apiVersion: v1 kind: ServiceAccount metadata: name: prometheus namespace: monitoring labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - "" resources: - nodes - nodes/metrics - services - endpoints - pods verbs: - get - list - watch - apiGroups: - "" resources: - configmaps verbs: - get - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus labels: addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/cluster-service: "true" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: prometheus subjects: - kind: ServiceAccount name: prometheus namespace: monitoring --- apiVersion: apps/v1 kind: Deployment metadata: name: prometheus namespace: monitoring spec: minReadySeconds: 5 replicas: 1 selector: matchLabels: app: prometheus strategy: rollingUpdate: maxSurge: 50% maxUnavailable: 0 type: RollingUpdate template: metadata: annotations: app_name: prometheus project: prometheus labels: app: prometheus project: prometheus spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: prometheus operator: In values: - "1" weight: 100 - preference: matchExpressions: - key: kubernetes.io/os operator: In values: - linux weight: 10 requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: prometheus operator: In values: - "1" - matchExpressions: - key: kubernetes.io/os operator: In values: - linux containers: - name: prometheus image: registry.cn-hangzhou.aliyuncs.com/zhengyu1992/prometheus:v2.46.0 #image: harbor.uenpay.com/base/prometheus:v2.46.0 imagePullPolicy: IfNotPresent command: - /bin/prometheus args: - --config.file=/etc/config/prometheus.yml - --storage.tsdb.path=/data/prometheus - --storage.tsdb.retention.time=30m - --storage.tsdb.max-block-duration=10m - --storage.tsdb.min-block-duration=5m - --web.console.libraries=/usr/share/prometheus/console_libraries - --web.console.templates=/usr/share/prometheus/consoles - --web.enable-lifecycle - --web.enable-admin-api ports: - containerPort: 9090 protocol: TCP env: - name: PROJECT_APP_NAME value: prometheus - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: INSTANCE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.labels['app'] - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_CPU_REQUEST valueFrom: resourceFieldRef: divisor: "0" resource: requests.cpu - name: POD_CPU_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.cpu - name: POD_MEM_REQUEST valueFrom: resourceFieldRef: divisor: "0" resource: requests.memory - name: POD_MEM_LIMIT valueFrom: resourceFieldRef: divisor: "0" resource: limits.memory - name: SW_AGENT_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: SW_AGENT_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.labels['project'] - name: SW_AGENT_INSTANCE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name livenessProbe: failureThreshold: 2 httpGet: path: /-/healthy port: 9090 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 4 readinessProbe: failureThreshold: 2 httpGet: path: /-/ready port: 9090 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 4 resources: limits: cpu: "4" memory: 12Gi requests: cpu: "1" memory: 1Gi volumeMounts: - mountPath: /etc/config name: config - mountPath: /etc/exporter name: exporter - mountPath: /data/prometheus name: data - mountPath: /etc/localtime name: timezone - name: configmap-reload image: registry.cn-hangzhou.aliyuncs.com/zhengyu1992/configmap-reload:v0.5.0 #image: harbor.uenpay.com/base/configmap-reload:v0.5.0 imagePullPolicy: IfNotPresent args: - --volume-dir=/etc/config - --webhook-url=http://127.0.0.1:9090/-/reload volumeMounts: - name: config mountPath: /etc/config readOnly: true restartPolicy: Always securityContext: runAsUser: 0 serviceAccount: prometheus serviceAccountName: prometheus terminationGracePeriodSeconds: 60 volumes: - configMap: defaultMode: 420 name: prometheus-config name: config - configMap: defaultMode: 420 name: exporter-config name: exporter - emptyDir: medium: Memory sizeLimit: 2Gi name: data - hostPath: path: /usr/share/zoneinfo/Asia/Shanghai type: "" name: timezone tolerations: - key: prometheus effect: NoSchedule operator: Exists --- apiVersion: v1 kind: Service metadata: name: prometheus namespace: monitoring spec: #type: NodePort ports: - port: 9090 targetPort: 9090 selector: app: prometheus --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/client-max-body-size: 4096m nginx.ingress.kubernetes.io/proxy-body-size: 3072m nginx.ingress.kubernetes.io/ssl-redirect: 'false' name: prometheus namespace: monitoring spec: ingressClassName: nginx rules: - host: prometheus-d1-prod.uenpay.com http: paths: - backend: service: name: prometheus port: number: 9090 path: / pathType: ImplementationSpecific tls: - hosts: - prometheus-d1-prod.uenpay.com secretName: uenpay.com