This document shows the contents of the manifests used in the Managed Service for Prometheus documentation.
setup.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: This file is autogenerated.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterpodmonitorings.monitoring.googleapis.com
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
spec:
group: monitoring.googleapis.com
names:
kind: ClusterPodMonitoring
listKind: ClusterPodMonitoringList
plural: clusterpodmonitorings
singular: clusterpodmonitoring
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
type: object
description: ClusterPodMonitoring defines monitoring for a set of pods, scoped to all pods within the cluster.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of desired Pod selection for target discovery by Prometheus.
properties:
selector:
type: object
description: Label selector that specifies which pods are selected for this monitoring configuration.
properties:
matchExpressions:
type: array
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
type: object
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
type: string
description: key is the label key that the selector applies to.
operator:
type: string
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values:
type: array
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
required:
- key
- operator
matchLabels:
type: object
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
x-kubernetes-map-type: atomic
endpoints:
type: array
description: The endpoints to scrape on the selected pods.
items:
type: object
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to scrape. The container metadata label is only populated if the port is referenced by name because port numbers are not unique across containers.
x-kubernetes-int-or-string: true
interval:
type: string
default: 1m
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
pattern: ^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$
metricRelabeling:
type: array
description: Relabeling rules for metrics scraped from this endpoint. Relabeling rules that override protected target labels (project_id, location, cluster, namespace, job, instance, or __address__) are not permitted. The labelmap action is not permitted in general.
items:
type: object
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
type: string
description: Action to perform based on regex matching. Defaults to 'replace'.
modulus:
type: integer
description: Modulus to take of the hash of the source label values.
format: int64
regex:
type: string
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
replacement:
type: string
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Defaults to '$1'.
separator:
type: string
description: Separator placed between concatenated source label values. Defaults to ';'.
sourceLabels:
type: array
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
items:
type: string
targetLabel:
type: string
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
params:
type: object
additionalProperties:
type: array
items:
type: string
description: HTTP GET params to use when scraping.
path:
type: string
description: HTTP path to scrape metrics from. Defaults to "/metrics".
proxyUrl:
type: string
description: Proxy URL to scrape through. Encoded passwords are not supported.
scheme:
type: string
description: Protocol scheme to use to scrape.
timeout:
type: string
description: Timeout for metrics scrapes. Must be a valid Prometheus duration. Must not be larger then the scrape interval.
required:
- port
limits:
type: object
description: Limits to apply at scrape time.
properties:
labels:
type: integer
description: Maximum number of labels accepted for a single sample. Uses Prometheus default if left unspecified.
format: int64
labelNameLength:
type: integer
description: Maximum label name length. Uses Prometheus default if left unspecified.
format: int64
labelValueLength:
type: integer
description: Maximum label value length. Uses Prometheus default if left unspecified.
format: int64
samples:
type: integer
description: Maximum number of samples accepted within a single scrape. Uses Prometheus default if left unspecified.
format: int64
targetLabels:
type: object
description: Labels to add to the Prometheus target for discovered endpoints. The `instance` label is always set to `<pod_name>:<port>` or `<node_name>:<port>` if the scraped pod is controlled by a DaemonSet.
properties:
metadata:
type: array
description: Pod metadata labels that are set on all scraped targets. Permitted keys are `pod`, `container`, and `node` for PodMonitoring and `pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring. The `container` label is only populated if the scrape port is referenced by name. Defaults to [pod, container] for PodMonitoring and [namespace, pod, container] for ClusterPodMonitoring. If set to null, it will be interpreted as the empty list for PodMonitoring and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility only.
items:
type: string
fromPod:
type: array
description: Labels to transfer from the Kubernetes Pod to Prometheus target labels. Mappings are applied in order.
items:
type: object
description: LabelMapping specifies how to transfer a label from a Kubernetes resource onto a Prometheus target.
properties:
from:
type: string
description: Kubenetes resource label to remap.
to:
type: string
description: Remapped Prometheus target label. Defaults to the same name as `From`.
required:
- from
required:
- endpoints
- selector
status:
type: object
description: Most recently observed status of the resource.
properties:
conditions:
type: array
description: Represents the latest available observations of a podmonitor's current state.
items:
type: object
description: MonitoringCondition describes a condition of a PodMonitoring.
properties:
type:
type: string
description: MonitoringConditionType is the type of MonitoringCondition.
status:
type: string
description: Status of the condition, one of True, False, Unknown.
lastTransitionTime:
type: string
description: Last time the condition transitioned from one status to another.
format: date-time
lastUpdateTime:
type: string
description: The last time this condition was updated.
format: date-time
message:
type: string
description: A human-readable message indicating details about the transition.
reason:
type: string
description: The reason for the condition's last transition.
required:
- status
- type
endpointStatuses:
type: array
description: Represents the latest available observations of target state for each ScrapeEndpoint.
items:
type: object
properties:
name:
type: string
description: The name of the ScrapeEndpoint.
activeTargets:
type: integer
description: Total number of active targets.
format: int64
collectorsFraction:
type: string
description: Fraction of collectors included in status, bounded [0,1]. Ideally, this should always be 1. Anything less can be considered a problem and should be investigated.
lastUpdateTime:
type: string
description: Last time this status was updated.
format: date-time
sampleGroups:
type: array
description: A fixed sample of targets grouped by error type.
items:
type: object
properties:
count:
type: integer
description: Total count of similar errors.
format: int32
sampleTargets:
type: array
description: Targets emitting the error message.
items:
type: object
properties:
labels:
type: object
additionalProperties:
type: string
description: A LabelValue is an associated value for a LabelName.
description: The label set, keys and values, of the target.
health:
type: string
description: Health status.
lastError:
type: string
description: Error message.
lastScrapeDurationSeconds:
type: string
description: Scrape duration in seconds.
unhealthyTargets:
type: integer
description: Total number of active, unhealthy targets.
format: int64
required:
- name
observedGeneration:
type: integer
description: The generation observed by the controller.
format: int64
required:
- spec
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
deprecated: true
schema:
openAPIV3Schema:
type: object
description: ClusterPodMonitoring defines monitoring for a set of pods.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of desired Pod selection for target discovery by Prometheus.
properties:
selector:
type: object
description: Label selector that specifies which pods are selected for this monitoring configuration.
properties:
matchExpressions:
type: array
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
type: object
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
type: string
description: key is the label key that the selector applies to.
operator:
type: string
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values:
type: array
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
required:
- key
- operator
matchLabels:
type: object
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
x-kubernetes-map-type: atomic
endpoints:
type: array
description: The endpoints to scrape on the selected pods.
items:
type: object
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to scrape.
x-kubernetes-int-or-string: true
interval:
type: string
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
metricRelabeling:
type: array
description: Relabeling rules for metrics scraped from this endpoint. Relabeling rules that override protected target labels (project_id, location, cluster, namespace, job, instance, or __address__) are not permitted. The labelmap action is not permitted in general.
items:
type: object
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
type: string
description: Action to perform based on regex matching. Defaults to 'replace'.
modulus:
type: integer
description: Modulus to take of the hash of the source label values.
format: int64
regex:
type: string
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
replacement:
type: string
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Defaults to '$1'.
separator:
type: string
description: Separator placed between concatenated source label values. Defaults to ';'.
sourceLabels:
type: array
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
items:
type: string
targetLabel:
type: string
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
params:
type: object
additionalProperties:
type: array
items:
type: string
description: HTTP GET params to use when scraping.
path:
type: string
description: HTTP path to scrape metrics from. Defaults to "/metrics".
proxyUrl:
type: string
description: Proxy URL to scrape through. Encoded passwords are not supported.
scheme:
type: string
description: Protocol scheme to use to scrape.
timeout:
type: string
description: Timeout for metrics scrapes. Must be a valid Prometheus duration. Must not be larger then the scrape interval.
required:
- port
limits:
type: object
description: Limits to apply at scrape time.
properties:
labels:
type: integer
description: Maximum number of labels accepted for a single sample. Uses Prometheus default if left unspecified.
format: int64
labelNameLength:
type: integer
description: Maximum label name length. Uses Prometheus default if left unspecified.
format: int64
labelValueLength:
type: integer
description: Maximum label value length. Uses Prometheus default if left unspecified.
format: int64
samples:
type: integer
description: Maximum number of samples accepted within a single scrape. Uses Prometheus default if left unspecified.
format: int64
targetLabels:
type: object
description: Labels to add to the Prometheus target for discovered endpoints
properties:
metadata:
type: array
description: Pod metadata labels that are set on all scraped targets. Permitted keys are `pod`, `container`, and `node` for PodMonitoring and `pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring. Defaults to [pod, container] for PodMonitoring and [namespace, pod, container] for ClusterPodMonitoring. If set to null, it will be interpreted as the empty list for PodMonitoring and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility only.
items:
type: string
fromPod:
type: array
description: Labels to transfer from the Kubernetes Pod to Prometheus target labels. Mappings are applied in order.
items:
type: object
description: LabelMapping specifies how to transfer a label from a Kubernetes resource onto a Prometheus target.
properties:
from:
type: string
description: Kubenetes resource label to remap.
to:
type: string
description: Remapped Prometheus target label. Defaults to the same name as `From`.
required:
- from
required:
- endpoints
- selector
status:
type: object
description: Most recently observed status of the resource.
properties:
conditions:
type: array
description: Represents the latest available observations of a podmonitor's current state.
items:
type: object
description: MonitoringCondition describes a condition of a PodMonitoring.
properties:
type:
type: string
description: MonitoringConditionType is the type of MonitoringCondition.
status:
type: string
description: Status of the condition, one of True, False, Unknown.
lastTransitionTime:
type: string
description: Last time the condition transitioned from one status to another.
format: date-time
lastUpdateTime:
type: string
description: The last time this condition was updated.
format: date-time
message:
type: string
description: A human-readable message indicating details about the transition.
reason:
type: string
description: The reason for the condition's last transition.
required:
- status
- type
observedGeneration:
type: integer
description: The generation observed by the controller.
format: int64
required:
- spec
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterrules.monitoring.googleapis.com
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
spec:
group: monitoring.googleapis.com
names:
kind: ClusterRules
listKind: ClusterRulesList
plural: clusterrules
singular: clusterrules
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
type: object
description: ClusterRules defines Prometheus alerting and recording rules that are scoped to the current cluster. Only metric data from the current cluster is processed and all rule results have their project_id and cluster label preserved for query processing. If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of rules to record and alert on.
properties:
groups:
type: array
description: A list of Prometheus rule groups.
items:
type: object
description: 'RuleGroup declares rules in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
name:
type: string
description: The name of the rule group.
interval:
type: string
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
rules:
type: array
description: A list of rules that are executed sequentially as part of this group.
items:
type: object
description: 'Rule is a single rule in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
labels:
type: object
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
annotations:
type: object
additionalProperties:
type: string
description: A set of annotations to attach to alerts produced by the query expression. Only valid if `alert` is set.
alert:
type: string
description: Name of the alert to evaluate the expression as. Only one of `record` and `alert` must be set.
expr:
type: string
description: The PromQL expression to evaluate.
for:
type: string
description: The duration to wait before a firing alert produced by this rule is sent to Alertmanager. Only valid if `alert` is set.
record:
type: string
description: Record the result of the expression to this metric name. Only one of `record` and `alert` must be set.
required:
- expr
required:
- interval
- name
- rules
required:
- groups
status:
type: object
description: Most recently observed status of the resource.
required:
- spec
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
deprecated: true
schema:
openAPIV3Schema:
type: object
description: ClusterRules defines Prometheus alerting and recording rules that are scoped to the current cluster. Only metric data from the current cluster is processed and all rule results have their project_id and cluster label preserved for query processing. If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of rules to record and alert on.
properties:
groups:
type: array
description: A list of Prometheus rule groups.
items:
type: object
description: 'RuleGroup declares rules in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
name:
type: string
description: The name of the rule group.
interval:
type: string
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
rules:
type: array
description: A list of rules that are executed sequentially as part of this group.
items:
type: object
description: 'Rule is a single rule in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
labels:
type: object
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
annotations:
type: object
additionalProperties:
type: string
description: A set of annotations to attach to alerts produced by the query expression. Only valid if `alert` is set.
alert:
type: string
description: Name of the alert to evaluate the expression as. Only one of `record` and `alert` must be set.
expr:
type: string
description: The PromQL expression to evaluate.
for:
type: string
description: The duration to wait before a firing alert produced by this rule is sent to Alertmanager. Only valid if `alert` is set.
record:
type: string
description: Record the result of the expression to this metric name. Only one of `record` and `alert` must be set.
required:
- expr
required:
- interval
- name
- rules
required:
- groups
status:
type: object
description: Most recently observed status of the resource.
required:
- spec
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: globalrules.monitoring.googleapis.com
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
spec:
group: monitoring.googleapis.com
names:
kind: GlobalRules
listKind: GlobalRulesList
plural: globalrules
singular: globalrules
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
type: object
description: GlobalRules defines Prometheus alerting and recording rules that are scoped to all data in the queried project. If the project_id or location labels are not preserved by the rule, they default to the values of the cluster.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of rules to record and alert on.
properties:
groups:
type: array
description: A list of Prometheus rule groups.
items:
type: object
description: 'RuleGroup declares rules in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
name:
type: string
description: The name of the rule group.
interval:
type: string
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
rules:
type: array
description: A list of rules that are executed sequentially as part of this group.
items:
type: object
description: 'Rule is a single rule in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
labels:
type: object
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
annotations:
type: object
additionalProperties:
type: string
description: A set of annotations to attach to alerts produced by the query expression. Only valid if `alert` is set.
alert:
type: string
description: Name of the alert to evaluate the expression as. Only one of `record` and `alert` must be set.
expr:
type: string
description: The PromQL expression to evaluate.
for:
type: string
description: The duration to wait before a firing alert produced by this rule is sent to Alertmanager. Only valid if `alert` is set.
record:
type: string
description: Record the result of the expression to this metric name. Only one of `record` and `alert` must be set.
required:
- expr
required:
- interval
- name
- rules
required:
- groups
status:
type: object
description: Most recently observed status of the resource.
required:
- spec
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
deprecated: true
schema:
openAPIV3Schema:
type: object
description: GlobalRules defines Prometheus alerting and recording rules that are scoped to all data in the queried project. If the project_id or location labels are not preserved by the rule, they default to the values of the cluster.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of rules to record and alert on.
properties:
groups:
type: array
description: A list of Prometheus rule groups.
items:
type: object
description: 'RuleGroup declares rules in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
name:
type: string
description: The name of the rule group.
interval:
type: string
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
rules:
type: array
description: A list of rules that are executed sequentially as part of this group.
items:
type: object
description: 'Rule is a single rule in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
labels:
type: object
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
annotations:
type: object
additionalProperties:
type: string
description: A set of annotations to attach to alerts produced by the query expression. Only valid if `alert` is set.
alert:
type: string
description: Name of the alert to evaluate the expression as. Only one of `record` and `alert` must be set.
expr:
type: string
description: The PromQL expression to evaluate.
for:
type: string
description: The duration to wait before a firing alert produced by this rule is sent to Alertmanager. Only valid if `alert` is set.
record:
type: string
description: Record the result of the expression to this metric name. Only one of `record` and `alert` must be set.
required:
- expr
required:
- interval
- name
- rules
required:
- groups
status:
type: object
description: Most recently observed status of the resource.
required:
- spec
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: operatorconfigs.monitoring.googleapis.com
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
spec:
group: monitoring.googleapis.com
names:
kind: OperatorConfig
listKind: OperatorConfigList
plural: operatorconfigs
singular: operatorconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
type: object
description: OperatorConfig defines configuration of the gmp-operator.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
collection:
type: object
description: Collection specifies how the operator configures collection.
properties:
compression:
type: string
description: Compression enables compression of metrics collection data
enum:
- none
- gzip
credentials:
type: object
description: A reference to GCP service account credentials with which Prometheus collectors are run. It needs to have metric write permissions for all project IDs to which data is written. Within GKE, this can typically be left empty if the compute default service account has the required permissions.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
externalLabels:
type: object
additionalProperties:
type: string
description: ExternalLabels specifies external labels that are attached to all scraped data before being written to Cloud Monitoring. The precedence behavior matches that of Prometheus.
filter:
type: object
description: Filter limits which metric data is sent to Cloud Monitoring.
properties:
matchOneOf:
type: array
description: 'A list Prometheus time series matchers. Every time series must match at least one of the matchers to be exported. This field can be used equivalently to the match[] parameter of the Prometheus federation endpoint to selectively export data. Example: `["{job!=''foobar''}", "{__name__!~''container_foo.*|container_bar.*''}"]`'
items:
type: string
kubeletScraping:
type: object
description: Configuration to scrape the metric endpoints of the Kubelets.
properties:
interval:
type: string
description: The interval at which the metric endpoints are scraped.
required:
- interval
features:
type: object
description: Features holds configuration for optional managed-collection features.
properties:
targetStatus:
type: object
description: Configuration of target status reporting.
properties:
enabled:
type: boolean
description: Enable target status reporting.
managedAlertmanager:
type: object
default:
configSecret:
name: alertmanager
key: alertmanager.yaml
description: ManagedAlertmanager holds information for configuring the managed instance of Alertmanager.
properties:
configSecret:
type: object
description: ConfigSecret refers to the name of a single-key Secret in the public namespace that holds the managed Alertmanager config file.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
rules:
type: object
description: Rules specifies how the operator configures and deployes rule-evaluator.
properties:
alerting:
type: object
description: Alerting contains how the rule-evaluator configures alerting.
properties:
alertmanagers:
type: array
description: Alertmanagers contains endpoint configuration for designated Alertmanagers.
items:
type: object
description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.
properties:
name:
type: string
description: Name of Endpoints object in Namespace.
namespace:
type: string
description: Namespace of Endpoints object.
apiVersion:
type: string
description: Version of the Alertmanager API that rule-evaluator uses to send alerts. It can be "v1" or "v2".
port:
anyOf:
- type: integer
- type: string
description: Port the Alertmanager API is exposed on.
x-kubernetes-int-or-string: true
authorization:
type: object
description: Authorization section for this alertmanager endpoint
properties:
type:
type: string
description: Set the authentication type. Defaults to Bearer, Basic will cause an error
credentials:
type: object
description: The secret's key that contains the credentials of the request
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
pathPrefix:
type: string
description: Prefix for the HTTP path alerts are pushed to.
scheme:
type: string
description: Scheme to use when firing alerts.
timeout:
type: string
description: Timeout is a per-target Alertmanager timeout when pushing alerts.
tls:
type: object
description: TLS Config to use for alertmanager connection.
properties:
ca:
type: object
description: Struct containing the CA cert to use for the targets.
properties:
configMap:
type: object
description: ConfigMap containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key to select.
optional:
type: boolean
description: Specify whether the ConfigMap or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
secret:
type: object
description: Secret containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
cert:
type: object
description: Struct containing the client cert file for the targets.
properties:
configMap:
type: object
description: ConfigMap containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key to select.
optional:
type: boolean
description: Specify whether the ConfigMap or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
secret:
type: object
description: Secret containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
insecureSkipVerify:
type: boolean
description: Disable target certificate validation.
keySecret:
type: object
description: Secret containing the client key file for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
serverName:
type: string
description: Used to verify the hostname for the targets.
required:
- name
- namespace
- port
credentials:
type: object
description: A reference to GCP service account credentials with which the rule evaluator container is run. It needs to have metric read permissions against queryProjectId and metric write permissions against all projects to which rule results are written. Within GKE, this can typically be left empty if the compute default service account has the required permissions.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
externalLabels:
type: object
additionalProperties:
type: string
description: ExternalLabels specifies external labels that are attached to any rule results and alerts produced by rules. The precedence behavior matches that of Prometheus.
generatorUrl:
type: string
description: The base URL used for the generator URL in the alert notification payload. Should point to an instance of a query frontend that gives access to queryProjectID.
queryProjectID:
type: string
description: QueryProjectID is the GCP project ID to evaluate rules against. If left blank, the rule-evaluator will try attempt to infer the Project ID from the environment.
served: true
storage: true
- name: v1alpha1
deprecated: true
schema:
openAPIV3Schema:
type: object
description: OperatorConfig defines configuration of the gmp-operator.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
collection:
type: object
description: Collection specifies how the operator configures collection.
properties:
credentials:
type: object
description: A reference to GCP service account credentials with which Prometheus collectors are run. It needs to have metric write permissions for all project IDs to which data is written. Within GKE, this can typically be left empty if the compute default service account has the required permissions.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
externalLabels:
type: object
additionalProperties:
type: string
description: ExternalLabels specifies external labels that are attached to all scraped data before being written to Cloud Monitoring. The precedence behavior matches that of Prometheus.
filter:
type: object
description: Filter limits which metric data is sent to Cloud Monitoring.
properties:
matchOneOf:
type: array
description: 'A list Prometheus time series matchers. Every time series must match at least one of the matchers to be exported. This field can be used equivalently to the match[] parameter of the Prometheus federation endpoint to selectively export data. Example: `["{job=''prometheus''}", "{__name__=~''job:.*''}"]`'
items:
type: string
rules:
type: object
description: Rules specifies how the operator configures and deployes rule-evaluator.
properties:
alerting:
type: object
description: Alerting contains how the rule-evaluator configures alerting.
properties:
alertmanagers:
type: array
description: Alertmanagers contains endpoint configuration for designated Alertmanagers.
items:
type: object
description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.
properties:
name:
type: string
description: Name of Endpoints object in Namespace.
namespace:
type: string
description: Namespace of Endpoints object.
apiVersion:
type: string
description: Version of the Alertmanager API that rule-evaluator uses to send alerts. It can be "v1" or "v2".
port:
anyOf:
- type: integer
- type: string
description: Port the Alertmanager API is exposed on.
x-kubernetes-int-or-string: true
authorization:
type: object
description: Authorization section for this alertmanager endpoint
properties:
type:
type: string
description: Set the authentication type. Defaults to Bearer, Basic will cause an error
credentials:
type: object
description: The secret's key that contains the credentials of the request
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
pathPrefix:
type: string
description: Prefix for the HTTP path alerts are pushed to.
scheme:
type: string
description: Scheme to use when firing alerts.
timeout:
type: string
description: Timeout is a per-target Alertmanager timeout when pushing alerts.
tls:
type: object
description: TLS Config to use for alertmanager connection.
properties:
ca:
type: object
description: Struct containing the CA cert to use for the targets.
properties:
configMap:
type: object
description: ConfigMap containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key to select.
optional:
type: boolean
description: Specify whether the ConfigMap or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
secret:
type: object
description: Secret containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
cert:
type: object
description: Struct containing the client cert file for the targets.
properties:
configMap:
type: object
description: ConfigMap containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key to select.
optional:
type: boolean
description: Specify whether the ConfigMap or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
secret:
type: object
description: Secret containing data to use for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
insecureSkipVerify:
type: boolean
description: Disable target certificate validation.
keySecret:
type: object
description: Secret containing the client key file for the targets.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
serverName:
type: string
description: Used to verify the hostname for the targets.
required:
- name
- namespace
- port
credentials:
type: object
description: A reference to GCP service account credentials with which the rule evaluator container is run. It needs to have metric read permissions against queryProjectId and metric write permissions against all projects to which rule results are written. Within GKE, this can typically be left empty if the compute default service account has the required permissions.
properties:
name:
type: string
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
key:
type: string
description: The key of the secret to select from. Must be a valid secret key.
optional:
type: boolean
description: Specify whether the Secret or its key must be defined
required:
- key
x-kubernetes-map-type: atomic
externalLabels:
type: object
additionalProperties:
type: string
description: ExternalLabels specifies external labels that are attached to any rule results and alerts produced by rules. The precedence behavior matches that of Prometheus.
queryProjectID:
type: string
description: QueryProjectID is the GCP project ID to evaluate rules against. If left blank, the rule-evaluator will try attempt to infer the Project ID from the environment.
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: podmonitorings.monitoring.googleapis.com
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
spec:
group: monitoring.googleapis.com
names:
kind: PodMonitoring
listKind: PodMonitoringList
plural: podmonitorings
singular: podmonitoring
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
type: object
description: PodMonitoring defines monitoring for a set of pods, scoped to pods within the PodMonitoring's namespace.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of desired Pod selection for target discovery by Prometheus.
properties:
selector:
type: object
description: Label selector that specifies which pods are selected for this monitoring configuration.
properties:
matchExpressions:
type: array
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
type: object
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
type: string
description: key is the label key that the selector applies to.
operator:
type: string
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values:
type: array
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
required:
- key
- operator
matchLabels:
type: object
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
x-kubernetes-map-type: atomic
endpoints:
type: array
description: The endpoints to scrape on the selected pods.
items:
type: object
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to scrape. The container metadata label is only populated if the port is referenced by name because port numbers are not unique across containers.
x-kubernetes-int-or-string: true
interval:
type: string
default: 1m
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
pattern: ^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$
metricRelabeling:
type: array
description: Relabeling rules for metrics scraped from this endpoint. Relabeling rules that override protected target labels (project_id, location, cluster, namespace, job, instance, or __address__) are not permitted. The labelmap action is not permitted in general.
items:
type: object
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
type: string
description: Action to perform based on regex matching. Defaults to 'replace'.
modulus:
type: integer
description: Modulus to take of the hash of the source label values.
format: int64
regex:
type: string
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
replacement:
type: string
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Defaults to '$1'.
separator:
type: string
description: Separator placed between concatenated source label values. Defaults to ';'.
sourceLabels:
type: array
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
items:
type: string
targetLabel:
type: string
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
params:
type: object
additionalProperties:
type: array
items:
type: string
description: HTTP GET params to use when scraping.
path:
type: string
description: HTTP path to scrape metrics from. Defaults to "/metrics".
proxyUrl:
type: string
description: Proxy URL to scrape through. Encoded passwords are not supported.
scheme:
type: string
description: Protocol scheme to use to scrape.
timeout:
type: string
description: Timeout for metrics scrapes. Must be a valid Prometheus duration. Must not be larger then the scrape interval.
required:
- port
limits:
type: object
description: Limits to apply at scrape time.
properties:
labels:
type: integer
description: Maximum number of labels accepted for a single sample. Uses Prometheus default if left unspecified.
format: int64
labelNameLength:
type: integer
description: Maximum label name length. Uses Prometheus default if left unspecified.
format: int64
labelValueLength:
type: integer
description: Maximum label value length. Uses Prometheus default if left unspecified.
format: int64
samples:
type: integer
description: Maximum number of samples accepted within a single scrape. Uses Prometheus default if left unspecified.
format: int64
targetLabels:
type: object
description: Labels to add to the Prometheus target for discovered endpoints. The `instance` label is always set to `<pod_name>:<port>` or `<node_name>:<port>` if the scraped pod is controlled by a DaemonSet.
properties:
metadata:
type: array
description: Pod metadata labels that are set on all scraped targets. Permitted keys are `pod`, `container`, and `node` for PodMonitoring and `pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring. The `container` label is only populated if the scrape port is referenced by name. Defaults to [pod, container] for PodMonitoring and [namespace, pod, container] for ClusterPodMonitoring. If set to null, it will be interpreted as the empty list for PodMonitoring and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility only.
items:
type: string
fromPod:
type: array
description: Labels to transfer from the Kubernetes Pod to Prometheus target labels. Mappings are applied in order.
items:
type: object
description: LabelMapping specifies how to transfer a label from a Kubernetes resource onto a Prometheus target.
properties:
from:
type: string
description: Kubenetes resource label to remap.
to:
type: string
description: Remapped Prometheus target label. Defaults to the same name as `From`.
required:
- from
required:
- endpoints
- selector
status:
type: object
description: Most recently observed status of the resource.
properties:
conditions:
type: array
description: Represents the latest available observations of a podmonitor's current state.
items:
type: object
description: MonitoringCondition describes a condition of a PodMonitoring.
properties:
type:
type: string
description: MonitoringConditionType is the type of MonitoringCondition.
status:
type: string
description: Status of the condition, one of True, False, Unknown.
lastTransitionTime:
type: string
description: Last time the condition transitioned from one status to another.
format: date-time
lastUpdateTime:
type: string
description: The last time this condition was updated.
format: date-time
message:
type: string
description: A human-readable message indicating details about the transition.
reason:
type: string
description: The reason for the condition's last transition.
required:
- status
- type
endpointStatuses:
type: array
description: Represents the latest available observations of target state for each ScrapeEndpoint.
items:
type: object
properties:
name:
type: string
description: The name of the ScrapeEndpoint.
activeTargets:
type: integer
description: Total number of active targets.
format: int64
collectorsFraction:
type: string
description: Fraction of collectors included in status, bounded [0,1]. Ideally, this should always be 1. Anything less can be considered a problem and should be investigated.
lastUpdateTime:
type: string
description: Last time this status was updated.
format: date-time
sampleGroups:
type: array
description: A fixed sample of targets grouped by error type.
items:
type: object
properties:
count:
type: integer
description: Total count of similar errors.
format: int32
sampleTargets:
type: array
description: Targets emitting the error message.
items:
type: object
properties:
labels:
type: object
additionalProperties:
type: string
description: A LabelValue is an associated value for a LabelName.
description: The label set, keys and values, of the target.
health:
type: string
description: Health status.
lastError:
type: string
description: Error message.
lastScrapeDurationSeconds:
type: string
description: Scrape duration in seconds.
unhealthyTargets:
type: integer
description: Total number of active, unhealthy targets.
format: int64
required:
- name
observedGeneration:
type: integer
description: The generation observed by the controller.
format: int64
required:
- spec
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
deprecated: true
schema:
openAPIV3Schema:
type: object
description: PodMonitoring defines monitoring for a set of pods.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of desired Pod selection for target discovery by Prometheus.
properties:
selector:
type: object
description: Label selector that specifies which pods are selected for this monitoring configuration.
properties:
matchExpressions:
type: array
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
type: object
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
type: string
description: key is the label key that the selector applies to.
operator:
type: string
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values:
type: array
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
required:
- key
- operator
matchLabels:
type: object
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
x-kubernetes-map-type: atomic
endpoints:
type: array
description: The endpoints to scrape on the selected pods.
items:
type: object
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to scrape.
x-kubernetes-int-or-string: true
interval:
type: string
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
metricRelabeling:
type: array
description: Relabeling rules for metrics scraped from this endpoint. Relabeling rules that override protected target labels (project_id, location, cluster, namespace, job, instance, or __address__) are not permitted. The labelmap action is not permitted in general.
items:
type: object
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
type: string
description: Action to perform based on regex matching. Defaults to 'replace'.
modulus:
type: integer
description: Modulus to take of the hash of the source label values.
format: int64
regex:
type: string
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
replacement:
type: string
description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Defaults to '$1'.
separator:
type: string
description: Separator placed between concatenated source label values. Defaults to ';'.
sourceLabels:
type: array
description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.
items:
type: string
targetLabel:
type: string
description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.
params:
type: object
additionalProperties:
type: array
items:
type: string
description: HTTP GET params to use when scraping.
path:
type: string
description: HTTP path to scrape metrics from. Defaults to "/metrics".
proxyUrl:
type: string
description: Proxy URL to scrape through. Encoded passwords are not supported.
scheme:
type: string
description: Protocol scheme to use to scrape.
timeout:
type: string
description: Timeout for metrics scrapes. Must be a valid Prometheus duration. Must not be larger then the scrape interval.
required:
- port
limits:
type: object
description: Limits to apply at scrape time.
properties:
labels:
type: integer
description: Maximum number of labels accepted for a single sample. Uses Prometheus default if left unspecified.
format: int64
labelNameLength:
type: integer
description: Maximum label name length. Uses Prometheus default if left unspecified.
format: int64
labelValueLength:
type: integer
description: Maximum label value length. Uses Prometheus default if left unspecified.
format: int64
samples:
type: integer
description: Maximum number of samples accepted within a single scrape. Uses Prometheus default if left unspecified.
format: int64
targetLabels:
type: object
description: Labels to add to the Prometheus target for discovered endpoints.
properties:
metadata:
type: array
description: Pod metadata labels that are set on all scraped targets. Permitted keys are `pod`, `container`, and `node` for PodMonitoring and `pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring. Defaults to [pod, container] for PodMonitoring and [namespace, pod, container] for ClusterPodMonitoring. If set to null, it will be interpreted as the empty list for PodMonitoring and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility only.
items:
type: string
fromPod:
type: array
description: Labels to transfer from the Kubernetes Pod to Prometheus target labels. Mappings are applied in order.
items:
type: object
description: LabelMapping specifies how to transfer a label from a Kubernetes resource onto a Prometheus target.
properties:
from:
type: string
description: Kubenetes resource label to remap.
to:
type: string
description: Remapped Prometheus target label. Defaults to the same name as `From`.
required:
- from
required:
- endpoints
- selector
status:
type: object
description: Most recently observed status of the resource.
properties:
conditions:
type: array
description: Represents the latest available observations of a podmonitor's current state.
items:
type: object
description: MonitoringCondition describes a condition of a PodMonitoring.
properties:
type:
type: string
description: MonitoringConditionType is the type of MonitoringCondition.
status:
type: string
description: Status of the condition, one of True, False, Unknown.
lastTransitionTime:
type: string
description: Last time the condition transitioned from one status to another.
format: date-time
lastUpdateTime:
type: string
description: The last time this condition was updated.
format: date-time
message:
type: string
description: A human-readable message indicating details about the transition.
reason:
type: string
description: The reason for the condition's last transition.
required:
- status
- type
observedGeneration:
type: integer
description: The generation observed by the controller.
format: int64
required:
- spec
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: rules.monitoring.googleapis.com
annotations:
controller-gen.kubebuilder.io/version: v0.12.0
spec:
group: monitoring.googleapis.com
names:
kind: Rules
listKind: RulesList
plural: rules
singular: rules
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
type: object
description: Rules defines Prometheus alerting and recording rules that are scoped to the namespace of the resource. Only metric data from this namespace is processed and all rule results have their project_id, cluster, and namespace label preserved for query processing. If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of rules to record and alert on.
properties:
groups:
type: array
description: A list of Prometheus rule groups.
items:
type: object
description: 'RuleGroup declares rules in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
name:
type: string
description: The name of the rule group.
interval:
type: string
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
rules:
type: array
description: A list of rules that are executed sequentially as part of this group.
items:
type: object
description: 'Rule is a single rule in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
labels:
type: object
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
annotations:
type: object
additionalProperties:
type: string
description: A set of annotations to attach to alerts produced by the query expression. Only valid if `alert` is set.
alert:
type: string
description: Name of the alert to evaluate the expression as. Only one of `record` and `alert` must be set.
expr:
type: string
description: The PromQL expression to evaluate.
for:
type: string
description: The duration to wait before a firing alert produced by this rule is sent to Alertmanager. Only valid if `alert` is set.
record:
type: string
description: Record the result of the expression to this metric name. Only one of `record` and `alert` must be set.
required:
- expr
required:
- interval
- name
- rules
required:
- groups
status:
type: object
description: Most recently observed status of the resource.
required:
- spec
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
deprecated: true
schema:
openAPIV3Schema:
type: object
description: Rules defines Prometheus alerting and recording rules that are scoped to the namespace of the resource. Only metric data from this namespace is processed and all rule results have their project_id, cluster, and namespace label preserved for query processing. If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
type: string
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
kind:
type: string
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
metadata:
type: object
spec:
type: object
description: Specification of rules to record and alert on.
properties:
groups:
type: array
description: A list of Prometheus rule groups.
items:
type: object
description: 'RuleGroup declares rules in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
name:
type: string
description: The name of the rule group.
interval:
type: string
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
rules:
type: array
description: A list of rules that are executed sequentially as part of this group.
items:
type: object
description: 'Rule is a single rule in the Prometheus format: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/'
properties:
labels:
type: object
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
annotations:
type: object
additionalProperties:
type: string
description: A set of annotations to attach to alerts produced by the query expression. Only valid if `alert` is set.
alert:
type: string
description: Name of the alert to evaluate the expression as. Only one of `record` and `alert` must be set.
expr:
type: string
description: The PromQL expression to evaluate.
for:
type: string
description: The duration to wait before a firing alert produced by this rule is sent to Alertmanager. Only valid if `alert` is set.
record:
type: string
description: Record the result of the expression to this metric name. Only one of `record` and `alert` must be set.
required:
- expr
required:
- interval
- name
- rules
required:
- groups
status:
type: object
description: Most recently observed status of the resource.
required:
- spec
served: true
storage: false
subresources:
status: {}
operator.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: This file is autogenerated.
apiVersion: v1
kind: Namespace
metadata:
name: gmp-system
---
apiVersion: v1
kind: Namespace
metadata:
name: gmp-public
---
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: gmp-critical
value: 1000000000
description: Used for GMP collector pods.
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: collector
namespace: gmp-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: operator
namespace: gmp-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gmp-system:collector
rules:
- resources:
- endpoints
- nodes
- nodes/metrics
- pods
- services
apiGroups: [""]
verbs: ["get", "list", "watch"]
- resources:
- configmaps
apiGroups: [""]
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: operator
namespace: gmp-system
rules:
- resources:
- pods
apiGroups: [""]
verbs: ["list", "watch"]
- resources:
- secrets
apiGroups: [""]
verbs: ["list", "watch", "create"]
- resources:
- secrets
apiGroups: [""]
resourceNames: ["collection", "rules", "alertmanager"]
verbs: ["get", "patch", "update"]
- resources:
- configmaps
apiGroups: [""]
verbs: ["list", "watch", "create"]
- resources:
- configmaps
apiGroups: [""]
resourceNames: ["collector", "rule-evaluator", "rules-generated"]
verbs: ["get", "patch", "update"]
- resources:
- daemonsets
apiGroups: ["apps"]
resourceNames: ["collector"]
verbs: ["get", "list", "watch", "delete", "patch", "update"]
- resources:
- deployments
apiGroups: ["apps"]
verbs: ["list", "watch"]
- resources:
- deployments
apiGroups: ["apps"]
resourceNames: ["rule-evaluator"]
verbs: ["get", "delete", "patch", "update"]
- resources:
- services
apiGroups: [""]
resourceNames: ["alertmanager"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: operator
namespace: gmp-public
rules:
- resources:
- secrets
apiGroups: [""]
verbs: ["get", "list", "watch"]
- resources:
- operatorconfigs
apiGroups: ["monitoring.googleapis.com"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gmp-system:operator
rules:
- resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
apiGroups: ["admissionregistration.k8s.io"]
resourceNames:
- gmp-operator.gmp-system.monitoring.googleapis.com
verbs: ["get", "patch", "update", "watch"]
- resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
apiGroups: ["admissionregistration.k8s.io"]
resourceNames:
- gmp-operator
verbs: ["delete"]
- resources:
- clusterpodmonitorings
- clusterrules
- globalrules
- podmonitorings
- rules
apiGroups: ["monitoring.googleapis.com"]
verbs: ["get", "list", "watch"]
- resources:
- clusterpodmonitorings/status
- clusterrules/status
- globalrules/status
- podmonitorings/status
- rules/status
apiGroups: ["monitoring.googleapis.com"]
verbs: ["get", "patch", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gmp-system:operator
roleRef:
name: gmp-system:operator
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: operator
namespace: gmp-system
kind: ServiceAccount
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: operator
namespace: gmp-public
roleRef:
name: operator
kind: Role
apiGroup: rbac.authorization.k8s.io
subjects:
- name: operator
namespace: gmp-system
kind: ServiceAccount
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: operator
namespace: gmp-system
roleRef:
name: operator
kind: Role
apiGroup: rbac.authorization.k8s.io
subjects:
- name: operator
kind: ServiceAccount
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gmp-system:collector
roleRef:
name: gmp-system:collector
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: collector
namespace: gmp-system
kind: ServiceAccount
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gmp-operator
namespace: gmp-system
labels:
app: managed-prometheus-operator
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
template:
metadata:
labels:
app: managed-prometheus-operator
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
app.kubernetes.io/version: 0.7.4
spec:
serviceAccountName: operator
automountServiceAccountToken: true
priorityClassName: gmp-critical
containers:
- name: operator
image: gke.gcr.io/prometheus-engine/operator:v0.7.4-gke.0
args:
- "--operator-namespace=gmp-system"
- "--public-namespace=gmp-public"
- "--webhook-addr=:10250"
ports:
- name: web
# Note this should match the --listen-addr flag passed in to the operator args.
# Default is 10250.
containerPort: 10250
- name: metrics
# Note this should match the --metrics-addr flag passed in to the operator args.
# Default is 18080.
containerPort: 18080
resources:
limits:
memory: 2G
requests:
cpu: 1m
memory: 16M
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
---
apiVersion: v1
kind: Service
metadata:
name: gmp-operator
namespace: gmp-system
spec:
selector:
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
ports:
# This port does not do anything, but allows upgrades in the case
# of server-side apply (SSA) conflicts.
# TODO(pintohutch): remove once the SSA issues from upgrades are resolved.
- name: legacy
protocol: TCP
port: 8443
targetPort: webhook
- name: webhook
protocol: TCP
port: 443
targetPort: web
---
apiVersion: monitoring.googleapis.com/v1
kind: OperatorConfig
metadata:
name: config
namespace: gmp-public
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: gmp-operator.gmp-system.monitoring.googleapis.com
webhooks:
- name: validate.podmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/podmonitorings
failurePolicy: Fail
rules:
- resources:
- podmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.clusterpodmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/clusterpodmonitorings
failurePolicy: Fail
rules:
- resources:
- clusterpodmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.rules.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/rules
failurePolicy: Fail
rules:
- resources:
- rules
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.clusterrules.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/clusterrules
failurePolicy: Fail
rules:
- resources:
- clusterrules
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.globalrules.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/globalrules
failurePolicy: Fail
rules:
- resources:
- globalrules
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.operatorconfigs.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/operatorconfigs
failurePolicy: Fail
rules:
- resources:
- operatorconfigs
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: gmp-operator.gmp-system.monitoring.googleapis.com
webhooks:
- name: default.podmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /default/monitoring.googleapis.com/v1/podmonitorings
failurePolicy: Fail
rules:
- resources:
- podmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: default.clusterpodmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /default/monitoring.googleapis.com/v1/clusterpodmonitorings
failurePolicy: Fail
rules:
- resources:
- clusterpodmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: collector
namespace: gmp-system
spec:
selector:
matchLabels:
# DO NOT MODIFY - label selectors are immutable by the Kubernetes API.
# see: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#pod-selector
app.kubernetes.io/name: collector
template:
metadata:
labels:
app: managed-prometheus-collector
app.kubernetes.io/name: collector
app.kubernetes.io/version: 0.7.4
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set.
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
components.gke.io/component-name: managed_prometheus
spec:
serviceAccountName: collector
automountServiceAccountToken: true
priorityClassName: gmp-critical
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:20220419
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.7.4-gke.0
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --reload-url=http://localhost:19090/-/reload
- --ready-url=http://localhost:19090/-/ready
- --listen-address=:19091
ports:
- name: cfg-rel-metrics
containerPort: 19091
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
- name: prometheus
image: gke.gcr.io/prometheus-engine/prometheus:v2.41.0-gmp.4-gke.1
args:
- --config.file=/prometheus/config_out/config.yaml
- --enable-feature=exemplar-storage
- --storage.tsdb.path=/prometheus/data
- --storage.tsdb.no-lockfile
# Keep 30 minutes of data. As we are backed by an emptyDir volume, this will count towards
# the containers memory usage. We could lower it further if this becomes problematic, but
# it the window for local data is quite convenient for debugging.
- --storage.tsdb.retention.time=30m
- --storage.tsdb.wal-compression
# Effectively disable compaction and make blocks short enough so that our retention window
# can be kept in practice.
- --storage.tsdb.min-block-duration=10m
- --storage.tsdb.max-block-duration=10m
- --web.listen-address=:19090
- --web.enable-lifecycle
- --web.route-prefix=/
- --export.user-agent-mode=kubectl
# JSON log format is needed for GKE to display log levels correctly.
- --log.format=json
ports:
- name: prom-metrics
containerPort: 19090
# The environment variable EXTRA_ARGS will be populated by the operator.
# DO NOT specify it here.
env:
- name: GOGC
value: "25"
resources:
limits:
memory: 2G
requests:
cpu: 8m
memory: 32M
volumeMounts:
- name: storage
mountPath: /prometheus/data
- name: config-out
readOnly: true
mountPath: /prometheus/config_out
- name: collection-secret
readOnly: true
mountPath: /etc/secrets
livenessProbe:
httpGet:
port: 19090
path: /-/healthy
scheme: HTTP
readinessProbe:
httpGet:
port: 19090
path: /-/ready
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
volumes:
- name: storage
emptyDir: {}
- name: config
configMap:
name: collector
- name: config-out
emptyDir: {}
- name: collection-secret
secret:
secretName: collection
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rule-evaluator
namespace: gmp-system
spec:
replicas: 1
selector:
matchLabels:
# DO NOT MODIFY - label selectors are immutable by the Kubernetes API.
# see: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#label-selector-updates.
app.kubernetes.io/name: rule-evaluator
template:
metadata:
labels:
app: managed-prometheus-rule-evaluator
app.kubernetes.io/name: rule-evaluator
app.kubernetes.io/version: 0.7.4
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set.
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
components.gke.io/component-name: managed_prometheus
spec:
serviceAccountName: collector
automountServiceAccountToken: true
priorityClassName: gmp-critical
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:20220419
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.7.4-gke.0
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --watched-dir=/etc/rules
- --watched-dir=/etc/secrets
- --reload-url=http://localhost:19092/-/reload
- --ready-url=http://localhost:19092/-/ready
- --listen-address=:19093
ports:
- name: cfg-rel-metrics
containerPort: 19093
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
- name: rules
readOnly: true
mountPath: /etc/rules
- name: rules-secret
readOnly: true
mountPath: /etc/secrets
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
- name: evaluator
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.7.4-gke.0
args:
- --config.file=/prometheus/config_out/config.yaml
- --web.listen-address=:19092
- --export.user-agent-mode=kubectl
ports:
- name: r-eval-metrics
containerPort: 19092
resources:
limits:
memory: 1G
requests:
cpu: 1m
memory: 16M
volumeMounts:
- name: config-out
readOnly: true
mountPath: /prometheus/config_out
- name: rules
readOnly: true
mountPath: /etc/rules
- name: rules-secret
readOnly: true
mountPath: /etc/secrets
livenessProbe:
httpGet:
port: 19092
path: /-/healthy
scheme: HTTP
readinessProbe:
httpGet:
port: 19092
path: /-/ready
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
volumes:
- name: config
configMap:
name: rule-evaluator
defaultMode: 420
- name: config-out
emptyDir: {}
- name: rules
configMap:
name: rules-generated
defaultMode: 420
- name: rules-secret
secret:
defaultMode: 420
secretName: rules
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
---
apiVersion: v1
kind: Service
metadata:
name: alertmanager
namespace: gmp-system
spec:
selector:
app.kubernetes.io/name: alertmanager
ports:
- name: alertmanager
port: 9093
targetPort: 9093
clusterIP: None
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: alertmanager
namespace: gmp-system
spec:
replicas: 1
selector:
matchLabels:
app: managed-prometheus-alertmanager
app.kubernetes.io/name: alertmanager
template:
metadata:
labels:
app: managed-prometheus-alertmanager
app.kubernetes.io/name: alertmanager
app.kubernetes.io/version: 0.7.4
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
components.gke.io/component-name: managed_prometheus
spec:
priorityClassName: gmp-critical
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:20220419
command: ['/bin/bash', '-c', 'touch /alertmanager/config_out/config.yaml && echo -e "receivers:\n - name: noop\nroute:\n receiver: noop" > alertmanager/config_out/config.yaml']
volumeMounts:
- name: alertmanager-config
mountPath: /alertmanager/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
containers:
- name: alertmanager
image: gke.gcr.io/prometheus-engine/alertmanager:v0.25.1-gmp.0-gke.1
args:
- --config.file=/alertmanager/config_out/config.yaml
- --storage.path=/alertmanager-data
- --cluster.listen-address=[$(POD_IP)]:9094
- --web.listen-address=:9093
- --log.format=json
ports:
- name: alertmanager
containerPort: 9093
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
resources:
limits:
memory: 128M
requests:
cpu: 1m
memory: 16M
volumeMounts:
- name: alertmanager-config
readOnly: true
mountPath: /alertmanager/config_out
- name: alertmanager-data
mountPath: /alertmanager-data
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.7.4-gke.0
args:
- --config-file=/alertmanager/config.yaml
- --config-file-output=/alertmanager/config_out/config.yaml
- --reload-url=http://localhost:9093/-/reload
- --ready-url=http://localhost:9093/-/ready
- --listen-address=:19091
ports:
- name: cfg-rel-metrics
containerPort: 19091
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /alertmanager
- name: alertmanager-config
mountPath: /alertmanager/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
volumes:
- name: config
secret:
secretName: alertmanager
- name: alertmanager-data
emptyDir: {}
- name: alertmanager-config
emptyDir: {}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceName: alertmanager
example-app.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: prom-example
labels:
app.kubernetes.io/name: prom-example
spec:
selector:
matchLabels:
app.kubernetes.io/name: prom-example
replicas: 3
template:
metadata:
labels:
app.kubernetes.io/name: prom-example
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- image: nilebox/prometheus-example-app@sha256:dab60d038c5d6915af5bcbe5f0279a22b95a8c8be254153e22d7cd81b21b84c5
name: prom-example
ports:
- name: metrics
containerPort: 1234
command:
- "/main"
- "--process-metrics"
- "--go-metrics"
pod-monitoring.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: monitoring.googleapis.com/v1
kind: PodMonitoring
metadata:
name: prom-example
labels:
app.kubernetes.io/name: prom-example
spec:
selector:
matchLabels:
app.kubernetes.io/name: prom-example
endpoints:
- port: metrics
interval: 30s
prometheus.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gmp-test:prometheus-test
rules:
- apiGroups: [""]
resources:
- pods
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gmp-test:prometheus-test
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gmp-test:prometheus-test
subjects:
- kind: ServiceAccount
namespace: gmp-test
name: default
---
apiVersion: v1
kind: Service
metadata:
namespace: gmp-test
name: prometheus-test
labels:
prometheus: test
spec:
type: ClusterIP
selector:
app: prometheus
prometheus: test
ports:
- name: web
port: 9090
targetPort: web
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: gmp-test
name: prometheus-test
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set. See
# https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-types-of-pods-can-prevent-ca-from-removing-a-node
# for details.
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
labels:
prometheus: test
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
prometheus: test
serviceName: prometheus-test
template:
metadata:
labels:
app: prometheus
prometheus: test
spec:
automountServiceAccountToken: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:20220419
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
containers:
- name: prometheus
image: gke.gcr.io/prometheus-engine/prometheus:v2.41.0-gmp.4-gke.1
args:
- --config.file=/prometheus/config_out/config.yaml
- --storage.tsdb.path=/prometheus/data
- --storage.tsdb.retention.time=24h
- --web.enable-lifecycle
- --storage.tsdb.no-lockfile
- --web.route-prefix=/
ports:
- name: web
containerPort: 9090
readinessProbe:
httpGet:
path: /-/ready
port: web
scheme: HTTP
resources:
requests:
memory: 400Mi
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
readOnly: true
- name: prometheus-db
mountPath: /prometheus/data
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.7.4-gke.0
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --reload-url=http://localhost:9090/-/reload
- --ready-url=http://localhost:9090/-/ready
- --listen-address=:19091
ports:
- name: reloader-web
containerPort: 8080
resources:
limits:
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
volumeMounts:
- name: config
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
terminationGracePeriodSeconds: 600
volumes:
- name: prometheus-db
emptyDir: {}
- name: config
configMap:
name: prometheus-test
defaultMode: 420
- name: config-out
emptyDir: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: gmp-test
name: prometheus-test
labels:
prometheus: test
data:
config.yaml: |
global:
scrape_interval: 30s
scrape_configs:
# Let Prometheus scrape itself.
- job_name: prometheus
static_configs:
- targets: ['localhost:9090']
# Scrape pods with label app=prom-example across all namespaces
# on the port named 'metrics'.
- job_name: prom-example
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
regex: prom-example
action: keep
- source_labels: [__meta_kubernetes_namespace]
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name, __meta_kubernetes_pod_container_port_name]
regex: (.+);(.+)
target_label: instance
replacement: $1:$2
action: replace
- source_labels: [__meta_kubernetes_pod_container_port_name]
regex: metrics
action: keep
frontend.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
spec:
replicas: 2
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
automountServiceAccountToken: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: frontend
image: gke.gcr.io/prometheus-engine/frontend:v0.7.4-gke.0
args:
- "--web.listen-address=:9090"
- "--query.project-id=$PROJECT_ID"
ports:
- name: web
containerPort: 9090
readinessProbe:
httpGet:
path: /-/ready
port: web
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
livenessProbe:
httpGet:
path: /-/healthy
port: web
---
apiVersion: v1
kind: Service
metadata:
name: frontend
spec:
clusterIP: None
selector:
app: frontend
ports:
- name: web
port: 9090
grafana.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: grafana
image: grafana/grafana:9.4.7
ports:
- name: web
containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: grafana
spec:
clusterIP: None
selector:
app: grafana
ports:
- name: web
port: 3000
rule-evaluator.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: This file is autogenerated.
apiVersion: v1
kind: ConfigMap
metadata:
name: rule-evaluator
labels:
app.kubernetes.io/name: rule-evaluator
data:
config.yaml: |
global:
external_labels: {}
evaluation_interval: 60s
rule_files:
- "/etc/rules/*.yaml"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: rules
labels:
app.kubernetes.io/name: rule-evaluator
data:
rules.yaml: |
groups:
- name: example
interval: 10s
rules:
- record: job:up:sum
expr: sum without(instance) (up)
- alert: AlwaysFiring
expr: vector(1)
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rule-evaluator
labels:
app.kubernetes.io/name: rule-evaluator
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: rule-evaluator
template:
metadata:
labels:
app.kubernetes.io/name: rule-evaluator
app.kubernetes.io/version: 0.7.4
spec:
serviceAccountName: rule-evaluator
automountServiceAccountToken: true
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:20220419
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.7.4-gke.0
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --watched-dir=/etc/rules
- --reload-url=http://localhost:9092/-/reload
- --ready-url=http://localhost:9092/-/ready
- --listen-address=:9093
ports:
- name: cfg-rel-metrics
protocol: TCP
containerPort: 9093
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
- name: rules
readOnly: true
mountPath: /etc/rules
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
- name: evaluator
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.7.4-gke.0
args:
- "--config.file=/prometheus/config_out/config.yaml"
- "--web.listen-address=:9092"
ports:
- name: r-eval-metrics
containerPort: 9092
resources:
limits:
memory: 1G
requests:
cpu: 1m
memory: 16M
volumeMounts:
- name: config-out
readOnly: true
mountPath: /prometheus/config_out
- name: rules
readOnly: true
mountPath: /etc/rules
livenessProbe:
httpGet:
port: r-eval-metrics
path: /-/healthy
readinessProbe:
httpGet:
port: r-eval-metrics
path: /-/ready
# Readiness attempts a query round-trip so we need a more generous timeout.
timeoutSeconds: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
volumes:
- name: config
configMap:
name: rule-evaluator
- name: config-out
emptyDir: {}
- name: rules
configMap:
name: rules
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rule-evaluator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rule-evaluator
rules:
- resources:
- endpoints
- nodes
- nodes/metrics
- pods
- services
apiGroups: [""]
verbs: ["get", "list", "watch"]
- resources:
- configmaps
apiGroups: [""]
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rule-evaluator
roleRef:
name: rule-evaluator
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: rule-evaluator
namespace: default
kind: ServiceAccount
rules.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: monitoring.googleapis.com/v1
kind: Rules
metadata:
name: example-rules
labels:
app.kubernetes.io/name: example-rules
app.kubernetes.io/part-of: google-cloud-managed-prometheus
spec:
groups:
- name: example
interval: 30s
rules:
- record: job:up:sum
expr: sum without(instance) (up)
- alert: AlwaysFiring
expr: vector(1)