remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 4 Packages Projects Releases Wiki Activity

move prometheus to its own config

Browse Source
This commit is contained in:
Remy Moll
2024-03-26 22:13:02 +01:00
parent f4b99ca037
commit 4fcdaad297
9 changed files with 43 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
infrastructure/prometheus/kustomization.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
resources:
- namespace.yaml
# prometheus-operator crds
- https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.70.0/bundle.yaml
- prometheus.yaml
- thanos-objstore-config.sealedsecret.yaml
# thanos deployment from kube-thanos project
- thanos-store.statefulset.yaml
- thanos-query.deployment.yaml
images:
- name: thanos
newName: quay.io/thanos/thanos
newTag: v0.34.1

4
infrastructure/prometheus/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: placeholder

77
infrastructure/prometheus/prometheus.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
rules:
- apiGroups: [""]
resources:
- nodes
- nodes/metrics
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- configmaps
verbs: ["get"]
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: prometheus
namespace: monitoring # needs to be the same as in the kustomization.yaml
---
apiVersion: monitoring.coreos.com/v1
kind: Prometheus
metadata:
name: prometheus
spec:
securityContext:
runAsUser: 65534 # same as the thanos sidecar
resources:
requests:
memory: 400Mi
serviceAccountName: prometheus
enableAdminAPI: false
serviceMonitorNamespaceSelector: {}
serviceMonitorSelector: {}
thanos:
version: v0.33.0
objectStorageConfig:
# loads the config from a secret named thanos-objstore-config in the same namespace
key: thanos.yaml
name: thanos-objstore-config
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
spec:
type: ClusterIP
ports:
- port: 9090
targetPort: 9090
protocol: TCP
selector:
prometheus: prometheus

16
infrastructure/prometheus/thanos-objstore-config.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: thanos-objstore-config
namespace: monitoring
spec:
encryptedData:
thanos.yaml: AgBQDD6bczaiAfGN2Olx5e+oTqwR4xGIJMJUxIGsucgcYulNQ9uF5aV+jtkD4Wx67X7EPHhoNQHYtBwfY55Xx8jRAwxj+hCVWhg1NcZKo6aj0VYw+q3GS1VBEDjUVaAhplmoMgUJBB8UHwzlndvpABO9edgRrHMN6/7WNZakXu3S4AdaIk1vc7bNNSrh3UHTRsHJlX80JlRxM88G4b+81NscJVrXdRppl5VPOKrEpwjsry5kSM91qSGiCVcbMMRGX4P6Oe24I44g7o+QKqvMMnsgIbzs2X2/fJwQ1hAfroXT5OUknwu0ELzd89Fb7sIPg2KTi3wrgpCkLENbqmwalEOKGFoJZfMGD525O+ZxmoG1c0oAb23YA9hdAjKu73rijnZXlllQA+wp+Mk68YvdkVUlPeuEc4E/6fLRQBssJNXjFBzOFc7pdU7p85DtLvkFvLdu+fM8QHyQTR15n3UigY86xas0iKhz9vr/wXsJttFdyvNhkvM9bgi3slRpeIV6ydQH6Di89lfvYSapm18i2llnOZT2XbY/FO7owm21gRUJ9oxbwYFyBzw3xqHXtyAnnAfF+b1EShLgZ7YvKDRyG4Zu73E8h2RnTCSTx/yrz0I3pV5N/GDjD3ZC3oobKGPGek4gp9xWRoNrDCJyUAuKwMUC59fbTB/fV5J0qLQIhNXUUdgzVLwb3Qj+inOEhR6Biq7OsNY9U6SaU5H0RX7FNrvZFFun6AAlXQpOfWH8kkiHJ4rhUSqiiWi4XSdtfOg/JJKfnjR/n1L6IVKkz8Yc/ccMuKUXpJFgXjz+fINamtNLI6qxfAfE6+nj3B4obpBNtA/aRKtF8CyA2g+ESFqZays6Nn5NV/XY3g9d5DDccSAc5zhzUA1zOvIlInt2Ce6uurLY/KOYIIHhAQPCOw2bdaXHy8z9EDEgPwg=
template:
metadata:
creationTimestamp: null
name: thanos-objstore-config
namespace: monitoring
type: Opaque

52
infrastructure/prometheus/thanos-query.deployment.yaml Normal file
View File

@@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: thanos-querier
labels:
app: thanos-querier
spec:
replicas: 1
selector:
matchLabels:
app: thanos-querier
template:
metadata:
labels:
app: thanos-querier
spec:
containers:
- name: thanos
image: thanos
args:
- query
- --log.level=debug
- --query.replica-label=replica
- --endpoint=dnssrv+_grpc._tcp.thanos-store:10901
ports:
- name: http
containerPort: 10902
- name: grpc
containerPort: 10901
livenessProbe:
httpGet:
port: http
path: /-/healthy
readinessProbe:
httpGet:
port: http
path: /-/ready
---
apiVersion: v1
kind: Service
metadata:
labels:
app: thanos-querier
name: thanos-querier
spec:
ports:
- port: 9090
protocol: TCP
targetPort: http
name: http
selector:
app: thanos-querier

73
infrastructure/prometheus/thanos-store.statefulset.yaml Normal file
View File

@@ -0,0 +1,73 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: thanos-store-gateway
labels:
app: thanos-store-gateway
spec:
replicas: 1
selector:
matchLabels:
app: thanos-store-gateway
serviceName: thanos-store-gateway
template:
metadata:
labels:
app: thanos-store-gateway
thanos-store-api: "true"
spec:
containers:
- name: thanos
image: thanos
args:
- "store"
- "--log.level=debug"
- "--data-dir=/data"
- "--grpc-address=0.0.0.0:10901"
- "--http-address=0.0.0.0:10902"
- "--objstore.config-file=/etc/secret/thanos.yaml"
- "--index-cache-size=500MB"
- "--chunk-pool-size=500MB"
ports:
- name: http
containerPort: 10902
- name: grpc
containerPort: 10901
livenessProbe:
httpGet:
port: 10902
path: /-/healthy
readinessProbe:
httpGet:
port: 10902
path: /-/ready
volumeMounts:
- name: thanos-objstore-config
mountPath: /etc/secret
readOnly: true
- name: thanos-data
mountPath: /data
volumes:
- name: thanos-objstore-config
secret:
secretName: thanos-objstore-config
- name: thanos-data
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: thanos-store
name: thanos-store
spec:
clusterIP: None
ports:
- name: grpc
port: 10901
targetPort: 10901
- name: http
port: 10902
targetPort: 10902
selector:
app: thanos-store-gateway