github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/prometheus/prometheus.yaml

github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/cloud/kubernetes/prometheus/prometheus.yaml (about)

     1  # Create a service account for prometheus to run under
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    name: prometheus
     6    labels:
     7      app: cockroachdb
     8  ---
     9  # Define the access permissions that prometheus will run with
    10  apiVersion: rbac.authorization.k8s.io/v1beta1
    11  kind: ClusterRole
    12  metadata:
    13    name: prometheus
    14    labels:
    15      app: cockroachdb
    16  rules:
    17  - apiGroups: [""]
    18    resources:
    19    - nodes
    20    - services
    21    - endpoints
    22    - pods
    23    verbs: ["get", "list", "watch"]
    24  - apiGroups: [""]
    25    resources:
    26    - configmaps
    27    verbs: ["get"]
    28  - nonResourceURLs: ["/metrics"]
    29    verbs: ["get"]
    30  ---
    31  # Associate the service account with the role
    32  apiVersion: rbac.authorization.k8s.io/v1beta1
    33  kind: ClusterRoleBinding
    34  metadata:
    35    name: prometheus
    36    labels:
    37      app: cockroachdb
    38  roleRef:
    39    apiGroup: rbac.authorization.k8s.io
    40    kind: ClusterRole
    41    name: prometheus
    42  subjects:
    43  - kind: ServiceAccount
    44    name: prometheus
    45    namespace: default
    46  ---
    47  # Select any services with the prometheus:cockroachdb label
    48  apiVersion: monitoring.coreos.com/v1
    49  kind: ServiceMonitor
    50  metadata:
    51    name: cockroachdb
    52    labels:
    53      app: cockroachdb
    54      prometheus: cockroachdb
    55  spec:
    56    serviceAccountName: prometheus
    57    selector:
    58      matchLabels:
    59        prometheus: cockroachdb
    60    endpoints:
    61    - port: http
    62      path: /_status/vars
    63      tlsConfig:
    64        # The HTTPS certs are signed by the kubernetes internal
    65        # certificate authority.
    66        caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
    67        # This overrides the hostname verification check for the admin
    68        # UI port to match our quickstart secure-mode cluster setup.
    69        serverName: "127.0.0.1"
    70  ---
    71  # Have prometheus-operator run a replicated Prometheus cluster
    72  apiVersion: monitoring.coreos.com/v1
    73  kind: Prometheus
    74  metadata:
    75    name: cockroachdb
    76    labels:
    77      app: cockroachdb
    78  spec:
    79    serviceAccountName: prometheus
    80    alerting:
    81      alertmanagers:
    82      - namespace: default
    83        name: alertmanager-cockroachdb
    84        port: web
    85    serviceMonitorSelector:
    86      matchLabels:
    87        prometheus: cockroachdb
    88    resources:
    89      requests:
    90        memory: 400Mi
    91    ruleSelector:
    92      matchLabels:
    93        role: alert-rules
    94        prometheus: cockroachdb