github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/base/charts/prometheus/templates/configmap.yaml (about) 1 --- 2 # Source: istio/charts/prometheus/templates/configmap.yaml 3 apiVersion: v1 4 kind: ConfigMap 5 metadata: 6 name: prometheus 7 namespace: default 8 labels: 9 app: prometheus 10 chart: prometheus-1.0.3 11 release: istio 12 heritage: Tiller 13 data: 14 prometheus.yml: |- 15 global: 16 scrape_interval: 15s 17 scrape_configs: 18 19 - job_name: 'istio-mesh' 20 # Override the global default and scrape targets from this job every 5 seconds. 21 scrape_interval: 5s 22 23 kubernetes_sd_configs: 24 - role: endpoints 25 namespaces: 26 names: 27 - default 28 29 relabel_configs: 30 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 31 action: keep 32 regex: istio-telemetry;prometheus 33 34 35 # Scrape config for envoy stats 36 - job_name: 'envoy-stats' 37 metrics_path: /stats/prometheus 38 kubernetes_sd_configs: 39 - role: pod 40 41 relabel_configs: 42 - source_labels: [__meta_kubernetes_pod_container_port_name] 43 action: keep 44 regex: '.*-envoy-prom' 45 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 46 action: replace 47 regex: ([^:]+)(?::\d+)?;(\d+) 48 replacement: $1:15090 49 target_label: __address__ 50 - action: labelmap 51 regex: __meta_kubernetes_pod_label_(.+) 52 - source_labels: [__meta_kubernetes_namespace] 53 action: replace 54 target_label: namespace 55 - source_labels: [__meta_kubernetes_pod_name] 56 action: replace 57 target_label: pod_name 58 59 metric_relabel_configs: 60 # Exclude some of the envoy metrics that have massive cardinality 61 # This list may need to be pruned further moving forward, as informed 62 # by performance and scalability testing. 63 - source_labels: [ cluster_name ] 64 regex: '(outbound|inbound|prometheus_stats).*' 65 action: drop 66 - source_labels: [ tcp_prefix ] 67 regex: '(outbound|inbound|prometheus_stats).*' 68 action: drop 69 - source_labels: [ listener_address ] 70 regex: '(.+)' 71 action: drop 72 - source_labels: [ http_conn_manager_listener_prefix ] 73 regex: '(.+)' 74 action: drop 75 - source_labels: [ http_conn_manager_prefix ] 76 regex: '(.+)' 77 action: drop 78 - source_labels: [ __name__ ] 79 regex: 'envoy_tls.*' 80 action: drop 81 - source_labels: [ __name__ ] 82 regex: 'envoy_tcp_downstream.*' 83 action: drop 84 - source_labels: [ __name__ ] 85 regex: 'envoy_http_(stats|admin).*' 86 action: drop 87 - source_labels: [ __name__ ] 88 regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*' 89 action: drop 90 91 92 - job_name: 'istio-policy' 93 # Override the global default and scrape targets from this job every 5 seconds. 94 scrape_interval: 5s 95 # metrics_path defaults to '/metrics' 96 # scheme defaults to 'http'. 97 98 kubernetes_sd_configs: 99 - role: endpoints 100 namespaces: 101 names: 102 - default 103 104 105 relabel_configs: 106 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 107 action: keep 108 regex: istio-policy;http-monitoring 109 110 - job_name: 'istio-telemetry' 111 # Override the global default and scrape targets from this job every 5 seconds. 112 scrape_interval: 5s 113 # metrics_path defaults to '/metrics' 114 # scheme defaults to 'http'. 115 116 kubernetes_sd_configs: 117 - role: endpoints 118 namespaces: 119 names: 120 - default 121 122 relabel_configs: 123 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 124 action: keep 125 regex: istio-telemetry;http-monitoring 126 127 - job_name: 'pilot' 128 # Override the global default and scrape targets from this job every 5 seconds. 129 scrape_interval: 5s 130 # metrics_path defaults to '/metrics' 131 # scheme defaults to 'http'. 132 133 kubernetes_sd_configs: 134 - role: endpoints 135 namespaces: 136 names: 137 - default 138 139 relabel_configs: 140 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 141 action: keep 142 regex: istio-pilot;http-monitoring 143 144 - job_name: 'galley' 145 # Override the global default and scrape targets from this job every 5 seconds. 146 scrape_interval: 5s 147 # metrics_path defaults to '/metrics' 148 # scheme defaults to 'http'. 149 150 kubernetes_sd_configs: 151 - role: endpoints 152 namespaces: 153 names: 154 - default 155 156 relabel_configs: 157 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 158 action: keep 159 regex: istio-galley;http-monitoring 160 161 # scrape config for API servers 162 - job_name: 'kubernetes-apiservers' 163 kubernetes_sd_configs: 164 - role: endpoints 165 namespaces: 166 names: 167 - default 168 scheme: https 169 tls_config: 170 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 171 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 172 relabel_configs: 173 - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 174 action: keep 175 regex: kubernetes;https 176 177 # scrape config for nodes (kubelet) 178 - job_name: 'kubernetes-nodes' 179 scheme: https 180 tls_config: 181 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 182 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 183 kubernetes_sd_configs: 184 - role: node 185 relabel_configs: 186 - action: labelmap 187 regex: __meta_kubernetes_node_label_(.+) 188 - target_label: __address__ 189 replacement: kubernetes.default.svc:443 190 - source_labels: [__meta_kubernetes_node_name] 191 regex: (.+) 192 target_label: __metrics_path__ 193 replacement: /api/v1/nodes/${1}/proxy/metrics 194 195 # Scrape config for Kubelet cAdvisor. 196 # 197 # This is required for Kubernetes 1.7.3 and later, where cAdvisor metrics 198 # (those whose names begin with 'container_') have been removed from the 199 # Kubelet metrics endpoint. This job scrapes the cAdvisor endpoint to 200 # retrieve those metrics. 201 # 202 # In Kubernetes 1.7.0-1.7.2, these metrics are only exposed on the cAdvisor 203 # HTTP endpoint; use "replacement: /api/v1/nodes/${1}:4194/proxy/metrics" 204 # in that case (and ensure cAdvisor's HTTP server hasn't been disabled with 205 # the --cadvisor-port=0 Kubelet flag). 206 # 207 # This job is not necessary and should be removed in Kubernetes 1.6 and 208 # earlier versions, or it will cause the metrics to be scraped twice. 209 - job_name: 'kubernetes-cadvisor' 210 scheme: https 211 tls_config: 212 ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 213 bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 214 kubernetes_sd_configs: 215 - role: node 216 relabel_configs: 217 - action: labelmap 218 regex: __meta_kubernetes_node_label_(.+) 219 - target_label: __address__ 220 replacement: kubernetes.default.svc:443 221 - source_labels: [__meta_kubernetes_node_name] 222 regex: (.+) 223 target_label: __metrics_path__ 224 replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor 225 226 # scrape config for service endpoints. 227 - job_name: 'kubernetes-service-endpoints' 228 kubernetes_sd_configs: 229 - role: endpoints 230 relabel_configs: 231 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] 232 action: keep 233 regex: true 234 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] 235 action: replace 236 target_label: __scheme__ 237 regex: (https?) 238 - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] 239 action: replace 240 target_label: __metrics_path__ 241 regex: (.+) 242 - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] 243 action: replace 244 target_label: __address__ 245 regex: ([^:]+)(?::\d+)?;(\d+) 246 replacement: $1:$2 247 - action: labelmap 248 regex: __meta_kubernetes_service_label_(.+) 249 - source_labels: [__meta_kubernetes_namespace] 250 action: replace 251 target_label: kubernetes_namespace 252 - source_labels: [__meta_kubernetes_service_name] 253 action: replace 254 target_label: kubernetes_name 255 256 - job_name: 'kubernetes-pods' 257 kubernetes_sd_configs: 258 - role: pod 259 relabel_configs: # If first two labels are present, pod should be scraped by the istio-secure job. 260 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 261 action: keep 262 regex: true 263 - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status] 264 action: drop 265 regex: (.+) 266 - source_labels: [__meta_kubernetes_pod_annotation_istio_mtls] 267 action: drop 268 regex: (true) 269 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 270 action: replace 271 target_label: __metrics_path__ 272 regex: (.+) 273 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 274 action: replace 275 regex: ([^:]+)(?::\d+)?;(\d+) 276 replacement: $1:$2 277 target_label: __address__ 278 - action: labelmap 279 regex: __meta_kubernetes_pod_label_(.+) 280 - source_labels: [__meta_kubernetes_namespace] 281 action: replace 282 target_label: namespace 283 - source_labels: [__meta_kubernetes_pod_name] 284 action: replace 285 target_label: pod_name 286 287 - job_name: 'kubernetes-pods-istio-secure' 288 scheme: https 289 tls_config: 290 ca_file: /etc/istio-certs/root-cert.pem 291 cert_file: /etc/istio-certs/cert-chain.pem 292 key_file: /etc/istio-certs/key.pem 293 insecure_skip_verify: true # prometheus does not support secure naming. 294 kubernetes_sd_configs: 295 - role: pod 296 relabel_configs: 297 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 298 action: keep 299 regex: true 300 # sidecar status annotation is added by sidecar injector and 301 # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. 302 - source_labels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] 303 action: keep 304 regex: (([^;]+);([^;]*))|(([^;]*);(true)) 305 - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 306 action: replace 307 target_label: __metrics_path__ 308 regex: (.+) 309 - source_labels: [__address__] # Only keep address that is host:port 310 action: keep # otherwise an extra target with ':443' is added for https scheme 311 regex: ([^:]+):(\d+) 312 - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 313 action: replace 314 regex: ([^:]+)(?::\d+)?;(\d+) 315 replacement: $1:$2 316 target_label: __address__ 317 - action: labelmap 318 regex: __meta_kubernetes_pod_label_(.+) 319 - source_labels: [__meta_kubernetes_namespace] 320 action: replace 321 target_label: namespace 322 - source_labels: [__meta_kubernetes_pod_name] 323 action: replace 324 target_label: pod_name