This document shows the contents of the manifests used in the Managed Service for Prometheus documentation.
setup.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NOTE: This file is autogenerated.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.1-gmp
name: clusternodemonitorings.monitoring.googleapis.com
spec:
group: monitoring.googleapis.com
names:
kind: ClusterNodeMonitoring
listKind: ClusterNodeMonitoringList
plural: clusternodemonitorings
singular: clusternodemonitoring
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: ClusterNodeMonitoring defines monitoring for a set of nodes.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of desired node selection for target discovery by
Prometheus.
properties:
endpoints:
description: The endpoints to scrape on the selected nodes.
items:
description: |-
ScrapeNodeEndpoint specifies a Prometheus metrics endpoint on a node to scrape.
It contains all the fields used in the ScrapeEndpoint except for port and HTTPClientConfig.
properties:
interval:
default: 1m
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
pattern: ^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$
type: string
metricRelabeling:
description: |-
Relabeling rules for metrics scraped from this endpoint. Relabeling rules that
override protected target labels (project_id, location, cluster, namespace, job,
instance, or __address__) are not permitted. The labelmap action is not permitted
in general.
items:
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
description: Action to perform based on regex matching. Defaults to 'replace'.
type: string
modulus:
description: Modulus to take of the hash of the source label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
type: string
replacement:
description: |-
Replacement value against which a regex replace is performed if the
regular expression matches. Regex capture groups are available. Defaults to '$1'.
type: string
separator:
description: Separator placed between concatenated source label values. Defaults to ';'.
type: string
sourceLabels:
description: |-
The source labels select values from existing labels. Their content is concatenated
using the configured separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: |-
Label to which the resulting value is written in a replace action.
It is mandatory for replace actions. Regex capture groups are available.
type: string
type: object
type: array
params:
additionalProperties:
items:
type: string
type: array
description: HTTP GET params to use when scraping.
type: object
path:
description: HTTP path to scrape metrics from. Defaults to "/metrics".
type: string
scheme:
description: Protocol scheme to use to scrape.
type: string
timeout:
description: |-
Timeout for metrics scrapes. Must be a valid Prometheus duration.
Must not be larger then the scrape interval.
type: string
tls:
description: TLS configures the scrape request's TLS settings.
properties:
insecureSkipVerify:
description: InsecureSkipVerify disables target certificate validation.
type: boolean
type: object
type: object
type: array
limits:
description: Limits to apply at scrape time.
properties:
labelNameLength:
description: |-
Maximum label name length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labelValueLength:
description: |-
Maximum label value length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labels:
description: |-
Maximum number of labels accepted for a single sample.
Uses Prometheus default if left unspecified.
format: int64
type: integer
samples:
description: |-
Maximum number of samples accepted within a single scrape.
Uses Prometheus default if left unspecified.
format: int64
type: integer
type: object
selector:
description: |-
Label selector that specifies which nodes are selected for this monitoring
configuration. If left empty all nodes are selected.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
required:
- endpoints
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes the condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.1-gmp
name: clusterpodmonitorings.monitoring.googleapis.com
spec:
group: monitoring.googleapis.com
names:
kind: ClusterPodMonitoring
listKind: ClusterPodMonitoringList
plural: clusterpodmonitorings
singular: clusterpodmonitoring
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
ClusterPodMonitoring defines monitoring for a set of pods, scoped to all
pods within the cluster.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of desired Pod selection for target discovery by
Prometheus.
properties:
endpoints:
description: The endpoints to scrape on the selected pods.
items:
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
authorization:
description: Authorization is the HTTP authorization credentials for the targets.
properties:
credentials:
description: Credentials uses the secret as the credentials (token) for the authentication header.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
type:
description: |-
Type is the authentication type. Defaults to Bearer.
Basic will cause an error, as the BasicAuth object should be used instead.
type: string
type: object
basicAuth:
description: BasicAuth is the HTTP basic authentication credentials for the targets.
properties:
password:
description: Password uses the secret as the BasicAuth password.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
username:
description: Username is the BasicAuth username.
type: string
type: object
interval:
default: 1m
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
pattern: ^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$
type: string
metricRelabeling:
description: |-
Relabeling rules for metrics scraped from this endpoint. Relabeling rules that
override protected target labels (project_id, location, cluster, namespace, job,
instance, or __address__) are not permitted. The labelmap action is not permitted
in general.
items:
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
description: Action to perform based on regex matching. Defaults to 'replace'.
type: string
modulus:
description: Modulus to take of the hash of the source label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
type: string
replacement:
description: |-
Replacement value against which a regex replace is performed if the
regular expression matches. Regex capture groups are available. Defaults to '$1'.
type: string
separator:
description: Separator placed between concatenated source label values. Defaults to ';'.
type: string
sourceLabels:
description: |-
The source labels select values from existing labels. Their content is concatenated
using the configured separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: |-
Label to which the resulting value is written in a replace action.
It is mandatory for replace actions. Regex capture groups are available.
type: string
type: object
type: array
oauth2:
description: OAuth2 is the OAuth2 client credentials used to fetch a token for the targets.
properties:
clientID:
description: ClientID is the public identifier for the client.
type: string
clientSecret:
description: ClientSecret uses the secret as the client secret token.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
endpointParams:
additionalProperties:
type: string
description: EndpointParams are additional parameters to append to the token URL.
type: object
proxyUrl:
description: |-
ProxyURL is the HTTP proxy server to use to connect to the targets.
Encoded passwords are not supported.
type: string
scopes:
description: Scopes represents the scopes for the token request.
items:
type: string
type: array
tlsConfig:
description: TLS configures the token request's TLS settings.
properties:
ca:
description: |-
SecretSelector references a secret from a secret provider e.g. Kubernetes Secret. Only one
provider can be used at a time.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
cert:
description: Cert uses the secret as the certificate for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
insecureSkipVerify:
description: InsecureSkipVerify disables target certificate validation.
type: boolean
key:
description: Key uses the secret as the private key for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
maxVersion:
description: |-
MaxVersion is the maximum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
minVersion:
description: |-
MinVersion is the minimum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
serverName:
description: ServerName is used to verify the hostname for the targets.
type: string
type: object
tokenURL:
description: TokenURL is the URL to fetch the token from.
type: string
type: object
params:
additionalProperties:
items:
type: string
type: array
description: HTTP GET params to use when scraping.
type: object
path:
description: HTTP path to scrape metrics from. Defaults to "/metrics".
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Name or number of the port to scrape.
The container metadata label is only populated if the port is referenced by name
because port numbers are not unique across containers.
x-kubernetes-int-or-string: true
proxyUrl:
description: |-
ProxyURL is the HTTP proxy server to use to connect to the targets.
Encoded passwords are not supported.
type: string
scheme:
description: Protocol scheme to use to scrape.
type: string
timeout:
description: |-
Timeout for metrics scrapes. Must be a valid Prometheus duration.
Must not be larger than the scrape interval.
type: string
tls:
description: TLS configures the scrape request's TLS settings.
properties:
ca:
description: |-
SecretSelector references a secret from a secret provider e.g. Kubernetes Secret. Only one
provider can be used at a time.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
cert:
description: Cert uses the secret as the certificate for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
insecureSkipVerify:
description: InsecureSkipVerify disables target certificate validation.
type: boolean
key:
description: Key uses the secret as the private key for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
namespace:
description: |-
Namespace of the secret to select from.
If empty the parent resource namespace will be chosen.
type: string
required:
- key
- name
type: object
type: object
maxVersion:
description: |-
MaxVersion is the maximum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
minVersion:
description: |-
MinVersion is the minimum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
serverName:
description: ServerName is used to verify the hostname for the targets.
type: string
type: object
required:
- port
type: object
type: array
filterRunning:
description: |-
FilterRunning will drop any pods that are in the "Failed" or "Succeeded"
pod lifecycle.
See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
Specifically, this prevents scraping Succeeded pods from K8s jobs, which
could contribute to noisy logs or irrelevant metrics.
Additionally, it can mitigate issues with reusing stale target
labels in cases where Pod IPs are reused (e.g. spot containers).
See: https://github.com/GoogleCloudPlatform/prometheus-engine/issues/145
type: boolean
limits:
description: Limits to apply at scrape time.
properties:
labelNameLength:
description: |-
Maximum label name length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labelValueLength:
description: |-
Maximum label value length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labels:
description: |-
Maximum number of labels accepted for a single sample.
Uses Prometheus default if left unspecified.
format: int64
type: integer
samples:
description: |-
Maximum number of samples accepted within a single scrape.
Uses Prometheus default if left unspecified.
format: int64
type: integer
type: object
selector:
description: |-
Label selector that specifies which pods are selected for this monitoring
configuration.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
targetLabels:
description: |-
Labels to add to the Prometheus target for discovered endpoints.
The `instance` label is always set to `<pod_name>:<port>` or `<node_name>:<port>`
if the scraped pod is controlled by a DaemonSet.
properties:
fromPod:
description: |-
Labels to transfer from the Kubernetes Pod to Prometheus target labels.
Mappings are applied in order.
items:
description: |-
LabelMapping specifies how to transfer a label from a Kubernetes resource
onto a Prometheus target.
properties:
from:
description: Kubernetes resource label to remap.
type: string
to:
description: |-
Remapped Prometheus target label.
Defaults to the same name as `From`.
type: string
required:
- from
type: object
type: array
metadata:
description: |-
Pod metadata labels that are set on all scraped targets.
Permitted keys are `pod`, `container`, and `node` for PodMonitoring and
`pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring. The `container`
label is only populated if the scrape port is referenced by name.
Defaults to [pod, container] for PodMonitoring and [namespace, pod, container]
for ClusterPodMonitoring.
If set to null, it will be interpreted as the empty list for PodMonitoring
and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility
only.
items:
type: string
type: array
type: object
required:
- endpoints
- selector
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes the condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
endpointStatuses:
description: Represents the latest available observations of target state for each ScrapeEndpoint.
items:
properties:
activeTargets:
description: Total number of active targets.
format: int64
type: integer
collectorsFraction:
description: |-
Fraction of collectors included in status, bounded [0,1].
Ideally, this should always be 1. Anything less can
be considered a problem and should be investigated.
type: string
lastUpdateTime:
description: Last time this status was updated.
format: date-time
type: string
name:
description: The name of the ScrapeEndpoint.
type: string
sampleGroups:
description: A fixed sample of targets grouped by error type.
items:
properties:
count:
description: Total count of similar errors.
format: int32
type: integer
sampleTargets:
description: Targets emitting the error message.
items:
properties:
health:
description: Health status.
type: string
labels:
additionalProperties:
description: A LabelValue is an associated value for a LabelName.
type: string
description: The label set, keys and values, of the target.
type: object
lastError:
description: Error message.
type: string
lastScrapeDurationSeconds:
description: Scrape duration in seconds.
type: string
type: object
type: array
type: object
type: array
unhealthyTargets:
description: Total number of active, unhealthy targets.
format: int64
type: integer
required:
- name
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterPodMonitoring defines monitoring for a set of pods.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of desired Pod selection for target discovery by
Prometheus.
properties:
endpoints:
description: The endpoints to scrape on the selected pods.
items:
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
interval:
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
type: string
metricRelabeling:
description: |-
Relabeling rules for metrics scraped from this endpoint. Relabeling rules that
override protected target labels (project_id, location, cluster, namespace, job,
instance, or __address__) are not permitted. The labelmap action is not permitted
in general.
items:
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
description: Action to perform based on regex matching. Defaults to 'replace'.
type: string
modulus:
description: Modulus to take of the hash of the source label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
type: string
replacement:
description: |-
Replacement value against which a regex replace is performed if the
regular expression matches. Regex capture groups are available. Defaults to '$1'.
type: string
separator:
description: Separator placed between concatenated source label values. Defaults to ';'.
type: string
sourceLabels:
description: |-
The source labels select values from existing labels. Their content is concatenated
using the configured separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: |-
Label to which the resulting value is written in a replace action.
It is mandatory for replace actions. Regex capture groups are available.
type: string
type: object
type: array
params:
additionalProperties:
items:
type: string
type: array
description: HTTP GET params to use when scraping.
type: object
path:
description: HTTP path to scrape metrics from. Defaults to "/metrics".
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to scrape.
x-kubernetes-int-or-string: true
proxyUrl:
description: Proxy URL to scrape through. Encoded passwords are not supported.
type: string
scheme:
description: Protocol scheme to use to scrape.
type: string
timeout:
description: |-
Timeout for metrics scrapes. Must be a valid Prometheus duration.
Must not be larger then the scrape interval.
type: string
required:
- port
type: object
type: array
limits:
description: Limits to apply at scrape time.
properties:
labelNameLength:
description: |-
Maximum label name length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labelValueLength:
description: |-
Maximum label value length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labels:
description: |-
Maximum number of labels accepted for a single sample.
Uses Prometheus default if left unspecified.
format: int64
type: integer
samples:
description: |-
Maximum number of samples accepted within a single scrape.
Uses Prometheus default if left unspecified.
format: int64
type: integer
type: object
selector:
description: |-
Label selector that specifies which pods are selected for this monitoring
configuration.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
targetLabels:
description: Labels to add to the Prometheus target for discovered endpoints
properties:
fromPod:
description: |-
Labels to transfer from the Kubernetes Pod to Prometheus target labels.
Mappings are applied in order.
items:
description: |-
LabelMapping specifies how to transfer a label from a Kubernetes resource
onto a Prometheus target.
properties:
from:
description: Kubenetes resource label to remap.
type: string
to:
description: |-
Remapped Prometheus target label.
Defaults to the same name as `From`.
type: string
required:
- from
type: object
type: array
metadata:
description: |-
Pod metadata labels that are set on all scraped targets.
Permitted keys are `pod`, `container`, and `node` for PodMonitoring and
`pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring.
Defaults to [pod, container] for PodMonitoring and [namespace, pod, container]
for ClusterPodMonitoring.
If set to null, it will be interpreted as the empty list for PodMonitoring
and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility
only.
items:
type: string
type: array
type: object
required:
- endpoints
- selector
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes a condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.1-gmp
name: clusterrules.monitoring.googleapis.com
spec:
group: monitoring.googleapis.com
names:
kind: ClusterRules
listKind: ClusterRulesList
plural: clusterrules
singular: clusterrules
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
ClusterRules defines Prometheus alerting and recording rules that are scoped
to the current cluster. Only metric data from the current cluster is processed
and all rule results have their project_id and cluster label preserved
for query processing.
If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Specification of rules to record and alert on.
properties:
groups:
description: A list of Prometheus rule groups.
items:
description: |-
RuleGroup declares rules in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
interval:
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
type: string
name:
description: The name of the rule group.
type: string
rules:
description: A list of rules that are executed sequentially as part of this group.
items:
description: |-
Rule is a single rule in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
alert:
description: |-
Name of the alert to evaluate the expression as.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
A set of annotations to attach to alerts produced by the query expression.
Only valid if `alert` is set.
type: object
expr:
description: The PromQL expression to evaluate.
type: string
for:
description: |-
The duration to wait before a firing alert produced by this rule is sent to Alertmanager.
Only valid if `alert` is set.
type: string
labels:
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
type: object
record:
description: |-
Record the result of the expression to this metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- interval
- name
- rules
type: object
type: array
required:
- groups
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes the condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
description: |-
ClusterRules defines Prometheus alerting and recording rules that are scoped
to the current cluster. Only metric data from the current cluster is processed
and all rule results have their project_id and cluster label preserved
for query processing.
If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Specification of rules to record and alert on.
properties:
groups:
description: A list of Prometheus rule groups.
items:
description: |-
RuleGroup declares rules in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
interval:
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
type: string
name:
description: The name of the rule group.
type: string
rules:
description: A list of rules that are executed sequentially as part of this group.
items:
description: |-
Rule is a single rule in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
alert:
description: |-
Name of the alert to evaluate the expression as.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
A set of annotations to attach to alerts produced by the query expression.
Only valid if `alert` is set.
type: object
expr:
description: The PromQL expression to evaluate.
type: string
for:
description: |-
The duration to wait before a firing alert produced by this rule is sent to Alertmanager.
Only valid if `alert` is set.
type: string
labels:
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
type: object
record:
description: |-
Record the result of the expression to this metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- interval
- name
- rules
type: object
type: array
required:
- groups
type: object
status:
description: Most recently observed status of the resource.
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.1-gmp
name: globalrules.monitoring.googleapis.com
spec:
group: monitoring.googleapis.com
names:
kind: GlobalRules
listKind: GlobalRulesList
plural: globalrules
singular: globalrules
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
GlobalRules defines Prometheus alerting and recording rules that are scoped
to all data in the queried project.
If the project_id or location labels are not preserved by the rule, they default to
the values of the cluster.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Specification of rules to record and alert on.
properties:
groups:
description: A list of Prometheus rule groups.
items:
description: |-
RuleGroup declares rules in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
interval:
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
type: string
name:
description: The name of the rule group.
type: string
rules:
description: A list of rules that are executed sequentially as part of this group.
items:
description: |-
Rule is a single rule in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
alert:
description: |-
Name of the alert to evaluate the expression as.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
A set of annotations to attach to alerts produced by the query expression.
Only valid if `alert` is set.
type: object
expr:
description: The PromQL expression to evaluate.
type: string
for:
description: |-
The duration to wait before a firing alert produced by this rule is sent to Alertmanager.
Only valid if `alert` is set.
type: string
labels:
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
type: object
record:
description: |-
Record the result of the expression to this metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- interval
- name
- rules
type: object
type: array
required:
- groups
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes the condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
description: |-
GlobalRules defines Prometheus alerting and recording rules that are scoped
to all data in the queried project.
If the project_id or location labels are not preserved by the rule, they default to
the values of the cluster.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Specification of rules to record and alert on.
properties:
groups:
description: A list of Prometheus rule groups.
items:
description: |-
RuleGroup declares rules in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
interval:
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
type: string
name:
description: The name of the rule group.
type: string
rules:
description: A list of rules that are executed sequentially as part of this group.
items:
description: |-
Rule is a single rule in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
alert:
description: |-
Name of the alert to evaluate the expression as.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
A set of annotations to attach to alerts produced by the query expression.
Only valid if `alert` is set.
type: object
expr:
description: The PromQL expression to evaluate.
type: string
for:
description: |-
The duration to wait before a firing alert produced by this rule is sent to Alertmanager.
Only valid if `alert` is set.
type: string
labels:
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
type: object
record:
description: |-
Record the result of the expression to this metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- interval
- name
- rules
type: object
type: array
required:
- groups
type: object
status:
description: Most recently observed status of the resource.
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.1-gmp
name: operatorconfigs.monitoring.googleapis.com
spec:
group: monitoring.googleapis.com
names:
kind: OperatorConfig
listKind: OperatorConfigList
plural: operatorconfigs
singular: operatorconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: OperatorConfig defines configuration of the gmp-operator.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
collection:
description: |-
Collection specifies how the operator configures collection, including
scraping and an integrated export to Google Cloud Monitoring.
properties:
compression:
description: Compression enables compression of metrics collection data
enum:
- none
- gzip
type: string
credentials:
description: |-
A reference to GCP service account credentials with which Prometheus collectors
are run. It needs to have metric write permissions for all project IDs to which
data is written.
Within GKE, this can typically be left empty if the compute default
service account has the required permissions.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
externalLabels:
additionalProperties:
type: string
description: |-
ExternalLabels specifies external labels that are attached to all scraped
data before being written to Google Cloud Monitoring or any other additional exports
specified in the OperatorConfig. The precedence behavior matches that of Prometheus.
type: object
filter:
description: Filter limits which metric data is sent to Cloud Monitoring (it doesn't apply to additional exports).
properties:
matchOneOf:
description: |-
A list of Prometheus time series matchers. Every time series must match at least one
of the matchers to be exported. This field can be used equivalently to the match[]
parameter of the Prometheus federation endpoint to selectively export data.
Example: `["{job!='foobar'}", "{__name__!~'container_foo.*|container_bar.*'}"]`
items:
type: string
type: array
type: object
kubeletScraping:
description: Configuration to scrape the metric endpoints of the Kubelets.
properties:
interval:
description: The interval at which the metric endpoints are scraped.
type: string
tlsInsecureSkipVerify:
description: |-
TLSInsecureSkipVerify disables verifying the target cert.
This can be useful for clusters provisioned with kubeadm.
type: boolean
required:
- interval
type: object
type: object
exports:
description: |-
Exports is an EXPERIMENTAL feature that specifies additional, optional endpoints to export to,
on top of Google Cloud Monitoring collection.
Note: To disable integrated export to Google Cloud Monitoring specify a non-matching filter in the "collection.filter" field.
items:
properties:
url:
description: The URL of the endpoint that supports Prometheus Remote Write to export samples to.
type: string
required:
- url
type: object
type: array
features:
description: Features holds configuration for optional managed-collection features.
properties:
config:
description: Settings for the collector configuration propagation.
properties:
compression:
description: |-
Compression enables compression of the config data propagated by the operator to collectors
and the rule-evaluator. It is recommended to use the gzip option when using a large number of
ClusterPodMonitoring, PodMonitoring, GlobalRules, ClusterRules, and/or Rules.
enum:
- none
- gzip
type: string
type: object
targetStatus:
description: Configuration of target status reporting.
properties:
enabled:
description: Enable target status reporting.
type: boolean
type: object
type: object
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
managedAlertmanager:
default:
configSecret:
key: alertmanager.yaml
name: alertmanager
description: ManagedAlertmanager holds information for configuring the managed instance of Alertmanager.
properties:
configSecret:
description: |-
ConfigSecret refers to the name of a single-key Secret in the public namespace that
holds the managed Alertmanager config file.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
externalURL:
description: |-
ExternalURL is the URL under which Alertmanager is externally reachable
(for example, if Alertmanager is served via a reverse proxy).
Used for generating relative and absolute links back to Alertmanager
itself. If the URL has a path portion, it will be used to prefix all HTTP
endpoints served by Alertmanager.
If omitted, relevant URL components will be derived automatically.
type: string
type: object
metadata:
type: object
rules:
description: Rules specifies how the operator configures and deploys rule-evaluator.
properties:
alerting:
description: Alerting contains how the rule-evaluator configures alerting.
properties:
alertmanagers:
description: Alertmanagers contains endpoint configuration for designated Alertmanagers.
items:
description: |-
AlertmanagerEndpoints defines a selection of a single Endpoints object
containing alertmanager IPs to fire alerts against.
properties:
apiVersion:
description: |-
Version of the Alertmanager API that rule-evaluator uses to send alerts. It
can be "v1" or "v2".
type: string
authorization:
description: Authorization section for this alertmanager endpoint
properties:
credentials:
description: The secret's key that contains the credentials of the request
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type:
description: |-
Set the authentication type. Defaults to Bearer, Basic will cause an
error
type: string
type: object
name:
description: Name of Endpoints object in Namespace.
type: string
namespace:
description: Namespace of Endpoints object.
type: string
pathPrefix:
description: Prefix for the HTTP path alerts are pushed to.
type: string
port:
anyOf:
- type: integer
- type: string
description: Port the Alertmanager API is exposed on.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use when firing alerts.
type: string
timeout:
description: Timeout is a per-target Alertmanager timeout when pushing alerts.
type: string
tls:
description: TLS Config to use for alertmanager connection.
properties:
ca:
description: Struct containing the CA cert to use for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
cert:
description: Struct containing the client cert file for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key file for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
maxVersion:
description: |-
Maximum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
minVersion:
description: |-
Minimum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
required:
- name
- namespace
- port
type: object
type: array
type: object
credentials:
description: |-
A reference to GCP service account credentials with which the rule
evaluator container is run. It needs to have metric read permissions
against queryProjectId and metric write permissions against all projects
to which rule results are written.
Within GKE, this can typically be left empty if the compute default
service account has the required permissions.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
externalLabels:
additionalProperties:
type: string
description: |-
ExternalLabels specifies external labels that are attached to any rule
results and alerts produced by rules. The precedence behavior matches that
of Prometheus.
type: object
generatorUrl:
description: |-
The base URL used for the generator URL in the alert notification payload.
Should point to an instance of a query frontend that gives access to queryProjectID.
type: string
queryProjectID:
description: |-
QueryProjectID is the GCP project ID to evaluate rules against.
If left blank, the rule-evaluator will try attempt to infer the Project ID
from the environment.
type: string
type: object
scaling:
description: Scaling contains configuration options for scaling GMP.
properties:
vpa:
description: VPASpec defines configuration options for vertical pod autoscaling.
properties:
enabled:
description: |-
Enabled configures whether the operator configures Vertical Pod Autoscaling for the collector pods.
In GKE, installing Vertical Pod Autoscaling requires a cluster restart, and therefore it also results in an operator restart.
In other environments, the operator may need to be restarted to enable VPA to run the following check again and watch for the objects.
type: boolean
type: object
type: object
type: object
served: true
storage: true
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
description: OperatorConfig defines configuration of the gmp-operator.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
collection:
description: Collection specifies how the operator configures collection.
properties:
credentials:
description: |-
A reference to GCP service account credentials with which Prometheus collectors
are run. It needs to have metric write permissions for all project IDs to which
data is written.
Within GKE, this can typically be left empty if the compute default
service account has the required permissions.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
externalLabels:
additionalProperties:
type: string
description: |-
ExternalLabels specifies external labels that are attached to all scraped
data before being written to Cloud Monitoring. The precedence behavior matches that
of Prometheus.
type: object
filter:
description: Filter limits which metric data is sent to Cloud Monitoring.
properties:
matchOneOf:
description: |-
A list Prometheus time series matchers. Every time series must match at least one
of the matchers to be exported. This field can be used equivalently to the match[]
parameter of the Prometheus federation endpoint to selectively export data.
Example: `["{job='prometheus'}", "{__name__=~'job:.*'}"]`
items:
type: string
type: array
type: object
type: object
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
rules:
description: Rules specifies how the operator configures and deployes rule-evaluator.
properties:
alerting:
description: Alerting contains how the rule-evaluator configures alerting.
properties:
alertmanagers:
description: Alertmanagers contains endpoint configuration for designated Alertmanagers.
items:
description: |-
AlertmanagerEndpoints defines a selection of a single Endpoints object
containing alertmanager IPs to fire alerts against.
properties:
apiVersion:
description: |-
Version of the Alertmanager API that rule-evaluator uses to send alerts. It
can be "v1" or "v2".
type: string
authorization:
description: Authorization section for this alertmanager endpoint
properties:
credentials:
description: The secret's key that contains the credentials of the request
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type:
description: |-
Set the authentication type. Defaults to Bearer, Basic will cause an
error
type: string
type: object
name:
description: Name of Endpoints object in Namespace.
type: string
namespace:
description: Namespace of Endpoints object.
type: string
pathPrefix:
description: Prefix for the HTTP path alerts are pushed to.
type: string
port:
anyOf:
- type: integer
- type: string
description: Port the Alertmanager API is exposed on.
x-kubernetes-int-or-string: true
scheme:
description: Scheme to use when firing alerts.
type: string
timeout:
description: Timeout is a per-target Alertmanager timeout when pushing alerts.
type: string
tls:
description: TLS Config to use for alertmanager connection.
properties:
ca:
description: Struct containing the CA cert to use for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
cert:
description: Struct containing the client cert file for the targets.
properties:
configMap:
description: ConfigMap containing data to use for the targets.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secret:
description: Secret containing data to use for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keySecret:
description: Secret containing the client key file for the targets.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
required:
- name
- namespace
- port
type: object
type: array
type: object
credentials:
description: |-
A reference to GCP service account credentials with which the rule
evaluator container is run. It needs to have metric read permissions
against queryProjectId and metric write permissions against all projects
to which rule results are written.
Within GKE, this can typically be left empty if the compute default
service account has the required permissions.
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
externalLabels:
additionalProperties:
type: string
description: |-
ExternalLabels specifies external labels that are attached to any rule
results and alerts produced by rules. The precedence behavior matches that
of Prometheus.
type: object
queryProjectID:
description: |-
QueryProjectID is the GCP project ID to evaluate rules against.
If left blank, the rule-evaluator will try attempt to infer the Project ID
from the environment.
type: string
type: object
type: object
served: true
storage: false
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.1-gmp
name: podmonitorings.monitoring.googleapis.com
spec:
group: monitoring.googleapis.com
names:
kind: PodMonitoring
listKind: PodMonitoringList
plural: podmonitorings
singular: podmonitoring
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
PodMonitoring defines monitoring for a set of pods, scoped to pods
within the PodMonitoring's namespace.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of desired Pod selection for target discovery by
Prometheus.
properties:
endpoints:
description: The endpoints to scrape on the selected pods.
items:
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
authorization:
description: Authorization is the HTTP authorization credentials for the targets.
properties:
credentials:
description: Credentials uses the secret as the credentials (token) for the authentication header.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
type:
description: |-
Type is the authentication type. Defaults to Bearer.
Basic will cause an error, as the BasicAuth object should be used instead.
type: string
type: object
basicAuth:
description: BasicAuth is the HTTP basic authentication credentials for the targets.
properties:
password:
description: Password uses the secret as the BasicAuth password.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
username:
description: Username is the BasicAuth username.
type: string
type: object
interval:
default: 1m
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
pattern: ^((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0)$
type: string
metricRelabeling:
description: |-
Relabeling rules for metrics scraped from this endpoint. Relabeling rules that
override protected target labels (project_id, location, cluster, namespace, job,
instance, or __address__) are not permitted. The labelmap action is not permitted
in general.
items:
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
description: Action to perform based on regex matching. Defaults to 'replace'.
type: string
modulus:
description: Modulus to take of the hash of the source label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
type: string
replacement:
description: |-
Replacement value against which a regex replace is performed if the
regular expression matches. Regex capture groups are available. Defaults to '$1'.
type: string
separator:
description: Separator placed between concatenated source label values. Defaults to ';'.
type: string
sourceLabels:
description: |-
The source labels select values from existing labels. Their content is concatenated
using the configured separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: |-
Label to which the resulting value is written in a replace action.
It is mandatory for replace actions. Regex capture groups are available.
type: string
type: object
type: array
oauth2:
description: OAuth2 is the OAuth2 client credentials used to fetch a token for the targets.
properties:
clientID:
description: ClientID is the public identifier for the client.
type: string
clientSecret:
description: ClientSecret uses the secret as the client secret token.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
endpointParams:
additionalProperties:
type: string
description: EndpointParams are additional parameters to append to the token URL.
type: object
proxyUrl:
description: |-
ProxyURL is the HTTP proxy server to use to connect to the targets.
Encoded passwords are not supported.
type: string
scopes:
description: Scopes represents the scopes for the token request.
items:
type: string
type: array
tlsConfig:
description: TLS configures the token request's TLS settings.
properties:
ca:
description: |-
SecretSelector references a secret from a secret provider e.g. Kubernetes Secret. Only one
provider can be used at a time.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
cert:
description: Cert uses the secret as the certificate for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
insecureSkipVerify:
description: InsecureSkipVerify disables target certificate validation.
type: boolean
key:
description: Key uses the secret as the private key for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
maxVersion:
description: |-
MaxVersion is the maximum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
minVersion:
description: |-
MinVersion is the minimum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
serverName:
description: ServerName is used to verify the hostname for the targets.
type: string
type: object
tokenURL:
description: TokenURL is the URL to fetch the token from.
type: string
type: object
params:
additionalProperties:
items:
type: string
type: array
description: HTTP GET params to use when scraping.
type: object
path:
description: HTTP path to scrape metrics from. Defaults to "/metrics".
type: string
port:
anyOf:
- type: integer
- type: string
description: |-
Name or number of the port to scrape.
The container metadata label is only populated if the port is referenced by name
because port numbers are not unique across containers.
x-kubernetes-int-or-string: true
proxyUrl:
description: |-
ProxyURL is the HTTP proxy server to use to connect to the targets.
Encoded passwords are not supported.
type: string
scheme:
description: Protocol scheme to use to scrape.
type: string
timeout:
description: |-
Timeout for metrics scrapes. Must be a valid Prometheus duration.
Must not be larger than the scrape interval.
type: string
tls:
description: TLS configures the scrape request's TLS settings.
properties:
ca:
description: |-
SecretSelector references a secret from a secret provider e.g. Kubernetes Secret. Only one
provider can be used at a time.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
cert:
description: Cert uses the secret as the certificate for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
insecureSkipVerify:
description: InsecureSkipVerify disables target certificate validation.
type: boolean
key:
description: Key uses the secret as the private key for client authentication to the server.
properties:
secret:
description: Secret represents reference to a given key from certain Secret in a given namespace.
properties:
key:
description: Key of the secret to select from. Must be a valid secret key.
type: string
name:
description: Name of the secret to select from.
type: string
required:
- key
- name
type: object
type: object
maxVersion:
description: |-
MaxVersion is the maximum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
minVersion:
description: |-
MinVersion is the minimum TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS 1.1),
TLS12 (TLS 1.2), TLS13 (TLS 1.3).
If unset, Prometheus will use Go default minimum version, which is TLS 1.2.
See MinVersion in https://pkg.go.dev/crypto/tls#Config.
type: string
serverName:
description: ServerName is used to verify the hostname for the targets.
type: string
type: object
required:
- port
type: object
type: array
filterRunning:
description: |-
FilterRunning will drop any pods that are in the "Failed" or "Succeeded"
pod lifecycle.
See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
type: boolean
limits:
description: Limits to apply at scrape time.
properties:
labelNameLength:
description: |-
Maximum label name length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labelValueLength:
description: |-
Maximum label value length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labels:
description: |-
Maximum number of labels accepted for a single sample.
Uses Prometheus default if left unspecified.
format: int64
type: integer
samples:
description: |-
Maximum number of samples accepted within a single scrape.
Uses Prometheus default if left unspecified.
format: int64
type: integer
type: object
selector:
description: |-
Label selector that specifies which pods are selected for this monitoring
configuration.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
targetLabels:
description: |-
Labels to add to the Prometheus target for discovered endpoints.
The `instance` label is always set to `<pod_name>:<port>` or `<node_name>:<port>`
if the scraped pod is controlled by a DaemonSet.
properties:
fromPod:
description: |-
Labels to transfer from the Kubernetes Pod to Prometheus target labels.
Mappings are applied in order.
items:
description: |-
LabelMapping specifies how to transfer a label from a Kubernetes resource
onto a Prometheus target.
properties:
from:
description: Kubernetes resource label to remap.
type: string
to:
description: |-
Remapped Prometheus target label.
Defaults to the same name as `From`.
type: string
required:
- from
type: object
type: array
metadata:
description: |-
Pod metadata labels that are set on all scraped targets.
Permitted keys are `pod`, `container`, and `node` for PodMonitoring and
`pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring. The `container`
label is only populated if the scrape port is referenced by name.
Defaults to [pod, container] for PodMonitoring and [namespace, pod, container]
for ClusterPodMonitoring.
If set to null, it will be interpreted as the empty list for PodMonitoring
and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility
only.
items:
type: string
type: array
type: object
required:
- endpoints
- selector
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes the condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
endpointStatuses:
description: Represents the latest available observations of target state for each ScrapeEndpoint.
items:
properties:
activeTargets:
description: Total number of active targets.
format: int64
type: integer
collectorsFraction:
description: |-
Fraction of collectors included in status, bounded [0,1].
Ideally, this should always be 1. Anything less can
be considered a problem and should be investigated.
type: string
lastUpdateTime:
description: Last time this status was updated.
format: date-time
type: string
name:
description: The name of the ScrapeEndpoint.
type: string
sampleGroups:
description: A fixed sample of targets grouped by error type.
items:
properties:
count:
description: Total count of similar errors.
format: int32
type: integer
sampleTargets:
description: Targets emitting the error message.
items:
properties:
health:
description: Health status.
type: string
labels:
additionalProperties:
description: A LabelValue is an associated value for a LabelName.
type: string
description: The label set, keys and values, of the target.
type: object
lastError:
description: Error message.
type: string
lastScrapeDurationSeconds:
description: Scrape duration in seconds.
type: string
type: object
type: array
type: object
type: array
unhealthyTargets:
description: Total number of active, unhealthy targets.
format: int64
type: integer
required:
- name
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
description: PodMonitoring defines monitoring for a set of pods.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Specification of desired Pod selection for target discovery by
Prometheus.
properties:
endpoints:
description: The endpoints to scrape on the selected pods.
items:
description: ScrapeEndpoint specifies a Prometheus metrics endpoint to scrape.
properties:
interval:
description: Interval at which to scrape metrics. Must be a valid Prometheus duration.
type: string
metricRelabeling:
description: |-
Relabeling rules for metrics scraped from this endpoint. Relabeling rules that
override protected target labels (project_id, location, cluster, namespace, job,
instance, or __address__) are not permitted. The labelmap action is not permitted
in general.
items:
description: RelabelingRule defines a single Prometheus relabeling rule.
properties:
action:
description: Action to perform based on regex matching. Defaults to 'replace'.
type: string
modulus:
description: Modulus to take of the hash of the source label values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted value is matched. Defaults to '(.*)'.
type: string
replacement:
description: |-
Replacement value against which a regex replace is performed if the
regular expression matches. Regex capture groups are available. Defaults to '$1'.
type: string
separator:
description: Separator placed between concatenated source label values. Defaults to ';'.
type: string
sourceLabels:
description: |-
The source labels select values from existing labels. Their content is concatenated
using the configured separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: |-
Label to which the resulting value is written in a replace action.
It is mandatory for replace actions. Regex capture groups are available.
type: string
type: object
type: array
params:
additionalProperties:
items:
type: string
type: array
description: HTTP GET params to use when scraping.
type: object
path:
description: HTTP path to scrape metrics from. Defaults to "/metrics".
type: string
port:
anyOf:
- type: integer
- type: string
description: Name or number of the port to scrape.
x-kubernetes-int-or-string: true
proxyUrl:
description: Proxy URL to scrape through. Encoded passwords are not supported.
type: string
scheme:
description: Protocol scheme to use to scrape.
type: string
timeout:
description: |-
Timeout for metrics scrapes. Must be a valid Prometheus duration.
Must not be larger then the scrape interval.
type: string
required:
- port
type: object
type: array
limits:
description: Limits to apply at scrape time.
properties:
labelNameLength:
description: |-
Maximum label name length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labelValueLength:
description: |-
Maximum label value length.
Uses Prometheus default if left unspecified.
format: int64
type: integer
labels:
description: |-
Maximum number of labels accepted for a single sample.
Uses Prometheus default if left unspecified.
format: int64
type: integer
samples:
description: |-
Maximum number of samples accepted within a single scrape.
Uses Prometheus default if left unspecified.
format: int64
type: integer
type: object
selector:
description: |-
Label selector that specifies which pods are selected for this monitoring
configuration.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
targetLabels:
description: Labels to add to the Prometheus target for discovered endpoints.
properties:
fromPod:
description: |-
Labels to transfer from the Kubernetes Pod to Prometheus target labels.
Mappings are applied in order.
items:
description: |-
LabelMapping specifies how to transfer a label from a Kubernetes resource
onto a Prometheus target.
properties:
from:
description: Kubenetes resource label to remap.
type: string
to:
description: |-
Remapped Prometheus target label.
Defaults to the same name as `From`.
type: string
required:
- from
type: object
type: array
metadata:
description: |-
Pod metadata labels that are set on all scraped targets.
Permitted keys are `pod`, `container`, and `node` for PodMonitoring and
`pod`, `container`, `node`, and `namespace` for ClusterPodMonitoring.
Defaults to [pod, container] for PodMonitoring and [namespace, pod, container]
for ClusterPodMonitoring.
If set to null, it will be interpreted as the empty list for PodMonitoring
and to [namespace] for ClusterPodMonitoring. This is for backwards-compatibility
only.
items:
type: string
type: array
type: object
required:
- endpoints
- selector
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes a condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.1-gmp
name: rules.monitoring.googleapis.com
spec:
group: monitoring.googleapis.com
names:
kind: Rules
listKind: RulesList
plural: rules
singular: rules
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: |-
Rules defines Prometheus alerting and recording rules that are scoped
to the namespace of the resource. Only metric data from this namespace is processed
and all rule results have their project_id, cluster, and namespace label preserved
for query processing.
If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Specification of rules to record and alert on.
properties:
groups:
description: A list of Prometheus rule groups.
items:
description: |-
RuleGroup declares rules in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
interval:
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
type: string
name:
description: The name of the rule group.
type: string
rules:
description: A list of rules that are executed sequentially as part of this group.
items:
description: |-
Rule is a single rule in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
alert:
description: |-
Name of the alert to evaluate the expression as.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
A set of annotations to attach to alerts produced by the query expression.
Only valid if `alert` is set.
type: object
expr:
description: The PromQL expression to evaluate.
type: string
for:
description: |-
The duration to wait before a firing alert produced by this rule is sent to Alertmanager.
Only valid if `alert` is set.
type: string
labels:
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
type: object
record:
description: |-
Record the result of the expression to this metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- interval
- name
- rules
type: object
type: array
required:
- groups
type: object
status:
description: Most recently observed status of the resource.
properties:
conditions:
description: Represents the latest available observations of a podmonitor's current state.
items:
description: MonitoringCondition describes the condition of a PodMonitoring.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: MonitoringConditionType is the type of MonitoringCondition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: The generation observed by the controller.
format: int64
type: integer
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
description: |-
Rules defines Prometheus alerting and recording rules that are scoped
to the namespace of the resource. Only metric data from this namespace is processed
and all rule results have their project_id, cluster, and namespace label preserved
for query processing.
If the location label is not preserved by the rule, it defaults to the cluster's location.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Specification of rules to record and alert on.
properties:
groups:
description: A list of Prometheus rule groups.
items:
description: |-
RuleGroup declares rules in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
interval:
description: The interval at which to evaluate the rules. Must be a valid Prometheus duration.
type: string
name:
description: The name of the rule group.
type: string
rules:
description: A list of rules that are executed sequentially as part of this group.
items:
description: |-
Rule is a single rule in the Prometheus format:
https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/
properties:
alert:
description: |-
Name of the alert to evaluate the expression as.
Only one of `record` and `alert` must be set.
type: string
annotations:
additionalProperties:
type: string
description: |-
A set of annotations to attach to alerts produced by the query expression.
Only valid if `alert` is set.
type: object
expr:
description: The PromQL expression to evaluate.
type: string
for:
description: |-
The duration to wait before a firing alert produced by this rule is sent to Alertmanager.
Only valid if `alert` is set.
type: string
labels:
additionalProperties:
type: string
description: A set of labels to attach to the result of the query expression.
type: object
record:
description: |-
Record the result of the expression to this metric name.
Only one of `record` and `alert` must be set.
type: string
required:
- expr
type: object
type: array
required:
- interval
- name
- rules
type: object
type: array
required:
- groups
type: object
status:
description: Most recently observed status of the resource.
type: object
required:
- spec
type: object
served: true
storage: false
subresources:
status: {}
operator.yaml
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Source: operator/templates/priorityclass.yaml
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: gmp-critical
# Maximum allowed user-defined. Only system-node-critical and system-cluster-critical
# pods are higher.
value: 1000000000
description: Used for GMP collector pods.
---
# Source: operator/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: gmp-system
---
# Source: operator/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: gmp-public
---
# Source: operator/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: collector
namespace: gmp-system
---
# Source: operator/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: operator
namespace: gmp-system
---
# Source: operator/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gmp-system:collector
rules:
- resources:
- endpoints
- nodes
- nodes/metrics
- pods
- services
apiGroups: [""]
verbs: ["get", "list", "watch"]
- resources:
- configmaps
apiGroups: [""]
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
# Source: operator/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gmp-system:operator
rules:
# Resources controlled by the operator.
- resources:
- clusterpodmonitorings
- clusterrules
- globalrules
- clusternodemonitorings
- podmonitorings
- rules
apiGroups: ["monitoring.googleapis.com"]
verbs: ["get", "list", "watch"]
- resources:
- clusterpodmonitorings/status
- clusterrules/status
- globalrules/status
- clusternodemonitorings/status
- podmonitorings/status
- rules/status
apiGroups: ["monitoring.googleapis.com"]
verbs: ["get", "patch", "update"]
- resources:
- statefulsets
apiGroups: ["apps"]
verbs: ["get", "list", "watch"]
- resources:
- customresourcedefinitions
resourceNames: ["verticalpodautoscalers.autoscaling.k8s.io"]
apiGroups: ["apiextensions.k8s.io"]
verbs: ["get"]
---
# Source: operator/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gmp-system:operator:webhook-admin
rules:
# Permission to inject CA bundles into webhook configs of fixed name.
- resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
apiGroups: ["admissionregistration.k8s.io"]
resourceNames:
- gmp-operator.gmp-system.monitoring.googleapis.com
verbs: ["get", "patch", "update", "watch"]
# Permission to delete legacy webhook config the operator directly created
# in previous versions.
- resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
apiGroups: ["admissionregistration.k8s.io"]
resourceNames:
- gmp-operator
verbs: ["delete"]
---
# Source: operator/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gmp-system:operator
roleRef:
name: gmp-system:operator
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: operator
namespace: gmp-system
kind: ServiceAccount
---
# Source: operator/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gmp-system:operator:webhook-admin
roleRef:
name: gmp-system:operator:webhook-admin
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: operator
namespace: gmp-system
kind: ServiceAccount
---
# Source: operator/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gmp-system:collector
roleRef:
name: gmp-system:collector
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: collector
namespace: gmp-system
kind: ServiceAccount
---
# Source: operator/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: operator
namespace: gmp-system
rules:
- resources:
- pods
apiGroups: [""]
verbs: ["list", "watch"]
- resources:
- secrets
apiGroups: [""]
verbs: ["list", "watch", "create"]
- resources:
- secrets
apiGroups: [""]
resourceNames: ["collection", "rules", "alertmanager"]
verbs: ["get", "patch", "update"]
- resources:
- configmaps
apiGroups: [""]
verbs: ["list", "watch", "create"]
- resources:
- configmaps
apiGroups: [""]
resourceNames: ["collector", "rule-evaluator", "rules-generated"]
verbs: ["get", "patch", "update"]
- resources:
- daemonsets
apiGroups: ["apps"]
resourceNames: ["collector"]
verbs: ["get", "list", "watch", "patch", "update"]
- resources:
- deployments
apiGroups: ["apps"]
verbs: ["list", "watch"]
- resources:
- deployments
apiGroups: ["apps"]
resourceNames: ["rule-evaluator"]
verbs: ["get", "patch", "update"]
- resources:
- services
apiGroups: [""]
resourceNames: ["alertmanager"]
verbs: ["get", "list", "watch"]
- resources:
- statefulsets
apiGroups: ["apps"]
resourceNames: ["alertmanager"]
verbs: ["get", "patch", "update"]
- resources:
- verticalpodautoscalers
apiGroups: ["autoscaling.k8s.io"]
verbs: ["create", "delete", "get", "list", "watch"]
---
# Source: operator/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: operator
namespace: gmp-public
rules:
- resources:
- secrets
apiGroups: [""]
verbs: ["get", "list", "watch"]
- resources:
- operatorconfigs
apiGroups: ["monitoring.googleapis.com"]
verbs: ["get", "list", "watch"]
---
# Source: operator/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: operator
namespace: gmp-public
roleRef:
name: operator
kind: Role
apiGroup: rbac.authorization.k8s.io
subjects:
- name: operator
namespace: gmp-system
kind: ServiceAccount
---
# Source: operator/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: operator
namespace: gmp-system
roleRef:
name: operator
kind: Role
apiGroup: rbac.authorization.k8s.io
subjects:
- name: operator
kind: ServiceAccount
---
# Source: operator/templates/alertmanager.yaml
apiVersion: v1
kind: Service
metadata:
name: alertmanager
namespace: gmp-system
spec:
selector:
app: managed-prometheus-alertmanager
app.kubernetes.io/name: alertmanager
ports:
- name: alertmanager
port: 9093
targetPort: 9093
clusterIP: None
---
# Source: operator/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: gmp-operator
namespace: gmp-system
spec:
selector:
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
ports:
# This port does not do anything, but allows upgrades in the case
# of server-side apply (SSA) conflicts.
# TODO(pintohutch): remove once the SSA issues from upgrades are resolved.
- name: legacy
protocol: TCP
port: 8443
targetPort: webhook
- name: webhook
protocol: TCP
port: 443
targetPort: web
---
# Source: operator/templates/collector.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: collector
namespace: gmp-system
spec:
selector:
matchLabels:
# DO NOT MODIFY - label selectors are immutable by the Kubernetes API.
# see: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#pod-selector.
app.kubernetes.io/name: collector
template:
metadata:
labels:
app: managed-prometheus-collector
app.kubernetes.io/name: collector
app.kubernetes.io/version: 0.13.0
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set.
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
components.gke.io/component-name: managed_prometheus
spec:
serviceAccountName: collector
automountServiceAccountToken: true
priorityClassName: gmp-critical
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:gke_distroless_20240807.00_p0
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.13.0-gke.6
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --reload-url=http://127.0.0.1:19090/-/reload
- --ready-url=http://127.0.0.1:19090/-/ready
- --listen-address=:19091
ports:
- name: cfg-rel-metrics
containerPort: 19091
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
- name: prometheus
image: gke.gcr.io/prometheus-engine/prometheus:v2.45.3-gmp.9-gke.0
args:
- --config.file=/prometheus/config_out/config.yaml
- --enable-feature=exemplar-storage
# Special Google flag for authorization using native Kubernetes secrets.
- --enable-feature=google-kubernetes-secret-provider
- --storage.tsdb.path=/prometheus/data
- --storage.tsdb.no-lockfile
# Special Google flag for force deleting all data on start. We use ephemeral storage in
# this manifest, but there are cases were container restart still reuses, potentially
# bad data (corrupted, with high cardinality causing OOMs or slow startups).
# Force deleting, so container restart is consistent with pod restart.
# NOTE: Data is likely already sent GCM, plus GCM export does not use that
# data on disk (WAL).
- --gmp.storage.delete-data-on-start
# Keep 30 minutes of data. As we are backed by an emptyDir volume, this will count towards
# the containers memory usage. We could lower it further if this becomes problematic, but
# it the window for local data is quite convenient for debugging.
- --storage.tsdb.retention.time=30m
- --storage.tsdb.wal-compression
# Effectively disable compaction and make blocks short enough so that our retention window
# can be kept in practice.
- --storage.tsdb.min-block-duration=10m
- --storage.tsdb.max-block-duration=10m
- --web.listen-address=:19090
- --web.enable-lifecycle
- --web.route-prefix=/
- --export.user-agent-mode=kubectl
# JSON log format is needed for GKE to display log levels correctly.
- --log.format=json
ports:
- name: prom-metrics
containerPort: 19090
# The environment variable EXTRA_ARGS will be populated by the operator.
# DO NOT specify it here.
env:
- name: GOGC
value: "25"
resources:
limits:
memory: 2G
requests:
cpu: 4m
memory: 32M
volumeMounts:
- name: storage
mountPath: /prometheus/data
- name: config-out
readOnly: true
mountPath: /prometheus/config_out
- name: collection-secret
readOnly: true
mountPath: /etc/secrets
livenessProbe:
httpGet:
port: 19090
path: /-/healthy
scheme: HTTP
readinessProbe:
httpGet:
port: 19090
path: /-/ready
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: storage
emptyDir: {}
- name: config
configMap:
name: collector
- name: config-out
emptyDir: {}
- name: collection-secret
secret:
secretName: collection
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
---
# Source: operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: gmp-operator
namespace: gmp-system
labels:
app: managed-prometheus-operator
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
spec:
replicas: 1
selector:
matchLabels:
# DO NOT MODIFY - label selectors are immutable by the Kubernetes API.
# see: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#label-selector-updates.
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
template:
metadata:
labels:
app: managed-prometheus-operator
app.kubernetes.io/component: operator
app.kubernetes.io/name: gmp-operator
app.kubernetes.io/part-of: gmp
app.kubernetes.io/version: 0.13.0
spec:
serviceAccountName: operator
automountServiceAccountToken: true
priorityClassName: gmp-critical
containers:
- name: operator
image: gke.gcr.io/prometheus-engine/operator:v0.13.0-gke.6
args:
- "--operator-namespace=gmp-system"
- "--public-namespace=gmp-public"
- "--webhook-addr=:10250"
ports:
- name: web
# Note this should match the --listen-addr flag passed in to the operator args.
# Default is 10250.
containerPort: 10250
- name: metrics
# Note this should match the --metrics-addr flag passed in to the operator args.
# Default is 18080.
containerPort: 18080
resources:
limits:
memory: 2G
requests:
cpu: 1m
memory: 16M
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
livenessProbe:
httpGet:
path: /healthz
# Note this should match the --probe-addr flag passed in to the operator args.
# Default is 18081.
port: 18081
scheme: HTTP
readinessProbe:
httpGet:
path: /readyz
# Note this should match the --probe-addr flag passed in to the operator args.
# Default is 18081.
port: 18081
scheme: HTTP
volumeMounts:
- name: certs
mountPath: /etc/tls/private
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumes:
- name: certs
emptyDir: {}
---
# Source: operator/templates/rule-evaluator.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: rule-evaluator
namespace: gmp-system
spec:
selector:
matchLabels:
# DO NOT MODIFY - label selectors are immutable by the Kubernetes API.
# see: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#label-selector-updates.
app.kubernetes.io/name: rule-evaluator
template:
metadata:
labels:
app.kubernetes.io/name: rule-evaluator
app: managed-prometheus-rule-evaluator
app.kubernetes.io/version: 0.13.0
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set.
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
components.gke.io/component-name: managed_prometheus
spec:
serviceAccountName: collector
automountServiceAccountToken: true
priorityClassName: gmp-critical
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:gke_distroless_20240807.00_p0
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.13.0-gke.6
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --config-dir=/etc/rules
- --config-dir-output=/prometheus/rules_out
- --watched-dir=/etc/secrets
- --reload-url=http://127.0.0.1:19092/-/reload
- --ready-url=http://127.0.0.1:19092/-/ready
- --listen-address=:19093
ports:
- name: cfg-rel-metrics
containerPort: 19093
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
- name: rules
readOnly: true
mountPath: /etc/rules
- name: rules-out
mountPath: /prometheus/rules_out
- name: rules-secret
readOnly: true
mountPath: /etc/secrets
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
- name: evaluator
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.13.0-gke.6
args:
- --config.file=/prometheus/config_out/config.yaml
- --web.listen-address=:19092
- --export.user-agent-mode=kubectl
ports:
- name: r-eval-metrics
containerPort: 19092
resources:
limits:
memory: 1G
requests:
cpu: 1m
memory: 16M
volumeMounts:
- name: config-out
readOnly: true
mountPath: /prometheus/config_out
- name: rules-out
readOnly: true
mountPath: /etc/rules
- name: rules-secret
readOnly: true
mountPath: /etc/secrets
livenessProbe:
httpGet:
port: 19092
path: /-/healthy
scheme: HTTP
readinessProbe:
httpGet:
port: 19092
path: /-/ready
scheme: HTTP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: config
configMap:
name: rule-evaluator
defaultMode: 420
- name: config-out
emptyDir: {}
- name: rules
configMap:
name: rules-generated
defaultMode: 420
- name: rules-out
emptyDir: {}
- name: rules-secret
secret:
defaultMode: 420
secretName: rules
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
---
# Source: operator/templates/alertmanager.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: alertmanager
namespace: gmp-system
spec:
selector:
matchLabels:
# DO NOT MODIFY - label selectors are immutable by the Kubernetes API.
# see: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-selector.
app: managed-prometheus-alertmanager
app.kubernetes.io/name: alertmanager
template:
metadata:
labels:
app: managed-prometheus-alertmanager
app.kubernetes.io/name: alertmanager
app.kubernetes.io/version: 0.13.0
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
components.gke.io/component-name: managed_prometheus
spec:
priorityClassName: gmp-critical
automountServiceAccountToken: false
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:gke_distroless_20240807.00_p0
command: ['/bin/bash', '-c', 'touch /alertmanager/config_out/config.yaml && echo -e "receivers:\n - name: noop\nroute:\n receiver: noop" > alertmanager/config_out/config.yaml']
volumeMounts:
- name: alertmanager-config
mountPath: /alertmanager/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
containers:
- name: alertmanager
image: gke.gcr.io/prometheus-engine/alertmanager:v0.25.1-gmp.8-gke.0
args:
- --config.file=/alertmanager/config_out/config.yaml
- --storage.path=/alertmanager-data
- --cluster.listen-address=[$(POD_IP)]:9094
- --web.listen-address=:9093
- --log.format=json
ports:
- name: alertmanager
containerPort: 9093
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
resources:
limits:
memory: 128M
requests:
cpu: 1m
memory: 16M
volumeMounts:
- name: alertmanager-config
readOnly: true
mountPath: /alertmanager/config_out
- name: alertmanager-data
mountPath: /alertmanager-data
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.13.0-gke.6
args:
- --config-file=/alertmanager/config.yaml
- --config-file-output=/alertmanager/config_out/config.yaml
- --reload-url=http://127.0.0.1:9093/-/reload
- --ready-url=http://127.0.0.1:9093/-/ready
- --listen-address=:19091
ports:
- name: cfg-rel-metrics
containerPort: 19091
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /alertmanager
- name: alertmanager-config
mountPath: /alertmanager/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: config
secret:
secretName: alertmanager
- name: alertmanager-data
emptyDir: {}
- name: alertmanager-config
emptyDir: {}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
serviceName: alertmanager
---
# Source: operator/templates/mutatingwebhookconfiguration.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: gmp-operator.gmp-system.monitoring.googleapis.com
webhooks:
- name: default.podmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /default/monitoring.googleapis.com/v1/podmonitorings
failurePolicy: Fail
rules:
- resources:
- podmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: default.clusterpodmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /default/monitoring.googleapis.com/v1/clusterpodmonitorings
failurePolicy: Fail
rules:
- resources:
- clusterpodmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
---
# Source: operator/templates/operatorconfig.yaml
apiVersion: monitoring.googleapis.com/v1
kind: OperatorConfig
metadata:
name: config
namespace: gmp-public
---
# Source: operator/templates/validatingwebhookconfiguration.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: gmp-operator.gmp-system.monitoring.googleapis.com
webhooks:
- name: validate.podmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/podmonitorings
failurePolicy: Fail
rules:
- resources:
- podmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.clusterpodmonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/clusterpodmonitorings
failurePolicy: Fail
rules:
- resources:
- clusterpodmonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.clusternodemonitorings.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/clusternodemonitorings
failurePolicy: Fail
rules:
- resources:
- clusternodemonitorings
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.rules.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/rules
failurePolicy: Fail
rules:
- resources:
- rules
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.clusterrules.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/clusterrules
failurePolicy: Fail
rules:
- resources:
- clusterrules
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.globalrules.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/globalrules
failurePolicy: Fail
rules:
- resources:
- globalrules
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
- name: validate.operatorconfigs.gmp-operator.gmp-system.monitoring.googleapis.com
admissionReviewVersions:
- v1
clientConfig:
# caBundle populated by operator.
service:
name: gmp-operator
namespace: gmp-system
port: 443
path: /validate/monitoring.googleapis.com/v1/operatorconfigs
failurePolicy: Fail
rules:
- resources:
- operatorconfigs
apiGroups:
- monitoring.googleapis.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
sideEffects: None
example-app.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: prom-example
labels:
app.kubernetes.io/name: prom-example
spec:
selector:
matchLabels:
app.kubernetes.io/name: prom-example
replicas: 3
template:
metadata:
labels:
app.kubernetes.io/name: prom-example
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- image: nilebox/prometheus-example-app@sha256:dab60d038c5d6915af5bcbe5f0279a22b95a8c8be254153e22d7cd81b21b84c5
name: prom-example
ports:
- name: metrics
containerPort: 1234
command:
- "/main"
- "--process-metrics"
- "--go-metrics"
pod-monitoring.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: monitoring.googleapis.com/v1
kind: PodMonitoring
metadata:
name: prom-example
labels:
app.kubernetes.io/name: prom-example
spec:
selector:
matchLabels:
app.kubernetes.io/name: prom-example
endpoints:
- port: metrics
interval: 30s
prometheus.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gmp-test:prometheus-test
rules:
- apiGroups: [""]
resources:
- pods
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gmp-test:prometheus-test
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gmp-test:prometheus-test
subjects:
- kind: ServiceAccount
namespace: gmp-test
name: default
---
apiVersion: v1
kind: Service
metadata:
namespace: gmp-test
name: prometheus-test
labels:
prometheus: test
spec:
type: ClusterIP
selector:
app: prometheus
prometheus: test
ports:
- name: web
port: 9090
targetPort: web
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
namespace: gmp-test
name: prometheus-test
annotations:
# The emptyDir for the storage and config directories prevents cluster
# autoscaling unless this annotation is set. See
# https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-types-of-pods-can-prevent-ca-from-removing-a-node
# for details.
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
labels:
prometheus: test
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
prometheus: test
serviceName: prometheus-test
template:
metadata:
labels:
app: prometheus
prometheus: test
spec:
automountServiceAccountToken: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:gke_distroless_20240807.00_p0
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
containers:
- name: prometheus
image: gke.gcr.io/prometheus-engine/prometheus:v2.45.3-gmp.9-gke.0
args:
- --config.file=/prometheus/config_out/config.yaml
- --storage.tsdb.path=/prometheus/data
- --storage.tsdb.retention.time=24h
- --web.enable-lifecycle
- --storage.tsdb.no-lockfile
- --web.route-prefix=/
ports:
- name: web
containerPort: 9090
readinessProbe:
httpGet:
path: /-/ready
port: web
scheme: HTTP
resources:
requests:
memory: 400Mi
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
readOnly: true
- name: prometheus-db
mountPath: /prometheus/data
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.13.0-gke.6
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --reload-url=http://localhost:9090/-/reload
- --ready-url=http://localhost:9090/-/ready
- --listen-address=:19091
ports:
- name: reloader-web
containerPort: 8080
resources:
limits:
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
volumeMounts:
- name: config
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
terminationGracePeriodSeconds: 600
volumes:
- name: prometheus-db
emptyDir: {}
- name: config
configMap:
name: prometheus-test
defaultMode: 420
- name: config-out
emptyDir: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: gmp-test
name: prometheus-test
labels:
prometheus: test
data:
config.yaml: |
global:
scrape_interval: 30s
scrape_configs:
# Let Prometheus scrape itself.
- job_name: prometheus
static_configs:
- targets: ['localhost:9090']
# Scrape pods with label app=prom-example across all namespaces
# on the port named 'metrics'.
- job_name: prom-example
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_label_app]
regex: prom-example
action: keep
- source_labels: [__meta_kubernetes_namespace]
target_label: namespace
- source_labels: [__meta_kubernetes_pod_name, __meta_kubernetes_pod_container_port_name]
regex: (.+);(.+)
target_label: instance
replacement: $1:$2
action: replace
- source_labels: [__meta_kubernetes_pod_container_port_name]
regex: metrics
action: keep
frontend.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
spec:
replicas: 2
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
automountServiceAccountToken: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: frontend
image: gke.gcr.io/prometheus-engine/frontend:v0.8.0-gke.4
args:
- "--web.listen-address=:9090"
- "--query.project-id=$PROJECT_ID"
ports:
- name: web
containerPort: 9090
readinessProbe:
httpGet:
path: /-/ready
port: web
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
livenessProbe:
httpGet:
path: /-/healthy
port: web
---
apiVersion: v1
kind: Service
metadata:
name: frontend
spec:
clusterIP: None
selector:
app: frontend
ports:
- name: web
port: 9090
grafana.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: grafana
image: grafana/grafana:10.2.4
ports:
- name: web
containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: grafana
spec:
clusterIP: None
selector:
app: grafana
ports:
- name: web
port: 3000
datasource-syncer.yaml
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Source: datasource-syncer/templates/job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: datasource-syncer-init
spec:
ttlSecondsAfterFinished: 60
template:
metadata:
labels:
app: datasource-syncer-init
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: datasource-syncer-init
image: gcr.io/gke-release/prometheus-engine/datasource-syncer:v0.13.0-gke.6
args:
- "--datasource-uids=$DATASOURCE_UIDS"
- "--grafana-api-endpoint=$GRAFANA_API_ENDPOINT"
- "--grafana-api-token=$GRAFANA_API_TOKEN"
- "--project-id=$PROJECT_ID"
restartPolicy: Never
---
# Source: datasource-syncer/templates/cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: datasource-syncer
spec:
schedule: "*/30 * * * *" # Run once every 30 minutes, must run at least once an hour.
jobTemplate:
spec:
template:
metadata:
labels:
app: datasource-syncer
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: datasource-syncer
image: gcr.io/gke-release/prometheus-engine/datasource-syncer:v0.13.0-gke.6
args:
- "--datasource-uids=$DATASOURCE_UIDS"
- "--grafana-api-endpoint=$GRAFANA_API_ENDPOINT"
- "--grafana-api-token=$GRAFANA_API_TOKEN"
- "--project-id=$PROJECT_ID"
restartPolicy: Never
rule-evaluator.yaml
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Source: rule-evaluator/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: rule-evaluator
---
# Source: rule-evaluator/templates/configmaps.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: rule-evaluator
labels:
app.kubernetes.io/name: rule-evaluator
data:
config.yaml: |
global:
external_labels: {}
evaluation_interval: 60s
rule_files:
- "/etc/rules/*.yaml"
---
# Source: rule-evaluator/templates/configmaps.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: rules
labels:
app.kubernetes.io/name: rule-evaluator
data:
rules.yaml: |
groups:
- name: example
interval: 10s
rules:
- record: job:up:sum
expr: sum without(instance) (up)
- alert: AlwaysFiring
expr: vector(1)
---
# Source: rule-evaluator/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rule-evaluator
rules:
- resources:
- endpoints
- nodes
- nodes/metrics
- pods
- services
apiGroups: [""]
verbs: ["get", "list", "watch"]
- resources:
- configmaps
apiGroups: [""]
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
# Source: rule-evaluator/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rule-evaluator
roleRef:
name: rule-evaluator
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- name: rule-evaluator
namespace: default
kind: ServiceAccount
---
# Source: rule-evaluator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: rule-evaluator
labels:
app.kubernetes.io/name: rule-evaluator
spec:
selector:
matchLabels:
app.kubernetes.io/name: rule-evaluator
template:
metadata:
labels:
app.kubernetes.io/name: rule-evaluator
app.kubernetes.io/version: 0.13.0
spec:
serviceAccountName: rule-evaluator
automountServiceAccountToken: true
initContainers:
- name: config-init
image: gke.gcr.io/gke-distroless/bash:gke_distroless_20240807.00_p0
command: ['/bin/bash', '-c', 'touch /prometheus/config_out/config.yaml']
volumeMounts:
- name: config-out
mountPath: /prometheus/config_out
containers:
- name: config-reloader
image: gke.gcr.io/prometheus-engine/config-reloader:v0.13.0-gke.6
args:
- --config-file=/prometheus/config/config.yaml
- --config-file-output=/prometheus/config_out/config.yaml
- --config-dir=/etc/rules
- --config-dir-output=/prometheus/rules_out
- --reload-url=http://127.0.0.1:9092/-/reload
- --ready-url=http://127.0.0.1:9092/-/ready
- --listen-address=:9093
ports:
- name: cfg-rel-metrics
protocol: TCP
containerPort: 9093
resources:
limits:
memory: 32M
requests:
cpu: 1m
memory: 4M
volumeMounts:
- name: config
readOnly: true
mountPath: /prometheus/config
- name: config-out
mountPath: /prometheus/config_out
- name: rules
readOnly: true
mountPath: /etc/rules
- name: rules-out
mountPath: /prometheus/rules_out
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
- name: evaluator
image: gke.gcr.io/prometheus-engine/rule-evaluator:v0.13.0-gke.6
args:
- "--config.file=/prometheus/config_out/config.yaml"
- "--web.listen-address=:9092"
ports:
- name: r-eval-metrics
containerPort: 9092
resources:
limits:
memory: 1G
requests:
cpu: 1m
memory: 16M
volumeMounts:
- name: config-out
readOnly: true
mountPath: /prometheus/config_out
- name: rules-out
readOnly: true
mountPath: /etc/rules
livenessProbe:
httpGet:
port: r-eval-metrics
path: /-/healthy
readinessProbe:
httpGet:
port: r-eval-metrics
path: /-/ready
# Readiness attempts a query round-trip so we need a more generous timeout.
timeoutSeconds: 5
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
volumes:
- name: config
configMap:
name: rule-evaluator
- name: config-out
emptyDir: {}
- name: rules
configMap:
name: rules
- name: rules-out
emptyDir: {}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
- amd64
- key: kubernetes.io/os
operator: In
values:
- linux
tolerations:
- value: "amd64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
- value: "arm64"
effect: "NoSchedule"
key: "kubernetes.io/arch"
operator: "Equal"
securityContext:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
rules.yaml
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: monitoring.googleapis.com/v1
kind: Rules
metadata:
name: example-rules
labels:
app.kubernetes.io/name: example-rules
app.kubernetes.io/part-of: google-cloud-managed-prometheus
spec:
groups:
- name: example
interval: 30s
rules:
- record: job:up:sum
expr: sum without(instance) (up)
- alert: AlwaysFiring
expr: vector(1)
delete_metric_descriptors.go
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package main
import (
"bufio"
"context"
"flag"
"fmt"
"log"
"os"
"regexp"
"strings"
"time"
"unicode"
monitoring "cloud.google.com/go/monitoring/apiv3/v2"
"cloud.google.com/go/monitoring/apiv3/v2/monitoringpb"
"google.golang.org/api/iterator"
"google.golang.org/api/option"
)
/*
This script deletes metric descriptors from the given projects (-projects flag),
matching the given metric type (descriptor name) regex expression (-metric_type_regex flag).
Metrics to delete will be first printed and then awaiting interactive confirmation,
before the actual removal. Dry run option also exists.
WARNING: All underlying time series behind each descriptor (potentially years
of data) will be irreversibly removed once confirmed.
Example run:
1. Setup Application Default Credentials (ADC) (https://cloud.google.com/docs/authentication/provide-credentials-adc)
if you haven't yet:
1a. Make sure the account behind the ADC for chosen projects has Monitoring Editor or Monitoring Admin permissions: https://cloud.google.com/monitoring/access-control#monitoring-perms
1b. Acquire Application Default Credentials in your environment using gcloud:
gcloud auth application-default login
2. Run Go script (from the same directory as the script):
go run delete_metric_descriptors.go -projects projects/<your-project> -metric_type_regex "<your matching expression>"
See go run delete_metric_descriptors.go -help for all options.
*/
var (
cloudMonitoringEndpoint = flag.String("address", "monitoring.googleapis.com:443", "address of monitoring API")
projectNames = flag.String("projects", "", "required: comma-separated project IDs of the projects on which to execute the requests. Name format is as defined in https://cloud.google.com/monitoring/api/ref_v3/rpc/google.monitoring.v3#listmetricdescriptorsrequesttarget, e.g. projects/test-project,projects/test-project2")
metricTypeRegex = flag.String("metric_type_regex", "", "required: RE2 regex expression matching metric.type (anchored), so metric descriptor names to delete. Guarded with the interactive 'y' confirmation. See --dry_run to only print those")
dryRun = flag.Bool("dry_run", false, "whether to dry run or not")
serviceAccountEnvVar = flag.String("sa-envvar", "", "optional environment variable containing Google Service Account JSON, without it application-default flow will be used.")
)
func deleteDescriptors(endpoint string, projects []string, re *regexp.Regexp, saEnvVar string, dryRun bool) error {
ctx := context.Background()
// Recommended way is to use auth from your environment. Use `gcloud auth application-default login` to set it up.
client, err := monitoring.NewMetricClient(ctx, func() []option.ClientOption {
// Optional, service account JSON in environment variable.
if saEnvVar != "" {
return []option.ClientOption{
option.WithEndpoint(endpoint),
option.WithCredentialsJSON([]byte(os.Getenv(saEnvVar))),
}
}
return []option.ClientOption{option.WithEndpoint(endpoint)}
}()...)
if err != nil {
return fmt.Errorf("failed to build client for %s: %w", endpoint, err)
}
defer client.Close()
// Find descriptors to delete.
descsToDelete := map[string][]string{}
toDelete := 0
checked := 0
for _, p := range projects {
it := client.ListMetricDescriptors(ctx, &monitoringpb.ListMetricDescriptorsRequest{Name: p})
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
return fmt.Errorf("ListMetricDescriptors iteration: %w", err)
}
checked++
if !re.MatchString(resp.Type) {
continue
}
descsToDelete[p] = append(descsToDelete[p], resp.Type)
toDelete++
}
}
// Print and perform interactive safety check.
{
for p, descs := range descsToDelete {
fmt.Println()
fmt.Printf("For project %v:\n", p)
fmt.Println(descs)
}
fmt.Printf("After checking %v descriptors, found %v to delete across %v project(s)\n", checked, toDelete, len(projects))
fmt.Println()
}
if toDelete == 0 {
fmt.Println("nothing to do, job done!")
return nil
}
if dryRun {
fmt.Println("-dry_run selected, job done!")
return nil
}
if !confirmDelete() {
fmt.Println("Deletion not confirmed, exiting")
return nil
}
// Delete.
deleted := 0
for p, descs := range descsToDelete {
for _, d := range descs {
if err := client.DeleteMetricDescriptor(ctx,
&monitoringpb.DeleteMetricDescriptorRequest{
Name: fmt.Sprintf("%s/metricDescriptors/%s", p, d),
}); err != nil {
return fmt.Errorf("DeleteMetricDescriptor delete: %w", err)
}
deleted++
fmt.Printf("%s deleted\n", d)
if deleted%1000 == 0 {
fmt.Println("Sleeping 1 second to avoid quota issues...")
time.Sleep(1 * time.Second)
}
}
}
fmt.Printf("Deleted %v descriptors, job done!\n", deleted)
return nil
}
func confirmDelete() bool {
fmt.Printf("Are you sure you want to delete the above metric descriptors?\n" +
"WARNING: All underlying time series (potentially years of data) will be irreversibly removed! (y/N): ")
r, _, err := bufio.NewReader(os.Stdin).ReadRune()
if err != nil {
log.Fatalln(err)
}
switch unicode.ToLower(r) {
case 'y':
return true
default:
return false
}
}
func main() {
flag.Parse()
if *projectNames == "" {
fmt.Println("-projects flag is required")
flag.Usage()
os.Exit(1)
}
if *metricTypeRegex == "" {
fmt.Println("-metric_type_regex flag is required")
flag.Usage()
os.Exit(1)
}
// Anchor it to avoid further surprises.
reExpr := fmt.Sprintf("^%s$", *metricTypeRegex)
re, err := regexp.Compile(reExpr)
if err != nil {
log.Fatalf("error while compiling RE2 %v expression: %v", *metricTypeRegex, err)
}
// Run command.
if err := deleteDescriptors(
*cloudMonitoringEndpoint,
strings.Split(*projectNames, ","),
re,
*serviceAccountEnvVar,
*dryRun,
); err != nil {
log.Fatalf("command failed: %v", err)
}
}