133 lines
4.2 KiB
Plaintext
133 lines
4.2 KiB
Plaintext
local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet';
|
|
local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet';
|
|
|
|
{
|
|
_config+:: {
|
|
versions+:: {
|
|
kubeStateMetrics: '1.9.7',
|
|
},
|
|
imageRepos+:: {
|
|
kubeStateMetrics: 'quay.io/coreos/kube-state-metrics',
|
|
},
|
|
kubeStateMetrics+:: {
|
|
scrapeInterval: '30s',
|
|
scrapeTimeout: '30s',
|
|
},
|
|
},
|
|
kubeStateMetrics+::
|
|
ksm + {
|
|
local version = self.version,
|
|
name:: 'kube-state-metrics',
|
|
namespace:: $._config.namespace,
|
|
version:: $._config.versions.kubeStateMetrics,
|
|
image:: $._config.imageRepos.kubeStateMetrics + ':v' + $._config.versions.kubeStateMetrics,
|
|
service+: {
|
|
spec+: {
|
|
ports: [
|
|
{
|
|
name: 'https-main',
|
|
port: 8443,
|
|
targetPort: 'https-main',
|
|
},
|
|
{
|
|
name: 'https-self',
|
|
port: 9443,
|
|
targetPort: 'https-self',
|
|
},
|
|
],
|
|
},
|
|
},
|
|
deployment+: {
|
|
spec+: {
|
|
template+: {
|
|
spec+: {
|
|
containers: std.map(function(c) c {
|
|
ports:: null,
|
|
livenessProbe:: null,
|
|
readinessProbe:: null,
|
|
args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
|
|
}, super.containers),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
serviceMonitor:
|
|
{
|
|
apiVersion: 'monitoring.coreos.com/v1',
|
|
kind: 'ServiceMonitor',
|
|
metadata: {
|
|
name: 'kube-state-metrics',
|
|
namespace: $._config.namespace,
|
|
labels: {
|
|
'app.kubernetes.io/name': 'kube-state-metrics',
|
|
'app.kubernetes.io/version': version,
|
|
},
|
|
},
|
|
spec: {
|
|
jobLabel: 'app.kubernetes.io/name',
|
|
selector: {
|
|
matchLabels: {
|
|
'app.kubernetes.io/name': 'kube-state-metrics',
|
|
},
|
|
},
|
|
endpoints: [
|
|
{
|
|
port: 'https-main',
|
|
scheme: 'https',
|
|
interval: $._config.kubeStateMetrics.scrapeInterval,
|
|
scrapeTimeout: $._config.kubeStateMetrics.scrapeTimeout,
|
|
honorLabels: true,
|
|
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
|
|
relabelings: [
|
|
{
|
|
regex: '(pod|service|endpoint|namespace)',
|
|
action: 'labeldrop',
|
|
},
|
|
],
|
|
tlsConfig: {
|
|
insecureSkipVerify: true,
|
|
},
|
|
},
|
|
{
|
|
port: 'https-self',
|
|
scheme: 'https',
|
|
interval: $._config.kubeStateMetrics.scrapeInterval,
|
|
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
|
|
tlsConfig: {
|
|
insecureSkipVerify: true,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
},
|
|
} +
|
|
(kubeRbacProxyContainer {
|
|
config+:: {
|
|
kubeRbacProxy: {
|
|
local cfg = self,
|
|
image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
|
|
name: 'kube-rbac-proxy-main',
|
|
securePortName: 'https-main',
|
|
securePort: 8443,
|
|
secureListenAddress: ':%d' % self.securePort,
|
|
upstream: 'http://127.0.0.1:8081/',
|
|
tlsCipherSuites: $._config.tlsCipherSuites,
|
|
},
|
|
},
|
|
}).deploymentMixin +
|
|
(kubeRbacProxyContainer {
|
|
config+:: {
|
|
kubeRbacProxy: {
|
|
local cfg = self,
|
|
image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
|
|
name: 'kube-rbac-proxy-self',
|
|
securePortName: 'https-self',
|
|
securePort: 9443,
|
|
secureListenAddress: ':%d' % self.securePort,
|
|
upstream: 'http://127.0.0.1:8082/',
|
|
tlsCipherSuites: $._config.tlsCipherSuites,
|
|
},
|
|
},
|
|
}).deploymentMixin,
|
|
}
|