| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| kind: ClusterRole |
| metadata: |
| name: prometheus |
| rules: |
| - apiGroups: [""] |
| resources: |
| - nodes |
| - nodes/proxy |
| - services |
| - endpoints |
| - pods |
| verbs: ["get", "list", "watch"] |
| - apiGroups: |
| - extensions |
| resources: |
| - ingresses |
| verbs: ["get", "list", "watch"] |
| - nonResourceURLs: ["/metrics"] |
| verbs: ["get"] |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: prometheus |
| namespace: default |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: prometheus |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: prometheus |
| subjects: |
| - kind: ServiceAccount |
| name: prometheus |
| namespace: default |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: prometheus |
| annotations: |
| beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}' |
| skia.org.domain: prom2.skia.org |
| spec: |
| selector: |
| app: prometheus |
| type: NodePort |
| ports: |
| - port: 8000 |
| name: http |
| - port: 9090 |
| name: internal-http |
| - port: 10000 |
| name: auth-proxy-metrics |
| --- |
| apiVersion: apps/v1beta1 |
| kind: StatefulSet |
| metadata: |
| name: prometheus |
| spec: |
| replicas: 1 |
| updateStrategy: |
| type: RollingUpdate |
| serviceName: "prometheus" |
| template: |
| metadata: |
| labels: |
| app: prometheus |
| annotations: |
| prometheus.io.scrape: "true" |
| prometheus.io.port: "9090" |
| spec: |
| securityContext: |
| runAsUser: 2000 # aka skia |
| fsGroup: 2000 # aka skia |
| serviceAccountName: prometheus |
| automountServiceAccountToken: true |
| containers: |
| - name: prometheus |
| image: prom/prometheus:v2.4.3 |
| args: |
| - "--config.file=/etc/prometheus/prometheus.yml" |
| - "--storage.tsdb.path=/mnt/prometheus/" |
| - "--web.enable-lifecycle" |
| - "--web.listen-address=:9090" |
| - "--web.external-url=https://prom2.skia.org" |
| ports: |
| - containerPort: 9090 |
| volumeMounts: |
| - name: prometheus-config-volume |
| mountPath: /etc/prometheus/ |
| - name: prometheus-storage-volume-claim3 |
| mountPath: /mnt/prometheus/ |
| resources: |
| requests: |
| memory: "5Gi" |
| cpu: "1" |
| - name: configmap-reload |
| args: |
| - "--volume-dir=/etc/prometheus/" |
| - "--webhook-method=POST" |
| - "--webhook-url=http://localhost:9090/-/reload" |
| image: gcr.io/skia-public/configmap-reload:2019-04-08T14_16_57Z-rmistry-cfbdc64-clean |
| volumeMounts: |
| - name: prometheus-config-volume |
| mountPath: /etc/prometheus/ |
| resources: |
| requests: |
| memory: "30Mi" |
| cpu: "10m" |
| - name: auth-proxy |
| args: |
| - "--logtostderr" |
| - "--port=:8000" |
| - "--target_port=:9090" |
| - "--prom_port=:10000" |
| image: gcr.io/skia-public/auth-proxy:2019-04-08T14_16_25Z-rmistry-cfbdc64-clean |
| ports: |
| - containerPort: 8000 |
| - containerPort: 10000 |
| readinessProbe: |
| httpGet: |
| path: /healthz |
| port: 8000 |
| initialDelaySeconds: 3 |
| periodSeconds: 3 |
| volumeMounts: |
| - name: skia-org-legacy-login-secrets |
| mountPath: /etc/skia.org/ |
| - name: csrf-salt |
| mountPath: /var/skia/ |
| resources: |
| requests: |
| memory: "30Mi" |
| cpu: "200m" |
| volumes: |
| - name: skia-org-legacy-login-secrets |
| secret: |
| secretName: skia-org-legacy-login-secrets |
| - name: csrf-salt |
| secret: |
| secretName: csrf-salt |
| - name: prometheus-config-volume |
| configMap: |
| defaultMode: 420 |
| name: prometheus-server-conf |
| volumeClaimTemplates: |
| - metadata: |
| name: prometheus-storage-volume-claim3 |
| spec: |
| accessModes: [ "ReadWriteOnce" ] |
| resources: |
| requests: |
| storage: 1000Gi |