github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/charts/prometheus/templates/configmap.yaml (about) 1 apiVersion: v1 2 kind: ConfigMap 3 metadata: 4 name: prometheus 5 namespace: {{ .Release.Namespace }} 6 labels: 7 app: prometheus 8 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 release: {{ .Release.Name }} 10 heritage: {{ .Release.Service }} 11 data: 12 prometheus.yml: |- 13 global: 14 scrape_interval: 15s 15 scrape_configs: 16 17 - job_name: 'istio-mesh' 18 # Override the global default and scrape targets from this job every 5 seconds. 19 scrape_interval: 5s 20 21 kubernetes_sd_configs: 22 - role: endpoints 23 namespaces: 24 names: 25 - {{ .Release.Namespace }} 26 27 relabel_configs: 28 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 29 action: keep 30 regex: istio-telemetry;prometheus 31 32 {{ if ne .Values.global.proxy.stats.prometheusPort 0. }} 33 # Scrape config for envoy stats 34 - job_name: 'envoy-stats' 35 metrics_path: /stats/prometheus 36 kubernetes_sd_configs: 37 - role: pod 38 39 relabel_configs: 40 - source_labels: [__meta_kubernetes_pod_container_port_name] 41 action: keep 42 regex: '.*-envoy-prom' 43 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 44 action: replace 45 regex: ([^:]+)(?::\d+)?;(\d+) 46 replacement: $1:{{ .Values.global.proxy.stats.prometheusPort }} 47 target_label: __address__ 48 - action: labelmap 49 regex: __meta_kubernetes_pod_label_(.+) 50 - source_labels: [__meta_kubernetes_namespace] 51 action: replace 52 target_label: namespace 53 - source_labels: [__meta_kubernetes_pod_name] 54 action: replace 55 target_label: pod_name 56 57 metric_relabel_configs: 58 # Exclude some of the envoy metrics that have massive cardinality 59 # This list may need to be pruned further moving forward, as informed 60 # by performance and scalability testing. 61 - source_labels: [ cluster_name ] 62 regex: '(outbound|inbound|prometheus_stats).*' 63 action: drop 64 - source_labels: [ tcp_prefix ] 65 regex: '(outbound|inbound|prometheus_stats).*' 66 action: drop 67 - source_labels: [ listener_address ] 68 regex: '(.+)' 69 action: drop 70 - source_labels: [ http_conn_manager_listener_prefix ] 71 regex: '(.+)' 72 action: drop 73 - source_labels: [ http_conn_manager_prefix ] 74 regex: '(.+)' 75 action: drop 76 - source_labels: [ __name__ ] 77 regex: 'envoy_tls.*' 78 action: drop 79 - source_labels: [ __name__ ] 80 regex: 'envoy_tcp_downstream.*' 81 action: drop 82 - source_labels: [ __name__ ] 83 regex: 'envoy_http_(stats|admin).*' 84 action: drop 85 - source_labels: [ __name__ ] 86 regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*' 87 action: drop 88 {{ end}} 89 90 - job_name: 'istio-policy' 91 # Override the global default and scrape targets from this job every 5 seconds. 92 scrape_interval: 5s 93 # metrics_path defaults to '/metrics' 94 # scheme defaults to 'http'. 95 96 kubernetes_sd_configs: 97 - role: endpoints 98 namespaces: 99 names: 100 - {{ .Release.Namespace }} 101 102 103 relabel_configs: 104 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 105 action: keep 106 regex: istio-policy;http-monitoring 107 108 - job_name: 'istio-telemetry' 109 # Override the global default and scrape targets from this job every 5 seconds. 110 scrape_interval: 5s 111 # metrics_path defaults to '/metrics' 112 # scheme defaults to 'http'. 113 114 kubernetes_sd_configs: 115 - role: endpoints 116 namespaces: 117 names: 118 - {{ .Release.Namespace }} 119 120 relabel_configs: 121 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 122 action: keep 123 regex: istio-telemetry;http-monitoring 124 125 - job_name: 'pilot' 126 # Override the global default and scrape targets from this job every 5 seconds. 127 scrape_interval: 5s 128 # metrics_path defaults to '/metrics' 129 # scheme defaults to 'http'. 130 131 kubernetes_sd_configs: 132 - role: endpoints 133 namespaces: 134 names: 135 - {{ .Release.Namespace }} 136 137 relabel_configs: 138 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 139 action: keep 140 regex: istio-pilot;http-monitoring 141 142 - job_name: 'galley' 143 # Override the global default and scrape targets from this job every 5 seconds. 144 scrape_interval: 5s 145 # metrics_path defaults to '/metrics' 146 # scheme defaults to 'http'. 147 148 kubernetes_sd_configs: 149 - role: endpoints 150 namespaces: 151 names: 152 - {{ .Release.Namespace }} 153 154 relabel_configs: 155 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 156 action: keep 157 regex: istio-galley;http-monitoring 158 159 # scrape config for API servers 160 - job_name: 'kubernetes-apiservers' 161 kubernetes_sd_configs: 162 - role: endpoints 163 namespaces: 164 names: 165 - default 166 scheme: https 167 tls_config: 168 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 169 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 170 relabel_configs: 171 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 172 action: keep 173 regex: kubernetes;https 174 175 # scrape config for nodes (kubelet) 176 - job_name: 'kubernetes-nodes' 177 scheme: https 178 tls_config: 179 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 180 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 181 kubernetes_sd_configs: 182 - role: node 183 relabel_configs: 184 - action: labelmap 185 regex: __meta_kubernetes_node_label_(.+) 186 - target_label: __address__ 187 replacement: kubernetes.default.svc:443 188 - source_labels: [__meta_kubernetes_node_name] 189 regex: (.+) 190 target_label: __metrics_path__ 191 replacement: /api/v1/nodes/${1}/proxy/metrics 192 193 # Scrape config for Kubelet cAdvisor. 194 # 195 # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics 196 # (those whose names begin with 'container_') have been removed from the 197 # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to 198 # retrieve those metrics. 199 # 200 # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor 201 # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" 202 # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with 203 # the --cadvisor-port=0 Kubelet flag). 204 # 205 # This job is not necessary and should be removed in Kubernetes 1.6 and 206 # earlier versions, or it will cause the metrics to be scraped twice. 207 - job_name: 'kubernetes-cadvisor' 208 scheme: https 209 tls_config: 210 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 211 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 212 kubernetes_sd_configs: 213 - role: node 214 relabel_configs: 215 - action: labelmap 216 regex: __meta_kubernetes_node_label_(.+) 217 - target_label: __address__ 218 replacement: kubernetes.default.svc:443 219 - source_labels: [__meta_kubernetes_node_name] 220 regex: (.+) 221 target_label: __metrics_path__ 222 replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor 223 224 # scrape config for service endpoints. 225 - job_name: 'kubernetes-service-endpoints' 226 kubernetes_sd_configs: 227 - role: endpoints 228 relabel_configs: 229 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] 230 action: keep 231 regex: true 232 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] 233 action: replace 234 target_label: __scheme__ 235 regex: (https?) 236 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] 237 action: replace 238 target_label: __metrics_path__ 239 regex: (.+) 240 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] 241 action: replace 242 target_label: __address__ 243 regex: ([^:]+)(?::\d+)?;(\d+) 244 replacement: $1:$2 245 - action: labelmap 246 regex: __meta_kubernetes_service_label_(.+) 247 - source_labels: [__meta_kubernetes_namespace] 248 action: replace 249 target_label: kubernetes_namespace 250 - source_labels: [__meta_kubernetes_service_name] 251 action: replace 252 target_label: kubernetes_name 253 254 - job_name: 'kubernetes-pods' 255 kubernetes_sd_configs: 256 - role: pod 257 relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. 258 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 259 action: keep 260 regex: true 261 - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status] 262 action: drop 263 regex: (.+) 264 - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] 265 action: drop 266 regex: (true) 267 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 268 action: replace 269 target_label: __metrics_path__ 270 regex: (.+) 271 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 272 action: replace 273 regex: ([^:]+)(?::\d+)?;(\d+) 274 replacement: $1:$2 275 target_label: __address__ 276 - action: labelmap 277 regex: __meta_kubernetes_pod_label_(.+) 278 - source_labels: [__meta_kubernetes_namespace] 279 action: replace 280 target_label: namespace 281 - source_labels: [__meta_kubernetes_pod_name] 282 action: replace 283 target_label: pod_name 284 285 - job_name: 'kubernetes-pods-istio-secure' 286 scheme: https 287 tls_config: 288 ca_file: /etc/istio-certs/root-cert.pem 289 cert_file: /etc/istio-certs/cert-chain.pem 290 key_file: /etc/istio-certs/key.pem 291 insecure_skip_verify: true # prometheus does not support secure naming. 292 kubernetes_sd_configs: 293 - role: pod 294 relabel_configs: 295 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 296 action: keep 297 regex: true 298 # sidecar status annotation is added by sidecar injector and 299 # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. 300 - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] 301 action: keep 302 regex: (([^;]+);([^;]*))|(([^;]*);(true)) 303 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 304 action: replace 305 target_label: __metrics_path__ 306 regex: (.+) 307 - source_labels: [__address__] # Only keep address that is host:port 308 action: keep # otherwise an extra target with ':443' is added for https scheme 309 regex: ([^:]+):(\d+) 310 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 311 action: replace 312 regex: ([^:]+)(?::\d+)?;(\d+) 313 replacement: $1:$2 314 target_label: __address__ 315 - action: labelmap 316 regex: __meta_kubernetes_pod_label_(.+) 317 - source_labels: [__meta_kubernetes_namespace] 318 action: replace 319 target_label: namespace 320 - source_labels: [__meta_kubernetes_pod_name] 321 action: replace 322 target_label: pod_name