--- # Source: prometheus/templates/server/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: component: "server" app: prometheus release: prometheus chart: prometheus-15.8.0 heritage: Helm name: prometheus namespace: istio-system annotations: {} --- # Source: prometheus/templates/server/cm.yaml apiVersion: v1 kind: ConfigMap metadata: labels: component: "server" app: prometheus release: prometheus chart: prometheus-15.8.0 heritage: Helm name: prometheus namespace: istio-system data: alerting_rules.yml: | {} alerts: | {} prometheus.yml: | global: evaluation_interval: 1m scrape_interval: 15s scrape_timeout: 10s rule_files: - /etc/config/recording_rules.yml - /etc/config/alerting_rules.yml - /etc/config/rules - /etc/config/alerts scrape_configs: - job_name: prometheus static_configs: - targets: - localhost:9090 - job_name: kubernetes-pods kubernetes_sd_configs: - role: pod relabel_configs: - action: keep regex: true source_labels: - __meta_kubernetes_pod_annotation_prometheus_io_scrape - action: replace regex: (.+) source_labels: - __meta_kubernetes_pod_annotation_prometheus_io_path target_label: __metrics_path__ - action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 source_labels: - __address__ - __meta_kubernetes_pod_annotation_prometheus_io_port target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace source_labels: - __meta_kubernetes_namespace target_label: kubernetes_namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: kubernetes_pod_name - action: drop regex: Pending|Succeeded|Failed source_labels: - __meta_kubernetes_pod_phase - job_name: federate scrape_interval: 15s honor_labels: true metrics_path: /federate params: 'match[]': - '{__name__=~"federate:(.*)"}' - '{job=~"federate|kubernetes-pods"}' static_configs: - targets: - prometheus:9090 metric_relabel_configs: - source_labels: [__name__] regex: 'federate:(.*)' target_label: __name__ action: replace recording_rules.yml: | groups: - name: istio.workload.istio_request_duration_milliseconds_bucket interval: 10s rules: - record: federate:istio_request_duration_milliseconds_bucket expr: | sum(irate(istio_request_duration_milliseconds_bucket{job="kubernetes-pods"}[1m])) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - record: federate:istio_request_duration_milliseconds_sum expr: | sum(istio_request_duration_milliseconds_sum{job="kubernetes-pods"}) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - record: federate:istio_request_duration_milliseconds_count expr: | sum(istio_request_duration_milliseconds_count{job="kubernetes-pods"}) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - name: istio.workload.istio_request_bytes_bucket interval: 10s rules: - record: federate:istio_request_bytes_bucket expr: | sum(irate(istio_request_bytes_bucket{job="kubernetes-pods"}[1m])) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - record: federate:istio_request_bytes_sum expr: | sum(istio_request_bytes_sum{job="kubernetes-pods"}) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - record: federate:istio_request_bytes_count expr: | sum(istio_request_bytes_count{job="kubernetes-pods"}) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - name: istio.workload.istio_response_bytes_bucket interval: 10s rules: - record: federate:istio_response_bytes_bucket expr: | sum(irate(istio_response_bytes_bucket{job="kubernetes-pods"}[1m])) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - record: federate:istio_response_bytes_sum expr: | sum(istio_response_bytes_sum{job="kubernetes-pods"}) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - record: federate:istio_response_bytes_count expr: | sum(istio_response_bytes_count{job="kubernetes-pods"}) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace, le ) - name: istio.workload.istio_requests_total interval: 10s rules: - record: federate:istio_requests_total expr: | sum(istio_requests_total{job="kubernetes-pods"}) by ( app, reporter, response_code, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace ) - name: istio.workload.tcp_sent_bytes_total interval: 10s rules: - record: federate:istio_tcp_sent_bytes_total expr: | sum(istio_tcp_sent_bytes_total{job="kubernetes-pods"}) by ( app, reporter, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace ) - name: istio.workload.tcp_received_bytes_total interval: 10s rules: - record: federate:istio_tcp_received_bytes_total expr: | sum(istio_tcp_received_bytes_total{job="kubernetes-pods"}) by ( app, reporter, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace ) - name: istio.workload.tcp_connections_opened_total interval: 10s rules: - record: federate:istio_tcp_connections_opened_total expr: | sum(istio_tcp_connections_opened_total{job="kubernetes-pods"}) by ( app, reporter, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace ) - name: istio.workload.tcp_connections_closed_total interval: 10s rules: - record: federate:istio_tcp_connections_closed_total expr: | sum(istio_tcp_connections_closed_total{job="kubernetes-pods"}) by ( app, reporter, response_flags, source_workload, source_workload_namespace, destination_workload, destination_workload_namespace ) - name: istio.federate.request_duration.histogram interval: 10s rules: - record: federate:istio_request_duration_milliseconds_bucket_p50 expr: | histogram_quantile(0.5, federate:istio_request_duration_milliseconds_bucket) - record: federate:istio_request_duration_milliseconds_bucket_p75 expr: | histogram_quantile(0.75, federate:istio_request_duration_milliseconds_bucket) - record: federate:istio_request_duration_milliseconds_bucket_p90 expr: | histogram_quantile(0.90, federate:istio_request_duration_milliseconds_bucket) - record: federate:istio_request_duration_milliseconds_bucket_p95 expr: | histogram_quantile(0.95, federate:istio_request_duration_milliseconds_bucket) - record: federate:istio_request_duration_milliseconds_bucket_p99 expr: | histogram_quantile(0.99, federate:istio_request_duration_milliseconds_bucket) - record: federate:istio_request_duration_milliseconds_bucket_p999 expr: | histogram_quantile(0.999, federate:istio_request_duration_milliseconds_bucket) - name: istio.federate.request_bytes.histogram interval: 10s rules: - record: federate:istio_request_bytes_bucket_p50 expr: | histogram_quantile(0.5, federate:istio_request_bytes_bucket) - record: federate:istio_request_bytes_bucket_p75 expr: | histogram_quantile(0.75, federate:istio_request_bytes_bucket) - record: federate:istio_request_bytes_bucket_p90 expr: | histogram_quantile(0.90, federate:istio_request_bytes_bucket) - record: federate:istio_request_bytes_bucket_p95 expr: | histogram_quantile(0.95, federate:istio_request_bytes_bucket) - record: federate:istio_request_bytes_bucket_p99 expr: | histogram_quantile(0.99, federate:istio_request_bytes_bucket) - record: federate:istio_request_bytes_bucket_p999 expr: | histogram_quantile(0.999, federate:istio_request_bytes_bucket) - name: istio.federate.response_bytes.histogram interval: 10s rules: - record: federate:istio_response_bytes_bucket_p50 expr: | histogram_quantile(0.5, federate:istio_response_bytes_bucket) - record: federate:istio_response_bytes_bucket_p75 expr: | histogram_quantile(0.75, federate:istio_response_bytes_bucket) - record: federate:istio_response_bytes_bucket_p90 expr: | histogram_quantile(0.90, federate:istio_response_bytes_bucket) - record: federate:istio_response_bytes_bucket_p95 expr: | histogram_quantile(0.95, federate:istio_response_bytes_bucket) - record: federate:istio_response_bytes_bucket_p99 expr: | histogram_quantile(0.99, federate:istio_response_bytes_bucket) - record: federate:istio_response_bytes_bucket_p999 expr: | histogram_quantile(0.999, federate:istio_response_bytes_bucket) --- # Source: prometheus/templates/server/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: component: "server" app: prometheus release: prometheus chart: prometheus-15.8.0 heritage: Helm name: prometheus rules: - apiGroups: - "" resources: - nodes - nodes/proxy - nodes/metrics - services - endpoints - pods - ingresses - configmaps verbs: - get - list - watch - apiGroups: - "extensions" - "networking.k8s.io" resources: - ingresses/status - ingresses verbs: - get - list - watch - nonResourceURLs: - "/metrics" verbs: - get --- # Source: prometheus/templates/server/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: component: "server" app: prometheus release: prometheus chart: prometheus-15.8.0 heritage: Helm name: prometheus subjects: - kind: ServiceAccount name: prometheus namespace: istio-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: prometheus --- # Source: prometheus/templates/server/service.yaml apiVersion: v1 kind: Service metadata: labels: component: "server" app: prometheus release: prometheus chart: prometheus-15.8.0 heritage: Helm name: prometheus namespace: istio-system spec: ports: - name: http port: 9090 protocol: TCP targetPort: 9090 selector: component: "server" app: prometheus release: prometheus sessionAffinity: None type: "ClusterIP" --- # Source: prometheus/templates/server/deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: component: "server" app: prometheus release: prometheus chart: prometheus-15.8.0 heritage: Helm #istio-federate: federate name: prometheus namespace: istio-system spec: selector: matchLabels: component: "server" app: prometheus release: prometheus replicas: 1 template: metadata: annotations: sidecar.istio.io/inject: "false" labels: component: "server" app: prometheus release: prometheus chart: prometheus-15.8.0 heritage: Helm spec: serviceAccountName: prometheus containers: - name: prometheus-server-configmap-reload image: "jimmidyson/configmap-reload:v0.4.0" imagePullPolicy: "IfNotPresent" args: - --volume-dir=/etc/config - --webhook-url=http://127.0.0.1:9090/-/reload resources: {} volumeMounts: - name: config-volume mountPath: /etc/config readOnly: true - name: prometheus-server image: "prom/prometheus:latest" imagePullPolicy: "IfNotPresent" args: - --storage.tsdb.retention.time=2h - --config.file=/etc/config/prometheus.yml - --storage.tsdb.path=/data - --web.console.libraries=/etc/prometheus/console_libraries - --web.console.templates=/etc/prometheus/consoles - --web.enable-lifecycle ports: - containerPort: 9090 readinessProbe: httpGet: path: /-/ready port: 9090 initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 30 failureThreshold: 3 successThreshold: 1 livenessProbe: httpGet: path: /-/healthy port: 9090 initialDelaySeconds: 30 periodSeconds: 15 timeoutSeconds: 30 failureThreshold: 3 successThreshold: 1 resources: {} volumeMounts: - name: config-volume mountPath: /etc/config - name: storage-volume mountPath: /data subPath: "" securityContext: fsGroup: 65534 runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 terminationGracePeriodSeconds: 300 volumes: - name: config-volume configMap: name: prometheus - name: storage-volume emptyDir: {}