prom.yaml - skia-public-config - Git at Google

 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
   name: prometheus
 rules:
 - apiGroups: [""]
   resources:
   - nodes
   - nodes/proxy
   - services
   - endpoints
   - pods
   verbs: ["get", "list", "watch"]
 - apiGroups:
   - extensions
   resources:
   - ingresses
   verbs: ["get", "list", "watch"]
 - nonResourceURLs: ["/metrics"]
   verbs: ["get"]
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: prometheus
   namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
   name: prometheus
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: prometheus
 subjects:
 - kind: ServiceAccount
   name: prometheus
   namespace: default
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: prometheus
   annotations:
     beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}'
     skia.org.domain: prom2.skia.org
 spec:
   selector:
     app: prometheus
   type: NodePort
   ports:
     - port: 8000
       name: http
     - port: 9090
       name: internal-http
     - port: 10000
       name: auth-proxy-metrics
 ---
 apiVersion: apps/v1beta1
 kind: StatefulSet
 metadata:
   name: prometheus
 spec:
   replicas: 1
   updateStrategy:
     type: RollingUpdate
   serviceName: "prometheus"
   template:
     metadata:
       labels:
         app: prometheus
       annotations:
         prometheus.io.scrape: "true"
         prometheus.io.port: "9090"
     spec:
       securityContext:
         runAsUser: 2000 # aka skia
         fsGroup: 2000   # aka skia
       serviceAccountName: prometheus
       automountServiceAccountToken: true
       containers:
         - name: prometheus
           image: prom/prometheus:v2.4.3
           args:
             - "--config.file=/etc/prometheus/prometheus.yml"
             - "--storage.tsdb.path=/mnt/prometheus/"
             - "--web.enable-lifecycle"
             - "--web.listen-address=:9090"
             - "--web.external-url=https://prom2.skia.org"
           ports:
             - containerPort: 9090
           volumeMounts:
             - name: prometheus-config-volume
               mountPath: /etc/prometheus/
             - name: prometheus-storage-volume-claim3
               mountPath: /mnt/prometheus/
           resources:
             requests:
               memory: "5Gi"
               cpu: "1"
         - name: configmap-reload
           args:
             - "--volume-dir=/etc/prometheus/"
             - "--webhook-method=POST"
             - "--webhook-url=http://localhost:9090/-/reload"
           image: gcr.io/skia-public/configmap-reload:2019-04-08T14_16_57Z-rmistry-cfbdc64-clean
           volumeMounts:
             - name: prometheus-config-volume
               mountPath: /etc/prometheus/
           resources:
             requests:
               memory: "30Mi"
               cpu: "10m"
         - name: auth-proxy
           args:
             - "--logtostderr"
             - "--port=:8000"
             - "--target_port=:9090"
             - "--prom_port=:10000"
           image: gcr.io/skia-public/auth-proxy:2019-04-08T14_16_25Z-rmistry-cfbdc64-clean
           ports:
             - containerPort: 8000
             - containerPort: 10000
           readinessProbe:
             httpGet:
               path: /healthz
               port: 8000
             initialDelaySeconds: 3
             periodSeconds: 3
           volumeMounts:
             - name: skia-org-legacy-login-secrets
               mountPath: /etc/skia.org/
             - name: csrf-salt
               mountPath: /var/skia/
           resources:
             requests:
               memory: "30Mi"
               cpu: "200m"
       volumes:
         - name: skia-org-legacy-login-secrets
           secret:
             secretName: skia-org-legacy-login-secrets
         - name: csrf-salt
           secret:
             secretName: csrf-salt
         - name: prometheus-config-volume
           configMap:
             defaultMode: 420
             name: prometheus-server-conf
   volumeClaimTemplates:
     - metadata:
        name: prometheus-storage-volume-claim3
       spec:
         accessModes: [ "ReadWriteOnce" ]
         resources:
           requests:
             storage: 1000Gi
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRole
	metadata:
	name: prometheus
	rules:
	- apiGroups: [""]
	resources:
	- nodes
	- nodes/proxy
	- services
	- endpoints
	- pods
	verbs: ["get", "list", "watch"]
	- apiGroups:
	- extensions
	resources:
	- ingresses
	verbs: ["get", "list", "watch"]
	- nonResourceURLs: ["/metrics"]
	verbs: ["get"]
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: prometheus
	namespace: default
	---
	apiVersion: rbac.authorization.k8s.io/v1beta1
	kind: ClusterRoleBinding
	metadata:
	name: prometheus
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: prometheus
	subjects:
	- kind: ServiceAccount
	name: prometheus
	namespace: default
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: prometheus
	annotations:
	beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}'
	skia.org.domain: prom2.skia.org
	spec:
	selector:
	app: prometheus
	type: NodePort
	ports:
	- port: 8000
	name: http
	- port: 9090
	name: internal-http
	- port: 10000
	name: auth-proxy-metrics
	---
	apiVersion: apps/v1beta1
	kind: StatefulSet
	metadata:
	name: prometheus
	spec:
	replicas: 1
	updateStrategy:
	type: RollingUpdate
	serviceName: "prometheus"
	template:
	metadata:
	labels:
	app: prometheus
	annotations:
	prometheus.io.scrape: "true"
	prometheus.io.port: "9090"
	spec:
	securityContext:
	runAsUser: 2000 # aka skia
	fsGroup: 2000 # aka skia
	serviceAccountName: prometheus
	automountServiceAccountToken: true
	containers:
	- name: prometheus
	image: prom/prometheus:v2.4.3
	args:
	- "--config.file=/etc/prometheus/prometheus.yml"
	- "--storage.tsdb.path=/mnt/prometheus/"
	- "--web.enable-lifecycle"
	- "--web.listen-address=:9090"
	- "--web.external-url=https://prom2.skia.org"
	ports:
	- containerPort: 9090
	volumeMounts:
	- name: prometheus-config-volume
	mountPath: /etc/prometheus/
	- name: prometheus-storage-volume-claim3
	mountPath: /mnt/prometheus/
	resources:
	requests:
	memory: "5Gi"
	cpu: "1"
	- name: configmap-reload
	args:
	- "--volume-dir=/etc/prometheus/"
	- "--webhook-method=POST"
	- "--webhook-url=http://localhost:9090/-/reload"
	image: gcr.io/skia-public/configmap-reload:2019-04-08T14_16_57Z-rmistry-cfbdc64-clean
	volumeMounts:
	- name: prometheus-config-volume
	mountPath: /etc/prometheus/
	resources:
	requests:
	memory: "30Mi"
	cpu: "10m"
	- name: auth-proxy
	args:
	- "--logtostderr"
	- "--port=:8000"
	- "--target_port=:9090"
	- "--prom_port=:10000"
	image: gcr.io/skia-public/auth-proxy:2019-04-08T14_16_25Z-rmistry-cfbdc64-clean
	ports:
	- containerPort: 8000
	- containerPort: 10000
	readinessProbe:
	httpGet:
	path: /healthz
	port: 8000
	initialDelaySeconds: 3
	periodSeconds: 3
	volumeMounts:
	- name: skia-org-legacy-login-secrets
	mountPath: /etc/skia.org/
	- name: csrf-salt
	mountPath: /var/skia/
	resources:
	requests:
	memory: "30Mi"
	cpu: "200m"
	volumes:
	- name: skia-org-legacy-login-secrets
	secret:
	secretName: skia-org-legacy-login-secrets
	- name: csrf-salt
	secret:
	secretName: csrf-salt
	- name: prometheus-config-volume
	configMap:
	defaultMode: 420
	name: prometheus-server-conf
	volumeClaimTemplates:
	- metadata:
	name: prometheus-storage-volume-claim3
	spec:
	accessModes: [ "ReadWriteOnce" ]
	resources:
	requests:
	storage: 1000Gi