├── examples ├── etcd-client-ca.crt ├── etcd-client.crt ├── etcd-client.key ├── auth ├── jsonnet-snippets │ ├── node-ports.jsonnet │ └── platform.jsonnet ├── example-app │ ├── prometheus-frontend-service-account.yaml │ ├── prometheus-frontend-alertmanager-discovery-role.yaml │ ├── prometheus-frontend-svc.yaml │ ├── prometheus-frontend-role-binding.yaml │ ├── prometheus-frontend-role.yaml │ ├── prometheus-frontend-alertmanager-discovery-role-binding.yaml │ ├── servicemonitor-frontend.yaml │ ├── prometheus-frontend.yaml │ └── example-app.yaml ├── basic-auth │ ├── secrets.yaml │ └── service-monitor.yaml ├── existingrule.json ├── alertmanager-config-external.jsonnet ├── existingrule.yaml ├── tolerations.libsonnet ├── rule-patches.libsonnet ├── alertmanager-config.jsonnet ├── grafana-only-dashboards.jsonnet ├── continuous-delivery │ └── argocd │ │ ├── application.yaml │ │ ├── appproject.yaml │ │ └── README.md ├── alertmanager-config-with-template.yaml ├── jsonnet-build-snippet │ └── build-snippet.jsonnet ├── networkpolicies-disabled.jsonnet ├── strip-limits.jsonnet ├── anti-affinity.jsonnet ├── grafana-ldap.jsonnet ├── sync-to-internal-registry.jsonnet ├── additional-namespaces.jsonnet ├── alertmanager-config.yaml ├── all-namespaces.jsonnet ├── internal-registry.jsonnet ├── grafana-additional-rendered-dashboard-example-2.jsonnet ├── kubeProxy.jsonnet ├── grafana-additional-rendered-dashboard-example.jsonnet ├── alertmanager-config-template-external.jsonnet ├── etcd-skip-verify.jsonnet ├── kustomize.jsonnet ├── alertmanager-alert-template.tmpl ├── eks-cni-example.jsonnet ├── prometheus-additional-rendered-rule-example.jsonnet ├── mixin-inclusion.jsonnet ├── thanos-sidecar.jsonnet ├── additional-namespaces-servicemonitor.jsonnet ├── pod-security-policies.jsonnet ├── prometheus-additional-recording-rule-example.jsonnet ├── drop-dashboards.jsonnet ├── windows.jsonnet ├── prometheus-additional-alert-rule-example.jsonnet ├── weave-net-example.jsonnet ├── windows-hostprocess.jsonnet ├── grafana-additional-jsonnet-dashboard-example.jsonnet ├── name-namespace-overrides.jsonnet ├── rule-patcher.jsonnet └── prometheus-agent.jsonnet ├── .github ├── env ├── CODEOWNERS ├── dependabot.yml ├── ISSUE_TEMPLATE │ ├── feature.md │ ├── support.md │ └── bug.md ├── workflows │ ├── action-lint.yaml │ └── stale.yaml └── PULL_REQUEST_TEMPLATE.md ├── jsonnet └── kube-prometheus │ ├── .gitignore │ ├── platforms │ ├── kubespray.libsonnet │ ├── gke.libsonnet │ ├── README.md │ ├── eks.libsonnet │ ├── kops-coredns.libsonnet │ ├── aks.libsonnet │ ├── kubeadm.libsonnet │ ├── aws.libsonnet │ ├── bootkube.libsonnet │ ├── kops.libsonnet │ └── platforms.libsonnet │ ├── components │ └── mixin │ │ ├── alerts │ │ ├── alerts.libsonnet │ │ └── node.libsonnet │ │ ├── rules │ │ ├── rules.libsonnet │ │ ├── general.libsonnet │ │ └── node-rules.libsonnet │ │ └── custom.libsonnet │ ├── lib │ ├── utils.libsonnet │ └── mixin.libsonnet │ ├── versions.json │ └── addons │ ├── node-ports.libsonnet │ ├── networkpolicies-disabled.libsonnet │ ├── managed-cluster.libsonnet │ ├── all-namespaces.libsonnet │ ├── config-mixins.libsonnet │ ├── ksm-lite.libsonnet │ ├── strip-limits.libsonnet │ ├── insecure-kubelet.libsonnet │ ├── user-facing-roles.libsonnet │ ├── weave-net │ └── weave-net.libsonnet │ └── windows.libsonnet ├── developer-workspace ├── gitpod │ ├── scp.sh │ ├── ssh.sh │ ├── qemu.sh │ ├── prepare-k3s.sh │ └── prepare-rootfs.sh ├── common │ └── deploy-kube-prometheus.sh ├── codespaces │ └── prepare-kind.sh └── README.md ├── experimental └── metrics-server │ ├── metrics-server-service-account.yaml │ ├── metrics-server-service.yaml │ ├── auth-delegator.yaml │ ├── metrics-apiservice.yaml │ ├── metrics-server-cluster-role-binding.yaml │ ├── auth-reader.yaml │ ├── metrics-server-cluster-role.yaml │ └── metrics-server-deployment.yaml ├── .gitignore ├── manifests ├── setup │ └── namespace.yaml ├── grafana-serviceAccount.yaml ├── nodeExporter-serviceAccount.yaml ├── blackboxExporter-serviceAccount.yaml ├── kubeStateMetrics-serviceAccount.yaml ├── prometheusAdapter-serviceAccount.yaml ├── prometheusOperator-serviceAccount.yaml ├── prometheus-serviceAccount.yaml ├── grafana-config.yaml ├── alertmanager-serviceAccount.yaml ├── grafana-serviceMonitor.yaml ├── prometheusAdapter-clusterRoleServerResources.yaml ├── prometheus-roleConfig.yaml ├── prometheusAdapter-clusterRole.yaml ├── nodeExporter-clusterRoleBinding.yaml ├── grafana-service.yaml ├── blackboxExporter-clusterRoleBinding.yaml ├── prometheus-clusterRole.yaml ├── kubeStateMetrics-clusterRoleBinding.yaml ├── nodeExporter-clusterRole.yaml ├── prometheusAdapter-clusterRoleBinding.yaml ├── prometheusOperator-clusterRoleBinding.yaml ├── prometheus-clusterRoleBinding.yaml ├── prometheusAdapter-apiService.yaml ├── blackboxExporter-clusterRole.yaml ├── nodeExporter-service.yaml ├── prometheusAdapter-service.yaml ├── prometheusAdapter-clusterRoleBindingDelegator.yaml ├── prometheusAdapter-podDisruptionBudget.yaml ├── prometheus-roleBindingConfig.yaml ├── prometheusOperator-service.yaml ├── prometheusAdapter-roleBindingAuthReader.yaml ├── prometheus-podDisruptionBudget.yaml ├── blackboxExporter-service.yaml ├── alertmanager-podDisruptionBudget.yaml ├── prometheusAdapter-networkPolicy.yaml ├── kubeStateMetrics-service.yaml ├── prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml ├── prometheus-serviceMonitor.yaml ├── alertmanager-serviceMonitor.yaml ├── prometheus-service.yaml ├── alertmanager-service.yaml ├── kubernetesControlPlane-serviceMonitorCoreDNS.yaml ├── grafana-dashboardSources.yaml ├── grafana-networkPolicy.yaml ├── blackboxExporter-serviceMonitor.yaml ├── grafana-dashboardDatasources.yaml ├── nodeExporter-networkPolicy.yaml ├── prometheusOperator-networkPolicy.yaml ├── prometheusOperator-serviceMonitor.yaml ├── blackboxExporter-networkPolicy.yaml ├── kubeStateMetrics-networkPolicy.yaml ├── nodeExporter-serviceMonitor.yaml ├── prometheusAdapter-serviceMonitor.yaml ├── kubernetesControlPlane-serviceMonitorKubeScheduler.yaml ├── alertmanager-alertmanager.yaml ├── alertmanager-networkPolicy.yaml ├── prometheus-networkPolicy.yaml ├── kubeStateMetrics-serviceMonitor.yaml ├── grafana-prometheusRule.yaml ├── prometheus-prometheus.yaml ├── blackboxExporter-configuration.yaml ├── alertmanager-secret.yaml ├── prometheus-roleBindingSpecificNamespaces.yaml └── prometheusAdapter-configMap.yaml ├── tests └── e2e │ └── kind │ ├── patches │ └── kube-controller-manager.yaml │ ├── kubernetesControlPlane-kubeSchedulerPrometheusDiscoveryService.yaml │ ├── kubernetesControlPlane-kubeControllerManagerPrometheusDiscoveryService.yaml │ └── config.yml ├── scripts ├── monitoring-deploy.sh ├── generate-schemas.sh ├── minikube-start.sh ├── minikube-start-kvm.sh ├── tools.go ├── test.sh └── get-new-changelogs.sh ├── docs ├── customizations │ ├── node-ports.md │ ├── platform-specific.md │ ├── strip-limits.md │ ├── alertmanager-configuration.md │ ├── pod-anti-affinity.md │ ├── monitoring-all-namespaces.md │ └── using-custom-container-registry.md ├── deploy-kind.md ├── GKE-cadvisor-support.md ├── update.md ├── endpoints-migration.md ├── access-ui.md ├── security.md ├── EKS-cni-support.md └── windows.md ├── jsonnetfile.json ├── .mdox.validate.yaml ├── .gitpod.yml ├── code-of-conduct.md ├── kubescape-exceptions.json ├── go.mod └── example.jsonnet /examples/etcd-client-ca.crt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /examples/etcd-client.crt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /examples/etcd-client.key: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.github/env: -------------------------------------------------------------------------------- 1 | kind-version=v0.31.0 2 | golang-version=1.25 3 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @prometheus-operator/kube-prometheus-reviewers 2 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/.gitignore: -------------------------------------------------------------------------------- 1 | jsonnetfile.lock.json 2 | vendor/ 3 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/kubespray.libsonnet: -------------------------------------------------------------------------------- 1 | (import './kubeadm.libsonnet') 2 | -------------------------------------------------------------------------------- /developer-workspace/gitpod/scp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sshpass -p 'root' scp -o StrictHostKeychecking=no -P 2222 $@ -------------------------------------------------------------------------------- /examples/auth: -------------------------------------------------------------------------------- 1 | # This file should not ever be used, it's just a mock. 2 | dontusethis:$apr1$heg6VIp7$1PSzJ/Z6fYboQ5pYrbgSy. 3 | -------------------------------------------------------------------------------- /developer-workspace/gitpod/ssh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sshpass -p 'root' ssh -o StrictHostKeychecking=no -p 2222 root@127.0.0.1 "$@" -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/components/mixin/alerts/alerts.libsonnet: -------------------------------------------------------------------------------- 1 | (import 'general.libsonnet') + 2 | (import 'node.libsonnet') 3 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/components/mixin/rules/rules.libsonnet: -------------------------------------------------------------------------------- 1 | (import 'node-rules.libsonnet') + 2 | (import 'general.libsonnet') 3 | -------------------------------------------------------------------------------- /examples/jsonnet-snippets/node-ports.jsonnet: -------------------------------------------------------------------------------- 1 | (import 'kube-prometheus/main.libsonnet') + 2 | (import 'kube-prometheus/addons/node-ports.libsonnet') 3 | -------------------------------------------------------------------------------- /examples/example-app/prometheus-frontend-service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: prometheus-frontend 5 | namespace: default 6 | -------------------------------------------------------------------------------- /experimental/metrics-server/metrics-server-service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: metrics-server 5 | namespace: kube-system 6 | -------------------------------------------------------------------------------- /examples/basic-auth/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: basic-auth 5 | data: 6 | password: dG9vcg== # toor 7 | user: YWRtaW4= # admin 8 | type: Opaque -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | tmp/ 2 | minikube-manifests/ 3 | vendor/ 4 | ./auth 5 | .swp 6 | crdschemas/ 7 | .mdoxcache 8 | 9 | developer-workspace/gitpod/_output 10 | developer-workspace/codespaces/kind 11 | -------------------------------------------------------------------------------- /examples/jsonnet-snippets/platform.jsonnet: -------------------------------------------------------------------------------- 1 | (import 'kube-prometheus/main.libsonnet') + 2 | { 3 | values+:: { 4 | common+: { 5 | platform: 'example-platform', 6 | }, 7 | }, 8 | } 9 | -------------------------------------------------------------------------------- /examples/existingrule.json: -------------------------------------------------------------------------------- 1 | {"groups":[{"name":"example-group","rules":[{"alert":"ExampleAlert","annotations":{"description":"This is an example alert."},"expr":"vector(1)","labels":{"severity":"warning"}}]}]} -------------------------------------------------------------------------------- /manifests/setup/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | pod-security.kubernetes.io/warn: privileged 6 | pod-security.kubernetes.io/warn-version: latest 7 | name: monitoring 8 | -------------------------------------------------------------------------------- /examples/alertmanager-config-external.jsonnet: -------------------------------------------------------------------------------- 1 | ((import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | alertmanager+: { 4 | config: importstr 'alertmanager-config.yaml', 5 | }, 6 | }, 7 | }).alertmanager.secret 8 | -------------------------------------------------------------------------------- /examples/existingrule.yaml: -------------------------------------------------------------------------------- 1 | groups: 2 | - name: example-group 3 | rules: 4 | - alert: ExampleAlert 5 | expr: vector(1) 6 | labels: 7 | severity: "warning" 8 | annotations: 9 | description: This is an example alert. 10 | -------------------------------------------------------------------------------- /tests/e2e/kind/patches/kube-controller-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kube-controller-manager 5 | namespace: kube-system 6 | spec: 7 | containers: 8 | - name: kube-controller-manager 9 | resources: 10 | requests: 11 | cpu: 1m 12 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/gke.libsonnet: -------------------------------------------------------------------------------- 1 | (import '../addons/managed-cluster.libsonnet') + { 2 | values+:: { 3 | prometheusAdapter+: { 4 | config+: { 5 | resourceRules:: null, 6 | }, 7 | }, 8 | }, 9 | 10 | prometheusAdapter+:: { 11 | apiService:: null, 12 | }, 13 | } 14 | -------------------------------------------------------------------------------- /scripts/monitoring-deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # create namespace and CRDs 4 | kubectl create -f manifests/setup 5 | 6 | # wait for CRD creation to complete 7 | until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done 8 | 9 | # create monitoring components 10 | kubectl create -f manifests/ 11 | 12 | -------------------------------------------------------------------------------- /examples/example-app/prometheus-frontend-alertmanager-discovery-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: alertmanager-discovery 5 | namespace: monitoring 6 | rules: 7 | - apiGroups: [""] 8 | resources: 9 | - services 10 | - endpoints 11 | - pods 12 | verbs: ["list", "watch"] 13 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/lib/utils.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | // rangeInterval takes a scrape interval and convert its to a range interval 3 | // following Prometheus rule of thumb for rate() and irate(). 4 | rangeInterval(i='1m'): 5 | local interval = std.parseInt(std.substr(i, 0, std.length(i) - 1)); 6 | interval * 4 + i[std.length(i) - 1], 7 | } 8 | -------------------------------------------------------------------------------- /examples/example-app/prometheus-frontend-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: prometheus-frontend 5 | namespace: default 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: web 10 | nodePort: 30100 11 | port: 9090 12 | protocol: TCP 13 | targetPort: web 14 | selector: 15 | prometheus: frontend 16 | -------------------------------------------------------------------------------- /experimental/metrics-server/metrics-server-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: metrics-server 5 | namespace: kube-system 6 | labels: 7 | kubernetes.io/name: "Metrics-server" 8 | spec: 9 | selector: 10 | k8s-app: metrics-server 11 | ports: 12 | - port: 443 13 | protocol: TCP 14 | targetPort: 443 15 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: gomod 4 | directory: / 5 | schedule: 6 | interval: daily 7 | 8 | - package-ecosystem: gomod 9 | directory: /scripts/ 10 | schedule: 11 | interval: daily 12 | 13 | - package-ecosystem: github-actions 14 | directory: / 15 | schedule: 16 | interval: daily 17 | -------------------------------------------------------------------------------- /docs/customizations/node-ports.md: -------------------------------------------------------------------------------- 1 | ### NodePorts 2 | 3 | Another mixin that may be useful for exploring the stack is to expose the UIs of Prometheus, Alertmanager and Grafana on NodePorts: 4 | 5 | ```jsonnet mdox-exec="cat examples/jsonnet-snippets/node-ports.jsonnet" 6 | (import 'kube-prometheus/main.libsonnet') + 7 | (import 'kube-prometheus/addons/node-ports.libsonnet') 8 | ``` 9 | -------------------------------------------------------------------------------- /manifests/grafana-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: grafana 7 | app.kubernetes.io/name: grafana 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 12.3.1 10 | name: grafana 11 | namespace: monitoring 12 | -------------------------------------------------------------------------------- /scripts/generate-schemas.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DIR="crdschemas" 4 | 5 | # Go to git repository root 6 | cd ./$(git rev-parse --show-cdup) 7 | 8 | rm -rf "$DIR" 9 | mkdir "$DIR" 10 | 11 | for crd in vendor/prometheus-operator/*-crd.json; do 12 | jq '.spec.versions[0].schema.openAPIV3Schema' < "$crd" > "$DIR/$(basename "$crd" | sed 's/s-crd//;s/prometheuse/prometheus/')" 13 | done 14 | -------------------------------------------------------------------------------- /experimental/metrics-server/auth-delegator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: metrics-server:system:auth-delegator 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: system:auth-delegator 9 | subjects: 10 | - kind: ServiceAccount 11 | name: metrics-server 12 | namespace: kube-system 13 | -------------------------------------------------------------------------------- /manifests/nodeExporter-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: exporter 7 | app.kubernetes.io/name: node-exporter 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 1.10.2 10 | name: node-exporter 11 | namespace: monitoring 12 | -------------------------------------------------------------------------------- /examples/example-app/prometheus-frontend-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: prometheus-frontend 5 | namespace: default 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: prometheus-frontend 10 | subjects: 11 | - kind: ServiceAccount 12 | name: prometheus-frontend 13 | namespace: default 14 | -------------------------------------------------------------------------------- /experimental/metrics-server/metrics-apiservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1beta1 2 | kind: APIService 3 | metadata: 4 | name: v1beta1.metrics.k8s.io 5 | spec: 6 | service: 7 | name: metrics-server 8 | namespace: kube-system 9 | group: metrics.k8s.io 10 | version: v1beta1 11 | insecureSkipTLSVerify: true 12 | groupPriorityMinimum: 100 13 | versionPriority: 100 14 | -------------------------------------------------------------------------------- /experimental/metrics-server/metrics-server-cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: system:metrics-server 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: system:metrics-server 9 | subjects: 10 | - kind: ServiceAccount 11 | name: metrics-server 12 | namespace: kube-system 13 | -------------------------------------------------------------------------------- /manifests/blackboxExporter-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: exporter 7 | app.kubernetes.io/name: blackbox-exporter 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.28.0 10 | name: blackbox-exporter 11 | namespace: monitoring 12 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/versions.json: -------------------------------------------------------------------------------- 1 | { 2 | "alertmanager": "0.30.0", 3 | "blackboxExporter": "0.28.0", 4 | "grafana": "12.3.1", 5 | "kubeStateMetrics": "2.17.0", 6 | "nodeExporter": "1.10.2", 7 | "prometheus": "3.8.1", 8 | "prometheusAdapter": "0.12.0", 9 | "prometheusOperator": "0.87.1", 10 | "kubeRbacProxy": "0.20.1", 11 | "configmapReload": "0.15.0", 12 | "pyrra": "0.9.2" 13 | } 14 | -------------------------------------------------------------------------------- /manifests/kubeStateMetrics-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: exporter 7 | app.kubernetes.io/name: kube-state-metrics 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 2.17.0 10 | name: kube-state-metrics 11 | namespace: monitoring 12 | -------------------------------------------------------------------------------- /examples/example-app/prometheus-frontend-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: prometheus-frontend 5 | namespace: default 6 | rules: 7 | - apiGroups: [""] 8 | resources: 9 | - nodes 10 | - services 11 | - endpoints 12 | - pods 13 | verbs: ["get", "list", "watch"] 14 | - apiGroups: [""] 15 | resources: 16 | - configmaps 17 | verbs: ["get"] 18 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: metrics-adapter 7 | app.kubernetes.io/name: prometheus-adapter 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.12.0 10 | name: prometheus-adapter 11 | namespace: monitoring 12 | -------------------------------------------------------------------------------- /manifests/prometheusOperator-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: controller 7 | app.kubernetes.io/name: prometheus-operator 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.87.1 10 | name: prometheus-operator 11 | namespace: monitoring 12 | -------------------------------------------------------------------------------- /experimental/metrics-server/auth-reader.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: metrics-server-auth-reader 5 | namespace: kube-system 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: extension-apiserver-authentication-reader 10 | subjects: 11 | - kind: ServiceAccount 12 | name: metrics-server 13 | namespace: kube-system 14 | -------------------------------------------------------------------------------- /examples/example-app/prometheus-frontend-alertmanager-discovery-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: prometheus-frontend 5 | namespace: monitoring 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: alertmanager-discovery 10 | subjects: 11 | - kind: ServiceAccount 12 | name: prometheus-frontend 13 | namespace: default 14 | -------------------------------------------------------------------------------- /manifests/prometheus-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: true 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: prometheus 7 | app.kubernetes.io/instance: k8s 8 | app.kubernetes.io/name: prometheus 9 | app.kubernetes.io/part-of: kube-prometheus 10 | app.kubernetes.io/version: 3.8.1 11 | name: prometheus-k8s 12 | namespace: monitoring 13 | -------------------------------------------------------------------------------- /manifests/grafana-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: grafana 6 | app.kubernetes.io/name: grafana 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 12.3.1 9 | name: grafana-config 10 | namespace: monitoring 11 | stringData: 12 | grafana.ini: | 13 | [date_formats] 14 | default_timezone = UTC 15 | type: Opaque 16 | -------------------------------------------------------------------------------- /manifests/alertmanager-serviceAccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: alert-router 7 | app.kubernetes.io/instance: main 8 | app.kubernetes.io/name: alertmanager 9 | app.kubernetes.io/part-of: kube-prometheus 10 | app.kubernetes.io/version: 0.30.0 11 | name: alertmanager-main 12 | namespace: monitoring 13 | -------------------------------------------------------------------------------- /tests/e2e/kind/kubernetesControlPlane-kubeSchedulerPrometheusDiscoveryService.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: kube-scheduler 6 | name: kube-scheduler-prometheus-discovery 7 | namespace: kube-system 8 | spec: 9 | clusterIP: None 10 | ports: 11 | - name: https-metrics 12 | port: 10259 13 | targetPort: 10259 14 | selector: 15 | component: kube-scheduler 16 | -------------------------------------------------------------------------------- /examples/example-app/servicemonitor-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: frontend 5 | namespace: default 6 | labels: 7 | tier: frontend 8 | spec: 9 | selector: 10 | matchLabels: 11 | tier: frontend 12 | targetLabels: 13 | - tier 14 | endpoints: 15 | - port: web 16 | interval: 10s 17 | namespaceSelector: 18 | matchNames: 19 | - default 20 | -------------------------------------------------------------------------------- /examples/tolerations.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | prometheus+: { 3 | prometheus+: { 4 | spec+: { 5 | tolerations: [ 6 | { 7 | key: 'key1', 8 | operator: 'Equal', 9 | value: 'value1', 10 | effect: 'NoSchedule', 11 | }, 12 | { 13 | key: 'key2', 14 | operator: 'Exists', 15 | }, 16 | ], 17 | }, 18 | }, 19 | }, 20 | } 21 | -------------------------------------------------------------------------------- /scripts/minikube-start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | minikube delete 3 | minikube addons disable metrics-server 4 | minikube start \ 5 | --kubernetes-version=v1.18.1 \ 6 | --memory=6g \ 7 | --bootstrapper=kubeadm \ 8 | --extra-config=kubelet.authentication-token-webhook=true \ 9 | --extra-config=kubelet.authorization-mode=Webhook \ 10 | --extra-config=scheduler.address=0.0.0.0 \ 11 | --extra-config=controller-manager.address=0.0.0.0 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature 3 | about: If you want to propose a new feature or enhancement 4 | labels: kind/feature 5 | --- 6 | 7 | 12 | 13 | **What is missing?** 14 | 15 | **Why do we need it?** 16 | 17 | **Environment** 18 | 19 | * kube-prometheus version: 20 | 21 | `Insert Git SHA here` 22 | 23 | **Anything else we need to know?**: 24 | -------------------------------------------------------------------------------- /tests/e2e/kind/kubernetesControlPlane-kubeControllerManagerPrometheusDiscoveryService.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: kube-controller-manager 6 | name: kube-controller-manager-prometheus-discovery 7 | namespace: kube-system 8 | spec: 9 | clusterIP: None 10 | ports: 11 | - name: https-metrics 12 | port: 10257 13 | targetPort: 10257 14 | selector: 15 | component: kube-controller-manager 16 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/README.md: -------------------------------------------------------------------------------- 1 | # Adding a new platform specific configuration 2 | 3 | Adding a new platform specific configuration requires to update the [customization example](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/platform-specific.md) and the [platforms.libsonnet](platforms.libsonnet) file by adding the platform to the list of existing ones. This allow the new platform to be discoverable and easily configurable by the users. 4 | -------------------------------------------------------------------------------- /scripts/minikube-start-kvm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | minikube delete 3 | minikube addons disable metrics-server 4 | minikube start \ 5 | --vm-driver=kvm2 \ 6 | --kubernetes-version=v1.16.0 \ 7 | --memory=6g \ 8 | --bootstrapper=kubeadm \ 9 | --extra-config=kubelet.authentication-token-webhook=true \ 10 | --extra-config=kubelet.authorization-mode=Webhook \ 11 | --extra-config=scheduler.address=0.0.0.0 \ 12 | --extra-config=controller-manager.address=0.0.0.0 13 | -------------------------------------------------------------------------------- /docs/deploy-kind.md: -------------------------------------------------------------------------------- 1 | --- 2 | weight: 301 3 | toc: true 4 | title: Deploy to kind 5 | menu: 6 | docs: 7 | parent: kube 8 | lead: This guide will help you deploying kube-prometheus on Kubernetes kind. 9 | images: [] 10 | draft: false 11 | description: This guide will help you deploying kube-prometheus on Kubernetes kind. 12 | --- 13 | 14 | Time to explain how! 15 | 16 | Your chance of [**contributing**](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/deploy-kind.md)! 17 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/eks.libsonnet: -------------------------------------------------------------------------------- 1 | (import '../addons/aws-vpc-cni.libsonnet') + 2 | (import '../addons/managed-cluster.libsonnet') + { 3 | kubernetesControlPlane+: { 4 | serviceMonitorCoreDNS+: { 5 | spec+: { 6 | endpoints: [ 7 | { 8 | bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', 9 | interval: '15s', 10 | targetPort: 9153, 11 | }, 12 | ], 13 | }, 14 | }, 15 | }, 16 | } 17 | -------------------------------------------------------------------------------- /manifests/grafana-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: grafana 6 | app.kubernetes.io/name: grafana 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 12.3.1 9 | name: grafana 10 | namespace: monitoring 11 | spec: 12 | endpoints: 13 | - interval: 15s 14 | port: http 15 | selector: 16 | matchLabels: 17 | app.kubernetes.io/name: grafana 18 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-clusterRoleServerResources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: resource-metrics-server-resources 10 | rules: 11 | - apiGroups: 12 | - metrics.k8s.io 13 | resources: 14 | - '*' 15 | verbs: 16 | - '*' 17 | -------------------------------------------------------------------------------- /manifests/prometheus-roleConfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s-config 11 | namespace: monitoring 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - configmaps 17 | verbs: 18 | - get 19 | -------------------------------------------------------------------------------- /jsonnetfile.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": 1, 3 | "dependencies": [ 4 | { 5 | "source": { 6 | "git": { 7 | "remote": "https://github.com/grafana/jsonnet-libs.git", 8 | "subdir": "mixin-utils" 9 | } 10 | }, 11 | "version": "master" 12 | }, 13 | { 14 | "source": { 15 | "local": { 16 | "directory": "jsonnet/kube-prometheus" 17 | } 18 | }, 19 | "version": "" 20 | } 21 | ], 22 | "legacyImports": true 23 | } 24 | -------------------------------------------------------------------------------- /developer-workspace/gitpod/qemu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -xeuo pipefail 4 | 5 | script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 6 | outdir="${script_dirname}/_output" 7 | 8 | sudo qemu-system-x86_64 -kernel "/boot/vmlinuz" \ 9 | -boot c -m 3073M -hda "${outdir}/rootfs/hirsute-server-cloudimg-amd64.img" \ 10 | -net user \ 11 | -smp 8 \ 12 | -append "root=/dev/sda rw console=ttyS0,115200 acpi=off nokaslr" \ 13 | -nic user,hostfwd=tcp::2222-:22,hostfwd=tcp::6443-:6443 \ 14 | -serial mon:stdio -display none -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/components/mixin/rules/general.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | prometheusRules+:: { 3 | groups+: [ 4 | { 5 | name: 'kube-prometheus-general.rules', 6 | rules: [ 7 | { 8 | expr: 'count without(instance, pod, node) (up == 1)', 9 | record: 'count:up1', 10 | }, 11 | { 12 | expr: 'count without(instance, pod, node) (up == 0)', 13 | record: 'count:up0', 14 | }, 15 | ], 16 | }, 17 | ], 18 | }, 19 | } 20 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/node-ports.libsonnet: -------------------------------------------------------------------------------- 1 | local patch(ports) = { 2 | spec+: { 3 | ports: ports, 4 | type: 'NodePort', 5 | }, 6 | }; 7 | 8 | { 9 | prometheus+: { 10 | service+: patch([{ name: 'web', port: 9090, targetPort: 'web', nodePort: 30900 }]), 11 | }, 12 | alertmanager+: { 13 | service+: patch([{ name: 'web', port: 9093, targetPort: 'web', nodePort: 30903 }]), 14 | }, 15 | grafana+: { 16 | service+: patch([{ name: 'http', port: 3000, targetPort: 'http', nodePort: 30902 }]), 17 | }, 18 | } 19 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-clusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: prometheus-adapter 10 | rules: 11 | - apiGroups: 12 | - "" 13 | resources: 14 | - nodes 15 | - namespaces 16 | - pods 17 | - services 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | -------------------------------------------------------------------------------- /examples/basic-auth/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | k8s-apps: basic-auth-example 6 | name: basic-auth-example 7 | spec: 8 | endpoints: 9 | - basicAuth: 10 | password: 11 | name: basic-auth 12 | key: password 13 | username: 14 | name: basic-auth 15 | key: user 16 | port: metrics 17 | namespaceSelector: 18 | matchNames: 19 | - logging 20 | selector: 21 | matchLabels: 22 | app.kubernetes.io/name: myapp -------------------------------------------------------------------------------- /manifests/nodeExporter-clusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: node-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 1.10.2 9 | name: node-exporter 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: node-exporter 14 | subjects: 15 | - kind: ServiceAccount 16 | name: node-exporter 17 | namespace: monitoring 18 | -------------------------------------------------------------------------------- /manifests/grafana-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: grafana 6 | app.kubernetes.io/name: grafana 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 12.3.1 9 | name: grafana 10 | namespace: monitoring 11 | spec: 12 | ports: 13 | - name: http 14 | port: 3000 15 | targetPort: http 16 | selector: 17 | app.kubernetes.io/component: grafana 18 | app.kubernetes.io/name: grafana 19 | app.kubernetes.io/part-of: kube-prometheus 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/support.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Support 3 | about: If you have questions about kube-prometheus 4 | labels: kind/support 5 | --- 6 | 7 | This repository now has the new GitHub Discussions enabled: 8 | https://github.com/prometheus-operator/kube-prometheus/discussions 9 | 10 | Please create a new discussion to ask for any kind of support, which is not a Bug or Feature Request. 11 | 12 | Thank you for being part of this community! 13 | 14 | --- 15 | 16 | We are still happy to chat with you in the #prometheus-operator channel on Kubernetes Slack! 17 | 18 | -------------------------------------------------------------------------------- /examples/rule-patches.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | excludedRuleGroups: [ 3 | 'alertmanager.rules', 4 | ], 5 | excludedRules: [ 6 | { 7 | name: 'prometheus-operator', 8 | rules: [ 9 | { alert: 'PrometheusOperatorListErrors' }, 10 | ], 11 | }, 12 | ], 13 | patchedRules: [ 14 | { 15 | name: 'prometheus-operator', 16 | rules: [ 17 | { 18 | alert: 'PrometheusOperatorWatchErrors', 19 | labels: { 20 | severity: 'info', 21 | }, 22 | }, 23 | ], 24 | }, 25 | ], 26 | } 27 | -------------------------------------------------------------------------------- /manifests/blackboxExporter-clusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: blackbox-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.28.0 9 | name: blackbox-exporter 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: blackbox-exporter 14 | subjects: 15 | - kind: ServiceAccount 16 | name: blackbox-exporter 17 | namespace: monitoring 18 | -------------------------------------------------------------------------------- /manifests/prometheus-clusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s 11 | rules: 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - nodes/metrics 16 | verbs: 17 | - get 18 | - nonResourceURLs: 19 | - /metrics 20 | - /metrics/slis 21 | verbs: 22 | - get 23 | -------------------------------------------------------------------------------- /manifests/kubeStateMetrics-clusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: kube-state-metrics 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 2.17.0 9 | name: kube-state-metrics 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: kube-state-metrics 14 | subjects: 15 | - kind: ServiceAccount 16 | name: kube-state-metrics 17 | namespace: monitoring 18 | -------------------------------------------------------------------------------- /scripts/tools.go: -------------------------------------------------------------------------------- 1 | //go:build tools 2 | // +build tools 3 | 4 | // Package tools tracks dependencies for tools that used in the build process. 5 | // See https://github.com/golang/go/wiki/Modules 6 | package tools 7 | 8 | import ( 9 | _ "github.com/brancz/gojsontoyaml" 10 | _ "github.com/bwplotka/mdox" 11 | _ "github.com/google/go-jsonnet/cmd/jsonnet" 12 | _ "github.com/google/go-jsonnet/cmd/jsonnet-lint" 13 | _ "github.com/google/go-jsonnet/cmd/jsonnetfmt" 14 | _ "github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb" 15 | _ "github.com/yannh/kubeconform/cmd/kubeconform" 16 | ) 17 | -------------------------------------------------------------------------------- /manifests/nodeExporter-clusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: node-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 1.10.2 9 | name: node-exporter 10 | rules: 11 | - apiGroups: 12 | - authentication.k8s.io 13 | resources: 14 | - tokenreviews 15 | verbs: 16 | - create 17 | - apiGroups: 18 | - authorization.k8s.io 19 | resources: 20 | - subjectaccessreviews 21 | verbs: 22 | - create 23 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-clusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: prometheus-adapter 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: prometheus-adapter 14 | subjects: 15 | - kind: ServiceAccount 16 | name: prometheus-adapter 17 | namespace: monitoring 18 | -------------------------------------------------------------------------------- /manifests/prometheusOperator-clusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.87.1 9 | name: prometheus-operator 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: prometheus-operator 14 | subjects: 15 | - kind: ServiceAccount 16 | name: prometheus-operator 17 | namespace: monitoring 18 | -------------------------------------------------------------------------------- /manifests/prometheus-clusterRoleBinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: ClusterRole 14 | name: prometheus-k8s 15 | subjects: 16 | - kind: ServiceAccount 17 | name: prometheus-k8s 18 | namespace: monitoring 19 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-apiService.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiregistration.k8s.io/v1 2 | kind: APIService 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: v1beta1.metrics.k8s.io 10 | spec: 11 | group: metrics.k8s.io 12 | groupPriorityMinimum: 100 13 | insecureSkipTLSVerify: true 14 | service: 15 | name: prometheus-adapter 16 | namespace: monitoring 17 | version: v1beta1 18 | versionPriority: 100 19 | -------------------------------------------------------------------------------- /manifests/blackboxExporter-clusterRole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: blackbox-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.28.0 9 | name: blackbox-exporter 10 | rules: 11 | - apiGroups: 12 | - authentication.k8s.io 13 | resources: 14 | - tokenreviews 15 | verbs: 16 | - create 17 | - apiGroups: 18 | - authorization.k8s.io 19 | resources: 20 | - subjectaccessreviews 21 | verbs: 22 | - create 23 | -------------------------------------------------------------------------------- /experimental/metrics-server/metrics-server-cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: system:metrics-server 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - pods 10 | - nodes 11 | - nodes/stats 12 | - namespaces 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - "apps" 19 | resources: 20 | - deployments 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | - apiGroups: 26 | - "extensions" 27 | resources: 28 | - deployments 29 | verbs: 30 | - get 31 | - list 32 | - watch 33 | -------------------------------------------------------------------------------- /manifests/nodeExporter-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: node-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 1.10.2 9 | name: node-exporter 10 | namespace: monitoring 11 | spec: 12 | clusterIP: None 13 | ports: 14 | - name: https 15 | port: 9100 16 | targetPort: https 17 | selector: 18 | app.kubernetes.io/component: exporter 19 | app.kubernetes.io/name: node-exporter 20 | app.kubernetes.io/part-of: kube-prometheus 21 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: prometheus-adapter 10 | namespace: monitoring 11 | spec: 12 | ports: 13 | - name: https 14 | port: 443 15 | targetPort: 6443 16 | selector: 17 | app.kubernetes.io/component: metrics-adapter 18 | app.kubernetes.io/name: prometheus-adapter 19 | app.kubernetes.io/part-of: kube-prometheus 20 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-clusterRoleBindingDelegator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: resource-metrics:system:auth-delegator 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: system:auth-delegator 14 | subjects: 15 | - kind: ServiceAccount 16 | name: prometheus-adapter 17 | namespace: monitoring 18 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-podDisruptionBudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: prometheus-adapter 10 | namespace: monitoring 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app.kubernetes.io/component: metrics-adapter 16 | app.kubernetes.io/name: prometheus-adapter 17 | app.kubernetes.io/part-of: kube-prometheus 18 | -------------------------------------------------------------------------------- /manifests/prometheus-roleBindingConfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s-config 11 | namespace: monitoring 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: prometheus-k8s-config 16 | subjects: 17 | - kind: ServiceAccount 18 | name: prometheus-k8s 19 | namespace: monitoring 20 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | kubernetesControlPlane+: { 3 | kubeDnsPrometheusDiscoveryService: { 4 | apiVersion: 'v1', 5 | kind: 'Service', 6 | metadata: { 7 | name: 'kube-dns-prometheus-discovery', 8 | namespace: 'kube-system', 9 | labels: { 'app.kubernetes.io/name': 'kube-dns' }, 10 | }, 11 | spec: { 12 | ports: [ 13 | { name: 'metrics', port: 9153, targetPort: 9153 }, 14 | ], 15 | selector: { 'app.kubernetes.io/name': 'kube-dns' }, 16 | clusterIP: 'None', 17 | }, 18 | }, 19 | }, 20 | } 21 | -------------------------------------------------------------------------------- /manifests/prometheusOperator-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.87.1 9 | name: prometheus-operator 10 | namespace: monitoring 11 | spec: 12 | clusterIP: None 13 | ports: 14 | - name: https 15 | port: 8443 16 | targetPort: https 17 | selector: 18 | app.kubernetes.io/component: controller 19 | app.kubernetes.io/name: prometheus-operator 20 | app.kubernetes.io/part-of: kube-prometheus 21 | -------------------------------------------------------------------------------- /examples/alertmanager-config.jsonnet: -------------------------------------------------------------------------------- 1 | ((import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | alertmanager+: { 4 | config: ||| 5 | global: 6 | resolve_timeout: 10m 7 | route: 8 | group_by: ['job'] 9 | group_wait: 30s 10 | group_interval: 5m 11 | repeat_interval: 12h 12 | receiver: 'null' 13 | routes: 14 | - match: 15 | alertname: Watchdog 16 | receiver: 'null' 17 | receivers: 18 | - name: 'null' 19 | |||, 20 | }, 21 | }, 22 | }).alertmanager.secret 23 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-roleBindingAuthReader.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: resource-metrics-auth-reader 10 | namespace: kube-system 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: extension-apiserver-authentication-reader 15 | subjects: 16 | - kind: ServiceAccount 17 | name: prometheus-adapter 18 | namespace: monitoring 19 | -------------------------------------------------------------------------------- /manifests/prometheus-podDisruptionBudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s 11 | namespace: monitoring 12 | spec: 13 | minAvailable: 1 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/component: prometheus 17 | app.kubernetes.io/instance: k8s 18 | app.kubernetes.io/name: prometheus 19 | app.kubernetes.io/part-of: kube-prometheus 20 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/networkpolicies-disabled.libsonnet: -------------------------------------------------------------------------------- 1 | // Disables creation of NetworkPolicies 2 | 3 | { 4 | blackboxExporter+: { 5 | networkPolicy:: {}, 6 | }, 7 | 8 | kubeStateMetrics+: { 9 | networkPolicy:: {}, 10 | }, 11 | 12 | nodeExporter+: { 13 | networkPolicy:: {}, 14 | }, 15 | 16 | prometheusAdapter+: { 17 | networkPolicy:: {}, 18 | }, 19 | 20 | alertmanager+: { 21 | networkPolicy:: {}, 22 | }, 23 | 24 | grafana+: { 25 | networkPolicy:: {}, 26 | }, 27 | 28 | prometheus+: { 29 | networkPolicy:: {}, 30 | }, 31 | 32 | prometheusOperator+: { 33 | networkPolicy:: {}, 34 | }, 35 | } 36 | -------------------------------------------------------------------------------- /manifests/blackboxExporter-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: blackbox-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.28.0 9 | name: blackbox-exporter 10 | namespace: monitoring 11 | spec: 12 | ports: 13 | - name: https 14 | port: 9115 15 | targetPort: https 16 | - name: probe 17 | port: 19115 18 | targetPort: http 19 | selector: 20 | app.kubernetes.io/component: exporter 21 | app.kubernetes.io/name: blackbox-exporter 22 | app.kubernetes.io/part-of: kube-prometheus 23 | -------------------------------------------------------------------------------- /manifests/alertmanager-podDisruptionBudget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.30.0 10 | name: alertmanager-main 11 | namespace: monitoring 12 | spec: 13 | maxUnavailable: 1 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/component: alert-router 17 | app.kubernetes.io/instance: main 18 | app.kubernetes.io/name: alertmanager 19 | app.kubernetes.io/part-of: kube-prometheus 20 | -------------------------------------------------------------------------------- /tests/e2e/kind/config.yml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | networking: 4 | podSubnet: "10.10.0.0/16" 5 | serviceSubnet: "10.11.0.0/16" 6 | nodes: 7 | - role: control-plane 8 | extraMounts: 9 | - hostPath: /home/runner/work/kube-prometheus/kube-prometheus/.github/workflows/kind/patches 10 | containerPath: /patches 11 | kubeadmConfigPatches: 12 | - | 13 | kind: ClusterConfiguration 14 | controllerManager: 15 | extraArgs: 16 | bind-address: "0.0.0.0" 17 | scheduler: 18 | extraArgs: 19 | bind-address: "0.0.0.0" 20 | - | 21 | kind: InitConfiguration 22 | patches: 23 | directory: /patches 24 | -------------------------------------------------------------------------------- /examples/grafana-only-dashboards.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | { 4 | values+:: { 5 | common+: { 6 | namespace: 'monitoring', 7 | }, 8 | }, 9 | 10 | // Disable all grafana-related objects apart from dashboards and datasource 11 | grafana: { 12 | dashboardSources:: {}, 13 | deployment:: {}, 14 | serviceAccount:: {}, 15 | serviceMonitor:: {}, 16 | service:: {}, 17 | }, 18 | }; 19 | 20 | // Manifestation 21 | { 22 | [component + '-' + resource + '.json']: kp[component][resource] 23 | for component in std.objectFields(kp) 24 | for resource in std.objectFields(kp[component]) 25 | } 26 | -------------------------------------------------------------------------------- /.github/workflows/action-lint.yaml: -------------------------------------------------------------------------------- 1 | name: lint gitHub action workflows 2 | on: 3 | push: 4 | paths: 5 | - ".github/workflows/**" 6 | pull_request: 7 | paths: 8 | - ".github/workflows/**" 9 | 10 | jobs: 11 | lint: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: Checkout code 15 | uses: actions/checkout@v6 16 | - name: Download actionlint 17 | id: get_actionlint 18 | run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.7.7/scripts/download-actionlint.bash) 19 | shell: bash 20 | - name: Check workflow files 21 | run: ${{ steps.get_actionlint.outputs.executable }} -color 22 | shell: bash 23 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: prometheus-adapter 10 | namespace: monitoring 11 | spec: 12 | egress: 13 | - {} 14 | ingress: 15 | - {} 16 | podSelector: 17 | matchLabels: 18 | app.kubernetes.io/component: metrics-adapter 19 | app.kubernetes.io/name: prometheus-adapter 20 | app.kubernetes.io/part-of: kube-prometheus 21 | policyTypes: 22 | - Egress 23 | - Ingress 24 | -------------------------------------------------------------------------------- /manifests/kubeStateMetrics-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: kube-state-metrics 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 2.17.0 9 | name: kube-state-metrics 10 | namespace: monitoring 11 | spec: 12 | clusterIP: None 13 | ports: 14 | - name: https-main 15 | port: 8443 16 | targetPort: https-main 17 | - name: https-self 18 | port: 9443 19 | targetPort: https-self 20 | selector: 21 | app.kubernetes.io/component: exporter 22 | app.kubernetes.io/name: kube-state-metrics 23 | app.kubernetes.io/part-of: kube-prometheus 24 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 10 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 11 | rbac.authorization.k8s.io/aggregate-to-view: "true" 12 | name: system:aggregated-metrics-reader 13 | rules: 14 | - apiGroups: 15 | - metrics.k8s.io 16 | resources: 17 | - pods 18 | - nodes 19 | verbs: 20 | - get 21 | - list 22 | - watch 23 | -------------------------------------------------------------------------------- /examples/continuous-delivery/argocd/application.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: argoproj.io/v1alpha1 3 | kind: Application 4 | metadata: 5 | name: kube-prometheus 6 | namespace: argocd 7 | annotations: 8 | recipients.argocd-notifications.argoproj.io: "slack:jenkins" 9 | spec: 10 | destination: 11 | namespace: monitoring 12 | server: https://kubernetes.default.svc 13 | project: monitoring 14 | source: 15 | directory: 16 | jsonnet: 17 | libs: 18 | - vendored 19 | recurse: true 20 | path: examples/continuous-delivery/argocd/kube-prometheus 21 | repoURL: git@github.com:prometheus-operator/kube-prometheus.git 22 | targetRevision: HEAD 23 | syncPolicy: 24 | automated: {} 25 | --- 26 | -------------------------------------------------------------------------------- /experimental/metrics-server/metrics-server-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: metrics-server 5 | namespace: kube-system 6 | labels: 7 | k8s-app: metrics-server 8 | spec: 9 | selector: 10 | matchLabels: 11 | k8s-app: metrics-server 12 | template: 13 | metadata: 14 | name: metrics-server 15 | labels: 16 | k8s-app: metrics-server 17 | spec: 18 | serviceAccountName: metrics-server 19 | containers: 20 | - name: metrics-server 21 | image: gcr.io/google_containers/metrics-server-amd64:v0.2.0 22 | imagePullPolicy: Always 23 | command: 24 | - /metrics-server 25 | - --source=kubernetes.summary_api:'' 26 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/managed-cluster.libsonnet: -------------------------------------------------------------------------------- 1 | // On managed Kubernetes clusters some of the control plane components are not exposed to customers. 2 | // Disable scrape jobs, service monitors, and alert groups for these components by overwriting 'main.libsonnet' defaults 3 | 4 | { 5 | kubernetesControlPlane+: { 6 | serviceMonitorKubeControllerManager:: null, 7 | serviceMonitorKubeScheduler:: null, 8 | } + { 9 | prometheusRule+: { 10 | spec+: { 11 | local g = super.groups, 12 | groups: [ 13 | h 14 | for h in g 15 | if !std.setMember(h.name, ['kubernetes-system-controller-manager', 'kubernetes-system-scheduler']) 16 | ], 17 | }, 18 | }, 19 | }, 20 | } 21 | -------------------------------------------------------------------------------- /examples/continuous-delivery/argocd/appproject.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | annotations: 5 | recipients.argocd-notifications.argoproj.io: slack:alerts 6 | generation: 1 7 | name: monitoring 8 | namespace: argocd 9 | spec: 10 | clusterResourceWhitelist: 11 | - group: "*" 12 | kind: "*" 13 | description: "Monitoring Stack deployment" 14 | destinations: 15 | - namespace: kube-system 16 | server: https://kubernetes.default.svc 17 | - namespace: default 18 | server: https://kubernetes.default.svc 19 | - namespace: monitoring 20 | server: https://kubernetes.default.svc 21 | sourceRepos: 22 | - git@github.com:prometheus-operator/kube-prometheus.git 23 | -------------------------------------------------------------------------------- /manifests/prometheus-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s 11 | namespace: monitoring 12 | spec: 13 | endpoints: 14 | - interval: 30s 15 | port: web 16 | - interval: 30s 17 | port: reloader-web 18 | selector: 19 | matchLabels: 20 | app.kubernetes.io/component: prometheus 21 | app.kubernetes.io/instance: k8s 22 | app.kubernetes.io/name: prometheus 23 | app.kubernetes.io/part-of: kube-prometheus 24 | -------------------------------------------------------------------------------- /manifests/alertmanager-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.30.0 10 | name: alertmanager-main 11 | namespace: monitoring 12 | spec: 13 | endpoints: 14 | - interval: 30s 15 | port: web 16 | - interval: 30s 17 | port: reloader-web 18 | selector: 19 | matchLabels: 20 | app.kubernetes.io/component: alert-router 21 | app.kubernetes.io/instance: main 22 | app.kubernetes.io/name: alertmanager 23 | app.kubernetes.io/part-of: kube-prometheus 24 | -------------------------------------------------------------------------------- /manifests/prometheus-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s 11 | namespace: monitoring 12 | spec: 13 | ports: 14 | - name: web 15 | port: 9090 16 | targetPort: web 17 | - name: reloader-web 18 | port: 8080 19 | targetPort: reloader-web 20 | selector: 21 | app.kubernetes.io/component: prometheus 22 | app.kubernetes.io/instance: k8s 23 | app.kubernetes.io/name: prometheus 24 | app.kubernetes.io/part-of: kube-prometheus 25 | sessionAffinity: ClientIP 26 | -------------------------------------------------------------------------------- /docs/customizations/platform-specific.md: -------------------------------------------------------------------------------- 1 | ### Running kube-prometheus on specific platforms 2 | 3 | A common example is that not all Kubernetes clusters are created exactly the same way, meaning the configuration to monitor them may be slightly different. For the following clusters there are mixins available to easily configure them: 4 | 5 | * aws 6 | * bootkube 7 | * eks 8 | * gke 9 | * kops 10 | * kops_coredns 11 | * kubeadm 12 | * kubespray 13 | 14 | These mixins are selectable via the `platform` field of kubePrometheus: 15 | 16 | ```jsonnet mdox-exec="cat examples/jsonnet-snippets/platform.jsonnet" 17 | (import 'kube-prometheus/main.libsonnet') + 18 | { 19 | values+:: { 20 | common+: { 21 | platform: 'example-platform', 22 | }, 23 | }, 24 | } 25 | ``` 26 | -------------------------------------------------------------------------------- /examples/alertmanager-config-with-template.yaml: -------------------------------------------------------------------------------- 1 | # external alertmanager yaml 2 | global: 3 | resolve_timeout: 10m 4 | slack_api_url: url 5 | route: 6 | group_by: ['job'] 7 | group_wait: 30s 8 | group_interval: 5m 9 | repeat_interval: 12h 10 | receiver: 'null' 11 | routes: 12 | - match: 13 | alertname: Watchdog 14 | receiver: 'null' 15 | receivers: 16 | - name: 'null' 17 | - name: slack 18 | slack_configs: 19 | - channel: '#alertmanager-testing' 20 | send_resolved: true 21 | title: '{{ template "slack.title" . }}' 22 | icon_emoji: '{{ template "slack.icon_emoji" . }}' 23 | color: '{{ template "slack.color" . }}' 24 | text: '{{ template "slack.text" . }} 25 | 26 | templates: 27 | - '/etc/alertmanager/configmaps/alert-templates/*.tmpl' 28 | -------------------------------------------------------------------------------- /manifests/alertmanager-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.30.0 10 | name: alertmanager-main 11 | namespace: monitoring 12 | spec: 13 | ports: 14 | - name: web 15 | port: 9093 16 | targetPort: web 17 | - name: reloader-web 18 | port: 8080 19 | targetPort: reloader-web 20 | selector: 21 | app.kubernetes.io/component: alert-router 22 | app.kubernetes.io/instance: main 23 | app.kubernetes.io/name: alertmanager 24 | app.kubernetes.io/part-of: kube-prometheus 25 | sessionAffinity: ClientIP 26 | -------------------------------------------------------------------------------- /manifests/kubernetesControlPlane-serviceMonitorCoreDNS.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: kubernetes 6 | app.kubernetes.io/name: coredns 7 | app.kubernetes.io/part-of: kube-prometheus 8 | name: coredns 9 | namespace: monitoring 10 | spec: 11 | endpoints: 12 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 13 | interval: 15s 14 | metricRelabelings: 15 | - action: drop 16 | regex: coredns_cache_misses_total 17 | sourceLabels: 18 | - __name__ 19 | port: metrics 20 | jobLabel: app.kubernetes.io/name 21 | namespaceSelector: 22 | matchNames: 23 | - kube-system 24 | selector: 25 | matchLabels: 26 | k8s-app: kube-dns 27 | -------------------------------------------------------------------------------- /examples/example-app/prometheus-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Prometheus 3 | metadata: 4 | name: frontend 5 | namespace: default 6 | labels: 7 | prometheus: frontend 8 | spec: 9 | serviceAccountName: prometheus-frontend 10 | version: v1.7.1 11 | serviceMonitorSelector: 12 | matchLabels: 13 | tier: frontend 14 | resources: 15 | requests: 16 | # 2Gi is default, but won't schedule if you don't have a node with >2Gi 17 | # memory. Modify based on your target and time-series count for 18 | # production use. This value is mainly meant for demonstration/testing 19 | # purposes. 20 | memory: 400Mi 21 | alerting: 22 | alertmanagers: 23 | - namespace: monitoring 24 | name: alertmanager-main 25 | port: web 26 | -------------------------------------------------------------------------------- /examples/continuous-delivery/argocd/README.md: -------------------------------------------------------------------------------- 1 | ## ArgoCD Example 2 | 3 | This is the simplest, working example of an argocd app, the JSON object built is now an array of objects as that is the prefered format for ArgoCD. And ArgoCD specific annotations are added to manifests. 4 | 5 | Requirements: 6 | 7 | - **ArgoCD 1.7+** 8 | 9 | - Follow the vendor generation steps at the root of this repository and generate a `vendored` folder (referenced in `application.yaml`). 10 | 11 | - Make sure that argocd-cm has `application.instanceLabelKey` set to something else than `app.kubernetes.io/instance`, otherwise it will cause problems with prometheus target discovery. (see also [Why Is My App Out Of Sync Even After Syncing?](https://argo-cd.readthedocs.io/en/stable/faq/#why-is-my-app-out-of-sync-even-after-syncing)) 12 | -------------------------------------------------------------------------------- /manifests/grafana-dashboardSources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | dashboards.yaml: |- 4 | { 5 | "apiVersion": 1, 6 | "providers": [ 7 | { 8 | "folder": "Default", 9 | "folderUid": "", 10 | "name": "0", 11 | "options": { 12 | "path": "/grafana-dashboard-definitions/0" 13 | }, 14 | "orgId": 1, 15 | "type": "file" 16 | } 17 | ] 18 | } 19 | kind: ConfigMap 20 | metadata: 21 | labels: 22 | app.kubernetes.io/component: grafana 23 | app.kubernetes.io/name: grafana 24 | app.kubernetes.io/part-of: kube-prometheus 25 | app.kubernetes.io/version: 12.3.1 26 | name: grafana-dashboards 27 | namespace: monitoring 28 | -------------------------------------------------------------------------------- /manifests/grafana-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: grafana 6 | app.kubernetes.io/name: grafana 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 12.3.1 9 | name: grafana 10 | namespace: monitoring 11 | spec: 12 | egress: 13 | - {} 14 | ingress: 15 | - from: 16 | - podSelector: 17 | matchLabels: 18 | app.kubernetes.io/name: prometheus 19 | ports: 20 | - port: 3000 21 | protocol: TCP 22 | podSelector: 23 | matchLabels: 24 | app.kubernetes.io/component: grafana 25 | app.kubernetes.io/name: grafana 26 | app.kubernetes.io/part-of: kube-prometheus 27 | policyTypes: 28 | - Egress 29 | - Ingress 30 | -------------------------------------------------------------------------------- /manifests/blackboxExporter-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: blackbox-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.28.0 9 | name: blackbox-exporter 10 | namespace: monitoring 11 | spec: 12 | endpoints: 13 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 14 | interval: 30s 15 | path: /metrics 16 | port: https 17 | scheme: https 18 | tlsConfig: 19 | insecureSkipVerify: true 20 | selector: 21 | matchLabels: 22 | app.kubernetes.io/component: exporter 23 | app.kubernetes.io/name: blackbox-exporter 24 | app.kubernetes.io/part-of: kube-prometheus 25 | -------------------------------------------------------------------------------- /manifests/grafana-dashboardDatasources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: grafana 6 | app.kubernetes.io/name: grafana 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 12.3.1 9 | name: grafana-datasources 10 | namespace: monitoring 11 | stringData: 12 | datasources.yaml: |- 13 | { 14 | "apiVersion": 1, 15 | "datasources": [ 16 | { 17 | "access": "proxy", 18 | "editable": false, 19 | "name": "prometheus", 20 | "orgId": 1, 21 | "type": "prometheus", 22 | "url": "http://prometheus-k8s.monitoring.svc:9090", 23 | "version": 1 24 | } 25 | ] 26 | } 27 | type: Opaque 28 | -------------------------------------------------------------------------------- /manifests/nodeExporter-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: node-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 1.10.2 9 | name: node-exporter 10 | namespace: monitoring 11 | spec: 12 | egress: 13 | - {} 14 | ingress: 15 | - from: 16 | - podSelector: 17 | matchLabels: 18 | app.kubernetes.io/name: prometheus 19 | ports: 20 | - port: 9100 21 | protocol: TCP 22 | podSelector: 23 | matchLabels: 24 | app.kubernetes.io/component: exporter 25 | app.kubernetes.io/name: node-exporter 26 | app.kubernetes.io/part-of: kube-prometheus 27 | policyTypes: 28 | - Egress 29 | - Ingress 30 | -------------------------------------------------------------------------------- /developer-workspace/common/deploy-kube-prometheus.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | kubectl apply --server-side -f manifests/setup 4 | 5 | # Safety wait for CRDs to be working 6 | sleep 30 7 | 8 | kubectl apply -f manifests/ 9 | sleep 30 10 | # Safety wait for resources to be created 11 | 12 | kubectl rollout status -n monitoring daemonset node-exporter 13 | kubectl rollout status -n monitoring statefulset alertmanager-main 14 | kubectl rollout status -n monitoring statefulset prometheus-k8s 15 | kubectl rollout status -n monitoring deployment grafana 16 | kubectl rollout status -n monitoring deployment kube-state-metrics 17 | 18 | kubectl port-forward -n monitoring svc/grafana 3000 > /dev/null 2>&1 & 19 | kubectl port-forward -n monitoring svc/alertmanager-main 9093 > /dev/null 2>&1 & 20 | kubectl port-forward -n monitoring svc/prometheus-k8s 9090 > /dev/null 2>&1 & 21 | -------------------------------------------------------------------------------- /manifests/prometheusOperator-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.87.1 9 | name: prometheus-operator 10 | namespace: monitoring 11 | spec: 12 | egress: 13 | - {} 14 | ingress: 15 | - from: 16 | - podSelector: 17 | matchLabels: 18 | app.kubernetes.io/name: prometheus 19 | ports: 20 | - port: 8443 21 | protocol: TCP 22 | podSelector: 23 | matchLabels: 24 | app.kubernetes.io/component: controller 25 | app.kubernetes.io/name: prometheus-operator 26 | app.kubernetes.io/part-of: kube-prometheus 27 | policyTypes: 28 | - Egress 29 | - Ingress 30 | -------------------------------------------------------------------------------- /manifests/prometheusOperator-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.87.1 9 | name: prometheus-operator 10 | namespace: monitoring 11 | spec: 12 | endpoints: 13 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 14 | honorLabels: true 15 | port: https 16 | scheme: https 17 | tlsConfig: 18 | insecureSkipVerify: true 19 | selector: 20 | matchLabels: 21 | app.kubernetes.io/component: controller 22 | app.kubernetes.io/name: prometheus-operator 23 | app.kubernetes.io/part-of: kube-prometheus 24 | app.kubernetes.io/version: 0.87.1 25 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/all-namespaces.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | prometheus+: { 3 | clusterRole+: { 4 | rules+: [ 5 | { 6 | apiGroups: ['discovery.k8s.io'], 7 | resources: ['endpointslices'], 8 | verbs: ['get', 'list', 'watch'], 9 | }, 10 | { 11 | apiGroups: [''], 12 | resources: ['services', 'endpoints', 'pods'], 13 | verbs: ['get', 'list', 'watch'], 14 | }, 15 | { 16 | apiGroups: ['networking.k8s.io'], 17 | resources: ['ingresses'], 18 | verbs: ['get', 'list', 'watch'], 19 | }, 20 | ], 21 | }, 22 | // There is no need for specific namespaces RBAC as this addon grants 23 | // all required permissions for every namespace 24 | roleBindingSpecificNamespaces:: null, 25 | roleSpecificNamespaces:: null, 26 | }, 27 | } 28 | -------------------------------------------------------------------------------- /examples/jsonnet-build-snippet/build-snippet.jsonnet: -------------------------------------------------------------------------------- 1 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 2 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 3 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 4 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 5 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 6 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 7 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + 8 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 9 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | prometheusAlerts+:: { 3 | groups+: [ 4 | { 5 | name: 'node-network', 6 | rules: [ 7 | { 8 | alert: 'NodeNetworkInterfaceFlapping', 9 | annotations: { 10 | summary: 'Network interface is often changing its status', 11 | description: 'Network interface "{{ $labels.device }}" changing its up status often on node-exporter {{ $labels.namespace }}/{{ $labels.pod }}', 12 | }, 13 | expr: ||| 14 | changes(node_network_up{%(nodeExporterSelector)s,%(hostNetworkInterfaceSelector)s}[2m]) > 2 15 | ||| % $._config, 16 | 'for': '2m', 17 | labels: { 18 | severity: 'warning', 19 | }, 20 | }, 21 | ], 22 | }, 23 | ], 24 | }, 25 | } 26 | -------------------------------------------------------------------------------- /manifests/blackboxExporter-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: blackbox-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.28.0 9 | name: blackbox-exporter 10 | namespace: monitoring 11 | spec: 12 | egress: 13 | - {} 14 | ingress: 15 | - from: 16 | - podSelector: 17 | matchLabels: 18 | app.kubernetes.io/name: prometheus 19 | ports: 20 | - port: 9115 21 | protocol: TCP 22 | - port: 19115 23 | protocol: TCP 24 | podSelector: 25 | matchLabels: 26 | app.kubernetes.io/component: exporter 27 | app.kubernetes.io/name: blackbox-exporter 28 | app.kubernetes.io/part-of: kube-prometheus 29 | policyTypes: 30 | - Egress 31 | - Ingress 32 | -------------------------------------------------------------------------------- /manifests/kubeStateMetrics-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: kube-state-metrics 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 2.17.0 9 | name: kube-state-metrics 10 | namespace: monitoring 11 | spec: 12 | egress: 13 | - {} 14 | ingress: 15 | - from: 16 | - podSelector: 17 | matchLabels: 18 | app.kubernetes.io/name: prometheus 19 | ports: 20 | - port: 8443 21 | protocol: TCP 22 | - port: 9443 23 | protocol: TCP 24 | podSelector: 25 | matchLabels: 26 | app.kubernetes.io/component: exporter 27 | app.kubernetes.io/name: kube-state-metrics 28 | app.kubernetes.io/part-of: kube-prometheus 29 | policyTypes: 30 | - Egress 31 | - Ingress 32 | -------------------------------------------------------------------------------- /.github/workflows/stale.yaml: -------------------------------------------------------------------------------- 1 | name: 'Close stale issues and PRs' 2 | on: 3 | schedule: 4 | - cron: '30 3 * * *' 5 | 6 | jobs: 7 | stale: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/stale@v10 11 | with: 12 | stale-issue-message: 'This issue has been automatically marked as stale because it has not had any activity in the last 60 days. Thank you for your contributions.' 13 | close-issue-message: 'This issue was closed because it has not had any activity in the last 120 days. Please reopen if you feel this is still valid.' 14 | days-before-stale: 60 15 | days-before-issue-close: 120 16 | days-before-pr-close: -1 # Prevent closing PRs 17 | exempt-issue-labels: 'kind/feature,help wanted,kind/bug' 18 | stale-issue-label: 'stale' 19 | stale-pr-label: 'stale' 20 | exempt-draft-pr: true 21 | operations-per-run: 500 22 | -------------------------------------------------------------------------------- /examples/networkpolicies-disabled.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + 2 | (import 'kube-prometheus/addons/networkpolicies-disabled.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | }, 8 | }; 9 | 10 | { 11 | ['setup/' + resource]: kp[component][resource] 12 | for component in std.objectFields(kp) 13 | for resource in std.filter( 14 | function(resource) 15 | kp[component][resource].kind == 'CustomResourceDefinition' || kp[component][resource].kind == 'Namespace', std.objectFields(kp[component]) 16 | ) 17 | } + 18 | { 19 | [component + '-' + resource]: kp[component][resource] 20 | for component in std.objectFields(kp) 21 | for resource in std.filter( 22 | function(resource) 23 | kp[component][resource].kind != 'CustomResourceDefinition' && kp[component][resource].kind != 'Namespace', std.objectFields(kp[component]) 24 | ) 25 | } 26 | -------------------------------------------------------------------------------- /examples/example-app/example-app.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: example-app 5 | labels: 6 | tier: frontend 7 | namespace: default 8 | spec: 9 | selector: 10 | app.kubernetes.io/name: example-app 11 | ports: 12 | - name: web 13 | protocol: TCP 14 | port: 8080 15 | targetPort: web 16 | --- 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: example-app 21 | namespace: default 22 | spec: 23 | selector: 24 | matchLabels: 25 | app.kubernetes.io/name: example-app 26 | version: 1.1.3 27 | replicas: 4 28 | template: 29 | metadata: 30 | labels: 31 | app.kubernetes.io/name: example-app 32 | version: 1.1.3 33 | spec: 34 | containers: 35 | - name: example-app 36 | image: quay.io/fabxc/prometheus_demo_service 37 | ports: 38 | - name: web 39 | containerPort: 8080 40 | protocol: TCP 41 | -------------------------------------------------------------------------------- /.mdox.validate.yaml: -------------------------------------------------------------------------------- 1 | version: 1 2 | 3 | validators: 4 | # Ignore localhost links. 5 | - regex: 'localhost' 6 | type: "ignore" 7 | # Ignore release links. 8 | - regex: 'https:\/\/github\.com\/prometheus-operator\/kube-prometheus\/releases' 9 | type: "ignore" 10 | # Ignore github issue link that is timing out 11 | - regex: 'https:\/\/github\.com\/kubernetes-incubator\/kube-aws\/issues\/923' 12 | type: "ignore" 13 | # Twitter changed their policy and now returns 403 if not authenticated. We can guarantee this link since we own the account. 14 | - regex: 'https:\/\/twitter.com\/PromOperator' 15 | type: "ignore" 16 | # the www.weave.works domain returns 404 for many pages. 17 | # Ignoring for now but we need remove the related content if it persists. 18 | - regex: 'https:\/\/www.weave.works.*' 19 | type: "ignore" 20 | # StackOverflow returns 403 for automated requests. 21 | - regex: 'https:\/\/stackoverflow.com.*' 22 | type: "ignore" 23 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/aks.libsonnet: -------------------------------------------------------------------------------- 1 | (import '../addons/managed-cluster.libsonnet') + { 2 | values+:: { 3 | prometheusAdapter+: { 4 | config+: { 5 | resourceRules:: null, 6 | }, 7 | }, 8 | }, 9 | 10 | prometheusAdapter+:: { 11 | apiService:: null, 12 | }, 13 | 14 | kubernetesControlPlane+: { 15 | kubeDnsPrometheusStackService: { 16 | apiVersion: 'v1', 17 | kind: 'Service', 18 | metadata: { 19 | name: 'kube-dns-metrics', 20 | namespace: 'kube-system', 21 | labels: { 22 | 'k8s-app': 'kube-dns', 23 | // This label is used as the job name in Prometheus 24 | 'app.kubernetes.io/name': 'kube-dns', 25 | }, 26 | }, 27 | spec: { 28 | ports: [ 29 | { name: 'metrics', port: 9153, targetPort: 9153 }, 30 | ], 31 | selector: { 'k8s-app': 'kube-dns' }, 32 | clusterIP: 'None', 33 | }, 34 | }, 35 | }, 36 | } 37 | -------------------------------------------------------------------------------- /examples/strip-limits.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + 2 | (import 'kube-prometheus/addons/strip-limits.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | }, 8 | }; 9 | 10 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 11 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 12 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 13 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 14 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 15 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 16 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 17 | -------------------------------------------------------------------------------- /examples/anti-affinity.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + 2 | (import 'kube-prometheus/addons/anti-affinity.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | }, 8 | }; 9 | 10 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 11 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 12 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 13 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 14 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 15 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 16 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 17 | -------------------------------------------------------------------------------- /manifests/nodeExporter-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: node-exporter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 1.10.2 9 | name: node-exporter 10 | namespace: monitoring 11 | spec: 12 | endpoints: 13 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 14 | interval: 15s 15 | port: https 16 | relabelings: 17 | - action: replace 18 | regex: (.*) 19 | replacement: $1 20 | sourceLabels: 21 | - __meta_kubernetes_pod_node_name 22 | targetLabel: instance 23 | scheme: https 24 | tlsConfig: 25 | insecureSkipVerify: true 26 | jobLabel: app.kubernetes.io/name 27 | selector: 28 | matchLabels: 29 | app.kubernetes.io/component: exporter 30 | app.kubernetes.io/name: node-exporter 31 | app.kubernetes.io/part-of: kube-prometheus 32 | -------------------------------------------------------------------------------- /docs/GKE-cadvisor-support.md: -------------------------------------------------------------------------------- 1 | # Kubelet / cAdvisor special configuration updates for GKE 2 | 3 | Prior to GKE 1.11, the kubelet does not support token 4 | authentication. Until it does, Prometheus must use HTTP (not HTTPS) 5 | for scraping. 6 | 7 | You can configure this behavior through kube-prometheus with: 8 | 9 | ``` 10 | local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + 11 | (import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet') + 12 | { 13 | _config+:: { 14 | # ... config here 15 | } 16 | }; 17 | ``` 18 | 19 | Or, you can patch and re-apply your existing manifests with: 20 | 21 | On linux: 22 | 23 | ``` 24 | sed -i -e 's/https/http/g' manifests/prometheus-serviceMonitorKubelet.yaml 25 | ``` 26 | 27 | On MacOs: 28 | 29 | ``` 30 | sed -i '' -e 's/https/http/g' manifests/prometheus-serviceMonitorKubelet.yaml 31 | ``` 32 | 33 | After you have modified the yaml file please run 34 | 35 | ``` 36 | kubectl apply -f manifests/prometheus-serviceMonitorKubelet.yaml 37 | ``` 38 | -------------------------------------------------------------------------------- /examples/grafana-ldap.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | { 4 | values+:: { 5 | common+: { 6 | namespace: 'monitoring', 7 | }, 8 | grafana+: { 9 | config+: { 10 | sections: { 11 | 'auth.ldap': { 12 | enabled: true, 13 | config_file: '/etc/grafana/ldap.toml', 14 | allow_sign_up: true, 15 | }, 16 | }, 17 | }, 18 | ldap: ||| 19 | [[servers]] 20 | host = "127.0.0.1" 21 | port = 389 22 | use_ssl = false 23 | start_tls = false 24 | ssl_skip_verify = false 25 | 26 | bind_dn = "cn=admins,dc=example,dc=com" 27 | bind_password = 'grafana' 28 | 29 | search_filter = "(cn=%s)" 30 | search_base_dns = ["dc=example,dc=com"] 31 | |||, 32 | }, 33 | }, 34 | }; 35 | 36 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 37 | -------------------------------------------------------------------------------- /examples/sync-to-internal-registry.jsonnet: -------------------------------------------------------------------------------- 1 | local l = import 'kube-prometheus/addons/config-mixins.libsonnet'; 2 | local kp = import 'kube-prometheus/main.libsonnet'; 3 | local config = kp.values.common; 4 | 5 | local makeImages(config) = [ 6 | { 7 | name: config.images[image], 8 | } 9 | for image in std.objectFields(config.images) 10 | ]; 11 | 12 | local upstreamImage(image) = '%s' % [image.name]; 13 | local downstreamImage(registry, image) = '%s/%s' % [registry, l.imageName(image.name)]; 14 | 15 | local pullPush(image, newRegistry) = [ 16 | 'docker pull %s' % upstreamImage(image), 17 | 'docker tag %s %s' % [upstreamImage(image), downstreamImage(newRegistry, image)], 18 | 'docker push %s' % downstreamImage(newRegistry, image), 19 | ]; 20 | 21 | local images = makeImages(config); 22 | 23 | local output(repository) = std.flattenArrays([ 24 | pullPush(image, repository) 25 | for image in images 26 | ]); 27 | 28 | function(repository='my-registry.com/repository') 29 | std.join('\n', output(repository)) 30 | -------------------------------------------------------------------------------- /scripts/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | # only exit with zero if all commands of the pipeline exit successfully 4 | set -o pipefail 5 | 6 | # Make sure to use project tooling 7 | PATH="$(pwd)/tmp/bin:${PATH}" 8 | TESTFILE="$(pwd)/tmp/test.jsonnet" 9 | mkdir -p "$(pwd)/tmp" 10 | 11 | for i in examples/jsonnet-snippets/*.jsonnet; do 12 | [ -f "$i" ] || break 13 | echo "Testing: ${i}" 14 | echo "" 15 | fileContent=$(<"$i") 16 | snippet="local kp = $fileContent; 17 | 18 | $( "${TESTFILE}" 20 | echo "\`\`\`" 21 | echo "${snippet}" 22 | echo "\`\`\`" 23 | echo "" 24 | jsonnet -J vendor "${TESTFILE}" > /dev/null 25 | rm -rf "${TESTFILE}" 26 | done 27 | 28 | for i in examples/*.jsonnet; do 29 | [ -f "$i" ] || break 30 | echo "Testing: ${i}" 31 | echo "" 32 | echo "\`\`\`" 33 | cat "${i}" 34 | echo "\`\`\`" 35 | echo "" 36 | jsonnet -J vendor "${i}" > /dev/null 37 | done 38 | -------------------------------------------------------------------------------- /examples/additional-namespaces.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+: { 4 | namespace: 'monitoring', 5 | }, 6 | 7 | prometheus+: { 8 | namespaces+: ['my-namespace', 'my-second-namespace'], 9 | }, 10 | }, 11 | }; 12 | 13 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 14 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 15 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 16 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 17 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 18 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 19 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 20 | -------------------------------------------------------------------------------- /examples/alertmanager-config.yaml: -------------------------------------------------------------------------------- 1 | # external alertmanager yaml 2 | global: 3 | resolve_timeout: 10m 4 | slack_api_url: url 5 | route: 6 | group_by: ['job'] 7 | group_wait: 30s 8 | group_interval: 5m 9 | repeat_interval: 12h 10 | receiver: 'null' 11 | routes: 12 | - match: 13 | alertname: Watchdog 14 | receiver: 'null' 15 | receivers: 16 | - name: 'null' 17 | - name: slack 18 | slack_configs: 19 | - channel: '#alertmanager-testing' 20 | send_resolved: true 21 | title: '[{{ .Status | toUpper }}{{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{ end }}] Monitoring Event Notification' 22 | text: |- 23 | {{ range .Alerts }} 24 | *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}` 25 | *Description:* {{ .Annotations.description }} 26 | *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:> *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:> 27 | *Details:* 28 | {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}` 29 | {{ end }} 30 | {{ end }} 31 | -------------------------------------------------------------------------------- /examples/all-namespaces.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + 2 | (import 'kube-prometheus/addons/all-namespaces.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | prometheus+: { 8 | namespaces: [], 9 | }, 10 | }, 11 | }; 12 | 13 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 14 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 15 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 16 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 17 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 18 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 19 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 20 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: metrics-adapter 6 | app.kubernetes.io/name: prometheus-adapter 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 0.12.0 9 | name: prometheus-adapter 10 | namespace: monitoring 11 | spec: 12 | endpoints: 13 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 14 | interval: 30s 15 | metricRelabelings: 16 | - action: drop 17 | regex: (apiserver_client_certificate_.*|apiserver_envelope_.*|apiserver_flowcontrol_.*|apiserver_storage_.*|apiserver_webhooks_.*|workqueue_.*) 18 | sourceLabels: 19 | - __name__ 20 | port: https 21 | scheme: https 22 | tlsConfig: 23 | insecureSkipVerify: true 24 | selector: 25 | matchLabels: 26 | app.kubernetes.io/component: metrics-adapter 27 | app.kubernetes.io/name: prometheus-adapter 28 | app.kubernetes.io/part-of: kube-prometheus 29 | -------------------------------------------------------------------------------- /examples/internal-registry.jsonnet: -------------------------------------------------------------------------------- 1 | local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet'; 2 | local kp = (import 'kube-prometheus/main.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | }, 8 | } + mixin.withImageRepository('internal-registry.com/organization'); 9 | 10 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 11 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 12 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 13 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 14 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 15 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 16 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 17 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/kubeadm.libsonnet: -------------------------------------------------------------------------------- 1 | local service(name, namespace, labels, selector, ports) = { 2 | apiVersion: 'v1', 3 | kind: 'Service', 4 | metadata: { 5 | name: name, 6 | namespace: namespace, 7 | labels: labels, 8 | }, 9 | spec: { 10 | ports+: ports, 11 | selector: selector, 12 | clusterIP: 'None', 13 | }, 14 | }; 15 | 16 | { 17 | kubernetesControlPlane+: { 18 | kubeControllerManagerPrometheusDiscoveryService: service( 19 | 'kube-controller-manager-prometheus-discovery', 20 | 'kube-system', 21 | { 'app.kubernetes.io/name': 'kube-controller-manager' }, 22 | { component: 'kube-controller-manager' }, 23 | [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] 24 | ), 25 | kubeSchedulerPrometheusDiscoveryService: service( 26 | 'kube-scheduler-prometheus-discovery', 27 | 'kube-system', 28 | { 'app.kubernetes.io/name': 'kube-scheduler' }, 29 | { component: 'kube-scheduler' }, 30 | [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], 31 | ), 32 | }, 33 | } 34 | -------------------------------------------------------------------------------- /examples/grafana-additional-rendered-dashboard-example-2.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+:: { 4 | namespace: 'monitoring', 5 | }, 6 | grafana+: { 7 | rawDashboards+:: { 8 | 'my-dashboard.json': (importstr 'example-grafana-dashboard.json'), 9 | }, 10 | }, 11 | }, 12 | }; 13 | 14 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 15 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 16 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 17 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 18 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 19 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 20 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 21 | -------------------------------------------------------------------------------- /examples/kubeProxy.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+: { 4 | namespace: 'monitoring', 5 | }, 6 | 7 | kubernetesControlPlane+: { 8 | kubeProxy: true, 9 | }, 10 | }, 11 | }; 12 | 13 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 14 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 15 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 16 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 17 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 18 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 19 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 20 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 21 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/aws.libsonnet: -------------------------------------------------------------------------------- 1 | local service(name, namespace, labels, selector, ports) = { 2 | apiVersion: 'v1', 3 | kind: 'Service', 4 | metadata: { 5 | name: name, 6 | namespace: namespace, 7 | labels: labels, 8 | }, 9 | spec: { 10 | ports+: ports, 11 | selector: selector, 12 | clusterIP: 'None', 13 | }, 14 | }; 15 | 16 | { 17 | kubernetesControlPlane+: { 18 | kubeControllerManagerPrometheusDiscoveryService: service( 19 | 'kube-controller-manager-prometheus-discovery', 20 | 'kube-system', 21 | { 'app.kubernetes.io/name': 'kube-controller-manager' }, 22 | { 'app.kubernetes.io/name': 'kube-controller-manager' }, 23 | [{ name: 'https-metrics', port: 10257, targetPort: 10257 }], 24 | ), 25 | kubeSchedulerPrometheusDiscoveryService: service( 26 | 'kube-scheduler-prometheus-discovery', 27 | 'kube-system', 28 | { 'app.kubernetes.io/name': 'kube-scheduler' }, 29 | { 'app.kubernetes.io/name': 'kube-scheduler' }, 30 | [{ name: 'https-metrics', port: 10259, targetPort: 10259 }], 31 | ), 32 | }, 33 | } 34 | -------------------------------------------------------------------------------- /manifests/kubernetesControlPlane-serviceMonitorKubeScheduler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: kubernetes 6 | app.kubernetes.io/name: kube-scheduler 7 | app.kubernetes.io/part-of: kube-prometheus 8 | name: kube-scheduler 9 | namespace: monitoring 10 | spec: 11 | endpoints: 12 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 13 | interval: 30s 14 | port: https-metrics 15 | scheme: https 16 | tlsConfig: 17 | insecureSkipVerify: true 18 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 19 | interval: 5s 20 | metricRelabelings: 21 | - action: drop 22 | regex: process_start_time_seconds 23 | sourceLabels: 24 | - __name__ 25 | path: /metrics/slis 26 | port: https-metrics 27 | scheme: https 28 | tlsConfig: 29 | insecureSkipVerify: true 30 | jobLabel: app.kubernetes.io/name 31 | namespaceSelector: 32 | matchNames: 33 | - kube-system 34 | selector: 35 | matchLabels: 36 | app.kubernetes.io/name: kube-scheduler 37 | -------------------------------------------------------------------------------- /examples/grafana-additional-rendered-dashboard-example.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+:: { 4 | namespace: 'monitoring', 5 | }, 6 | grafana+: { 7 | dashboards+:: { // use this method to import your dashboards to Grafana 8 | 'my-dashboard.json': (import 'example-grafana-dashboard.json'), 9 | }, 10 | }, 11 | }, 12 | }; 13 | 14 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 15 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 16 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 17 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 18 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 19 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 20 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 21 | -------------------------------------------------------------------------------- /manifests/alertmanager-alertmanager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Alertmanager 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.30.0 10 | name: main 11 | namespace: monitoring 12 | spec: 13 | alertmanagerConfigSelector: {} 14 | image: quay.io/prometheus/alertmanager:v0.30.0 15 | nodeSelector: 16 | kubernetes.io/os: linux 17 | podMetadata: 18 | labels: 19 | app.kubernetes.io/component: alert-router 20 | app.kubernetes.io/instance: main 21 | app.kubernetes.io/name: alertmanager 22 | app.kubernetes.io/part-of: kube-prometheus 23 | app.kubernetes.io/version: 0.30.0 24 | replicas: 3 25 | resources: 26 | limits: 27 | cpu: 100m 28 | memory: 100Mi 29 | requests: 30 | cpu: 4m 31 | memory: 100Mi 32 | secrets: [] 33 | securityContext: 34 | fsGroup: 2000 35 | runAsNonRoot: true 36 | runAsUser: 1000 37 | serviceAccountName: alertmanager-main 38 | version: 0.30.0 39 | -------------------------------------------------------------------------------- /examples/alertmanager-config-template-external.jsonnet: -------------------------------------------------------------------------------- 1 | local configmap(name, namespace, data) = { 2 | apiVersion: 'v1', 3 | kind: 'ConfigMap', 4 | metadata: { 5 | name: name, 6 | namespace: namespace, 7 | }, 8 | data: data, 9 | }; 10 | 11 | local kp = 12 | // different libsonnet imported 13 | { 14 | values+:: { 15 | common+: { 16 | namespace: 'monitoring', 17 | }, 18 | alertmanager+: { 19 | config: importstr 'alertmanager-config.yaml', 20 | }, 21 | }, 22 | alertmanager+:: { 23 | alertmanager+: { 24 | spec+: { 25 | // the important field configmaps: 26 | configMaps: ['alert-templates'], // goes to etc/alermanager/configmaps 27 | }, 28 | }, 29 | }, 30 | configmap+:: { 31 | 'alert-templates': configmap( 32 | 'alert-templates', 33 | $.values.common.namespace, // could be $._config.namespace to assign namespace once 34 | { 'alertmanager-alert-template.tmpl': importstr 'alertmanager-alert-template.tmpl' }, 35 | ), 36 | }, 37 | }; 38 | { [name + '-configmap']: kp.configmap[name] for name in std.objectFields(kp.configmap) } 39 | -------------------------------------------------------------------------------- /manifests/alertmanager-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.30.0 10 | name: alertmanager-main 11 | namespace: monitoring 12 | spec: 13 | egress: 14 | - {} 15 | ingress: 16 | - from: 17 | - podSelector: 18 | matchLabels: 19 | app.kubernetes.io/name: prometheus 20 | ports: 21 | - port: 9093 22 | protocol: TCP 23 | - port: 8080 24 | protocol: TCP 25 | - from: 26 | - podSelector: 27 | matchLabels: 28 | app.kubernetes.io/name: alertmanager 29 | ports: 30 | - port: 9094 31 | protocol: TCP 32 | - port: 9094 33 | protocol: UDP 34 | podSelector: 35 | matchLabels: 36 | app.kubernetes.io/component: alert-router 37 | app.kubernetes.io/instance: main 38 | app.kubernetes.io/name: alertmanager 39 | app.kubernetes.io/part-of: kube-prometheus 40 | policyTypes: 41 | - Egress 42 | - Ingress 43 | -------------------------------------------------------------------------------- /docs/update.md: -------------------------------------------------------------------------------- 1 | # Update kube-prometheus 2 | 3 | You may wish to fetch changes made on this project so they are available to you. 4 | 5 | ## Update jb 6 | 7 | `jb` may have been updated so it's a good idea to get the latest version of this binary: 8 | 9 | ```shell 10 | $ go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest 11 | ``` 12 | 13 | ## Update kube-prometheus 14 | 15 | The command below will sync with upstream project: 16 | 17 | ```shell 18 | $ jb update 19 | ``` 20 | 21 | ## Compile the manifests and apply 22 | 23 | Once updated, just follow the instructions under [Generating](customizing.md#generating) and [Apply the kube-prometheus stack](customizing.md#apply-the-kube-prometheus-stack) from [customizing.md doc](customizing.md) to apply the changes to your cluster. 24 | 25 | ## Migration from previous versions 26 | 27 | If you are migrating from `release-0.7` branch or earlier please read [what changed and how to migrate in our guide](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/migration-guide.md). 28 | 29 | Refer to [migration document](migration-example) for more information about migration from 0.3 and 0.8 versions of kube-prometheus. 30 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug 3 | about: Report a bug related to kube-prometheus 4 | labels: kind/bug 5 | --- 6 | 7 | 12 | 13 | **What happened?** 14 | 15 | **Did you expect to see some different?** 16 | 17 | **How to reproduce it (as minimally and precisely as possible)**: 18 | 19 | **Environment** 20 | 21 | * Prometheus Operator version: 22 | 23 | `Insert image tag or Git SHA here` 24 | 25 | 26 | * Kubernetes version information: 27 | 28 | `kubectl version` 29 | 30 | 31 | * Kubernetes cluster kind: 32 | 33 | insert how you created your cluster: kops, bootkube, tectonic-installer, etc. 34 | 35 | * Manifests: 36 | 37 | ``` 38 | insert manifests relevant to the issue 39 | ``` 40 | 41 | * Prometheus Operator Logs: 42 | 43 | ``` 44 | Insert Prometheus Operator logs relevant to the issue here 45 | ``` 46 | 47 | * Prometheus Logs: 48 | 49 | ``` 50 | Insert Prometheus logs relevant to the issue here 51 | ``` 52 | 53 | **Anything else we need to know?**: 54 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/config-mixins.libsonnet: -------------------------------------------------------------------------------- 1 | local imageName(image) = 2 | local parts = std.split(image, '/'); 3 | local len = std.length(parts); 4 | if len == 3 then 5 | // registry.com/org/image 6 | parts[2] 7 | else if len == 2 then 8 | // org/image 9 | parts[1] 10 | else if len == 1 then 11 | // image, ie. busybox 12 | parts[0] 13 | else 14 | error 'unknown image format: ' + image; 15 | 16 | 17 | // withImageRepository is a mixin that replaces all images prefixes by repository. eg. 18 | // quay.io/coreos/addon-resizer -> $repository/addon-resizer 19 | // grafana/grafana -> grafana $repository/grafana 20 | local withImageRepository(repository) = { 21 | local oldRepos = super.values.common.images, 22 | local substituteRepository(image, repository) = 23 | if repository == null then image else repository + '/' + imageName(image), 24 | values+:: { 25 | common+:: { 26 | images:: { 27 | [field]: substituteRepository(oldRepos[field], repository) 28 | for field in std.objectFields(oldRepos) 29 | }, 30 | }, 31 | }, 32 | }; 33 | 34 | { 35 | imageName:: imageName, 36 | } 37 | 38 | { 39 | withImageRepository:: withImageRepository, 40 | } 41 | -------------------------------------------------------------------------------- /examples/etcd-skip-verify.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + 2 | (import 'kube-prometheus/addons/static-etcd.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | etcd+:: { 8 | ips: ['127.0.0.1'], 9 | clientCA: importstr 'etcd-client-ca.crt', 10 | clientKey: importstr 'etcd-client.key', 11 | clientCert: importstr 'etcd-client.crt', 12 | insecureSkipVerify: true, 13 | }, 14 | }, 15 | }; 16 | 17 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 18 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 19 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 20 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 21 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 22 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 23 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 24 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/ksm-lite.libsonnet: -------------------------------------------------------------------------------- 1 | local addArgs(args, name, containers) = std.map( 2 | function(c) if c.name == name then 3 | c { 4 | args+: args, 5 | } 6 | else c, 7 | containers, 8 | ); 9 | 10 | { 11 | kubeStateMetrics+: { 12 | deployment+: { 13 | spec+: { 14 | template+: { 15 | spec+: { 16 | containers: addArgs( 17 | [||| 18 | --metric-denylist= 19 | ^kube_.+_created$, 20 | ^kube_.+_metadata_resource_version$, 21 | ^kube_replicaset_metadata_generation$, 22 | ^kube_replicaset_status_observed_generation$, 23 | ^kube_pod_restart_policy$, 24 | ^kube_pod_init_container_status_terminated$, 25 | ^kube_pod_init_container_status_running$, 26 | ^kube_pod_container_status_terminated$, 27 | ^kube_pod_container_status_running$, 28 | ^kube_pod_completion_time$, 29 | ^kube_pod_status_scheduled$ 30 | |||], 31 | 'kube-state-metrics', 32 | super.containers 33 | ), 34 | }, 35 | }, 36 | }, 37 | }, 38 | }, 39 | } 40 | -------------------------------------------------------------------------------- /examples/kustomize.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | }, 8 | }; 9 | 10 | local manifests = 11 | { 12 | ['setup/' + resource]: kp[component][resource] 13 | for component in std.objectFields(kp) 14 | for resource in std.filter( 15 | function(resource) 16 | kp[component][resource].kind == 'CustomResourceDefinition' || kp[component][resource].kind == 'Namespace', std.objectFields(kp[component]) 17 | ) 18 | } + 19 | { 20 | [component + '-' + resource]: kp[component][resource] 21 | for component in std.objectFields(kp) 22 | for resource in std.filter( 23 | function(resource) 24 | kp[component][resource].kind != 'CustomResourceDefinition' && kp[component][resource].kind != 'Namespace', std.objectFields(kp[component]) 25 | ) 26 | }; 27 | 28 | local kustomizationResourceFile(name) = './manifests/' + name + '.yaml'; 29 | local kustomization = { 30 | apiVersion: 'kustomize.config.k8s.io/v1beta1', 31 | kind: 'Kustomization', 32 | resources: std.map(kustomizationResourceFile, std.objectFields(manifests)), 33 | }; 34 | 35 | manifests { 36 | '../kustomization': kustomization, 37 | } 38 | -------------------------------------------------------------------------------- /examples/alertmanager-alert-template.tmpl: -------------------------------------------------------------------------------- 1 | # to know more about custom template language read alertmanager documentation 2 | # inspired by : https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512 3 | 4 | {{ define "slack.title" -}} 5 | [{{ .Status | toUpper -}} 6 | {{ if eq .Status "firing" }}:{{ .Alerts.Firing | len }}{{- end -}} 7 | ] {{ template "__alert_severity_prefix_title" . }} {{ .CommonLabels.alertname }} 8 | {{- end }} 9 | 10 | {{ define "slack.color" -}} 11 | {{ if eq .Status "firing" -}} 12 | {{ if eq .CommonLabels.severity "warning" -}} 13 | warning 14 | {{- else if eq .CommonLabels.severity "critical" -}} 15 | danger 16 | {{- else -}} 17 | #439FE0 18 | {{- end -}} 19 | {{ else -}} 20 | good 21 | {{- end }} 22 | {{- end }} 23 | 24 | {{ define "slack.icon_emoji" }}:prometheus:{{ end }} 25 | 26 | {{/* The test to display in the alert */}} 27 | {{ define "slack.text" -}} 28 | {{ range .Alerts }} 29 | {{- if .Annotations.message }} 30 | {{ .Annotations.message }} 31 | {{- end }} 32 | {{- if .Annotations.description }} 33 | {{ .Annotations.description }} 34 | {{- end }} 35 | {{- end }} 36 | {{- end }} 37 | 38 | -------------------------------------------------------------------------------- /manifests/prometheus-networkPolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: prometheus-k8s 11 | namespace: monitoring 12 | spec: 13 | egress: 14 | - {} 15 | ingress: 16 | - from: 17 | - podSelector: 18 | matchLabels: 19 | app.kubernetes.io/name: prometheus 20 | ports: 21 | - port: 9090 22 | protocol: TCP 23 | - port: 8080 24 | protocol: TCP 25 | - from: 26 | - podSelector: 27 | matchLabels: 28 | app.kubernetes.io/name: prometheus-adapter 29 | ports: 30 | - port: 9090 31 | protocol: TCP 32 | - from: 33 | - podSelector: 34 | matchLabels: 35 | app.kubernetes.io/name: grafana 36 | ports: 37 | - port: 9090 38 | protocol: TCP 39 | podSelector: 40 | matchLabels: 41 | app.kubernetes.io/component: prometheus 42 | app.kubernetes.io/instance: k8s 43 | app.kubernetes.io/name: prometheus 44 | app.kubernetes.io/part-of: kube-prometheus 45 | policyTypes: 46 | - Egress 47 | - Ingress 48 | -------------------------------------------------------------------------------- /docs/customizations/strip-limits.md: -------------------------------------------------------------------------------- 1 | ### Stripping container resource limits 2 | 3 | Sometimes in small clusters, the CPU/memory limits can get high enough for alerts to be fired continuously. To prevent this, one can strip off the predefined limits. 4 | To do that, one can import the following mixin 5 | 6 | ```jsonnet mdox-exec="cat examples/strip-limits.jsonnet" 7 | local kp = (import 'kube-prometheus/main.libsonnet') + 8 | (import 'kube-prometheus/addons/strip-limits.libsonnet') + { 9 | values+:: { 10 | common+: { 11 | namespace: 'monitoring', 12 | }, 13 | }, 14 | }; 15 | 16 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 17 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 18 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 19 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 20 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 21 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 22 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 23 | ``` 24 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/strip-limits.libsonnet: -------------------------------------------------------------------------------- 1 | // Strips spec.containers[].limits for certain containers 2 | // https://github.com/prometheus-operator/kube-prometheus/issues/72 3 | 4 | { 5 | //TODO(arthursens): Expand example once kube-rbac-proxy can be managed with a first-class 6 | // object inside node-exporter, kube-state-metrics and prometheus-operator. 7 | // See also: https://github.com/prometheus-operator/kube-prometheus/issues/1500#issuecomment-966727623 8 | values+:: { 9 | alertmanager+: { 10 | resources+: { 11 | limits: {}, 12 | }, 13 | }, 14 | 15 | blackboxExporter+: { 16 | resources+: { 17 | limits: {}, 18 | }, 19 | }, 20 | 21 | grafana+: { 22 | resources+: { 23 | limits: {}, 24 | }, 25 | }, 26 | 27 | kubeStateMetrics+: { 28 | resources+: { 29 | limits: {}, 30 | }, 31 | }, 32 | 33 | nodeExporter+: { 34 | resources+: { 35 | limits: {}, 36 | }, 37 | }, 38 | 39 | prometheusAdapter+: { 40 | resources+: { 41 | limits: {}, 42 | }, 43 | }, 44 | 45 | prometheusOperator+: { 46 | resources+: { 47 | limits: {}, 48 | }, 49 | }, 50 | 51 | prometheus+: { 52 | resources+: { 53 | limits: {}, 54 | }, 55 | }, 56 | }, 57 | } 58 | -------------------------------------------------------------------------------- /manifests/kubeStateMetrics-serviceMonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: exporter 6 | app.kubernetes.io/name: kube-state-metrics 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 2.17.0 9 | name: kube-state-metrics 10 | namespace: monitoring 11 | spec: 12 | endpoints: 13 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 14 | honorLabels: true 15 | interval: 30s 16 | metricRelabelings: 17 | - action: drop 18 | regex: kube_(endpoint_(address_not_ready|address_available|ports)) 19 | sourceLabels: 20 | - __name__ 21 | port: https-main 22 | relabelings: 23 | - action: labeldrop 24 | regex: (pod|service|endpoint|namespace) 25 | scheme: https 26 | scrapeTimeout: 30s 27 | tlsConfig: 28 | insecureSkipVerify: true 29 | - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 30 | interval: 30s 31 | port: https-self 32 | scheme: https 33 | tlsConfig: 34 | insecureSkipVerify: true 35 | jobLabel: app.kubernetes.io/name 36 | selector: 37 | matchLabels: 38 | app.kubernetes.io/component: exporter 39 | app.kubernetes.io/name: kube-state-metrics 40 | app.kubernetes.io/part-of: kube-prometheus 41 | -------------------------------------------------------------------------------- /developer-workspace/gitpod/prepare-k3s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 4 | rootfslock="${script_dirname}/_output/rootfs/rootfs-ready.lock" 5 | k3sreadylock="${script_dirname}/_output/rootfs/k3s-ready.lock" 6 | 7 | if test -f "${k3sreadylock}"; then 8 | exit 0 9 | fi 10 | 11 | cd $script_dirname 12 | 13 | function waitssh() { 14 | while ! nc -z 127.0.0.1 2222; do 15 | sleep 0.1 16 | done 17 | ./ssh.sh "whoami" &>/dev/null 18 | if [ $? -ne 0 ]; then 19 | sleep 1 20 | waitssh 21 | fi 22 | } 23 | 24 | function waitrootfs() { 25 | while ! test -f "${rootfslock}"; do 26 | sleep 0.1 27 | done 28 | } 29 | 30 | echo "🔥 Installing everything, this will be done only one time per workspace." 31 | 32 | echo "Waiting for the rootfs to become available, it can take a while, open the terminal #2 for progress" 33 | waitrootfs 34 | echo "✅ rootfs available" 35 | 36 | echo "Waiting for the ssh server to become available, it can take a while, after this k3s is getting installed" 37 | waitssh 38 | echo "✅ ssh server available" 39 | 40 | ./ssh.sh "curl -sfL https://get.k3s.io | sh -" 41 | 42 | mkdir -p ~/.kube 43 | ./scp.sh root@127.0.0.1:/etc/rancher/k3s/k3s.yaml ~/.kube/config 44 | 45 | echo "✅ k3s server is ready" 46 | touch "${k3sreadylock}" 47 | 48 | # safety wait for cluster availability 49 | sleep 30s -------------------------------------------------------------------------------- /docs/customizations/alertmanager-configuration.md: -------------------------------------------------------------------------------- 1 | ### Alertmanager configuration 2 | 3 | The Alertmanager configuration is located in the `values.alertmanager.config` configuration field. In order to set a custom Alertmanager configuration simply set this field. 4 | 5 | ```jsonnet mdox-exec="cat examples/alertmanager-config.jsonnet" 6 | ((import 'kube-prometheus/main.libsonnet') + { 7 | values+:: { 8 | alertmanager+: { 9 | config: ||| 10 | global: 11 | resolve_timeout: 10m 12 | route: 13 | group_by: ['job'] 14 | group_wait: 30s 15 | group_interval: 5m 16 | repeat_interval: 12h 17 | receiver: 'null' 18 | routes: 19 | - match: 20 | alertname: Watchdog 21 | receiver: 'null' 22 | receivers: 23 | - name: 'null' 24 | |||, 25 | }, 26 | }, 27 | }).alertmanager.secret 28 | ``` 29 | 30 | In the above example the configuration has been inlined, but can just as well be an external file imported in jsonnet via the `importstr` function. 31 | 32 | ```jsonnet mdox-exec="cat examples/alertmanager-config-external.jsonnet" 33 | ((import 'kube-prometheus/main.libsonnet') + { 34 | values+:: { 35 | alertmanager+: { 36 | config: importstr 'alertmanager-config.yaml', 37 | }, 38 | }, 39 | }).alertmanager.secret 40 | ``` 41 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/lib/mixin.libsonnet: -------------------------------------------------------------------------------- 1 | local defaults = { 2 | name: error 'provide name', 3 | namespace: 'monitoring', 4 | labels: { 5 | prometheus: 'k8s', 6 | }, 7 | mixin: error 'provide a mixin', 8 | }; 9 | 10 | function(params) { 11 | _config:: defaults + params, 12 | 13 | local m = self, 14 | 15 | local prometheusRules = if std.objectHasAll(m._config.mixin, 'prometheusRules') || std.objectHasAll(m._config.mixin, 'prometheusAlerts') then { 16 | apiVersion: 'monitoring.coreos.com/v1', 17 | kind: 'PrometheusRule', 18 | metadata: { 19 | labels: m._config.labels, 20 | name: m._config.name, 21 | namespace: m._config.namespace, 22 | }, 23 | spec: { 24 | local r = if std.objectHasAll(m._config.mixin, 'prometheusRules') then m._config.mixin.prometheusRules.groups else [], 25 | local a = if std.objectHasAll(m._config.mixin, 'prometheusAlerts') then m._config.mixin.prometheusAlerts.groups else [], 26 | groups: a + r, 27 | }, 28 | }, 29 | 30 | local grafanaDashboards = if std.objectHasAll(m._config.mixin, 'grafanaDashboards') then ( 31 | if std.objectHas(m._config, 'dashboardFolder') then { 32 | [m._config.dashboardFolder]+: m._config.mixin.grafanaDashboards, 33 | } else (m._config.mixin.grafanaDashboards) 34 | ), 35 | 36 | prometheusRules: prometheusRules, 37 | grafanaDashboards: grafanaDashboards, 38 | } 39 | -------------------------------------------------------------------------------- /docs/customizations/pod-anti-affinity.md: -------------------------------------------------------------------------------- 1 | ### Pod Anti-Affinity 2 | 3 | To prevent `Prometheus` and `Alertmanager` instances from being deployed onto the same node when 4 | possible, one can include the [kube-prometheus-anti-affinity.libsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet) mixin: 5 | 6 | ```jsonnet mdox-exec="cat examples/anti-affinity.jsonnet" 7 | local kp = (import 'kube-prometheus/main.libsonnet') + 8 | (import 'kube-prometheus/addons/anti-affinity.libsonnet') + { 9 | values+:: { 10 | common+: { 11 | namespace: 'monitoring', 12 | }, 13 | }, 14 | }; 15 | 16 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 17 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 18 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 19 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 20 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 21 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 22 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 23 | ``` 24 | -------------------------------------------------------------------------------- /examples/eks-cni-example.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+: { 4 | namespace: 'monitoring', 5 | }, 6 | kubePrometheus+: { 7 | platform: 'eks', 8 | }, 9 | }, 10 | kubernetesControlPlane+: { 11 | prometheusRuleEksCNI+: { 12 | spec+: { 13 | groups+: [ 14 | { 15 | name: 'example-group', 16 | rules: [ 17 | { 18 | record: 'aws_eks_available_ip', 19 | expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10', 20 | }, 21 | ], 22 | }, 23 | ], 24 | }, 25 | }, 26 | }, 27 | }; 28 | 29 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 30 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 31 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 32 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 33 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 34 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 35 | -------------------------------------------------------------------------------- /developer-workspace/codespaces/prepare-kind.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | which kind 4 | if [[ $? != 0 ]]; then 5 | echo 'kind not available in $PATH, installing latest kind' 6 | # Install latest kind 7 | curl -s https://api.github.com/repos/kubernetes-sigs/kind/releases/latest \ 8 | | grep "browser_download_url.*kind-linux-amd64" \ 9 | | cut -d : -f 2,3 \ 10 | | tr -d \" \ 11 | | wget -qi - 12 | mv kind-linux-amd64 developer-workspace/codespaces/kind && chmod +x developer-workspace/codespaces/kind 13 | export PATH=$PATH:$PWD/developer-workspace/codespaces 14 | fi 15 | 16 | cluster_created=$($PWD/developer-workspace/codespaces/kind get clusters 2>&1) 17 | if [[ "$cluster_created" == "No kind clusters found." ]]; then 18 | $PWD/developer-workspace/codespaces/kind create cluster --config $PWD/.github/workflows/kind/config.yml 19 | else 20 | echo "Cluster '$cluster_created' already present" 21 | fi 22 | 23 | helm repo add --force-update cilium https://helm.cilium.io/ 24 | helm install cilium cilium/cilium --version 1.9.13 \ 25 | --namespace kube-system \ 26 | --set nodeinit.enabled=true \ 27 | --set kubeProxyReplacement=partial \ 28 | --set hostServices.enabled=false \ 29 | --set externalIPs.enabled=true \ 30 | --set nodePort.enabled=true \ 31 | --set hostPort.enabled=true \ 32 | --set bpf.masquerade=false \ 33 | --set image.pullPolicy=IfNotPresent \ 34 | --set ipam.mode=kubernetes \ 35 | --set operator.replicas=1 -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/bootkube.libsonnet: -------------------------------------------------------------------------------- 1 | local service(name, namespace, labels, selector, ports) = { 2 | apiVersion: 'v1', 3 | kind: 'Service', 4 | metadata: { 5 | name: name, 6 | namespace: namespace, 7 | labels: labels, 8 | }, 9 | spec: { 10 | ports+: ports, 11 | selector: selector, 12 | clusterIP: 'None', 13 | }, 14 | }; 15 | 16 | { 17 | kubernetesControlPlane+: { 18 | kubeControllerManagerPrometheusDiscoveryService: service( 19 | 'kube-controller-manager-prometheus-discovery', 20 | 'kube-system', 21 | { 'app.kubernetes.io/name': 'kube-controller-manager' }, 22 | { 'app.kubernetes.io/name': 'kube-controller-manager' }, 23 | [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] 24 | ), 25 | 26 | kubeSchedulerPrometheusDiscoveryService: service( 27 | 'kube-scheduler-prometheus-discovery', 28 | 'kube-system', 29 | { 'app.kubernetes.io/name': 'kube-scheduler' }, 30 | { 'app.kubernetes.io/name': 'kube-scheduler' }, 31 | [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] 32 | ), 33 | 34 | kubeDnsPrometheusDiscoveryService: service( 35 | 'kube-dns-prometheus-discovery', 36 | 'kube-system', 37 | { 'app.kubernetes.io/name': 'kube-dns' }, 38 | { 'app.kubernetes.io/name': 'kube-dns' }, 39 | [{ name: 'http-metrics-skydns', port: 10055, targetPort: 10055 }, { name: 'http-metrics-dnsmasq', port: 10054, targetPort: 10054 }] 40 | ), 41 | }, 42 | } 43 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/components/mixin/rules/node-rules.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | prometheusRules+:: { 3 | groups+: [ 4 | { 5 | name: 'kube-prometheus-node-recording.rules', 6 | rules: [ 7 | { 8 | expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance)', 9 | record: 'instance:node_cpu:rate:sum', 10 | }, 11 | { 12 | expr: 'sum(rate(node_network_receive_bytes_total[3m])) BY (instance)', 13 | record: 'instance:node_network_receive_bytes:rate:sum', 14 | }, 15 | { 16 | expr: 'sum(rate(node_network_transmit_bytes_total[3m])) BY (instance)', 17 | record: 'instance:node_network_transmit_bytes:rate:sum', 18 | }, 19 | { 20 | expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)', 21 | record: 'instance:node_cpu:ratio', 22 | }, 23 | { 24 | expr: 'sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m]))', 25 | record: 'cluster:node_cpu:sum_rate5m', 26 | }, 27 | { 28 | expr: 'cluster:node_cpu:sum_rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu))', 29 | record: 'cluster:node_cpu:ratio', 30 | }, 31 | ], 32 | }, 33 | ], 34 | }, 35 | } 36 | -------------------------------------------------------------------------------- /developer-workspace/README.md: -------------------------------------------------------------------------------- 1 | # Ephemeral developer workspaces 2 | 3 | Aiming to provide better developer experience when making contributions to kube-prometheus, whether by actively developing new features/bug fixes or by reviewing pull requests, we want to provide ephemeral developer workspaces with everything already configured (as far as tooling makes it possible). 4 | 5 | A developer workspace provides a brand new Kubernetes cluster, where kube-prometheus can be easily deployed and the contributor can easily see the impact that a pull request is proposing. 6 | 7 | Today only [Github Codespaces](https://github.com/features/codespaces) is supported. Unfortunately, Codespaces is not available for everyone. If you are fortunate to have access to it, you can open a new workspace from a specific branch, or even from Pull Requests. 8 | 9 | ![image](https://user-images.githubusercontent.com/24193764/135522435-44b177b4-00d4-4863-b45b-2db47c8c70d0.png) 10 | 11 | ![image](https://user-images.githubusercontent.com/24193764/135522560-c64968ab-3b4e-4639-893a-c4d0a14421aa.png) 12 | 13 | After your workspace start, you can deploy a kube-prometheus inside a Kind cluster inside by running `make deploy`. 14 | 15 | If you are reviewing a PR, you'll have a fully-functional kubernetes cluster, generating real monitoring data that can be used to review if the proposed changes works as described. 16 | 17 | If you are working on new features/bug fixes, you can regenerate kube-prometheus's YAML manifests with `make generate` and deploy it again with `make deploy`. 18 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | prometheus+: { 3 | serviceMonitorKubelet+: 4 | { 5 | spec+: { 6 | endpoints: [ 7 | { 8 | port: 'http-metrics', 9 | scheme: 'http', 10 | interval: '30s', 11 | bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', 12 | relabelings: [ 13 | { sourceLabels: ['__metrics_path__'], targetLabel: 'metrics_path' }, 14 | ], 15 | }, 16 | { 17 | port: 'http-metrics', 18 | scheme: 'http', 19 | path: '/metrics/cadvisor', 20 | interval: '30s', 21 | honorLabels: true, 22 | bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token', 23 | relabelings: [ 24 | { sourceLabels: ['__metrics_path__'], targetLabel: 'metrics_path' }, 25 | ], 26 | metricRelabelings: [ 27 | // Drop a bunch of metrics which are disabled but still sent, see 28 | // https://github.com/google/cadvisor/issues/1925. 29 | { 30 | sourceLabels: ['__name__'], 31 | regex: 'container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)', 32 | action: 'drop', 33 | }, 34 | ], 35 | }, 36 | ], 37 | }, 38 | }, 39 | }, 40 | } 41 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/kops.libsonnet: -------------------------------------------------------------------------------- 1 | local service(name, namespace, labels, selector, ports) = { 2 | apiVersion: 'v1', 3 | kind: 'Service', 4 | metadata: { 5 | name: name, 6 | namespace: namespace, 7 | labels: labels, 8 | }, 9 | spec: { 10 | ports+: ports, 11 | selector: selector, 12 | clusterIP: 'None', 13 | }, 14 | }; 15 | 16 | { 17 | kubernetesControlPlane+: { 18 | kubeControllerManagerPrometheusDiscoveryService: service( 19 | 'kube-controller-manager-prometheus-discovery', 20 | 'kube-system', 21 | { 'k8s-app': 'kube-controller-manager', 'app.kubernetes.io/name': 'kube-controller-manager' }, 22 | { 'k8s-app': 'kube-controller-manager' }, 23 | [{ name: 'https-metrics', port: 10257, targetPort: 10257 }] 24 | ), 25 | kubeSchedulerPrometheusDiscoveryService: service( 26 | 'kube-scheduler-prometheus-discovery', 27 | 'kube-system', 28 | { 'k8s-app': 'kube-controller-manager', 'app.kubernetes.io/name': 'kube-scheduler' }, 29 | { 'k8s-app': 'kube-scheduler' }, 30 | [{ name: 'https-metrics', port: 10259, targetPort: 10259 }] 31 | ), 32 | kubeDnsPrometheusDiscoveryService: service( 33 | 'kube-dns-prometheus-discovery', 34 | 'kube-system', 35 | { 'k8s-app': 'kube-controller-manager', 'app.kubernetes.io/name': 'kube-dns' }, 36 | { 'k8s-app': 'kube-dns' }, 37 | [{ name: 'metrics', port: 10055, targetPort: 10055 }, { name: 'http-metrics-dnsmasq', port: 10054, targetPort: 10054 }] 38 | ), 39 | }, 40 | } 41 | -------------------------------------------------------------------------------- /examples/prometheus-additional-rendered-rule-example.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+: { 4 | namespace: 'monitoring', 5 | }, 6 | }, 7 | exampleApplication: { 8 | prometheusRuleExample: { 9 | apiVersion: 'monitoring.coreos.com/v1', 10 | kind: 'PrometheusRule', 11 | metadata: { 12 | name: 'my-prometheus-rule', 13 | namespace: $.values.common.namespace, 14 | }, 15 | spec: { 16 | groups: (import 'existingrule.json').groups, 17 | }, 18 | }, 19 | }, 20 | }; 21 | 22 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 23 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 24 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 25 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 26 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 27 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 28 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + 29 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 30 | { ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } 31 | -------------------------------------------------------------------------------- /manifests/grafana-prometheusRule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: PrometheusRule 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: grafana 6 | app.kubernetes.io/name: grafana 7 | app.kubernetes.io/part-of: kube-prometheus 8 | app.kubernetes.io/version: 12.3.1 9 | prometheus: k8s 10 | role: alert-rules 11 | name: grafana-rules 12 | namespace: monitoring 13 | spec: 14 | groups: 15 | - name: GrafanaAlerts 16 | rules: 17 | - alert: GrafanaRequestsFailing 18 | annotations: 19 | message: '{{ $labels.namespace }}/{{ $labels.job }}/{{ $labels.handler }} is experiencing {{ $value | humanize }}% errors' 20 | runbook_url: https://runbooks.prometheus-operator.dev/runbooks/grafana/grafanarequestsfailing 21 | expr: | 22 | 100 * sum without (status_code) (namespace_job_handler_statuscode:grafana_http_request_duration_seconds_count:rate5m{handler!~"/api/datasources/proxy/:id.*|/api/ds/query|/api/tsdb/query", status_code=~"5.."}) 23 | / 24 | sum without (status_code) (namespace_job_handler_statuscode:grafana_http_request_duration_seconds_count:rate5m{handler!~"/api/datasources/proxy/:id.*|/api/ds/query|/api/tsdb/query"}) 25 | > 50 26 | for: 5m 27 | labels: 28 | severity: warning 29 | - name: grafana_rules 30 | rules: 31 | - expr: | 32 | sum by (namespace, job, handler, status_code) (rate(grafana_http_request_duration_seconds_count[5m])) 33 | record: namespace_job_handler_statuscode:grafana_http_request_duration_seconds_count:rate5m 34 | -------------------------------------------------------------------------------- /manifests/prometheus-prometheus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Prometheus 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: prometheus 6 | app.kubernetes.io/instance: k8s 7 | app.kubernetes.io/name: prometheus 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 3.8.1 10 | name: k8s 11 | namespace: monitoring 12 | spec: 13 | alerting: 14 | alertmanagers: 15 | - apiVersion: v2 16 | name: alertmanager-main 17 | namespace: monitoring 18 | port: web 19 | enableFeatures: [] 20 | externalLabels: {} 21 | image: quay.io/prometheus/prometheus:v3.8.1 22 | nodeSelector: 23 | kubernetes.io/os: linux 24 | podMetadata: 25 | labels: 26 | app.kubernetes.io/component: prometheus 27 | app.kubernetes.io/instance: k8s 28 | app.kubernetes.io/name: prometheus 29 | app.kubernetes.io/part-of: kube-prometheus 30 | app.kubernetes.io/version: 3.8.1 31 | podMonitorNamespaceSelector: {} 32 | podMonitorSelector: {} 33 | probeNamespaceSelector: {} 34 | probeSelector: {} 35 | replicas: 2 36 | resources: 37 | requests: 38 | memory: 400Mi 39 | ruleNamespaceSelector: {} 40 | ruleSelector: {} 41 | scrapeConfigNamespaceSelector: {} 42 | scrapeConfigSelector: {} 43 | securityContext: 44 | fsGroup: 2000 45 | runAsNonRoot: true 46 | runAsUser: 1000 47 | serviceAccountName: prometheus-k8s 48 | serviceDiscoveryRole: EndpointSlice 49 | serviceMonitorNamespaceSelector: {} 50 | serviceMonitorSelector: {} 51 | version: 3.8.1 52 | -------------------------------------------------------------------------------- /docs/endpoints-migration.md: -------------------------------------------------------------------------------- 1 | # Migration from Endpoints to EndpointSlice 2 | 3 | `kube-prometheus` 0.17+ automatically configures Prometheus to use EndpointSlice instead of Endpoints for Kubernetes service discovery (Endpoints have been deprecated in Kubernetes 1.33). 4 | 5 | While the migration should be seamless for "regular" pods, it requires a few manual steps for components running as host services (e.g. node_exporter and kubelet): 6 | 1. The node_exporter and kubelet ServiceMonitors rely on the Prometheus operator's kubelet controller which manages the `kube-system/kubelet` Service. 7 | 2. With `kube-prometheus` 0.17, the Prometheus operator starts with both `--kubelet-endpoints=true` and `--kubelet-endpointslice=true` to ensure that a) the operator synchronizes the EndpointSlice object(s) backing the `kube-system/kubelet` Service and b) Kubernetes stops mirroring the `kube-system/kubelet` Endpoints object to EndpointSlice object(s) (otherwise the operator and kube-controller-manager would fight for the same resources). 8 | 3. After verifying that all targets are correctly discovered, it is ok to modify the operator's deployment and use `--kubelet-endpoints=false` instead. This will become the default in a future version of `kube-prometheus`. 9 | 4. The `kube-system/kubelet` Endpoints object should be removed manually. 10 | 11 | To verify the status of the Endpoints and EndpointSlice objects, run: 12 | 13 | ```shell 14 | kubectl get -n kube-system endpoints kubelet 15 | kubectl get -n kube-system endpointslice -l endpointslice.kubernetes.io/managed-by=prometheus-operator 16 | ``` 17 | -------------------------------------------------------------------------------- /docs/access-ui.md: -------------------------------------------------------------------------------- 1 | --- 2 | weight: 300 3 | toc: true 4 | title: Access Dashboards 5 | menu: 6 | docs: 7 | parent: kube 8 | images: [] 9 | draft: false 10 | --- 11 | 12 | Prometheus, Grafana, and Alertmanager dashboards can be accessed quickly using `kubectl port-forward` after running the quickstart via the commands below. 13 | 14 | > Kubernetes 1.10 or later is required. 15 | 16 | You can also learn how to [expose Prometheus/Alertmanager/Grafana via Ingress](https://prometheus-operator.dev/kube-prometheus/kube/exposing-prometheus-alertmanager-grafana-ingress/) 17 | 18 | ## Prometheus 19 | 20 | ```shell 21 | kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090 22 | ``` 23 | 24 | Open Prometheus on [http://localhost:9090](http://localhost:9090) in your browser. 25 | 26 | Check out the [alerts](http://localhost:9090/alerts) and [rules](http://localhost:9090/rules) pages with the pre-configured rules and alerts! 27 | This Prometheus is supposed to monitor your Kubernetes cluster and make sure to alert you if there’s a problem with it. 28 | 29 | For your own applications we recommend running one or more other instances. 30 | 31 | ## Grafana 32 | 33 | ```shell 34 | kubectl --namespace monitoring port-forward svc/grafana 3000 35 | ``` 36 | 37 | Open Grafana on [localhost:3000](https://localhost:3000) in your browser. 38 | You can login with the username `admin` and password `admin`. 39 | 40 | ## Alertmanager 41 | 42 | ```shell 43 | kubectl --namespace monitoring port-forward svc/alertmanager-main 9093 44 | ``` 45 | 46 | Open Alertmanager on [localhost:9093](http://localhost:9093) in your browser. 47 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/components/mixin/custom.libsonnet: -------------------------------------------------------------------------------- 1 | local defaults = { 2 | name: 'kube-prometheus', 3 | namespace: error 'must provide namespace', 4 | commonLabels:: { 5 | 'app.kubernetes.io/name': 'kube-prometheus', 6 | 'app.kubernetes.io/component': 'exporter', 7 | 'app.kubernetes.io/part-of': 'kube-prometheus', 8 | }, 9 | mixin: { 10 | ruleLabels: {}, 11 | _config: { 12 | nodeExporterSelector: 'job="node-exporter"', 13 | hostNetworkInterfaceSelector: 'device!~"veth.+"', 14 | runbookURLPattern: 'https://runbooks.prometheus-operator.dev/runbooks/general/%s', 15 | }, 16 | }, 17 | }; 18 | 19 | function(params) { 20 | local m = self, 21 | _config:: defaults + params, 22 | 23 | local alertsandrules = (import './alerts/alerts.libsonnet') + (import './rules/rules.libsonnet'), 24 | 25 | mixin:: alertsandrules + 26 | (import 'github.com/kubernetes-monitoring/kubernetes-mixin/lib/add-runbook-links.libsonnet') { 27 | _config+:: m._config.mixin._config, 28 | }, 29 | 30 | prometheusRule: { 31 | apiVersion: 'monitoring.coreos.com/v1', 32 | kind: 'PrometheusRule', 33 | metadata: { 34 | labels: m._config.commonLabels + m._config.mixin.ruleLabels, 35 | name: m._config.name + '-rules', 36 | namespace: m._config.namespace, 37 | }, 38 | spec: { 39 | local r = if std.objectHasAll(m.mixin, 'prometheusRules') then m.mixin.prometheusRules.groups else [], 40 | local a = if std.objectHasAll(m.mixin, 'prometheusAlerts') then m.mixin.prometheusAlerts.groups else [], 41 | groups: a + r, 42 | }, 43 | }, 44 | } 45 | -------------------------------------------------------------------------------- /manifests/blackboxExporter-configuration.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | config.yml: |- 4 | "modules": 5 | "http_2xx": 6 | "http": 7 | "preferred_ip_protocol": "ip4" 8 | "prober": "http" 9 | "http_post_2xx": 10 | "http": 11 | "method": "POST" 12 | "preferred_ip_protocol": "ip4" 13 | "prober": "http" 14 | "irc_banner": 15 | "prober": "tcp" 16 | "tcp": 17 | "preferred_ip_protocol": "ip4" 18 | "query_response": 19 | - "send": "NICK prober" 20 | - "send": "USER prober prober prober :prober" 21 | - "expect": "PING :([^ ]+)" 22 | "send": "PONG ${1}" 23 | - "expect": "^:[^ ]+ 001" 24 | "pop3s_banner": 25 | "prober": "tcp" 26 | "tcp": 27 | "preferred_ip_protocol": "ip4" 28 | "query_response": 29 | - "expect": "^+OK" 30 | "tls": true 31 | "tls_config": 32 | "insecure_skip_verify": false 33 | "ssh_banner": 34 | "prober": "tcp" 35 | "tcp": 36 | "preferred_ip_protocol": "ip4" 37 | "query_response": 38 | - "expect": "^SSH-2.0-" 39 | "tcp_connect": 40 | "prober": "tcp" 41 | "tcp": 42 | "preferred_ip_protocol": "ip4" 43 | kind: ConfigMap 44 | metadata: 45 | labels: 46 | app.kubernetes.io/component: exporter 47 | app.kubernetes.io/name: blackbox-exporter 48 | app.kubernetes.io/part-of: kube-prometheus 49 | app.kubernetes.io/version: 0.28.0 50 | name: blackbox-exporter-configuration 51 | namespace: monitoring 52 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 4 | 5 | ## Description 6 | 7 | _Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request. 8 | If it fixes a bug or resolves a feature request, be sure to link to that issue._ 9 | 10 | 11 | 12 | ## Type of change 13 | 14 | _What type of changes does your code introduce to the kube-prometheus? Put an `x` in the box that apply._ 15 | 16 | - [ ] `CHANGE` (fix or feature that would cause existing functionality to not work as expected) 17 | - [ ] `FEATURE` (non-breaking change which adds functionality) 18 | - [ ] `BUGFIX` (non-breaking change which fixes an issue) 19 | - [ ] `ENHANCEMENT` (non-breaking change which improves existing functionality) 20 | - [ ] `NONE` (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.) 21 | 22 | ## Changelog entry 23 | 24 | _Please put a one-line changelog entry below. Later this will be copied to the changelog file._ 25 | 26 | 34 | 35 | ```release-note 36 | 37 | ``` 38 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/platforms/platforms.libsonnet: -------------------------------------------------------------------------------- 1 | local platforms = { 2 | aks: import './aks.libsonnet', 3 | aws: import './aws.libsonnet', 4 | bootkube: import './bootkube.libsonnet', 5 | gke: import './gke.libsonnet', 6 | eks: import './eks.libsonnet', 7 | kops: import './kops.libsonnet', 8 | kops_coredns: (import './kops.libsonnet') + (import './kops-coredns.libsonnet'), 9 | kubeadm: import './kubeadm.libsonnet', 10 | kubespray: import './kubespray.libsonnet', 11 | }; 12 | 13 | // platformPatch returns the platform specific patch associated to the given 14 | // platform. 15 | local platformPatch(p) = if p != null && std.objectHas(platforms, p) then platforms[p] else {}; 16 | 17 | { 18 | // initialize the object to prevent "Indexed object has no field" lint errors 19 | local p = { 20 | values+:: $.values, 21 | alertmanager: {}, 22 | blackboxExporter: {}, 23 | grafana: {}, 24 | kubePrometheus: {}, 25 | kubernetesControlPlane: {}, 26 | kubeStateMetrics: {}, 27 | nodeExporter: {}, 28 | prometheus: {}, 29 | prometheusAdapter: {}, 30 | prometheusOperator: {}, 31 | pyrra: {}, 32 | } + platformPatch($.values.common.platform), 33 | 34 | alertmanager+: p.alertmanager, 35 | blackboxExporter+: p.blackboxExporter, 36 | grafana+: p.grafana, 37 | kubeStateMetrics+: p.kubeStateMetrics, 38 | nodeExporter+: p.nodeExporter, 39 | prometheus+: p.prometheus, 40 | prometheusAdapter+: p.prometheusAdapter, 41 | prometheusOperator+: p.prometheusOperator, 42 | kubernetesControlPlane+: p.kubernetesControlPlane, 43 | kubePrometheus+: p.kubePrometheus, 44 | pyrra+: p.pyrra, 45 | } 46 | -------------------------------------------------------------------------------- /.gitpod.yml: -------------------------------------------------------------------------------- 1 | image: gitpod/workspace-full 2 | checkoutLocation: gitpod-k3s 3 | tasks: 4 | - init: | 5 | make --always-make 6 | export PATH="$(pwd)/tmp/bin:${PATH}" 7 | cat > ${PWD}/.git/hooks/pre-commit < /dev/null 2>&1 12 | echo "Checking if manifests are correct" 13 | make generate > /dev/null 2>&1 14 | 15 | git diff --exit-code 16 | if [[ \$? == 1 ]]; then 17 | echo " 18 | 19 | This commit is being rejected because the YAML manifests are incorrect or jsonnet needs to be formatted." 20 | echo "Please commit your changes again!" 21 | exit 1 22 | fi 23 | EOF 24 | chmod +x ${PWD}/.git/hooks/pre-commit 25 | - name: run kube-prometheus 26 | command: | 27 | developer-workspace/gitpod/prepare-k3s.sh 28 | developer-workspace/common/deploy-kube-prometheus.sh 29 | - name: kernel dev environment 30 | init: | 31 | sudo apt update -y 32 | sudo apt install qemu qemu-system-x86 linux-image-$(uname -r) libguestfs-tools sshpass netcat -y 33 | sudo curl -o /usr/bin/kubectl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" 34 | sudo chmod +x /usr/bin/kubectl 35 | developer-workspace/gitpod/prepare-rootfs.sh 36 | command: | 37 | developer-workspace/gitpod/qemu.sh 38 | ports: 39 | - port: 3000 40 | onOpen: open-browser 41 | - port: 9090 42 | onOpen: open-browser 43 | - port: 9093 44 | onOpen: open-browser 45 | vscode: 46 | extensions: 47 | - heptio.jsonnet -------------------------------------------------------------------------------- /examples/mixin-inclusion.jsonnet: -------------------------------------------------------------------------------- 1 | local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet'); 2 | local etcdMixin = addMixin({ 3 | name: 'etcd', 4 | mixin: (import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + { 5 | _config+: {}, // mixin configuration object 6 | }, 7 | }); 8 | 9 | local kp = (import 'kube-prometheus/main.libsonnet') + 10 | { 11 | values+:: { 12 | common+: { 13 | namespace: 'monitoring', 14 | }, 15 | grafana+: { 16 | // Adding new dashboard to grafana. This will modify grafana configMap with dashboards 17 | dashboards+: etcdMixin.grafanaDashboards, 18 | }, 19 | }, 20 | }; 21 | 22 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 23 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 24 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 25 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 26 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 27 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 28 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 29 | // Rendering prometheusRules object. This is an object compatible with prometheus-operator CRD definition for prometheusRule 30 | { 'external-mixins/etcd-mixin-prometheus-rules': etcdMixin.prometheusRules } 31 | -------------------------------------------------------------------------------- /manifests/alertmanager-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: alert-router 6 | app.kubernetes.io/instance: main 7 | app.kubernetes.io/name: alertmanager 8 | app.kubernetes.io/part-of: kube-prometheus 9 | app.kubernetes.io/version: 0.30.0 10 | name: alertmanager-main 11 | namespace: monitoring 12 | stringData: 13 | alertmanager.yaml: |- 14 | "global": 15 | "resolve_timeout": "5m" 16 | "inhibit_rules": 17 | - "equal": 18 | - "namespace" 19 | - "alertname" 20 | "source_matchers": 21 | - "severity = critical" 22 | "target_matchers": 23 | - "severity =~ warning|info" 24 | - "equal": 25 | - "namespace" 26 | - "alertname" 27 | "source_matchers": 28 | - "severity = warning" 29 | "target_matchers": 30 | - "severity = info" 31 | - "equal": 32 | - "namespace" 33 | "source_matchers": 34 | - "alertname = InfoInhibitor" 35 | "target_matchers": 36 | - "severity = info" 37 | "receivers": 38 | - "name": "Default" 39 | - "name": "Watchdog" 40 | - "name": "Critical" 41 | - "name": "null" 42 | "route": 43 | "group_by": 44 | - "namespace" 45 | "group_interval": "5m" 46 | "group_wait": "30s" 47 | "receiver": "Default" 48 | "repeat_interval": "12h" 49 | "routes": 50 | - "matchers": 51 | - "alertname = Watchdog" 52 | "receiver": "Watchdog" 53 | - "matchers": 54 | - "alertname = InfoInhibitor" 55 | "receiver": "null" 56 | - "matchers": 57 | - "severity = critical" 58 | "receiver": "Critical" 59 | type: Opaque 60 | -------------------------------------------------------------------------------- /examples/thanos-sidecar.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | { 4 | values+:: { 5 | common+: { 6 | namespace: 'monitoring', 7 | }, 8 | prometheus+: { 9 | thanos: { 10 | version: '0.19.0', 11 | image: 'quay.io/thanos/thanos:v0.19.0', 12 | objectStorageConfig: { 13 | key: 'thanos.yaml', // How the file inside the secret is called 14 | name: 'thanos-objectstorage', // This is the name of your Kubernetes secret with the config 15 | }, 16 | }, 17 | }, 18 | }, 19 | }; 20 | 21 | { ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 22 | { 23 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 24 | for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) 25 | } + 26 | // serviceMonitor is separated so that it can be created after the CRDs are ready 27 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 28 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 29 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 30 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 31 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 32 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + 33 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 34 | -------------------------------------------------------------------------------- /developer-workspace/gitpod/prepare-rootfs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | img_url="https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64.tar.gz" 6 | 7 | script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" 8 | outdir="${script_dirname}/_output/rootfs" 9 | 10 | rm -Rf $outdir 11 | mkdir -p $outdir 12 | 13 | curl -L -o "${outdir}/rootfs.tar.gz" $img_url 14 | 15 | cd $outdir 16 | 17 | tar -xvf rootfs.tar.gz 18 | 19 | qemu-img resize hirsute-server-cloudimg-amd64.img +20G 20 | 21 | sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'resize2fs /dev/sda' 22 | 23 | sudo virt-customize -a hirsute-server-cloudimg-amd64.img --root-password password:root 24 | 25 | netconf=" 26 | network: 27 | version: 2 28 | renderer: networkd 29 | ethernets: 30 | enp0s3: 31 | dhcp4: yes 32 | " 33 | 34 | # networking setup 35 | sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "echo '${netconf}' > /etc/netplan/01-net.yaml" 36 | 37 | # copy kernel modules 38 | sudo virt-customize -a hirsute-server-cloudimg-amd64.img --copy-in /lib/modules/$(uname -r):/lib/modules 39 | 40 | # ssh 41 | sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'apt remove openssh-server -y && apt install openssh-server -y' 42 | sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config" 43 | sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config" 44 | 45 | # mark as ready 46 | touch rootfs-ready.lock 47 | 48 | echo "k3s development environment is ready" 49 | -------------------------------------------------------------------------------- /examples/additional-namespaces-servicemonitor.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+: { 4 | namespace: 'monitoring', 5 | }, 6 | prometheus+:: { 7 | namespaces+: ['my-namespace', 'my-second-namespace'], 8 | }, 9 | }, 10 | exampleApplication: { 11 | serviceMonitorMyNamespace: { 12 | apiVersion: 'monitoring.coreos.com/v1', 13 | kind: 'ServiceMonitor', 14 | metadata: { 15 | name: 'my-servicemonitor', 16 | namespace: 'my-namespace', 17 | }, 18 | spec: { 19 | jobLabel: 'app', 20 | endpoints: [ 21 | { 22 | port: 'http-metrics', 23 | }, 24 | ], 25 | selector: { 26 | matchLabels: { 27 | 'app.kubernetes.io/name': 'myapp', 28 | }, 29 | }, 30 | }, 31 | }, 32 | }, 33 | 34 | }; 35 | 36 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 37 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 38 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 39 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 40 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 41 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 42 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 43 | { ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } 44 | -------------------------------------------------------------------------------- /docs/security.md: -------------------------------------------------------------------------------- 1 | ## Security 2 | 3 | The manifests generated in this repository are subject to a security audit in CI via [kubescape](https://github.com/armosec/kubescape). 4 | The scan can be run locally via `make kubescape`. 5 | 6 | While we aim for best practices in terms of security by default, due to the nature of the project, we are required to make the exceptions in the following components: 7 | 8 | #### node-exporter 9 | * Host Port is set. [Kubernetes already sets a Host Port by default when Host Network is enabled.](https://github.com/kubernetes/kubernetes/blob/1945829906546caf867992669a0bfa588edf8be6/pkg/apis/core/v1/defaults.go#L402-L411). Since nothing can be done here, we configure it to our preference port. 10 | * Host PID is set to `true`, since node-exporter requires direct access to the host namespace to gather statistics. 11 | * Host Network is set to `true`, since node-exporter requires direct access to the host network to gather statistics. 12 | * `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server. 13 | 14 | #### prometheus-adapter 15 | * `automountServiceAccountToken` is set to `true` on Pod level as application requires connection to kubernetes API server. 16 | 17 | #### blackbox-exporter 18 | * `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecar requires connection to kubernetes API server. 19 | 20 | #### kube-state-metrics 21 | * `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server. 22 | 23 | #### prometheus-operator 24 | * `automountServiceAccountToken` is set to `true` on Pod level as kube-rbac-proxy sidecars requires connection to kubernetes API server. 25 | -------------------------------------------------------------------------------- /examples/pod-security-policies.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet'); 4 | 5 | { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 6 | // Add the restricted psp to setup 7 | { 'setup/0podsecuritypolicy-restricted': kp.restrictedPodSecurityPolicy } + 8 | { 9 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 10 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 11 | } + 12 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 13 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 14 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 15 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 16 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 17 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 18 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 19 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 20 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 21 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 22 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 23 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 24 | -------------------------------------------------------------------------------- /examples/prometheus-additional-recording-rule-example.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+: { 4 | namespace: 'monitoring', 5 | }, 6 | }, 7 | exampleApplication: { 8 | prometheusRuleExample: { 9 | apiVersion: 'monitoring.coreos.com/v1', 10 | kind: 'PrometheusRule', 11 | metadata: { 12 | name: 'my-prometheus-rule', 13 | namespace: $.values.common.namespace, 14 | }, 15 | spec: { 16 | groups: [ 17 | { 18 | name: 'example-group', 19 | rules: [ 20 | { 21 | record: 'some_recording_rule_name', 22 | expr: 'vector(1)', 23 | }, 24 | ], 25 | }, 26 | ], 27 | }, 28 | }, 29 | }, 30 | }; 31 | 32 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 33 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 34 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 35 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 36 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 37 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 38 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + 39 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 40 | { ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } 41 | -------------------------------------------------------------------------------- /docs/customizations/monitoring-all-namespaces.md: -------------------------------------------------------------------------------- 1 | ### Monitoring all namespaces 2 | 3 | In case you want to monitor all namespaces in a cluster, you can add the following mixin. Also, make sure to empty the namespaces defined in prometheus so that roleBindings are not created against them. 4 | 5 | ```jsonnet mdox-exec="cat examples/all-namespaces.jsonnet" 6 | local kp = (import 'kube-prometheus/main.libsonnet') + 7 | (import 'kube-prometheus/addons/all-namespaces.libsonnet') + { 8 | values+:: { 9 | common+: { 10 | namespace: 'monitoring', 11 | }, 12 | prometheus+: { 13 | namespaces: [], 14 | }, 15 | }, 16 | }; 17 | 18 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 19 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 20 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 21 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 22 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 23 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 24 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 25 | ``` 26 | 27 | > NOTE: This configuration can potentially make your cluster insecure especially in a multi-tenant cluster. This is because this gives Prometheus visibility over the whole cluster which might not be expected in a scenario when certain namespaces are locked down for security reasons. 28 | 29 | Proceed with [creating ServiceMonitors for the services in the namespaces](monitoring-additional-namespaces.md#defining-the-servicemonitor-for-each-additional-namespace) you actually want to monitor 30 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/user-facing-roles.libsonnet: -------------------------------------------------------------------------------- 1 | // user facing roles for monitors, probe, and rules 2 | // ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles 3 | { 4 | prometheusOperator+: { 5 | local po = self, 6 | clusterRoleView: { 7 | apiVersion: 'rbac.authorization.k8s.io/v1', 8 | kind: 'ClusterRole', 9 | metadata: po._metadata { 10 | name: 'monitoring-view', 11 | namespace:: null, 12 | labels+: { 13 | 'rbac.authorization.k8s.io/aggregate-to-view': 'true', 14 | }, 15 | }, 16 | rules: [ 17 | { 18 | apiGroups: [ 19 | 'monitoring.coreos.com', 20 | ], 21 | resources: [ 22 | 'podmonitors', 23 | 'probes', 24 | 'prometheusrules', 25 | 'servicemonitors', 26 | ], 27 | verbs: [ 28 | 'get', 29 | 'list', 30 | 'watch', 31 | ], 32 | }, 33 | ], 34 | }, 35 | clusterRoleEdit: { 36 | apiVersion: 'rbac.authorization.k8s.io/v1', 37 | kind: 'ClusterRole', 38 | metadata: po._metadata { 39 | name: 'monitoring-edit', 40 | namespace:: null, 41 | labels+: { 42 | 'rbac.authorization.k8s.io/aggregate-to-edit': 'true', 43 | }, 44 | }, 45 | rules: [ 46 | { 47 | apiGroups: [ 48 | 'monitoring.coreos.com', 49 | ], 50 | resources: [ 51 | 'podmonitors', 52 | 'probes', 53 | 'prometheusrules', 54 | 'servicemonitors', 55 | ], 56 | verbs: [ 57 | 'create', 58 | 'delete', 59 | 'deletecollection', 60 | 'patch', 61 | 'update', 62 | ], 63 | }, 64 | ], 65 | }, 66 | }, 67 | } 68 | -------------------------------------------------------------------------------- /examples/drop-dashboards.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | { 4 | values+:: { 5 | common+: { 6 | namespace: 'monitoring', 7 | }, 8 | grafana+: { 9 | dashboards: std.mergePatch(super.dashboards, { 10 | // Add more unwanted dashboards here 11 | 'alertmanager-overview.json': null, 12 | }), 13 | }, 14 | }, 15 | }; 16 | 17 | { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 18 | { 19 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 20 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 21 | } + 22 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 23 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 24 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 25 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 26 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 27 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 28 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 29 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 30 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 31 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 32 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 33 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 34 | -------------------------------------------------------------------------------- /examples/windows.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | (import 'kube-prometheus/addons/windows.libsonnet') + 4 | { 5 | values+:: { 6 | common+: { 7 | namespace: 'monitoring', 8 | }, 9 | windowsScrapeConfig+:: { 10 | static_configs: [{ 11 | targets: ['10.240.0.65:5000', '10.240.0.63:5000'], 12 | }], 13 | }, 14 | }, 15 | }; 16 | 17 | { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 18 | { 19 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 20 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 21 | } + 22 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 23 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 24 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 25 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 26 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 27 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 28 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 29 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 30 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 31 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 32 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 33 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 34 | -------------------------------------------------------------------------------- /manifests/prometheus-roleBindingSpecificNamespaces.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | items: 3 | - apiVersion: rbac.authorization.k8s.io/v1 4 | kind: RoleBinding 5 | metadata: 6 | labels: 7 | app.kubernetes.io/component: prometheus 8 | app.kubernetes.io/instance: k8s 9 | app.kubernetes.io/name: prometheus 10 | app.kubernetes.io/part-of: kube-prometheus 11 | app.kubernetes.io/version: 3.8.1 12 | name: prometheus-k8s 13 | namespace: default 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: Role 17 | name: prometheus-k8s 18 | subjects: 19 | - kind: ServiceAccount 20 | name: prometheus-k8s 21 | namespace: monitoring 22 | - apiVersion: rbac.authorization.k8s.io/v1 23 | kind: RoleBinding 24 | metadata: 25 | labels: 26 | app.kubernetes.io/component: prometheus 27 | app.kubernetes.io/instance: k8s 28 | app.kubernetes.io/name: prometheus 29 | app.kubernetes.io/part-of: kube-prometheus 30 | app.kubernetes.io/version: 3.8.1 31 | name: prometheus-k8s 32 | namespace: kube-system 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: Role 36 | name: prometheus-k8s 37 | subjects: 38 | - kind: ServiceAccount 39 | name: prometheus-k8s 40 | namespace: monitoring 41 | - apiVersion: rbac.authorization.k8s.io/v1 42 | kind: RoleBinding 43 | metadata: 44 | labels: 45 | app.kubernetes.io/component: prometheus 46 | app.kubernetes.io/instance: k8s 47 | app.kubernetes.io/name: prometheus 48 | app.kubernetes.io/part-of: kube-prometheus 49 | app.kubernetes.io/version: 3.8.1 50 | name: prometheus-k8s 51 | namespace: monitoring 52 | roleRef: 53 | apiGroup: rbac.authorization.k8s.io 54 | kind: Role 55 | name: prometheus-k8s 56 | subjects: 57 | - kind: ServiceAccount 58 | name: prometheus-k8s 59 | namespace: monitoring 60 | kind: RoleBindingList 61 | -------------------------------------------------------------------------------- /examples/prometheus-additional-alert-rule-example.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + { 2 | values+:: { 3 | common+: { 4 | namespace: 'monitoring', 5 | }, 6 | }, 7 | exampleApplication: { 8 | prometheusRuleExample: { 9 | apiVersion: 'monitoring.coreos.com/v1', 10 | kind: 'PrometheusRule', 11 | metadata: { 12 | name: 'my-prometheus-rule', 13 | namespace: $.values.common.namespace, 14 | }, 15 | spec: { 16 | groups: [ 17 | { 18 | name: 'example-group', 19 | rules: [ 20 | { 21 | alert: 'ExampleAlert', 22 | expr: 'vector(1)', 23 | labels: { 24 | severity: 'warning', 25 | }, 26 | annotations: { 27 | description: 'This is an example alert.', 28 | }, 29 | }, 30 | ], 31 | }, 32 | ], 33 | }, 34 | }, 35 | }, 36 | }; 37 | 38 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 39 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 40 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 41 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 42 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 43 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 44 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + 45 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 46 | { ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) } 47 | -------------------------------------------------------------------------------- /examples/weave-net-example.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + 2 | (import 'kube-prometheus/addons/weave-net/weave-net.libsonnet') + { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | }, 8 | kubernetesControlPlane+: { 9 | prometheusRuleWeaveNet+: { 10 | spec+: { 11 | groups: std.map( 12 | function(group) 13 | if group.name == 'weave-net' then 14 | group { 15 | rules: std.map( 16 | function(rule) 17 | if rule.alert == 'WeaveNetFastDPFlowsLow' then 18 | rule { 19 | expr: 'sum(weave_flows) < 20000', 20 | } 21 | else if rule.alert == 'WeaveNetIPAMUnreachable' then 22 | rule { 23 | expr: 'weave_ipam_unreachable_percentage > 25', 24 | } 25 | else 26 | rule 27 | , 28 | group.rules 29 | ), 30 | } 31 | else 32 | group, 33 | super.groups 34 | ), 35 | }, 36 | }, 37 | }, 38 | }; 39 | 40 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 41 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 42 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 43 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 44 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 45 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + 46 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 47 | -------------------------------------------------------------------------------- /examples/windows-hostprocess.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | (import 'kube-prometheus/addons/windows-hostprocess.libsonnet') + 4 | { 5 | values+:: { 6 | common+: { 7 | namespace: 'monitoring', 8 | }, 9 | windowsExporter+:: { 10 | image: 'ghcr.io/prometheus-community/windows-exporter', 11 | version: '0.21.0', 12 | }, 13 | }, 14 | }; 15 | 16 | { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 17 | { 18 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 19 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 20 | } + 21 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 22 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 23 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 24 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 25 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 26 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 27 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 28 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 29 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 30 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 31 | { ['windows-exporter-' + name]: kp.windowsExporter[name] for name in std.objectFields(kp.windowsExporter) } + 32 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 33 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 34 | -------------------------------------------------------------------------------- /examples/grafana-additional-jsonnet-dashboard-example.jsonnet: -------------------------------------------------------------------------------- 1 | local grafana = import 'grafonnet/grafana.libsonnet'; 2 | local dashboard = grafana.dashboard; 3 | local row = grafana.row; 4 | local prometheus = grafana.prometheus; 5 | local template = grafana.template; 6 | local graphPanel = grafana.graphPanel; 7 | 8 | local kp = (import 'kube-prometheus/main.libsonnet') + { 9 | values+:: { 10 | common+:: { 11 | namespace: 'monitoring', 12 | }, 13 | grafana+: { 14 | dashboards+:: { 15 | 'my-dashboard.json': 16 | dashboard.new('My Dashboard') 17 | .addTemplate( 18 | { 19 | current: { 20 | text: 'Prometheus', 21 | value: 'Prometheus', 22 | }, 23 | hide: 0, 24 | label: null, 25 | name: 'datasource', 26 | options: [], 27 | query: 'prometheus', 28 | refresh: 1, 29 | regex: '', 30 | type: 'datasource', 31 | }, 32 | ) 33 | .addRow( 34 | row.new() 35 | .addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource') 36 | .addTarget(prometheus.target('vector(1)'))) 37 | ), 38 | }, 39 | }, 40 | }, 41 | }; 42 | 43 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 44 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 45 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 46 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 47 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 48 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 49 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 50 | -------------------------------------------------------------------------------- /docs/EKS-cni-support.md: -------------------------------------------------------------------------------- 1 | # CNI monitoring special configuration updates for EKS 2 | 3 | AWS EKS uses [CNI](https://github.com/aws/amazon-vpc-cni-k8s) networking plugin for pod networking in Kubernetes using Elastic Network Interfaces on AWS 4 | 5 | One fatal issue that can occur is that you run out of IP addresses in your eks cluster. (Generally happens due to error configs where pods keep scheduling). 6 | 7 | You can monitor the `awscni` using kube-promethus with : 8 | 9 | ```jsonnet mdox-exec="cat examples/eks-cni-example.jsonnet" 10 | local kp = (import 'kube-prometheus/main.libsonnet') + { 11 | values+:: { 12 | common+: { 13 | namespace: 'monitoring', 14 | }, 15 | kubePrometheus+: { 16 | platform: 'eks', 17 | }, 18 | }, 19 | kubernetesControlPlane+: { 20 | prometheusRuleEksCNI+: { 21 | spec+: { 22 | groups+: [ 23 | { 24 | name: 'example-group', 25 | rules: [ 26 | { 27 | record: 'aws_eks_available_ip', 28 | expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10', 29 | }, 30 | ], 31 | }, 32 | ], 33 | }, 34 | }, 35 | }, 36 | }; 37 | 38 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 39 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 40 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 41 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 42 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 43 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 44 | ``` 45 | 46 | After you have the required yaml file please run 47 | 48 | ``` 49 | kubectl apply -f manifests/prometheus-serviceMonitorAwsEksCNI.yaml 50 | ``` 51 | -------------------------------------------------------------------------------- /examples/name-namespace-overrides.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = (import 'kube-prometheus/main.libsonnet') + 2 | { 3 | values+:: { 4 | common+: { 5 | namespace: 'monitoring', 6 | }, 7 | 8 | prometheus+: { 9 | namespace: 'foo', 10 | name: 'bar', 11 | }, 12 | 13 | alertmanager+: { 14 | namespace: 'bar', 15 | name: 'foo', 16 | }, 17 | }, 18 | }; 19 | 20 | { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 21 | // Add the restricted psp to setup 22 | { 23 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 24 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 25 | } + 26 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 27 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 28 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 29 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 30 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 31 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 32 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 33 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 34 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 35 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 36 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 37 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 38 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet: -------------------------------------------------------------------------------- 1 | { 2 | prometheus+: { 3 | local p = self, 4 | serviceWeaveNet: { 5 | apiVersion: 'v1', 6 | kind: 'Service', 7 | metadata: { 8 | name: 'weave-net', 9 | namespace: 'kube-system', 10 | labels: { 'app.kubernetes.io/name': 'weave-net' }, 11 | }, 12 | spec: { 13 | ports: [ 14 | { name: 'weave-net-metrics', targetPort: 6782, port: 6782 }, 15 | ], 16 | selector: { name: 'weave-net' }, 17 | clusterIP: 'None', 18 | }, 19 | }, 20 | serviceMonitorWeaveNet: { 21 | apiVersion: 'monitoring.coreos.com/v1', 22 | kind: 'ServiceMonitor', 23 | metadata: { 24 | name: 'weave-net', 25 | labels: { 26 | 'app.kubernetes.io/name': 'weave-net', 27 | }, 28 | namespace: 'monitoring', 29 | }, 30 | spec: { 31 | jobLabel: 'app.kubernetes.io/name', 32 | endpoints: [ 33 | { 34 | port: 'weave-net-metrics', 35 | path: '/metrics', 36 | interval: '15s', 37 | }, 38 | ], 39 | namespaceSelector: { 40 | matchNames: [ 41 | 'kube-system', 42 | ], 43 | }, 44 | selector: { 45 | matchLabels: { 46 | 'app.kubernetes.io/name': 'weave-net', 47 | }, 48 | }, 49 | }, 50 | }, 51 | prometheusRuleWeaveNet: { 52 | apiVersion: 'monitoring.coreos.com/v1', 53 | kind: 'PrometheusRule', 54 | metadata: { 55 | labels: p._config.mixin.ruleLabels, 56 | name: 'weave-net-rules', 57 | namespace: p._config.namespace, 58 | }, 59 | spec: { 60 | groups: [{ 61 | name: 'weave-net', 62 | rules: (import './alerts.libsonnet'), 63 | }], 64 | }, 65 | }, 66 | mixin+:: { 67 | grafanaDashboards+:: { 68 | 'weave-net.json': (import './grafana-weave-net.json'), 69 | 'weave-net-cluster.json': (import './grafana-weave-net-cluster.json'), 70 | }, 71 | }, 72 | }, 73 | } 74 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | ## Community Code of Conduct 2 | 3 | ### Contributor Code of Conduct 4 | 5 | As contributors and maintainers of this project, and in the interest of 6 | fostering an open and welcoming community, we pledge to respect all people who 7 | contribute through reporting issues, posting feature requests, updating 8 | documentation, submitting pull requests or patches, and other activities. 9 | 10 | We are committed to making participation in this project a harassment-free 11 | experience for everyone, regardless of level of experience, gender, gender 12 | identity and expression, sexual orientation, disability, personal appearance, 13 | body size, race, ethnicity, age, religion, or nationality. 14 | 15 | Examples of unacceptable behavior by participants include: 16 | 17 | * The use of sexualized language or imagery 18 | * Personal attacks 19 | * Trolling or insulting/derogatory comments 20 | * Public or private harassment 21 | * Publishing others' private information, such as physical or electronic addresses, without explicit permission 22 | * Other unethical or unprofessional conduct. 23 | 24 | Project maintainers have the right and responsibility to remove, edit, or 25 | reject comments, commits, code, wiki edits, issues, and other contributions 26 | that are not aligned to this Code of Conduct. By adopting this Code of Conduct, 27 | project maintainers commit themselves to fairly and consistently applying these 28 | principles to every aspect of managing this project. Project maintainers who do 29 | not follow or enforce the Code of Conduct may be permanently removed from the 30 | project team. 31 | 32 | This code of conduct applies both within project spaces and in public spaces 33 | when an individual is representing the project or its community. 34 | 35 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 36 | reported by contacting a project maintainer listed in 37 | https://github.com/prometheus-operator/prometheus-operator/blob/master/MAINTAINERS.md. 38 | 39 | This Code of Conduct is adapted from the Contributor Covenant 40 | (http://contributor-covenant.org), version 1.2.0, available at 41 | http://contributor-covenant.org/version/1/2/0/ 42 | -------------------------------------------------------------------------------- /kubescape-exceptions.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "exclude-automountServiceAccountToken-checks", 4 | "policyType": "postureExceptionPolicy", 5 | "actions": [ 6 | "alertOnly" 7 | ], 8 | "resources": [ 9 | { 10 | "designatorType": "Attributes", 11 | "attributes": { 12 | "kind": "DaemonSet", 13 | "name": "node-exporter" 14 | } 15 | }, 16 | { 17 | "designatorType": "Attributes", 18 | "attributes": { 19 | "kind": "Deployment", 20 | "name": "blackbox-exporter" 21 | } 22 | }, 23 | { 24 | "designatorType": "Attributes", 25 | "attributes": { 26 | "kind": "Deployment", 27 | "name": "kube-state-metrics" 28 | } 29 | }, 30 | { 31 | "designatorType": "Attributes", 32 | "attributes": { 33 | "kind": "Deployment", 34 | "name": "prometheus-adapter" 35 | } 36 | }, 37 | { 38 | "designatorType": "Attributes", 39 | "attributes": { 40 | "kind": "Deployment", 41 | "name": "prometheus-operator" 42 | } 43 | }, 44 | { 45 | "designatorType": "Attributes", 46 | "attributes": { 47 | "kind": "ServiceAccount", 48 | "name": "prometheus-k8s" 49 | } 50 | } 51 | ], 52 | "posturePolicies": [ 53 | { 54 | "controlName": "Automatic mapping of service account" 55 | } 56 | ] 57 | }, 58 | { 59 | "name": "exclude-node-exporter-host-access-checks", 60 | "policyType": "postureExceptionPolicy", 61 | "actions": [ 62 | "alertOnly" 63 | ], 64 | "resources": [ 65 | { 66 | "designatorType": "Attributes", 67 | "attributes": { 68 | "kind": "DaemonSet", 69 | "name": "node-exporter" 70 | } 71 | } 72 | ], 73 | "posturePolicies": [ 74 | { 75 | "controlName": "Container hostPort" 76 | }, 77 | { 78 | "controlName": "Host PID/IPC privileges" 79 | }, 80 | { 81 | "controlName": "HostNetwork access" 82 | } 83 | ] 84 | } 85 | ] 86 | -------------------------------------------------------------------------------- /docs/windows.md: -------------------------------------------------------------------------------- 1 | # Windows 2 | 3 | The [Windows hostprocess addon](../examples/windows-hostprocess.jsonnet) adds the dashboards and rules from [kubernetes-monitoring/kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin#dashboards-for-windows-nodes). 4 | 5 | It also deploys [windows_exporter](https://github.com/prometheus-community/windows_exporter) as a [hostprocess pod](https://github.com/prometheus-community/windows_exporter/blob/master/kubernetes/kubernetes.md) as Kubernetes now supports HostProcess containers on Windows nodes (as of [v1.22](https://kubernetes.io/blog/2021/08/16/windows-hostprocess-containers/)). The cluster should be using containerd runtime. 6 | 7 | ``` 8 | local kp = (import 'kube-prometheus/main.libsonnet') + 9 | (import 'kube-prometheus/addons/windows-hostprocess.libsonnet') + 10 | { 11 | values+:: { 12 | windowsExporter+:: { 13 | image: "ghcr.io/prometheus-community/windows-exporter", 14 | version: "0.21.0", 15 | }, 16 | }, 17 | }; 18 | 19 | { ['windows-exporter-' + name]: kp.windowsExporter[name] for name in std.objectFields(kp.windowsExporter) } 20 | ``` 21 | 22 | See the [full example](../examples/windows-hostprocess.jsonnet) for setup. 23 | 24 | If the cluster is running docker runtime then use the other [Windows addon](../examples/windows.jsonnet). The Windows addon does not deploy windows_exporter. Docker based Windows does not support running with [windows_exporter](https://github.com/prometheus-community/windows_exporter) in a pod so this add on uses [additional scrape configuration](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/additional-scrape-config.md) to set up a static config to scrape the node ports where windows_exporter is configured. 25 | 26 | The addon requires you to specify the node ips and ports where it can find the windows_exporter. See the [full example](../examples/windows.jsonnet) for setup. 27 | 28 | ``` 29 | local kp = (import 'kube-prometheus/main.libsonnet') + 30 | (import 'kube-prometheus/addons/windows.libsonnet') + 31 | { 32 | values+:: { 33 | windowsScrapeConfig+:: { 34 | static_configs: { 35 | targets: ["10.240.0.65:5000", "10.240.0.63:5000"], 36 | }, 37 | }, 38 | }, 39 | }; 40 | ``` 41 | -------------------------------------------------------------------------------- /examples/rule-patcher.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | { 4 | values+:: { 5 | common+: { 6 | namespace: 'monitoring', 7 | }, 8 | }, 9 | }; 10 | 11 | local rulePatches = import 'rule-patches.libsonnet'; 12 | 13 | local sanitizePrometheusRules = (import 'kube-prometheus/lib/rule-sanitizer.libsonnet')(rulePatches).sanitizePrometheusRules; 14 | 15 | sanitizePrometheusRules({ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 16 | { 17 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 18 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 19 | } + 20 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 21 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 22 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 23 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 24 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 25 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 26 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 27 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 28 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 29 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 30 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 31 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }) 32 | -------------------------------------------------------------------------------- /jsonnet/kube-prometheus/addons/windows.libsonnet: -------------------------------------------------------------------------------- 1 | local windowsdashboards = import 'github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet'; 2 | local windowsrules = import 'github.com/kubernetes-monitoring/kubernetes-mixin/rules/windows.libsonnet'; 3 | 4 | { 5 | values+:: { 6 | // This needs to follow prometheus naming convention and not prometheus-operator one 7 | windowsScrapeConfig+:: { 8 | job_name: 'windows-exporter', 9 | static_configs: [ 10 | { 11 | targets: [error 'must provide targets array'], 12 | }, 13 | ], 14 | relabel_configs: [ 15 | { 16 | action: 'replace', 17 | regex: '(.*)', 18 | replacement: '$1', 19 | source_labels: [ 20 | '__meta_kubernetes_endpoint_address_target_name', 21 | ], 22 | target_label: 'instance', 23 | }, 24 | ], 25 | }, 26 | 27 | grafana+:: { 28 | dashboards+:: windowsdashboards { 29 | _config: $.kubernetesControlPlane.mixin._config { 30 | wmiExporterSelector: 'job="' + $.values.windowsScrapeConfig.job_name + '"', 31 | }, 32 | }.grafanaDashboards, 33 | }, 34 | }, 35 | kubernetesControlPlane+: { 36 | mixin+:: { 37 | prometheusRules+:: { 38 | groups+: windowsrules { 39 | _config: $.kubernetesControlPlane.mixin._config { 40 | wmiExporterSelector: 'job="' + $.values.windowsScrapeConfig.job_name + '"', 41 | }, 42 | }.prometheusRules.groups, 43 | }, 44 | }, 45 | }, 46 | prometheus+: { 47 | local p = self, 48 | local sc = [$.values.windowsScrapeConfig], 49 | prometheus+: { 50 | spec+: { 51 | additionalScrapeConfigs: { 52 | name: 'prometheus-' + p._config.name + '-additional-scrape-config', 53 | key: 'prometheus-additional.yaml', 54 | }, 55 | }, 56 | 57 | }, 58 | windowsConfig: { 59 | apiVersion: 'v1', 60 | kind: 'Secret', 61 | metadata: { 62 | name: 'prometheus-' + p._config.name + '-additional-scrape-config', 63 | namespace: p._config.namespace, 64 | }, 65 | stringData: { 66 | 'prometheus-additional.yaml': std.manifestYamlDoc(sc), 67 | }, 68 | }, 69 | }, 70 | } 71 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/prometheus-operator/kube-prometheus 2 | 3 | go 1.25.0 4 | 5 | require ( 6 | github.com/Jeffail/gabs v1.4.0 7 | github.com/prometheus/client_golang v1.23.2 8 | k8s.io/apimachinery v0.35.0 9 | k8s.io/client-go v0.35.0 10 | ) 11 | 12 | require ( 13 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect 14 | github.com/emicklei/go-restful/v3 v3.12.2 // indirect 15 | github.com/fxamacker/cbor/v2 v2.9.0 // indirect 16 | github.com/go-logr/logr v1.4.3 // indirect 17 | github.com/go-openapi/jsonpointer v0.21.0 // indirect 18 | github.com/go-openapi/jsonreference v0.20.2 // indirect 19 | github.com/go-openapi/swag v0.23.0 // indirect 20 | github.com/google/gnostic-models v0.7.0 // indirect 21 | github.com/google/uuid v1.6.0 // indirect 22 | github.com/josharian/intern v1.0.0 // indirect 23 | github.com/json-iterator/go v1.1.12 // indirect 24 | github.com/mailru/easyjson v0.7.7 // indirect 25 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 26 | github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect 27 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 28 | github.com/prometheus/client_model v0.6.2 // indirect 29 | github.com/prometheus/common v0.66.1 // indirect 30 | github.com/spf13/pflag v1.0.9 // indirect 31 | github.com/x448/float16 v0.8.4 // indirect 32 | go.yaml.in/yaml/v2 v2.4.3 // indirect 33 | go.yaml.in/yaml/v3 v3.0.4 // indirect 34 | golang.org/x/net v0.47.0 // indirect 35 | golang.org/x/oauth2 v0.30.0 // indirect 36 | golang.org/x/sys v0.38.0 // indirect 37 | golang.org/x/term v0.37.0 // indirect 38 | golang.org/x/text v0.31.0 // indirect 39 | golang.org/x/time v0.9.0 // indirect 40 | google.golang.org/protobuf v1.36.8 // indirect 41 | gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect 42 | gopkg.in/inf.v0 v0.9.1 // indirect 43 | gopkg.in/yaml.v3 v3.0.1 // indirect 44 | k8s.io/api v0.35.0 // indirect 45 | k8s.io/klog/v2 v2.130.1 // indirect 46 | k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect 47 | k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect 48 | sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect 49 | sigs.k8s.io/randfill v1.0.0 // indirect 50 | sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect 51 | sigs.k8s.io/yaml v1.6.0 // indirect 52 | ) 53 | -------------------------------------------------------------------------------- /example.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | // Uncomment the following imports to enable its patches 4 | // (import 'kube-prometheus/addons/anti-affinity.libsonnet') + 5 | // (import 'kube-prometheus/addons/managed-cluster.libsonnet') + 6 | // (import 'kube-prometheus/addons/node-ports.libsonnet') + 7 | // (import 'kube-prometheus/addons/static-etcd.libsonnet') + 8 | // (import 'kube-prometheus/addons/custom-metrics.libsonnet') + 9 | // (import 'kube-prometheus/addons/external-metrics.libsonnet') + 10 | // (import 'kube-prometheus/addons/pyrra.libsonnet') + 11 | { 12 | values+:: { 13 | common+: { 14 | namespace: 'monitoring', 15 | }, 16 | }, 17 | }; 18 | 19 | { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 20 | { 21 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 22 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 23 | } + 24 | // { 'setup/pyrra-slo-CustomResourceDefinition': kp.pyrra.crd } + 25 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 26 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 27 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 28 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 29 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 30 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 31 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 32 | // { ['pyrra-' + name]: kp.pyrra[name] for name in std.objectFields(kp.pyrra) if name != 'crd' } + 33 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 34 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 35 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 36 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 37 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 38 | -------------------------------------------------------------------------------- /docs/customizations/using-custom-container-registry.md: -------------------------------------------------------------------------------- 1 | ### Internal Registry 2 | 3 | Some Kubernetes installations source all their images from an internal registry. kube-prometheus supports this use case and helps the user synchronize every image it uses to the internal registry and generate manifests pointing at the internal registry. 4 | 5 | To produce the `docker pull/tag/push` commands that will synchronize upstream images to `internal-registry.com/organization` (after having run the `jb` command to populate the vendor directory): 6 | 7 | ```shell 8 | $ jsonnet -J vendor -S --tla-str repository=internal-registry.com/organization examples/sync-to-internal-registry.jsonnet 9 | $ docker pull k8s.gcr.io/addon-resizer:1.8.4 10 | $ docker tag k8s.gcr.io/addon-resizer:1.8.4 internal-registry.com/organization/addon-resizer:1.8.4 11 | $ docker push internal-registry.com/organization/addon-resizer:1.8.4 12 | $ docker pull quay.io/prometheus/alertmanager:v0.16.2 13 | $ docker tag quay.io/prometheus/alertmanager:v0.16.2 internal-registry.com/organization/alertmanager:v0.16.2 14 | $ docker push internal-registry.com/organization/alertmanager:v0.16.2 15 | ... 16 | ``` 17 | 18 | The output of this command can be piped to a shell to be executed by appending `| sh`. 19 | 20 | Then to generate manifests with `internal-registry.com/organization`, use the `withImageRepository` mixin: 21 | 22 | ```jsonnet mdox-exec="cat examples/internal-registry.jsonnet" 23 | local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet'; 24 | local kp = (import 'kube-prometheus/main.libsonnet') + { 25 | values+:: { 26 | common+: { 27 | namespace: 'monitoring', 28 | }, 29 | }, 30 | } + mixin.withImageRepository('internal-registry.com/organization'); 31 | 32 | { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + 33 | { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } + 34 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 35 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 36 | { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + 37 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 38 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } 39 | ``` 40 | -------------------------------------------------------------------------------- /examples/prometheus-agent.jsonnet: -------------------------------------------------------------------------------- 1 | local kp = 2 | (import 'kube-prometheus/main.libsonnet') + 3 | { 4 | values+:: { 5 | common+: { 6 | namespace: 'monitoring', 7 | }, 8 | prometheus+: { 9 | resources: { 10 | requests: { memory: '100Mi' }, 11 | }, 12 | enableFeatures: ['agent'], 13 | }, 14 | }, 15 | prometheus+: { 16 | prometheus+: { 17 | spec+: { 18 | replicas: 1, 19 | alerting:: {}, 20 | ruleSelector:: {}, 21 | remoteWrite: [{ 22 | url: 'http://remote-write-url.com', 23 | }], 24 | containers+: [ 25 | { 26 | name: 'prometheus', 27 | args+: [ 28 | '--config.file=/etc/prometheus/config_out/prometheus.env.yaml', 29 | '--storage.agent.path=/prometheus', 30 | '--enable-feature=agent', 31 | '--web.enable-lifecycle', 32 | ], 33 | }, 34 | ], 35 | }, 36 | }, 37 | }, 38 | }; 39 | 40 | { 'setup/0namespace-namespace': kp.kubePrometheus.namespace } + 41 | { 42 | ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] 43 | for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator)) 44 | } + 45 | // serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready 46 | { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + 47 | { 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } + 48 | { 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } + 49 | { ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } + 50 | { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + 51 | { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + 52 | { ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } 53 | { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + 54 | { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + 55 | { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } 56 | -------------------------------------------------------------------------------- /manifests/prometheusAdapter-configMap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | config.yaml: |- 4 | "resourceRules": 5 | "cpu": 6 | "containerLabel": "container" 7 | "containerQuery": | 8 | sum by (<<.GroupBy>>) ( 9 | irate ( 10 | container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[120s] 11 | ) 12 | ) 13 | "nodeQuery": | 14 | sum by (<<.GroupBy>>) ( 15 | 1 - irate( 16 | node_cpu_seconds_total{mode="idle"}[60s] 17 | ) 18 | * on(namespace, pod) group_left(node) ( 19 | node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>} 20 | ) 21 | ) 22 | or sum by (<<.GroupBy>>) ( 23 | 1 - irate( 24 | windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[4m] 25 | ) 26 | ) 27 | "resources": 28 | "overrides": 29 | "namespace": 30 | "resource": "namespace" 31 | "node": 32 | "resource": "node" 33 | "pod": 34 | "resource": "pod" 35 | "memory": 36 | "containerLabel": "container" 37 | "containerQuery": | 38 | sum by (<<.GroupBy>>) ( 39 | container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""} 40 | ) 41 | "nodeQuery": | 42 | sum by (<<.GroupBy>>) ( 43 | node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} 44 | - 45 | node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>} 46 | ) 47 | or sum by (<<.GroupBy>>) ( 48 | windows_cs_physical_memory_bytes{job="windows-exporter",<<.LabelMatchers>>} 49 | - 50 | windows_memory_available_bytes{job="windows-exporter",<<.LabelMatchers>>} 51 | ) 52 | "resources": 53 | "overrides": 54 | "instance": 55 | "resource": "node" 56 | "namespace": 57 | "resource": "namespace" 58 | "pod": 59 | "resource": "pod" 60 | "window": "5m" 61 | kind: ConfigMap 62 | metadata: 63 | labels: 64 | app.kubernetes.io/component: metrics-adapter 65 | app.kubernetes.io/name: prometheus-adapter 66 | app.kubernetes.io/part-of: kube-prometheus 67 | app.kubernetes.io/version: 0.12.0 68 | name: adapter-config 69 | namespace: monitoring 70 | -------------------------------------------------------------------------------- /scripts/get-new-changelogs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | # Get the freshly updated components versions. 6 | # Should be only used after running ./scripts/generate-versions and before 7 | # committing any changes. 8 | get_updated_versions() { 9 | # Get only the newly updated versions from the versions file. 10 | echo "$(git diff -U0 -- "${VERSION_FILE}" | grep '^[+]' | grep -Ev '^(--- a/|\+\+\+ b/)' | tr -d '",:+' | awk -F'"' '{print $1}')" 11 | } 12 | 13 | # Returns github changelog url based on a given repository url and tag. 14 | get_changelog_url() { 15 | echo "https://github.com/${1}/releases/tag/v${2}" 16 | } 17 | 18 | # Gets all the new changelogs from the updated components version. 19 | get_changelog_urls() { 20 | while IFS= read -r updated_version; do 21 | # Skip any empty lines 22 | [[ -z "$updated_version" ]] && continue 23 | 24 | # Split into component and version 25 | read -r component version <<< "$updated_version" 26 | 27 | case "${component}" in 28 | alertmanager) 29 | get_changelog_url "prometheus/alertmanager" "${version}" 30 | ;; 31 | blackboxExporter) 32 | get_changelog_url "prometheus/blackbox_exporter" "${version}" 33 | ;; 34 | grafana) 35 | get_changelog_url "grafana/grafana" "${version}" 36 | ;; 37 | kubeStateMetrics) 38 | get_changelog_url "kubernetes/kube-state-metrics" "${version}" 39 | ;; 40 | nodeExporter) 41 | get_changelog_url "prometheus/node_exporter" "${version}" 42 | ;; 43 | prometheus) 44 | get_changelog_url "prometheus/prometheus" "${version}" 45 | ;; 46 | prometheusAdapter) 47 | get_changelog_url "kubernetes-sigs/prometheus-adapter" "${version}" 48 | ;; 49 | prometheusOperator) 50 | get_changelog_url "prometheus-operator/prometheus-operator" "${version}" 51 | ;; 52 | kubeRbacProxy) 53 | get_changelog_url "brancz/kube-rbac-proxy" "${version}" 54 | ;; 55 | configmapReload) 56 | get_changelog_url "jimmidyson/configmap-reload" "${version}" 57 | ;; 58 | pyrra) 59 | get_changelog_url "pyrra-dev/pyrra" "${version}" 60 | ;; 61 | *) 62 | echo "Unknown component ${component} updated" 63 | exit 1 64 | ;; 65 | esac 66 | done <<< "$(get_updated_versions)" 67 | } 68 | 69 | # File is used to read current versions 70 | VERSION_FILE="$(pwd)/jsonnet/kube-prometheus/versions.json" 71 | 72 | get_changelog_urls 73 | --------------------------------------------------------------------------------