blob: 3894833d483bd75fcece0545327aabb6bffcefb7 [file] [log] [blame]
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: prometheus
rules:
- apiGroups: [""]
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups:
- extensions
resources:
- ingresses
verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: prometheus
namespace: default
---
apiVersion: v1
kind: Service
metadata:
name: prometheus
annotations:
beta.cloud.google.com/backend-config: '{"ports": {"8000":"skia-default-backendconfig"}}'
spec:
selector:
app: prometheus
type: NodePort
ports:
- port: 8000
name: http
- port: 9090
name: internal-http
- port: 10000
name: auth-proxy-metrics
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: prometheus
spec:
replicas: 1
updateStrategy:
type: RollingUpdate
serviceName: "prometheus"
template:
metadata:
labels:
app: prometheus
annotations:
prometheus.io.scrape: "true"
prometheus.io.port: "9090"
spec:
securityContext:
runAsUser: 2000 # aka skia
fsGroup: 2000 # aka skia
serviceAccountName: prometheus
automountServiceAccountToken: true
containers:
- name: prometheus
image: prom/prometheus:v2.4.3
args:
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/mnt/prometheus/"
- "--web.enable-lifecycle"
- "--web.listen-address=:9090"
- "--web.external-url=https://prom2.skia.org"
ports:
- containerPort: 9090
volumeMounts:
- name: prometheus-config-volume
mountPath: /etc/prometheus/
- name: prometheus-storage-volume-claim3
mountPath: /mnt/prometheus/
resources:
requests:
memory: "1Gi"
cpu: "2"
- name: configmap-reload
args:
- "--volume-dir=/etc/prometheus/"
- "--webhook-method=POST"
- "--webhook-url=http://localhost:9090/-/reload"
image: gcr.io/skia-public/configmap-reload:2018-12-21T14_40_22Z-benjaminwagner-5e4a28a-clean
volumeMounts:
- name: prometheus-config-volume
mountPath: /etc/prometheus/
resources:
requests:
memory: "30Mi"
cpu: "10m"
- name: auth-proxy
args:
- "--logtostderr"
- "--port=:8000"
- "--target_port=:9090"
- "--prom_port=:10000"
image: gcr.io/skia-public/auth-proxy:2018-12-21T14_39_42Z-benjaminwagner-5e4a28a-clean
ports:
- containerPort: 8000
- containerPort: 10000
readinessProbe:
httpGet:
path: /healthz
port: 8000
initialDelaySeconds: 3
periodSeconds: 3
volumeMounts:
- name: skia-org-legacy-login-secrets
mountPath: /etc/skia.org/
- name: csrf-salt
mountPath: /var/skia/
resources:
requests:
memory: "30Mi"
cpu: "200m"
volumes:
- name: skia-org-legacy-login-secrets
secret:
secretName: skia-org-legacy-login-secrets
- name: csrf-salt
secret:
secretName: csrf-salt
- name: prometheus-config-volume
configMap:
defaultMode: 420
name: prometheus-server-conf
volumeClaimTemplates:
- metadata:
name: prometheus-storage-volume-claim3
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1000Gi