79 lines
1.5 KiB
YAML
79 lines
1.5 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: prometheus
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: prometheus
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources:
|
|
- nodes
|
|
- nodes/metrics
|
|
- services
|
|
- endpoints
|
|
- pods
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
- configmaps
|
|
verbs: ["get"]
|
|
- apiGroups:
|
|
- networking.k8s.io
|
|
resources:
|
|
- ingresses
|
|
verbs: ["get", "list", "watch"]
|
|
- nonResourceURLs: ["/metrics"]
|
|
verbs: ["get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: prometheus
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: prometheus
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: prometheus
|
|
namespace: monitoring # needs to be the same as in the kustomization.yaml
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: Prometheus
|
|
metadata:
|
|
name: prometheus
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 65534 # same as the thanos sidecar
|
|
resources:
|
|
requests:
|
|
memory: 400Mi
|
|
retention: 730d
|
|
retentionSize: 3GiB
|
|
serviceAccountName: prometheus
|
|
enableAdminAPI: false
|
|
serviceMonitorNamespaceSelector: {}
|
|
serviceMonitorSelector: {}
|
|
thanos:
|
|
version: v0.34.1
|
|
objectStorageConfig:
|
|
# loads the config from a secret named thanos-objstore-config in the same namespace
|
|
key: thanos.yaml
|
|
name: thanos-objstore-config
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: prometheus
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 9090
|
|
targetPort: 9090
|
|
protocol: TCP
|
|
selector:
|
|
prometheus: prometheus
|