubernetes/kube-state-metrics/v2.1.1/examples/standard/service.yaml
commonLabels:
app.kubernetes.io/name: kube-state-metrics
# generators:
# - kube-state-metrics.yaml

View File

@ -3,7 +3,7 @@ kind: Ingress
metadata:
name: kubernetes-dashboard
labels:
app: kubernetes-dashboard
app.kubernetes.io/name: kubernetes-dashboard
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

View File

@ -1,8 +0,0 @@
resources:
- kube-state-metrics-servicemonitors.yaml
commonLabels:
app: kube-state-metrics
generators:
- kube-state-metrics.yaml

View File

@ -1,2 +0,0 @@
generators:
- prometheus-operator.yaml

View File

@ -1,7 +0,0 @@
resources:
- prometheus.yaml
- prometheus-rbac.yaml
- servicemonitors.yaml
commonLabels:
app: prometheus

View File

@ -1,35 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: main
spec:
serviceAccountName: prometheus
serviceMonitorSelector:
matchLabels:
monitor: main
resources:
requests:
memory: 300Mi
limits:
memory: 500Mi
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: prometheus
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- prometheus.127.0.0.1.nip.io
secretName: letsencrypt-cert
rules:
- host: prometheus.127.0.0.1.nip.io
http:
paths:
- path: /
backend:
serviceName: prometheus-operated
servicePort: web

View File

@ -3,7 +3,7 @@ kind: Ingress
metadata:
name: nextcloud
labels:
app: nextcloud
app.kubernetes.io/name: nextcloud
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt

View File

@ -3,15 +3,15 @@ kind: Deployment
metadata:
name: nextcloud
labels:
app: nextcloud
app.kubernetes.io/name: nextcloud
spec:
selector:
matchLabels:
app: nextcloud
app.kubernetes.io/name: nextcloud
template:
metadata:
labels:
app: nextcloud
app.kubernetes.io/name: nextcloud
spec:
containers:
- name: nextcloud
@ -55,7 +55,7 @@ kind: PersistentVolume
metadata:
name: nextcloud-data-nfs
labels:
app: nextcloud
app.kubernetes.io/name: nextcloud
spec:
accessModes:
- ReadWriteMany
@ -71,7 +71,7 @@ kind: PersistentVolumeClaim
metadata:
name: nextcloud-data
labels:
app: nextcloud
app.kubernetes.io/name: nextcloud
spec:
storageClassName: ""
accessModes:
@ -81,17 +81,17 @@ spec:
storage: 100Mi
selector:
matchLabels:
app: nextcloud
app.kubernetes.io/name: nextcloud
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud
labels:
app: nextcloud
app.kubernetes.io/name: nextcloud
spec:
selector:
app: nextcloud
app.kubernetes.io/name: nextcloud
ports:
- name: http
protocol: TCP

View File

@ -1,2 +1,3 @@
resources:
- node-exporter-daemonset.yaml
- node-exporter-servicemonitor.yaml

View File

@ -4,16 +4,16 @@ metadata:
name: node-exporter
namespace: kube-monitoring
labels:
app: node-exporter
app.kubernetes.io/name: node-exporter
spec:
selector:
matchLabels:
app: node-exporter
app.kubernetes.io/name: node-exporter
template:
metadata:
name: node-exporter
labels:
app: node-exporter
app.kubernetes.io/name: node-exporter
spec:
hostNetwork: true
hostPID: true
@ -56,14 +56,12 @@ kind: Service
metadata:
name: nodes-exporter
labels:
app: node-exporter
monitor: main
app.kubernetes.io/name: node-exporter
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: node-exporter
ports:
- name: http-metrics
port: 9100
protocol: TCP
targetPort: http-metrics
selector:
app: node-exporter

View File

@ -0,0 +1,13 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: node-exporter
labels:
app.kubernetes.io/name: node-exporter
monitor: prometheus
spec:
selector:
matchLabels:
app.kubernetes.io/name: node-exporter
endpoints:
- port: http-metrics

View File

@ -0,0 +1,2 @@
resources:
- https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.50/bundle.yaml

View File

@ -0,0 +1,6 @@
resources:
- prometheus.yaml
- prometheus-rbac.yaml
- prometheus-ingress.yaml
- traefik-podmonitor.yaml
- servicemonitors.yaml

View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prometheus
labels:
app.kubernetes.io/name: prometheus
annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: letsencrypt
spec:
# tls:
# - hosts:
# - ${prometheus_EXTERNAL_HOST}
# secretName: letsencrypt-cert
rules:
- host: ${PROMETHEUS_EXTERNAL_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus-operated
port:
name: web

View File

@ -0,0 +1,17 @@
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: prometheus
spec:
serviceAccountName: prometheus
serviceMonitorSelector:
matchLabels:
monitor: prometheus
podMonitorSelector:
matchLabels:
monitor: prometheus
resources:
requests:
memory: 3Gi
limits:
memory: 4Gi

View File

@ -3,37 +3,21 @@ kind: ServiceMonitor
metadata:
name: prometheus
labels:
monitor: main
app.kubernetes.io/name: prometheus
monitor: prometheus
spec:
selector:
matchLabels:
operated-prometheus: "true"
endpoints:
- port: web
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: servicemonitor-http
labels:
monitor: main
spec:
namespaceSelector:
any: true
selector:
matchLabels:
monitor: main
endpoints:
- port: http
path: /metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: kubelet
labels:
monitor: main
monitor: prometheus
spec:
namespaceSelector:
matchNames:
@ -60,3 +44,18 @@ spec:
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecureSkipVerify: true
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: servicemonitor-http
labels:
monitor: prometheus
spec:
namespaceSelector:
any: true
selector:
matchLabels:
monitor: prometheus
endpoints:
- port: http

View File

@ -0,0 +1,16 @@
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
monitor: prometheus
spec:
namespaceSelector:
matchNames:
- kube-system
selector:
matchLabels:
app.kubernetes.io/name: traefik
podMetricsEndpoints:
- port: traefik

View File

@ -6,6 +6,7 @@ spec:
valuesContent: |-
additionalArguments:
- '--serversTransport.insecureSkipVerify=true'
ports:
web:
redirectTo: websecure
- '--metrics.prometheus=true'
# ports:
# web:
# redirectTo: websecure

View File

@ -0,0 +1,10 @@
bases:
- ../../bases/prometheus
- ../../bases/node-exporter
- ../../bases/kube-state-metrics
# - ../../base/postgres
resources:
- namespace.yaml
namespace: monitoring

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring

View File

@ -0,0 +1,7 @@
bases:
- ../../bases/prometheus-operator
resources:
- namespace.yaml
namespace: operators

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: operators

View File

@ -1,5 +1,6 @@
bases:
- ../../namespaces/kube-system
- ../../namespaces/operators
# - ../../namespaces/cert-manager
# allow "kubectl apply -l managed-by=cluster --prune ..."

View File

@ -2,6 +2,7 @@ bases:
- ../../namespaces/kubernetes-dashboard
- ../../namespaces/gitea
- ../../namespaces/grafana
- ../../namespaces/monitoring
# - ../../namespaces/nextcloud
# resources:
@ -43,7 +44,7 @@ commonlabels:
transformers:
- transformers/placeholders.yaml
- transformers/ssm-secrets.yaml
# - transformers/ssm-secrets.yaml
# configurations:
# - cert-manager/kustomizeconfig.yaml

View File

@ -3,3 +3,4 @@ GITEA_EXTERNAL_HOST=gitea.localhost
GRAFANA_EXTERNAL_HOST=grafana.localhost
KUBERNETES_DASHBOARD_EXTERNAL_HOST=kubernetes-dashboard.localhost
NEXTCLOUD_EXTERNAL_HOST=nextcloud.localhost
PROMETHEUS_EXTERNAL_HOST=prometheus.localhost