| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| kind: ClusterRole |
| metadata: |
| name: prometheus |
| rules: |
| - apiGroups: [""] |
| resources: |
| - nodes |
| - nodes/proxy |
| - services |
| - endpoints |
| - pods |
| verbs: ["get", "list", "watch"] |
| - apiGroups: |
| - extensions |
| resources: |
| - ingresses |
| verbs: ["get", "list", "watch"] |
| - nonResourceURLs: ["/metrics"] |
| verbs: ["get"] |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: prometheus |
| namespace: default |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: prometheus |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: prometheus |
| subjects: |
| - kind: ServiceAccount |
| name: prometheus |
| namespace: default |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: prometheus |
| spec: |
| selector: |
| app: prometheus |
| type: NodePort |
| ports: |
| - port: 8000 |
| name: http |
| - port: 9090 |
| name: internal-http |
| - port: 10000 |
| name: iap-proxy-metrics |
| --- |
| apiVersion: apps/v1beta1 |
| kind: StatefulSet |
| metadata: |
| name: prometheus |
| spec: |
| replicas: 1 |
| updateStrategy: |
| type: RollingUpdate |
| serviceName: "prometheus" |
| template: |
| metadata: |
| labels: |
| app: prometheus |
| spec: |
| securityContext: |
| runAsUser: 2000 # aka skia |
| fsGroup: 2000 # aka skia |
| serviceAccountName: prometheus |
| automountServiceAccountToken: true |
| containers: |
| - name: prometheus |
| image: prom/prometheus:v2.2.1 |
| args: |
| - "--config.file=/etc/prometheus/prometheus.yml" |
| - "--storage.tsdb.path=/mnt/prometheus/" |
| - "--web.enable-lifecycle" |
| - "--web.listen-address=:9090" |
| - "--web.external-url=https://prom2.skia.org" |
| ports: |
| - containerPort: 9090 |
| volumeMounts: |
| - name: prometheus-config-volume |
| mountPath: /etc/prometheus/ |
| - name: prometheus-storage-volume-claim2 |
| mountPath: /mnt/prometheus/ |
| resources: |
| requests: |
| memory: "1Gi" |
| cpu: "2" |
| livenessProbe: |
| httpGet: |
| path: / |
| port: 9090 |
| initialDelaySeconds: 3 |
| periodSeconds: 3 |
| - name: configmap-reload |
| args: |
| - "--volume-dir=/etc/prometheus/" |
| - "--webhook-method=POST" |
| - "--webhook-url=http://localhost:9090/-/reload" |
| image: gcr.io/skia-public/configmap-reload:2018-05-16T14_13_33Z-jcgregorio-80445ff-clean |
| volumeMounts: |
| - name: prometheus-config-volume |
| mountPath: /etc/prometheus/ |
| resources: |
| requests: |
| memory: "30Mi" |
| cpu: "10m" |
| - name: iap-proxy |
| args: |
| - "--logtostderr" |
| - "--aud=/projects/145247227042/global/backendServices/3954240095155401855" |
| - "--port=:8000" |
| - "--target_port=:9090" |
| - "--prom_port=:10000" |
| image: gcr.io/skia-public/iap-proxy:2018-05-16T14_13_55Z-jcgregorio-80445ff-clean |
| ports: |
| - containerPort: 8000 |
| - containerPort: 10000 |
| volumeMounts: |
| - name: skia-public-auth |
| mountPath: /var/secrets/skia-public-auth |
| resources: |
| requests: |
| memory: "30Mi" |
| cpu: "200m" |
| volumes: |
| - name: prometheus-config-volume |
| configMap: |
| defaultMode: 420 |
| name: prometheus-server-conf |
| - name: skia-public-auth |
| secret: |
| secretName: skia-public-auth |
| volumeClaimTemplates: |
| - metadata: |
| name: prometheus-storage-volume-claim2 |
| spec: |
| accessModes: [ "ReadWriteOnce" ] |
| resources: |
| requests: |
| storage: 1000Gi |