apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-prometheus
  namespace: kube-public
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1000Gi
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prometheus
  namespace: kube-public
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  - nodes/metrics
  - services
  - endpoints
  - pods
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
- nonResourceURLs:
  - /metrics
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prometheus
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    kubernetes.io/cluster-service: "true"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: kube-public
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus
  namespace: kube-public
spec:
  minReadySeconds: 5
  replicas: 1
  selector:
    matchLabels:
      app: prometheus
  strategy:
    rollingUpdate:
      maxSurge: 50%
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      annotations:
        app_name: prometheus
        project: prometheus
      labels:
        app: prometheus
        project: prometheus
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - preference:
              matchExpressions:
              - key: prometheus
                operator: In
                values:
                - "1"
            weight: 100
          - preference:
              matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
            weight: 10
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: prometheus
                operator: In
                values:
                - "1"
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      containers:
      - name: prometheus
        image: registry.cn-hangzhou.aliyuncs.com/zhengyu1992/prometheus:v2.46.0
        #image: harbor.uenpay.com/base/prometheus:v2.46.0
        imagePullPolicy: IfNotPresent
        command:
        - /bin/prometheus
        args:
        - --config.file=/etc/config/prometheus.yml
        - --storage.tsdb.path=/data/prometheus
        - --storage.tsdb.retention.time=180d
        - --storage.tsdb.max-block-duration=1d
        - --storage.tsdb.min-block-duration=2h
        - --web.console.libraries=/usr/share/prometheus/console_libraries
        - --web.console.templates=/usr/share/prometheus/consoles
        - --web.enable-lifecycle
        - --web.enable-admin-api
        - --web.external-url=https://prometheus.uenpay.com
        ports:
        - containerPort: 9090
          protocol: TCP
        resources:
          limits:
            cpu: "8"
            memory: 16Gi
          requests:
            cpu: "1"
            memory: 1Gi
        volumeMounts:
        - name: config
          mountPath: /etc/config
        - name: rules
          mountPath: /etc/rules
        - name: data
          mountPath: /data/prometheus
        - name: timezone
          mountPath: /etc/localtime
      - name: configmap-reload
        image: registry.cn-hangzhou.aliyuncs.com/zhengyu1992/configmap-reload:v0.5.0
        #image: harbor.uenpay.com/base/configmap-reload:v0.5.0
        imagePullPolicy: IfNotPresent
        args:
        - --volume-dir=/etc/config
        - --volume-dir=/etc/rules
        - --webhook-url=http://127.0.0.1:9090/-/reload
        volumeMounts:
        - name: config
          mountPath: /etc/config
          readOnly: true
        - name: rules
          mountPath: /etc/rules
          readOnly: true
      restartPolicy: Always
      securityContext:
        runAsUser: 0
      serviceAccount: prometheus
      serviceAccountName: prometheus
      terminationGracePeriodSeconds: 60
      volumes:
      - name: config
        configMap:
          defaultMode: 420
          name: prometheus-config
      - name: rules
        configMap:
          defaultMode: 420
          name: rules-config
      - name: data
        persistentVolumeClaim:
          claimName: data-prometheus
      - name: timezone
        hostPath:
          path: /usr/share/zoneinfo/Asia/Shanghai
          type: ""
      tolerations:
      - key: prometheus
        effect: NoSchedule
        operator: Exists
---
apiVersion: v1
kind: Service
metadata:
    name: prometheus
    namespace: kube-public
spec:
    #type: NodePort
    ports:
    - port: 9090
      targetPort: 9090
    selector:
        app: prometheus
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/client-max-body-size: 4096m
    nginx.ingress.kubernetes.io/proxy-body-size: 3072m
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
  name: prometheus
  namespace: kube-public
spec:
  ingressClassName: nginx
  rules:
  - host: prometheus.uenpay.com
    http:
      paths:
      - backend:
          service:
            name: prometheus
            port:
              number: 9090
        path: /
        pathType: ImplementationSpecific
  tls:
    - hosts:
        - prometheus.uenpay.com
      secretName: uenpay.com