mirror of
https://github.com/puppetmaster/typhoon.git
synced 2025-07-31 02:01:38 +02:00
Update Prometheus discovery of kube components
* Kubernetes v1.22.0 disabled kube-controller-manager insecure port, which was used internally for Prometheus metrics scraping * Configure Prometheus to discover and scrape endpoints for kube-scheduler and kube-controller-manager via the authenticated https ports, via bearer token * Change firewall ports to allow Prometheus (on worker nodes) to scrape kube-scheduler and kube-controller-manager targets that run on controller(s) with hostNetwork * Disable the insecure port on kube-scheduler
This commit is contained in:
Dalton Hubble
@ -72,6 +72,48 @@ data:
|
||||
regex: apiserver_request_duration_seconds_count;.+
|
||||
action: drop
|
||||
|
||||
# Scrape config for kube-controller-manager endpoints.
|
||||
#
|
||||
# kube-controller-manager service endpoints can be discovered by using the
|
||||
# `endpoints` role and relabelling to only keep only endpoints associated with
|
||||
# kube-system/kube-controller-manager and the `https` port.
|
||||
- job_name: 'kube-controller-manager'
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
|
||||
action: keep
|
||||
regex: kube-system;kube-controller-manager;metrics
|
||||
- replacement: kube-controller-manager
|
||||
action: replace
|
||||
target_label: job
|
||||
|
||||
# Scrape config for kube-scheduler endpoints.
|
||||
#
|
||||
# kube-scheduler service endpoints can be discovered by using the `endpoints`
|
||||
# role and relabelling to only keep only endpoints associated with
|
||||
# kube-system/kube-scheduler and the `https` port.
|
||||
- job_name: 'kube-scheduler'
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecure_skip_verify: true
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
|
||||
action: keep
|
||||
regex: kube-system;kube-scheduler;metrics
|
||||
- replacement: kube-scheduler
|
||||
action: replace
|
||||
target_label: job
|
||||
|
||||
# Scrape config for node (i.e. kubelet) /metrics (e.g. 'kubelet_'). Explore
|
||||
# metrics from a node by scraping kubelet (127.0.0.1:10250/metrics).
|
||||
- job_name: 'kubelet'
|
||||
|
||||
Reference in New Issue
Block a user