switch to prometheus operator

apps/monitoring/kustomization.yaml

@@ -8,6 +8,10 @@ resources:
   - grafana.pvc.yaml
   - influxdb.pvc.yaml
   - grafana.ingress.yaml
+  # prometheus-operator crds
+  - https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.70.0/bundle.yaml
+  - prometheus.yaml
+
 
 helmCharts:
   - releaseName: grafana
@@ -27,9 +31,3 @@ helmCharts:
     repo: https://helm.influxdata.com/
     version: 1.8.39
     valuesFile: telegraf-speedtest.values.yaml
-
-  - releaseName: prometheus
-    name: prometheus
-    repo: https://prometheus-community.github.io/helm-charts
-    version: 25.8.2
-    valuesFile: prometheus.values.yaml

apps/monitoring/prometheus.values.yaml

@@ -1,171 +0,0 @@
-
-## Monitors ConfigMap changes and POSTs to a URL
-## Ref: https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader
-##
-configmapReload:
-  ## URL for configmap-reload to use for reloads
-  ##
-  reloadUrl: ""
-
-  ## env sets environment variables to pass to the container. Can be set as name/value pairs,
-  ## read from secrets or configmaps.
-  env: []
-    # - name: SOMEVAR
-    #   value: somevalue
-    # - name: PASSWORD
-    #   valueFrom:
-    #     secretKeyRef:
-    #       name: mysecret
-    #       key: password
-    #       optional: false
-
-  prometheus:
-    ## If false, the configmap-reload container will not be deployed
-    ##
-    enabled: true
-
-    ## configmap-reload container name
-    ##
-    name: configmap-reload
-
-    ## configmap-reload container image
-    ##
-    image:
-      repository: quay.io/prometheus-operator/prometheus-config-reloader
-      tag: v0.70.0
-      # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value).
-      digest: ""
-      pullPolicy: IfNotPresent
-
-    # containerPort: 9533
-
-    ## Additional configmap-reload container arguments
-    ##
-    extraArgs: {}
-
-    ## Additional configmap-reload volume directories
-    ##
-    extraVolumeDirs: []
-
-    ## Additional configmap-reload volume mounts
-    ##
-    extraVolumeMounts: []
-
-    ## Additional configmap-reload mounts
-    ##
-    extraConfigmapMounts: []
-      # - name: prometheus-alerts
-      #   mountPath: /etc/alerts.d
-      #   subPath: ""
-      #   configMap: prometheus-alerts
-      #   readOnly: true
-
-    ## Security context to be added to configmap-reload container
-    containerSecurityContext: {}
-
-    ## configmap-reload resource requests and limits
-    ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/
-    ##
-    resources: {}
-
-server:
-  ## Prometheus server container name
-  ##
-  name: server
-
-
-
-
-  global:
-    ## How frequently to scrape targets by default
-    ##
-    scrape_interval: 1m
-    ## How long until a scrape request times out
-    ##
-    scrape_timeout: 10s
-    ## How frequently to evaluate rules
-    ##
-    evaluation_interval: 1m
-
-  ingress:
-    ## If true, Prometheus server Ingress will be created
-    ##
-    enabled: false
-
-
-
-  persistentVolume:
-    ## If true, Prometheus server will create/use a Persistent Volume Claim
-    ## If false, use emptyDir
-    ##
-    enabled: true
-
-    ## Prometheus server data Persistent Volume access modes
-    ## Must match those of existing PV or dynamic provisioner
-    ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-    ##
-    accessModes:
-      - ReadWriteOnce
-
-    ## Prometheus server data Persistent Volume existing claim name
-    ## Requires server.persistentVolume.enabled: true
-    ## If defined, PVC must be created manually before volume will be bound
-    existingClaim: ""
-
-    ## Prometheus server data Persistent Volume mount root path
-    ##
-    mountPath: /data
-
-    ## Prometheus server data Persistent Volume size
-    ##
-    size: 8Gi
-
-    ## Prometheus server data Persistent Volume Storage Class
-    ## If defined, storageClassName: <storageClass>
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
-    ##
-    storageClass: "nfs-client"
-
-
-  ## Prometheus data retention period (default if not specified is 15 days)
-  ##
-  retention: "30d"
-
-  ## Prometheus' data retention size. Supported units: B, KB, MB, GB, TB, PB, EB.
-  ##
-  retentionSize: ""
-
-
-## alertmanager sub-chart configurable values
-## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/alertmanager
-##
-alertmanager:
-  ## If false, alertmanager will not be installed
-  ##
-  enabled: false
-
-
-## kube-state-metrics sub-chart configurable values
-## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics
-##
-kube-state-metrics:
-  ## If false, kube-state-metrics sub-chart will not be installed
-  ##
-  enabled: true
-
-## prometheus-node-exporter sub-chart configurable values
-## Please see https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter
-##
-prometheus-node-exporter:
-  ## If false, node-exporter will not be installed
-  ##
-  enabled: true
-
-
-prometheus-pushgateway:
-  ## If false, pushgateway will not be installed
-  ##
-  enabled: false

apps/monitoring/prometheus.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/metrics
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs: ["get"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus
+  # namespace: default
+---
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+  name: prometheus
+spec:
+  serviceAccountName: prometheus
+  serviceMonitorSelector: # match all service monitors by default
+    matchLabels: {}
+  resources:
+    requests:
+      memory: 400Mi
+  enableAdminAPI: false