diff --git a/app-of-apps/kube-state-metrics.yaml b/app-of-apps/kube-state-metrics.yaml new file mode 100644 index 0000000..b913dcf --- /dev/null +++ b/app-of-apps/kube-state-metrics.yaml @@ -0,0 +1,16 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kube-state-metrics + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + #namespace: kube-state-metrics + server: https://kubernetes.default.svc + project: default + source: + path: kube-state-metrics + repoURL: http://gitea.gitea.svc.k8s.undercloud.local:3000/Undercloud/k8s-apps.git + targetRevision: HEAD \ No newline at end of file diff --git a/kube-state-metrics/kube-state-metrics.yaml b/kube-state-metrics/kube-state-metrics.yaml new file mode 100644 index 0000000..f61fe46 --- /dev/null +++ b/kube-state-metrics/kube-state-metrics.yaml @@ -0,0 +1,182 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-state-metrics + namespace: kube-system + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/component: exporter +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-state-metrics + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/component: exporter +rules: + - apiGroups: [""] + resources: + - configmaps + - secrets + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: ["list", "watch"] + - apiGroups: ["apps"] + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: ["list", "watch"] + - apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: ["list", "watch"] + - apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] + - apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] + - apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] + - apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + - volumeattachments + - csinodes + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: ["list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + - ingressclasses + - ingresses + verbs: ["list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: + - leases + verbs: ["list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-state-metrics + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/component: exporter +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: + - kind: ServiceAccount + name: kube-state-metrics + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-state-metrics + namespace: kube-system + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/component: exporter + app.kubernetes.io/version: "2.18.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + template: + metadata: + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/component: exporter + app.kubernetes.io/version: "2.18.0" + spec: + serviceAccountName: kube-state-metrics + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + containers: + - name: kube-state-metrics + image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.18.0 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + - name: telemetry + containerPort: 8081 + livenessProbe: + httpGet: + path: /livez + port: http + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readyz + port: telemetry + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + memory: 256Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: kube-state-metrics + namespace: kube-system + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/component: exporter +spec: + selector: + app.kubernetes.io/name: kube-state-metrics + ports: + - name: http + port: 8080 + targetPort: http + - name: telemetry + port: 8081 + targetPort: telemetry \ No newline at end of file diff --git a/victoria-monitoring/scrape-k8s-control-plane.yaml b/victoria-monitoring/scrape-k8s-control-plane.yaml index a66982a..c15d273 100644 --- a/victoria-monitoring/scrape-k8s-control-plane.yaml +++ b/victoria-monitoring/scrape-k8s-control-plane.yaml @@ -98,19 +98,19 @@ spec: insecureSkipVerify: true --- -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMStaticScrape -metadata: - name: etcd - namespace: vm -spec: - jobName: etcd - targetEndpoints: - - targets: - - "[2001:470:7116:2::91]:2381" - - "[2001:470:7116:2::92]:2381" - - "[2001:470:7116:2::93]:2381" - path: /metrics - scheme: http - interval: 30s - scrapeTimeout: 10s \ No newline at end of file +#apiVersion: operator.victoriametrics.com/v1beta1 +#kind: VMStaticScrape +#metadata: +# name: etcd +# namespace: vm +#spec: +# jobName: etcd +# targetEndpoints: +# - targets: +# - "[2001:470:7116:2::91]:2381" +# - "[2001:470:7116:2::92]:2381" +# - "[2001:470:7116:2::93]:2381" +# path: /metrics +# scheme: http +# interval: 30s +# scrapeTimeout: 10s \ No newline at end of file