-
Notifications
You must be signed in to change notification settings - Fork 487
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add sigv4 install script, fix bug (#334)
Also fixes bug where the deployment scrape config was included with host filtering enabled, where the inverse should've been true.
- Loading branch information
Showing
8 changed files
with
461 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,357 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: grafana-agent | ||
--- | ||
apiVersion: v1 | ||
data: | ||
agent.yml: | | ||
prometheus: | ||
configs: | ||
- host_filter: true | ||
name: agent | ||
remote_write: | ||
- sigv4: | ||
enabled: true | ||
url: ${REMOTE_WRITE_URL} | ||
scrape_configs: | ||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
job_name: kubernetes-pods | ||
kubernetes_sd_configs: | ||
- role: pod | ||
relabel_configs: | ||
- action: drop | ||
regex: "false" | ||
source_labels: | ||
- __meta_kubernetes_pod_annotation_prometheus_io_scrape | ||
- action: keep | ||
regex: .*-metrics | ||
source_labels: | ||
- __meta_kubernetes_pod_container_port_name | ||
- action: replace | ||
regex: (https?) | ||
replacement: $1 | ||
source_labels: | ||
- __meta_kubernetes_pod_annotation_prometheus_io_scheme | ||
target_label: __scheme__ | ||
- action: replace | ||
regex: (.+) | ||
replacement: $1 | ||
source_labels: | ||
- __meta_kubernetes_pod_annotation_prometheus_io_path | ||
target_label: __metrics_path__ | ||
- action: replace | ||
regex: (.+?)(\:\d+)?;(\d+) | ||
replacement: $1:$3 | ||
source_labels: | ||
- __address__ | ||
- __meta_kubernetes_pod_annotation_prometheus_io_port | ||
target_label: __address__ | ||
- action: drop | ||
regex: "" | ||
source_labels: | ||
- __meta_kubernetes_pod_label_name | ||
- action: replace | ||
replacement: $1 | ||
separator: / | ||
source_labels: | ||
- __meta_kubernetes_namespace | ||
- __meta_kubernetes_pod_label_name | ||
target_label: job | ||
- action: replace | ||
source_labels: | ||
- __meta_kubernetes_namespace | ||
target_label: namespace | ||
- action: replace | ||
source_labels: | ||
- __meta_kubernetes_pod_name | ||
target_label: pod | ||
- action: replace | ||
source_labels: | ||
- __meta_kubernetes_pod_container_name | ||
target_label: container | ||
- action: replace | ||
separator: ':' | ||
source_labels: | ||
- __meta_kubernetes_pod_name | ||
- __meta_kubernetes_pod_container_name | ||
- __meta_kubernetes_pod_container_port_name | ||
target_label: instance | ||
- action: labelmap | ||
regex: __meta_kubernetes_pod_annotation_prometheus_io_param_(.+) | ||
replacement: __param_$1 | ||
- action: drop | ||
regex: Succeeded|Failed | ||
source_labels: | ||
- __meta_kubernetes_pod_phase | ||
tls_config: | ||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
insecure_skip_verify: false | ||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
job_name: default/kube-state-metrics | ||
kubernetes_sd_configs: | ||
- namespaces: | ||
names: | ||
- default | ||
role: pod | ||
relabel_configs: | ||
- action: keep | ||
regex: kube-state-metrics | ||
source_labels: | ||
- __meta_kubernetes_pod_label_name | ||
- action: replace | ||
separator: ':' | ||
source_labels: | ||
- __meta_kubernetes_pod_name | ||
- __meta_kubernetes_pod_container_name | ||
- __meta_kubernetes_pod_container_port_name | ||
target_label: instance | ||
tls_config: | ||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
insecure_skip_verify: false | ||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
job_name: default/node-exporter | ||
kubernetes_sd_configs: | ||
- namespaces: | ||
names: | ||
- default | ||
role: pod | ||
relabel_configs: | ||
- action: keep | ||
regex: node-exporter | ||
source_labels: | ||
- __meta_kubernetes_pod_label_name | ||
- action: replace | ||
source_labels: | ||
- __meta_kubernetes_pod_node_name | ||
target_label: instance | ||
- action: replace | ||
source_labels: | ||
- __meta_kubernetes_namespace | ||
target_label: namespace | ||
tls_config: | ||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
insecure_skip_verify: false | ||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
job_name: kube-system/kubelet | ||
kubernetes_sd_configs: | ||
- role: node | ||
relabel_configs: | ||
- replacement: kubernetes.default.svc.cluster.local:443 | ||
target_label: __address__ | ||
- replacement: https | ||
target_label: __scheme__ | ||
- regex: (.+) | ||
replacement: /api/v1/nodes/${1}/proxy/metrics | ||
source_labels: | ||
- __meta_kubernetes_node_name | ||
target_label: __metrics_path__ | ||
tls_config: | ||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
insecure_skip_verify: false | ||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
job_name: kube-system/cadvisor | ||
kubernetes_sd_configs: | ||
- role: node | ||
metric_relabel_configs: | ||
- action: drop | ||
regex: container_([a-z_]+); | ||
source_labels: | ||
- __name__ | ||
- image | ||
- action: drop | ||
regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) | ||
source_labels: | ||
- __name__ | ||
relabel_configs: | ||
- replacement: kubernetes.default.svc.cluster.local:443 | ||
target_label: __address__ | ||
- regex: (.+) | ||
replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor | ||
source_labels: | ||
- __meta_kubernetes_node_name | ||
target_label: __metrics_path__ | ||
scheme: https | ||
tls_config: | ||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
insecure_skip_verify: false | ||
global: | ||
scrape_interval: 15s | ||
wal_directory: /var/lib/agent/data | ||
server: | ||
log_level: info | ||
kind: ConfigMap | ||
metadata: | ||
name: grafana-agent | ||
--- | ||
apiVersion: v1 | ||
data: | ||
agent.yml: | | ||
prometheus: | ||
configs: | ||
- host_filter: false | ||
name: agent | ||
remote_write: | ||
- sigv4: | ||
enabled: true | ||
url: ${REMOTE_WRITE_URL} | ||
scrape_configs: | ||
- bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
job_name: default/kubernetes | ||
kubernetes_sd_configs: | ||
- role: endpoints | ||
metric_relabel_configs: | ||
- action: drop | ||
regex: apiserver_admission_controller_admission_latencies_seconds_.* | ||
source_labels: | ||
- __name__ | ||
- action: drop | ||
regex: apiserver_admission_step_admission_latencies_seconds_.* | ||
source_labels: | ||
- __name__ | ||
relabel_configs: | ||
- action: keep | ||
regex: apiserver | ||
source_labels: | ||
- __meta_kubernetes_service_label_component | ||
scheme: https | ||
tls_config: | ||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | ||
insecure_skip_verify: false | ||
server_name: kubernetes | ||
global: | ||
scrape_interval: 15s | ||
wal_directory: /var/lib/agent/data | ||
server: | ||
log_level: info | ||
kind: ConfigMap | ||
metadata: | ||
name: grafana-agent-deployment | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
kind: ClusterRole | ||
metadata: | ||
name: grafana-agent | ||
rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- nodes | ||
- nodes/proxy | ||
- services | ||
- endpoints | ||
- pods | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- nonResourceURLs: | ||
- /metrics | ||
verbs: | ||
- get | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1beta1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: grafana-agent | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: grafana-agent | ||
subjects: | ||
- kind: ServiceAccount | ||
name: grafana-agent | ||
namespace: default | ||
--- | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
name: grafana-agent | ||
spec: | ||
minReadySeconds: 10 | ||
selector: | ||
matchLabels: | ||
name: grafana-agent | ||
template: | ||
metadata: | ||
labels: | ||
name: grafana-agent | ||
spec: | ||
containers: | ||
- args: | ||
- -config.file=/etc/agent/agent.yml | ||
- -prometheus.wal-directory=/tmp/agent/data | ||
command: | ||
- /bin/agent | ||
env: | ||
- name: HOSTNAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: spec.nodeName | ||
image: grafana/agent:v0.10.0 | ||
imagePullPolicy: IfNotPresent | ||
name: agent | ||
ports: | ||
- containerPort: 80 | ||
name: http-metrics | ||
securityContext: | ||
privileged: true | ||
runAsUser: 0 | ||
volumeMounts: | ||
- mountPath: /etc/agent | ||
name: grafana-agent | ||
serviceAccount: grafana-agent | ||
tolerations: | ||
- effect: NoSchedule | ||
operator: Exists | ||
volumes: | ||
- configMap: | ||
name: grafana-agent | ||
name: grafana-agent | ||
updateStrategy: | ||
type: RollingUpdate | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: grafana-agent-deployment | ||
spec: | ||
minReadySeconds: 10 | ||
replicas: 1 | ||
revisionHistoryLimit: 10 | ||
selector: | ||
matchLabels: | ||
name: grafana-agent-deployment | ||
template: | ||
metadata: | ||
labels: | ||
name: grafana-agent-deployment | ||
spec: | ||
containers: | ||
- args: | ||
- -config.file=/etc/agent/agent.yml | ||
- -prometheus.wal-directory=/tmp/agent/data | ||
command: | ||
- /bin/agent | ||
env: | ||
- name: HOSTNAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: spec.nodeName | ||
image: grafana/agent:v0.10.0 | ||
imagePullPolicy: IfNotPresent | ||
name: agent | ||
ports: | ||
- containerPort: 80 | ||
name: http-metrics | ||
securityContext: | ||
privileged: true | ||
runAsUser: 0 | ||
volumeMounts: | ||
- mountPath: /etc/agent | ||
name: grafana-agent-deployment | ||
serviceAccount: grafana-agent | ||
volumes: | ||
- configMap: | ||
name: grafana-agent-deployment | ||
name: grafana-agent-deployment |
Oops, something went wrong.