Showing preview only (6,489K chars total). Download the full file or copy to clipboard to get everything.
Repository: prometheus-operator/kube-prometheus
Branch: main
Commit: 023757831a04
Files: 320
Total size: 6.1 MB
Directory structure:
gitextract_4x2izfw2/
├── .github/
│ ├── CODEOWNERS
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug.md
│ │ ├── feature.md
│ │ └── support.md
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── dependabot.yml
│ ├── env
│ └── workflows/
│ ├── action-lint.yaml
│ ├── ci.yaml
│ ├── stale.yaml
│ └── versions.yaml
├── .gitignore
├── .gitpod.yml
├── .mdox.validate.yaml
├── CHANGELOG.md
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── README.md
├── RELEASE.md
├── build.sh
├── code-of-conduct.md
├── developer-workspace/
│ ├── README.md
│ ├── codespaces/
│ │ └── prepare-kind.sh
│ ├── common/
│ │ └── deploy-kube-prometheus.sh
│ └── gitpod/
│ ├── prepare-k3s.sh
│ ├── prepare-rootfs.sh
│ ├── qemu.sh
│ ├── scp.sh
│ └── ssh.sh
├── docs/
│ ├── EKS-cni-support.md
│ ├── GKE-cadvisor-support.md
│ ├── access-ui.md
│ ├── blackbox-exporter.md
│ ├── community-support.md
│ ├── customizations/
│ │ ├── alertmanager-configuration.md
│ │ ├── components-name-namespace-overrides.md
│ │ ├── developing-prometheus-rules-and-grafana-dashboards.md
│ │ ├── dropping-unwanted-dashboards.md
│ │ ├── exposing-prometheus-alertmanager-grafana-ingress.md
│ │ ├── monitoring-additional-namespaces.md
│ │ ├── monitoring-all-namespaces.md
│ │ ├── node-ports.md
│ │ ├── platform-specific.md
│ │ ├── pod-anti-affinity.md
│ │ ├── prometheus-agent.md
│ │ ├── static-etcd-configuration.md
│ │ ├── strip-limits.md
│ │ └── using-custom-container-registry.md
│ ├── customizing.md
│ ├── deploy-kind.md
│ ├── endpoints-migration.md
│ ├── kube-prometheus-on-kubeadm.md
│ ├── migration-example/
│ │ ├── my.release-0.3.jsonnet
│ │ ├── my.release-0.8.jsonnet
│ │ └── readme.md
│ ├── migration-guide.md
│ ├── monitoring-external-etcd.md
│ ├── monitoring-other-namespaces.md
│ ├── security.md
│ ├── troubleshooting.md
│ ├── update.md
│ ├── weave-net-support.md
│ └── windows.md
├── example.jsonnet
├── examples/
│ ├── additional-namespaces-servicemonitor.jsonnet
│ ├── additional-namespaces.jsonnet
│ ├── alertmanager-alert-template.tmpl
│ ├── alertmanager-config-external.jsonnet
│ ├── alertmanager-config-template-external.jsonnet
│ ├── alertmanager-config-with-template.yaml
│ ├── alertmanager-config.jsonnet
│ ├── alertmanager-config.yaml
│ ├── all-namespaces.jsonnet
│ ├── anti-affinity.jsonnet
│ ├── auth
│ ├── basic-auth/
│ │ ├── secrets.yaml
│ │ └── service-monitor.yaml
│ ├── changing-default-rules.libsonnet
│ ├── continuous-delivery/
│ │ └── argocd/
│ │ ├── README.md
│ │ ├── application.yaml
│ │ ├── appproject.yaml
│ │ └── kube-prometheus/
│ │ └── argocd-basic.jsonnet
│ ├── drop-dashboards.jsonnet
│ ├── eks-cni-example.jsonnet
│ ├── etcd-client-ca.crt
│ ├── etcd-client.crt
│ ├── etcd-client.key
│ ├── etcd-skip-verify.jsonnet
│ ├── etcd.jsonnet
│ ├── example-app/
│ │ ├── example-app.yaml
│ │ ├── prometheus-frontend-alertmanager-discovery-role-binding.yaml
│ │ ├── prometheus-frontend-alertmanager-discovery-role.yaml
│ │ ├── prometheus-frontend-role-binding.yaml
│ │ ├── prometheus-frontend-role.yaml
│ │ ├── prometheus-frontend-service-account.yaml
│ │ ├── prometheus-frontend-svc.yaml
│ │ ├── prometheus-frontend.yaml
│ │ └── servicemonitor-frontend.yaml
│ ├── example-grafana-dashboard.json
│ ├── existingrule.json
│ ├── existingrule.yaml
│ ├── grafana-additional-jsonnet-dashboard-example.jsonnet
│ ├── grafana-additional-rendered-dashboard-example-2.jsonnet
│ ├── grafana-additional-rendered-dashboard-example.jsonnet
│ ├── grafana-ldap.jsonnet
│ ├── grafana-only-dashboards.jsonnet
│ ├── ingress-one-to-many.jsonnet
│ ├── ingress.jsonnet
│ ├── internal-registry.jsonnet
│ ├── jsonnet-build-snippet/
│ │ └── build-snippet.jsonnet
│ ├── jsonnet-snippets/
│ │ ├── node-ports.jsonnet
│ │ └── platform.jsonnet
│ ├── kubeProxy.jsonnet
│ ├── kustomize.jsonnet
│ ├── minikube.jsonnet
│ ├── mixin-inclusion.jsonnet
│ ├── name-namespace-overrides.jsonnet
│ ├── networkpolicies-disabled.jsonnet
│ ├── pod-security-policies.jsonnet
│ ├── prometheus-additional-alert-rule-example.jsonnet
│ ├── prometheus-additional-recording-rule-example.jsonnet
│ ├── prometheus-additional-rendered-rule-example.jsonnet
│ ├── prometheus-agent.jsonnet
│ ├── prometheus-pvc.jsonnet
│ ├── prometheus-thanos.jsonnet
│ ├── rule-patcher.jsonnet
│ ├── rule-patches.libsonnet
│ ├── strip-limits.jsonnet
│ ├── sync-to-internal-registry.jsonnet
│ ├── thanos-sidecar.jsonnet
│ ├── tolerations.libsonnet
│ ├── weave-net-example.jsonnet
│ ├── windows-hostprocess.jsonnet
│ └── windows.jsonnet
├── experimental/
│ └── metrics-server/
│ ├── auth-delegator.yaml
│ ├── auth-reader.yaml
│ ├── metrics-apiservice.yaml
│ ├── metrics-server-cluster-role-binding.yaml
│ ├── metrics-server-cluster-role.yaml
│ ├── metrics-server-deployment.yaml
│ ├── metrics-server-service-account.yaml
│ └── metrics-server-service.yaml
├── go.mod
├── go.sum
├── jsonnet/
│ └── kube-prometheus/
│ ├── .gitignore
│ ├── addons/
│ │ ├── all-namespaces.libsonnet
│ │ ├── anti-affinity.libsonnet
│ │ ├── aws-vpc-cni.libsonnet
│ │ ├── config-mixins.libsonnet
│ │ ├── custom-metrics.libsonnet
│ │ ├── dropping-deprecated-metrics-relabelings.libsonnet
│ │ ├── external-metrics.libsonnet
│ │ ├── insecure-kubelet.libsonnet
│ │ ├── ksm-autoscaler.libsonnet
│ │ ├── ksm-lite.libsonnet
│ │ ├── managed-cluster.libsonnet
│ │ ├── networkpolicies-disabled.libsonnet
│ │ ├── node-ports.libsonnet
│ │ ├── podsecuritypolicies.libsonnet
│ │ ├── pyrra.libsonnet
│ │ ├── static-etcd.libsonnet
│ │ ├── strip-limits.libsonnet
│ │ ├── user-facing-roles.libsonnet
│ │ ├── weave-net/
│ │ │ ├── alerts.libsonnet
│ │ │ ├── grafana-weave-net-cluster.json
│ │ │ ├── grafana-weave-net.json
│ │ │ └── weave-net.libsonnet
│ │ ├── windows-hostprocess.libsonnet
│ │ └── windows.libsonnet
│ ├── components/
│ │ ├── alertmanager.libsonnet
│ │ ├── blackbox-exporter.libsonnet
│ │ ├── grafana.libsonnet
│ │ ├── k8s-control-plane.libsonnet
│ │ ├── kube-rbac-proxy.libsonnet
│ │ ├── kube-state-metrics.libsonnet
│ │ ├── mixin/
│ │ │ ├── alerts/
│ │ │ │ ├── alerts.libsonnet
│ │ │ │ ├── general.libsonnet
│ │ │ │ └── node.libsonnet
│ │ │ ├── custom.libsonnet
│ │ │ └── rules/
│ │ │ ├── general.libsonnet
│ │ │ ├── node-rules.libsonnet
│ │ │ └── rules.libsonnet
│ │ ├── node-exporter.libsonnet
│ │ ├── prometheus-adapter.libsonnet
│ │ ├── prometheus-operator.libsonnet
│ │ └── prometheus.libsonnet
│ ├── jsonnetfile.json
│ ├── lib/
│ │ ├── mixin.libsonnet
│ │ ├── rule-sanitizer.libsonnet
│ │ └── utils.libsonnet
│ ├── main.libsonnet
│ ├── platforms/
│ │ ├── README.md
│ │ ├── aks.libsonnet
│ │ ├── aws.libsonnet
│ │ ├── bootkube.libsonnet
│ │ ├── eks.libsonnet
│ │ ├── gke.libsonnet
│ │ ├── kops-coredns.libsonnet
│ │ ├── kops.libsonnet
│ │ ├── kubeadm.libsonnet
│ │ ├── kubespray.libsonnet
│ │ └── platforms.libsonnet
│ └── versions.json
├── jsonnetfile.json
├── jsonnetfile.lock.json
├── kubescape-exceptions.json
├── kustomization.yaml
├── manifests/
│ ├── alertmanager-alertmanager.yaml
│ ├── alertmanager-networkPolicy.yaml
│ ├── alertmanager-podDisruptionBudget.yaml
│ ├── alertmanager-prometheusRule.yaml
│ ├── alertmanager-secret.yaml
│ ├── alertmanager-service.yaml
│ ├── alertmanager-serviceAccount.yaml
│ ├── alertmanager-serviceMonitor.yaml
│ ├── blackboxExporter-clusterRole.yaml
│ ├── blackboxExporter-clusterRoleBinding.yaml
│ ├── blackboxExporter-configuration.yaml
│ ├── blackboxExporter-deployment.yaml
│ ├── blackboxExporter-networkPolicy.yaml
│ ├── blackboxExporter-service.yaml
│ ├── blackboxExporter-serviceAccount.yaml
│ ├── blackboxExporter-serviceMonitor.yaml
│ ├── grafana-config.yaml
│ ├── grafana-dashboardDatasources.yaml
│ ├── grafana-dashboardDefinitions.yaml
│ ├── grafana-dashboardSources.yaml
│ ├── grafana-deployment.yaml
│ ├── grafana-networkPolicy.yaml
│ ├── grafana-prometheusRule.yaml
│ ├── grafana-service.yaml
│ ├── grafana-serviceAccount.yaml
│ ├── grafana-serviceMonitor.yaml
│ ├── kubePrometheus-prometheusRule.yaml
│ ├── kubeStateMetrics-clusterRole.yaml
│ ├── kubeStateMetrics-clusterRoleBinding.yaml
│ ├── kubeStateMetrics-deployment.yaml
│ ├── kubeStateMetrics-networkPolicy.yaml
│ ├── kubeStateMetrics-prometheusRule.yaml
│ ├── kubeStateMetrics-service.yaml
│ ├── kubeStateMetrics-serviceAccount.yaml
│ ├── kubeStateMetrics-serviceMonitor.yaml
│ ├── kubernetesControlPlane-prometheusRule.yaml
│ ├── kubernetesControlPlane-serviceMonitorApiserver.yaml
│ ├── kubernetesControlPlane-serviceMonitorCoreDNS.yaml
│ ├── kubernetesControlPlane-serviceMonitorKubeControllerManager.yaml
│ ├── kubernetesControlPlane-serviceMonitorKubeScheduler.yaml
│ ├── kubernetesControlPlane-serviceMonitorKubelet.yaml
│ ├── nodeExporter-clusterRole.yaml
│ ├── nodeExporter-clusterRoleBinding.yaml
│ ├── nodeExporter-daemonset.yaml
│ ├── nodeExporter-networkPolicy.yaml
│ ├── nodeExporter-prometheusRule.yaml
│ ├── nodeExporter-service.yaml
│ ├── nodeExporter-serviceAccount.yaml
│ ├── nodeExporter-serviceMonitor.yaml
│ ├── prometheus-clusterRole.yaml
│ ├── prometheus-clusterRoleBinding.yaml
│ ├── prometheus-networkPolicy.yaml
│ ├── prometheus-podDisruptionBudget.yaml
│ ├── prometheus-prometheus.yaml
│ ├── prometheus-prometheusRule.yaml
│ ├── prometheus-roleBindingConfig.yaml
│ ├── prometheus-roleBindingSpecificNamespaces.yaml
│ ├── prometheus-roleConfig.yaml
│ ├── prometheus-roleSpecificNamespaces.yaml
│ ├── prometheus-service.yaml
│ ├── prometheus-serviceAccount.yaml
│ ├── prometheus-serviceMonitor.yaml
│ ├── prometheusAdapter-apiService.yaml
│ ├── prometheusAdapter-clusterRole.yaml
│ ├── prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml
│ ├── prometheusAdapter-clusterRoleBinding.yaml
│ ├── prometheusAdapter-clusterRoleBindingDelegator.yaml
│ ├── prometheusAdapter-clusterRoleServerResources.yaml
│ ├── prometheusAdapter-configMap.yaml
│ ├── prometheusAdapter-deployment.yaml
│ ├── prometheusAdapter-networkPolicy.yaml
│ ├── prometheusAdapter-podDisruptionBudget.yaml
│ ├── prometheusAdapter-roleBindingAuthReader.yaml
│ ├── prometheusAdapter-service.yaml
│ ├── prometheusAdapter-serviceAccount.yaml
│ ├── prometheusAdapter-serviceMonitor.yaml
│ ├── prometheusOperator-clusterRole.yaml
│ ├── prometheusOperator-clusterRoleBinding.yaml
│ ├── prometheusOperator-deployment.yaml
│ ├── prometheusOperator-networkPolicy.yaml
│ ├── prometheusOperator-prometheusRule.yaml
│ ├── prometheusOperator-service.yaml
│ ├── prometheusOperator-serviceAccount.yaml
│ ├── prometheusOperator-serviceMonitor.yaml
│ └── setup/
│ ├── 0alertmanagerConfigCustomResourceDefinition.yaml
│ ├── 0alertmanagerCustomResourceDefinition.yaml
│ ├── 0podmonitorCustomResourceDefinition.yaml
│ ├── 0probeCustomResourceDefinition.yaml
│ ├── 0prometheusCustomResourceDefinition.yaml
│ ├── 0prometheusagentCustomResourceDefinition.yaml
│ ├── 0prometheusruleCustomResourceDefinition.yaml
│ ├── 0scrapeconfigCustomResourceDefinition.yaml
│ ├── 0servicemonitorCustomResourceDefinition.yaml
│ ├── 0thanosrulerCustomResourceDefinition.yaml
│ └── namespace.yaml
├── scripts/
│ ├── generate-schemas.sh
│ ├── generate-versions.sh
│ ├── get-new-changelogs.sh
│ ├── go.mod
│ ├── go.sum
│ ├── minikube-start-kvm.sh
│ ├── minikube-start.sh
│ ├── monitoring-deploy.sh
│ ├── test.sh
│ └── tools.go
└── tests/
└── e2e/
├── kind/
│ ├── config.yml
│ ├── kube-router.yaml
│ ├── kubernetesControlPlane-kubeControllerManagerPrometheusDiscoveryService.yaml
│ ├── kubernetesControlPlane-kubeSchedulerPrometheusDiscoveryService.yaml
│ └── patches/
│ └── kube-controller-manager.yaml
├── main_test.go
└── prometheus_client.go
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/CODEOWNERS
================================================
* @prometheus-operator/kube-prometheus-reviewers
================================================
FILE: .github/ISSUE_TEMPLATE/bug.md
================================================
---
name: Bug
about: Report a bug related to kube-prometheus
labels: kind/bug
---
<!--
Feel free to ask questions in #prometheus-operator on Kubernetes Slack!
-->
**What happened?**
**Did you expect to see some different?**
**How to reproduce it (as minimally and precisely as possible)**:
**Environment**
* Prometheus Operator version:
`Insert image tag or Git SHA here`
<!-- Try kubectl -n monitoring describe deployment prometheus-operator -->
* Kubernetes version information:
`kubectl version`
<!-- Replace the command with its output above -->
* Kubernetes cluster kind:
insert how you created your cluster: kops, bootkube, tectonic-installer, etc.
* Manifests:
```
insert manifests relevant to the issue
```
* Prometheus Operator Logs:
```
Insert Prometheus Operator logs relevant to the issue here
```
* Prometheus Logs:
```
Insert Prometheus logs relevant to the issue here
```
**Anything else we need to know?**:
================================================
FILE: .github/ISSUE_TEMPLATE/feature.md
================================================
---
name: Feature
about: If you want to propose a new feature or enhancement
labels: kind/feature
---
<!--
Feel free to ask questions in #prometheus-operator on Kubernetes Slack!
-->
**What is missing?**
**Why do we need it?**
**Environment**
* kube-prometheus version:
`Insert Git SHA here`
**Anything else we need to know?**:
================================================
FILE: .github/ISSUE_TEMPLATE/support.md
================================================
---
name: Support
about: If you have questions about kube-prometheus
labels: kind/support
---
This repository now has the new GitHub Discussions enabled:
https://github.com/prometheus-operator/kube-prometheus/discussions
Please create a new discussion to ask for any kind of support, which is not a Bug or Feature Request.
Thank you for being part of this community!
---
We are still happy to chat with you in the #prometheus-operator channel on Kubernetes Slack!
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
<!--
WARNING: Not using this template will result in a longer review process and your change won't be visible in CHANGELOG.
-->
## Description
_Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request.
If it fixes a bug or resolves a feature request, be sure to link to that issue._
## Type of change
_What type of changes does your code introduce to the kube-prometheus? Put an `x` in the box that apply._
- [ ] `CHANGE` (fix or feature that would cause existing functionality to not work as expected)
- [ ] `FEATURE` (non-breaking change which adds functionality)
- [ ] `BUGFIX` (non-breaking change which fixes an issue)
- [ ] `ENHANCEMENT` (non-breaking change which improves existing functionality)
- [ ] `NONE` (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)
## Changelog entry
_Please put a one-line changelog entry below. Later this will be copied to the changelog file._
<!--
Your release note should be written in clear and straightforward sentences. Most often, users aren't familiar with
the technical details of your PR, so consider what they need to know when you write your release note.
Some brief examples of release notes:
- Add metadataConfig field to the Prometheus CRD for configuring how remote-write sends metadata information.
- Generate correct scraping configuration for Probes with empty or unset module parameter.
-->
```release-note
```
================================================
FILE: .github/dependabot.yml
================================================
version: 2
updates:
- package-ecosystem: gomod
directory: /
schedule:
interval: daily
- package-ecosystem: gomod
directory: /scripts/
schedule:
interval: daily
- package-ecosystem: github-actions
directory: /
schedule:
interval: daily
================================================
FILE: .github/env
================================================
kind-version=v0.31.0
golang-version=1.25
================================================
FILE: .github/workflows/action-lint.yaml
================================================
name: lint gitHub action workflows
on:
push:
paths:
- ".github/workflows/**"
pull_request:
paths:
- ".github/workflows/**"
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Download actionlint
id: get_actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.7.7/scripts/download-actionlint.bash)
shell: bash
- name: Check workflow files
run: ${{ steps.get_actionlint.outputs.executable }} -color
shell: bash
================================================
FILE: .github/workflows/ci.yaml
================================================
name: ci
on:
- push
- pull_request
jobs:
generate:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- macos-latest
- ubuntu-latest
name: Generate
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Import environment variables from file
run: cat ".github/env" >> "$GITHUB_ENV"
- uses: actions/setup-go@v6
with:
go-version: ${{ env.golang-version }}
- run: make --always-make generate validate && git diff --exit-code
check-docs:
runs-on: ubuntu-latest
name: Check Documentation formatting and links
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Import environment variables from file
run: cat ".github/env" >> "$GITHUB_ENV"
- uses: actions/setup-go@v6
with:
go-version: ${{ env.golang-version }}
- run: make check-docs
lint:
runs-on: ubuntu-latest
name: Jsonnet linter
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Import environment variables from file
run: cat ".github/env" >> "$GITHUB_ENV"
- uses: actions/setup-go@v6
with:
go-version: ${{ env.golang-version }}
- run: make --always-make lint
fmt:
runs-on: ubuntu-latest
name: Jsonnet formatter
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Import environment variables from file
run: cat ".github/env" >> "$GITHUB_ENV"
- uses: actions/setup-go@v6
with:
go-version: ${{ env.golang-version }}
- run: make --always-make fmt && git diff --exit-code
unit-tests:
runs-on: ubuntu-latest
name: Unit tests
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Import environment variables from file
run: cat ".github/env" >> "$GITHUB_ENV"
- uses: actions/setup-go@v6
with:
go-version: ${{ env.golang-version }}
- run: make --always-make test
security-audit:
runs-on: ubuntu-latest
name: Run security analysis on manifests
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- run: make --always-make kubescape
e2e-tests:
name: E2E tests
runs-on: ubuntu-latest
strategy:
matrix:
kind-image:
- "kindest/node:v1.35.1"
- "kindest/node:v1.34.3"
- "kindest/node:v1.33.7"
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Import environment variables from file
run: cat ".github/env" >> "$GITHUB_ENV"
- uses: actions/setup-go@v6
with:
go-version: ${{ env.golang-version }}
- name: Start kind cluster
uses: helm/kind-action@v1.14.0
with:
version: ${{ env.kind-version }}
node_image: ${{ matrix.kind-image }}
wait: 10s # Without default CNI, control-plane doesn't get ready until Cilium is installed
config: tests/e2e/kind/config.yml
cluster_name: e2e
- name: Install kube-router for NetworkPolicy support
run: |
kubectl apply -f tests/e2e/kind/kube-router.yaml
- name: Install kube-scheduler and kube-controller-manager services
run: |
kubectl apply -f tests/e2e/kind/kubernetesControlPlane-kubeControllerManagerPrometheusDiscoveryService.yaml && \
kubectl apply -f tests/e2e/kind/kubernetesControlPlane-kubeSchedulerPrometheusDiscoveryService.yaml
- name: Wait for cluster to finish bootstraping
run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s
- name: Create kube-prometheus stack
run: |
kubectl create -f manifests/setup
until kubectl get servicemonitors --all-namespaces ; do date; sleep 1; echo ""; done
kubectl create -f manifests/
- name: Wait for kube-prometheus stack to finish bootstraping
run: kubectl wait --for=condition=Ready pods --all -n monitoring --timeout=300s
- name: Check resources in all namespaces
run: kubectl get services,endpoints,pods,prometheus,alertmanager --all-namespaces
- name: Run tests
run: |
export KUBECONFIG="${HOME}/.kube/config"
make test-e2e
# Added to summarize the matrix and allow easy branch protection rules setup
e2e-tests-result:
name: End-to-End Test Results
if: always()
needs:
- e2e-tests
runs-on: ubuntu-latest
steps:
- name: Mark the job as a success
if: needs.e2e-tests.result == 'success'
run: exit 0
- name: Mark the job as a failure
if: needs.e2e-tests.result != 'success'
run: exit 1
================================================
FILE: .github/workflows/stale.yaml
================================================
name: 'Close stale issues and PRs'
on:
schedule:
- cron: '30 3 * * *'
jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v10
with:
stale-issue-message: 'This issue has been automatically marked as stale because it has not had any activity in the last 60 days. Thank you for your contributions.'
close-issue-message: 'This issue was closed because it has not had any activity in the last 120 days. Please reopen if you feel this is still valid.'
days-before-stale: 60
days-before-issue-close: 120
days-before-pr-close: -1 # Prevent closing PRs
exempt-issue-labels: 'kind/feature,help wanted,kind/bug'
stale-issue-label: 'stale'
stale-pr-label: 'stale'
exempt-draft-pr: true
operations-per-run: 500
================================================
FILE: .github/workflows/versions.yaml
================================================
name: Upgrade to latest versions
on:
workflow_dispatch:
schedule:
- cron: "37 7 * * 1"
jobs:
versions:
runs-on: ubuntu-latest
strategy:
matrix:
branch:
# testing will be done against last two release branches and main branch
- "release-0.16"
- "release-0.17"
- "main"
steps:
- uses: actions/checkout@v6
with:
ref: ${{ matrix.branch }}
- name: Import environment variables from file
run: cat ".github/env" >> "$GITHUB_ENV"
- uses: actions/setup-go@v6
with:
go-version: ${{ env.golang-version }}
- name: Upgrade versions
id: versions
run: |
export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
# Write to temporary file to make update atomic
scripts/generate-versions.sh > /tmp/versions.json
mv /tmp/versions.json jsonnet/kube-prometheus/versions.json
# Display the raw diff between versions.
git diff
# Get the links to the changelogs of the updated versions and make them
# available to the reviewers
# 1) Open the multiline output
echo "new_changelogs<<EOF" >> "$GITHUB_OUTPUT"
# 2) Run changelog script without exiting on error
set +e
scripts/get-new-changelogs.sh >> "$GITHUB_OUTPUT"
script_rc=$?
set -e
# 3) Close the multiline output
echo "EOF" >> "$GITHUB_OUTPUT"
# 4) Fail if the script actually errored
if [ $script_rc -ne 0 ]; then
echo "::error::get-new-changelogs.sh failed with exit code $script_rc"
exit $script_rc
fi
if: matrix.branch == 'main'
- name: Update jsonnet dependencies
run: |
make update
make generate
# Reset jsonnetfile.lock.json if no dependencies were updated.
# grep returns 0 when it matches at least 1 line in the diff output.
if ! git diff --name-only | grep -qv 'jsonnetfile.lock.json'; then
git checkout -- jsonnetfile.lock.json;
fi
- name: Create Pull Request
uses: peter-evans/create-pull-request@v8
with:
commit-message: "[bot] [${{ matrix.branch }}] Automated version update"
title: "[bot] [${{ matrix.branch }}] Automated version update"
body: |
## Description
This is an automated version and jsonnet dependencies update performed from CI.
Please review the following changelogs to make sure that we don't miss any important
changes before merging this PR.
${{ steps.versions.outputs.new_changelogs }}
Configuration of the workflow is located in `.github/workflows/versions.yaml`.
## Type of change
- [x] `NONE` (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)
## Changelog entry
```release-note
```
team-reviewers: kube-prometheus-reviewers
committer: Prometheus Operator Bot <prom-op-bot@users.noreply.github.com>
author: Prometheus Operator Bot <prom-op-bot@users.noreply.github.com>
branch: automated-updates-${{ matrix.branch }}
delete-branch: true
# GITHUB_TOKEN cannot be used as it won't trigger CI in a created PR
# More in https://github.com/peter-evans/create-pull-request/issues/155
token: ${{ secrets.PROM_OP_BOT_PAT }}
================================================
FILE: .gitignore
================================================
tmp/
minikube-manifests/
vendor/
./auth
.swp
crdschemas/
.mdoxcache
developer-workspace/gitpod/_output
developer-workspace/codespaces/kind
================================================
FILE: .gitpod.yml
================================================
image: gitpod/workspace-full
checkoutLocation: gitpod-k3s
tasks:
- init: |
make --always-make
export PATH="$(pwd)/tmp/bin:${PATH}"
cat > ${PWD}/.git/hooks/pre-commit <<EOF
#!/bin/bash
echo "Checking jsonnet fmt"
make fmt > /dev/null 2>&1
echo "Checking if manifests are correct"
make generate > /dev/null 2>&1
git diff --exit-code
if [[ \$? == 1 ]]; then
echo "
This commit is being rejected because the YAML manifests are incorrect or jsonnet needs to be formatted."
echo "Please commit your changes again!"
exit 1
fi
EOF
chmod +x ${PWD}/.git/hooks/pre-commit
- name: run kube-prometheus
command: |
developer-workspace/gitpod/prepare-k3s.sh
developer-workspace/common/deploy-kube-prometheus.sh
- name: kernel dev environment
init: |
sudo apt update -y
sudo apt install qemu qemu-system-x86 linux-image-$(uname -r) libguestfs-tools sshpass netcat -y
sudo curl -o /usr/bin/kubectl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo chmod +x /usr/bin/kubectl
developer-workspace/gitpod/prepare-rootfs.sh
command: |
developer-workspace/gitpod/qemu.sh
ports:
- port: 3000
onOpen: open-browser
- port: 9090
onOpen: open-browser
- port: 9093
onOpen: open-browser
vscode:
extensions:
- heptio.jsonnet
================================================
FILE: .mdox.validate.yaml
================================================
version: 1
validators:
# Ignore localhost links.
- regex: 'localhost'
type: "ignore"
# Ignore release links.
- regex: 'https:\/\/github\.com\/prometheus-operator\/kube-prometheus\/releases'
type: "ignore"
# Ignore github issue link that is timing out
- regex: 'https:\/\/github\.com\/kubernetes-incubator\/kube-aws\/issues\/923'
type: "ignore"
# Twitter changed their policy and now returns 403 if not authenticated. We can guarantee this link since we own the account.
- regex: 'https:\/\/twitter.com\/PromOperator'
type: "ignore"
# the www.weave.works domain returns 404 for many pages.
# Ignoring for now but we need remove the related content if it persists.
- regex: 'https:\/\/www.weave.works.*'
type: "ignore"
# StackOverflow returns 403 for automated requests.
- regex: 'https:\/\/stackoverflow.com.*'
type: "ignore"
================================================
FILE: CHANGELOG.md
================================================
## release-0.17 / 2026-03-19
* [CHANGE] Remove `alertmanagerName` and `thanosSelector` configuration options from `prometheus.libsonnet`. [#2755](https://github.com/prometheus-operator/kube-prometheus/pull/2755)
* [CHANGE] Migrate service discovery to EndpointSlices. [#2752](https://github.com/prometheus-operator/kube-prometheus/pull/2752)
* [CHANGE] Alertmanager: select AlertmanagerConfig CRs within its own namespace by default. [#2747](https://github.com/prometheus-operator/kube-prometheus/pull/2747)
* [BUGFIX] Fix InfoInhibitor alert failing with duplicate series error when multiple info-level alerts fire in the same namespace. [#2786](https://github.com/prometheus-operator/kube-prometheus/pull/2786)
* [BUGFIX] Add EndpointSlices RBAC to all-namespaces addon. [#2760](https://github.com/prometheus-operator/kube-prometheus/pull/2760)
* [BUGFIX] Drop deprecated `apiserver_storage_objects` metric (replaced by `apiserver_resource_objects` since Kubernetes 1.34). [#2809](https://github.com/prometheus-operator/kube-prometheus/pull/2809)
## release-0.16 / 2025-08-28
* [ENHANCEMENT] Add common labels to blackbox-exporter ClusterRole. [#2667](https://github.com/prometheus-operator/kube-prometheus/pull/2667)
* [ENHANCEMENT] Add labels to AWS VPC CNI Service and ServiceMonitor. [#2668](https://github.com/prometheus-operator/kube-prometheus/pull/2668)
* [ENHANCEMENT] Add component label to Kubernetes control-plane resources. [#2669](https://github.com/prometheus-operator/kube-prometheus/pull/2669)
* [CHANGE] AKS platform: change Service name and `job` label. [#2665](https://github.com/prometheus-operator/kube-prometheus/pull/2665)
## release-0.15 / 2025-06-04
* [FEATURE] Add config option for storage to Prometheus and Alertmanager servers[#2651](https://github.com/prometheus-operator/kube-prometheus/pull/2651)
* [ENHANCEMENT] Reduce apiserver metric cardinality [#2531](https://github.com/prometheus-operator/kube-prometheus/pull/2531)
* [BUGFIX] Fix port allocation for node-exporter [#2627](https://github.com/prometheus-operator/kube-prometheus/pull/2627)
* [BUGFIX] Fix procfs location for node-exporter [#2549](https://github.com/prometheus-operator/kube-prometheus/pull/2549)
* [BUGFIX] Drop `process_start_time_seconds` from Kubelet slis endpoint [#2530](https://github.com/prometheus-operator/kube-prometheus/pull/2530)
## release-0.14 / 2024-09-12
* [CHANGE] Prefer new form for `kube_node_status_capacity_pods` metric [#2269](https://github.com/prometheus-operator/kube-prometheus/pull/2269)
* [CHANGE] Add runAsGroup to all components [#2424](https://github.com/prometheus-operator/kube-prometheus/pull/2424)
* [FEATURE] Add support for ScrapeConfig [#2232](https://github.com/prometheus-operator/kube-prometheus/pull/2232)
* [FEATURE] Add Kubernetes components SLI metrics [#2496](https://github.com/prometheus-operator/kube-prometheus/pull/2496)
* [FEATURE] Add monitor and rules resources to user-facing roles add-on [#2238](https://github.com/prometheus-operator/kube-prometheus/pull/2238)
* [BUGFIX] Add thanos-sidecar metrics port to Prometheus Service and NetworkPolicy [#2330](https://github.com/prometheus-operator/kube-prometheus/pull/2330)
* [ENHANCEMENT] Add ability to inject Secrets into alertmanager [#2206](https://github.com/prometheus-operator/kube-prometheus/pull/2206)
* [ENHANCEMENT] Add securityContext items and Pod security labels [#2178](https://github.com/prometheus-operator/kube-prometheus/pull/2178)
## release-0.13 / 2023-08-31
* [CHANGE] Added a AKS platform to `platforms.libsonnet` [#1997](https://github.com/prometheus-operator/kube-prometheus/pull/1997)
* [CHANGE] Disable btrfs collector by default [#2074](https://github.com/prometheus-operator/kube-prometheus/pull/2074)
* [CHANGE] Enable Multi Cluster alerts by default [#2099](https://github.com/prometheus-operator/kube-prometheus/pull/2099)
* [FEATURE] Create dedicated Service to expose CoreDNS metric [#2107](https://github.com/prometheus-operator/kube-prometheus/pull/2107)
* [FEATURE] Add Windows support using Hostprocess instead of static_configs [#2048](https://github.com/prometheus-operator/kube-prometheus/pull/2048)
* [BUGFIX] Fix a compilation error when building the custom-metrics addon [#1996](https://github.com/prometheus-operator/kube-prometheus/pull/1996)
* [BUGFIX] Add `prometheus-adapter` in Prometheus's NetworkPolicy [#1982](https://github.com/prometheus-operator/kube-prometheus/pull/1982)
* [BUGFIX] Fix namespace specified in manifest non-namespaced resources [#2158](https://github.com/prometheus-operator/kube-prometheus/pull/2158)
* [BUGFIX] Override ServiceAccount, Role and ClusterRole names in RoleBinding and ClusterRoleBinding [#2135](https://github.com/prometheus-operator/kube-prometheus/pull/2135)
* [BUGFIX] Remove deprecated `--logtostderr` argument of prometheus-adapter [#2185](https://github.com/prometheus-operator/kube-prometheus/pull/2185)
* [BUGFIX] Fix alertmanager external config example [#1891](https://github.com/prometheus-operator/kube-prometheus/pull/1891)
* [ENHANCEMENT] Add startupProbe to prometheus-adapter [#2029](https://github.com/prometheus-operator/kube-prometheus/pull/2029)
* [ENHANCEMENT] Added configurable default values for kube-rbac-proxy in prometheus-operator, node-exporter and blackbox-exporter [#1987](https://github.com/prometheus-operator/kube-prometheus/pull/1987)
* [ENHANCEMENT] Modify control plane ServiceMonitors to be compatible with Argo [#2041](https://github.com/prometheus-operator/kube-prometheus/pull/2041)
* [ENHANCEMENT] Add md5 hash of the ConfigMap in Prometheus Adapter Deployment Annotations to force its recreation [#2195](https://github.com/prometheus-operator/kube-prometheus/pull/2195)
## release-0.12 / 2023-01-19
* [CHANGE] Updates Prometheus Adapater version to 0.10.0 [#1865](https://github.com/prometheus-operator/kube-prometheus/pull/1865)
* [FEATURE] Added a AKS platform [#1869](https://github.com/prometheus-operator/kube-prometheus/pull/1869)
* [BUGFIX] Update Pyrra to 0.4.2 [#1800](https://github.com/prometheus-operator/kube-prometheus/pull/1800)
* [BUGFIX] Jsonnet: enable automountServiceAccountToken for prometheus service account [#1808](https://github.com/prometheus-operator/kube-prometheus/pull/1808)
* [BUGFIX] Fix diskDeviceSelector regex for aks and eks [#1810](https://github.com/prometheus-operator/kube-prometheus/pull/1810)
* [BUGFIX] Set path.udev.data Argument of Node Exporter [#1913](https://github.com/prometheus-operator/kube-prometheus/pull/1913)
* [BUGFIX] Include RAID device md.* in disk seletor [#1945](https://github.com/prometheus-operator/kube-prometheus/pull/1945)
* [ENHANCEMENT] Prometheus-adapter: add prefix option to config for container metrics [#1844](https://github.com/prometheus-operator/kube-prometheus/pull/1844)
* [ENHANCEMENT] Switch kube-state-metrics registry to registry.k8s.io [#1914](https://github.com/prometheus-operator/kube-prometheus/pull/1914)
* [ENHANCEMENT] Node Exporter: add parameter for ignored network devices [#1887](https://github.com/prometheus-operator/kube-prometheus/pull/1887)
## release-0.11 / 2022-06-15
* [CHANGE] Disable injecting unnecessary variables allowing access to k8s API [#1591](https://github.com/prometheus-operator/kube-prometheus/pull/1591)
* [FEATURE] Add grafana-mixin [#1458](https://github.com/prometheus-operator/kube-prometheus/pull/1458)
* [FEATURE] Add example usage of prometheus-agent [#1472](https://github.com/prometheus-operator/kube-prometheus/pull/1472)
* [FEATURE] Add Pyrra as (optional) component [#1667](https://github.com/prometheus-operator/kube-prometheus/pull/1667)
* [ENHANCEMENT] Adds NetworkPolicies to all components of Kube-prometheus [#1650](https://github.com/prometheus-operator/kube-prometheus/pull/1650)
* [ENHANCEMENT] Scan generated manifests with kubescape in CI [#1584](https://github.com/prometheus-operator/kube-prometheus/pull/1584)
* [ENHANCEMENT] Explicitly declare allowPrivilegeEscalation to false in all components [#1593](https://github.com/prometheus-operator/kube-prometheus/pull/1593)
* [ENHANCEMENT] Forbid write access to root filesystem [#1600](https://github.com/prometheus-operator/kube-prometheus/pull/1600)
* [ENHANCEMENT] Drop Linux capabilities, , just keeping CAP_SYS_TIME for node-exporter [#1610](https://github.com/prometheus-operator/kube-prometheus/pull/1610)
* [ENHANCEMENT] Remove hostPort from node-export daemonset [#1612](https://github.com/prometheus-operator/kube-prometheus/pull/1612)
* [ENHANCEMENT] Add priorityClassName as system-cluster-critical for node_exporter [#1649](https://github.com/prometheus-operator/kube-prometheus/pull/1649)
* [ENHANCEMENT] Added custom overrides for kube-rbac-proxy-self [#1637](https://github.com/prometheus-operator/kube-prometheus/pull/1637)
* [ENHANCEMENT] Adds readinessProbe and livenessProbe to prometheus-adapter jsonnet [#1696](https://github.com/prometheus-operator/kube-prometheus/pull/1696)
* [BUGFIX] Update kubeadm integration of kube-prometheus [#1569](https://github.com/prometheus-operator/kube-prometheus/pull/1569)
* [BUGFIX] Add projected volumes permission to addon/podsecuritypolicie [#1572](https://github.com/prometheus-operator/kube-prometheus/pull/1572)
* [BUGFIX] Hide namespace for prometheus clusterRole and clusterRolebinding [#1566](https://github.com/prometheus-operator/kube-prometheus/pull/1566)
* [BUGFIX] Fix accidentally broken thanosSelector after #1543 [#1556](https://github.com/prometheus-operator/kube-prometheus/pull/1556)
* [BUGFIX] Jsonnet: filter out kube-proxy alerts when kube-proxy is disabled [#1609](https://github.com/prometheus-operator/kube-prometheus/pull/1609)
* [BUGFIX] Sanitize regex denylist in ksm-lite addon [#1613](https://github.com/prometheus-operator/kube-prometheus/pull/1613)
* [BUGFIX] Sanitize all regex denylist in ksm-lite addon [#1614](https://github.com/prometheus-operator/kube-prometheus/pull/1614)
* [BUGFIX] Add extra-volume mount for plugins downloads [#1624](https://github.com/prometheus-operator/kube-prometheus/pull/1624)
* [BUGFIX] Added allowedCapabilities to node-exporter psp [#1642](https://github.com/prometheus-operator/kube-prometheus/pull/1642)
* [BUGFIX] Fix cluster:node_cpu:ratio query [#1628](https://github.com/prometheus-operator/kube-prometheus/pull/1628)
* [BUGFIX] Removed CAP_ from node-exporter daemonset [#1647](https://github.com/prometheus-operator/kube-prometheus/pull/1647)
* [BUGFIX] Update PodMonitor for kube-proxy [#1630](https://github.com/prometheus-operator/kube-prometheus/pull/1630)
* [BUGFIX] Adds port name to prometheus-adapter [#1701](https://github.com/prometheus-operator/kube-prometheus/pull/1701)
* [BUGFIX] Fix grafana network access [#1721](https://github.com/prometheus-operator/kube-prometheus/pull/1721)
* [BUGFIX] Fix networkpolicies-disabled addon [#1724](https://github.com/prometheus-operator/kube-prometheus/pull/1724)
* [BUGFIX] Adjust NodeFilesystemSpaceFillingUp thresholds according default kubelet GC behavior [#1729](https://github.com/prometheus-operator/kube-prometheus/pull/1729)
* [BUGFIX] Fix problems when enabling eks platform patch [#1675](https://github.com/prometheus-operator/kube-prometheus/pull/1675)
* [BUGFIX] Access requests to sidecar from thanos-query [#1730](https://github.com/prometheus-operator/kube-prometheus/pull/1730)
* [BUGFIX] Fix prometheus namespace connection for addons/pyrra [#1734](https://github.com/prometheus-operator/kube-prometheus/pull/1734)
## release-0.10 / 2021-12-17
* [CHANGE] Adjust node filesystem space filling up warning threshold to 20% [#1357](https://github.com/prometheus-operator/kube-prometheus/pull/1357)
* [CHANGE] Always generate grafana-config secret [#1373](https://github.com/prometheus-operator/kube-prometheus/pull/1373)
* [CHANGE] Make filesystem ignored mount points configurable for node-exporter [#1376](https://github.com/prometheus-operator/kube-prometheus/pull/1376)
* [CHANGE] Drop some high cardinality cAdvisor metrics [#1406](https://github.com/prometheus-operator/kube-prometheus/pull/1406), [#1396](https://github.com/prometheus-operator/kube-prometheus/pull/1396)
* [CHANGE] Use `--collector.filesystem.mount-points-exclude` instead of deprecated `--collector.filesystem.ignored-mount-points` argument for `node-exporter` [#1407](https://github.com/prometheus-operator/kube-prometheus/pull/1407)
* [CHANGE] Drop some of prometheus-adapter metrics that are inherited from the apiserver code but aren't useful in the context of prometheus-adapter [#1409](https://github.com/prometheus-operator/kube-prometheus/pull/1409)
* [CHANGE] Remove "app" label selector deprecated by Prometheus-operator [#1420](https://github.com/prometheus-operator/kube-prometheus/pull/1420)
* [CHANGE] Use recommended instance label for Prometheus/Alertmanager resources [#1520](https://github.com/prometheus-operator/kube-prometheus/pull/1520)
* [CHANGE] Drop deprecated apiserver_longrunning_gauge and apiserver_registered_watchers metrics [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
* [CHANGE] Drop deprecated coredns_cache_misses_total [#1553](https://github.com/prometheus-operator/kube-prometheus/pull/1553)
* [ENHANCEMENT] Add support for LDAP authentication in Grafana [#1455](https://github.com/prometheus-operator/kube-prometheus/pull/1445)
* [ENHANCEMENT] Include rewritten kubernetes-grafana for easier usage of new library features [#1450](https://github.com/prometheus-operator/kube-prometheus/pull/1450)
* [ENHANCEMENT] Specify default container in node-exporter pod [#1462](https://github.com/prometheus-operator/kube-prometheus/pull/1462)
* [ENHANCEMENT] Make metadata consistent across objects in the same component [#1471](https://github.com/prometheus-operator/kube-prometheus/pull/1471)
* [ENHANCEMENT] Establish convention for default field types [#1475](https://github.com/prometheus-operator/kube-prometheus/pull/1475)
* [ENHANCEMENT] Exclude k3s containerd mountpoints [#1497](https://github.com/prometheus-operator/kube-prometheus/pull/1497)
* [ENHANCEMENT] Alertmanager now uses the new `matcher` syntax in the routing tree and inhibition rules [#1508](https://github.com/prometheus-operator/kube-prometheus/pull/1508)
* [ENHANCEMENT] Deprecate `thanosSelector` and expose `mixin._config.thanos` config variable for thanos sidecar [#1543](https://github.com/prometheus-operator/kube-prometheus/pull/1543)
* [ENHANCEMENT] Added configurable default values for sidecar container kube-rbac-proxy-self in deployment kube-statate-metrics. [#1637](https://github.com/prometheus-operator/kube-prometheus/pull/1637)
* [FEATURE] Support scraping config-reloader sidecar for Prometheus and AlertManager StatefulSets [#1344](https://github.com/prometheus-operator/kube-prometheus/pull/1344)
* [FEATURE] Expose prometheus alerting configuration in $.values.prometheus configuration [#1476](https://github.com/prometheus-operator/kube-prometheus/pull/1476)
* [BUGFIX] Remove deprecated policy/v1beta1 Kubernetes API [#1433](https://github.com/prometheus-operator/kube-prometheus/pull/1433)
* [BUGFIX] Fix prometheus URL in prometheus-adapter [#1463](https://github.com/prometheus-operator/kube-prometheus/pull/1463)
* [BUGFIX] Always use proper values scope for namespace in addons [#1518](https://github.com/prometheus-operator/kube-prometheus/pull/1518)
* [BUGFIX] Fix default empty groups for k8s PrometheusRule [#1534](https://github.com/prometheus-operator/kube-prometheus/pull/1534)
## release-0.9 / 2021-08-19
* [CHANGE] Test against Kubernetes 1.21 and 1,22. #1161 #1337
* [CHANGE] Drop cAdvisor metrics without (pod, namespace) label pairs. #1250
* [CHANGE] Excluded deprecated `etcd_object_counts` metric. #1337
* [FEATURE] Add PodDisruptionBudget to prometheus-adapter. #1136
* [FEATURE] Add support for feature flags in Prometheus. #1129
* [FEATURE] Add env parameter for grafana component. #1171
* [FEATURE] Add gitpod deployment of kube-prometheus on k3s. #1211
* [FEATURE] Add resource requests and limits to prometheus-adapter container. #1282
* [FEATURE] Add PodMonitor for kube-proxy. #1230
* [FEATURE] Turn AWS VPC CNI into a control plane add-on. #1307
* [ENHANCEMENT] Export anti-affinity addon. #1114
* [ENHANCEMENT] Allow changing configmap-reloader, grafana, and kube-rbac-proxy images in $.values.common.images. #1123 #1124 #1125
* [ENHANCEMENT] Add automated version upgrader. #1166
* [ENHANCEMENT] Improve all-namespace addon. #1131
* [ENHANCEMENT] Add example of running without grafana deployment. #1201
* [ENHANCEMENT] Import managed-cluster addon for the EKS platform. #1205
* [ENHANCEMENT] Automatically update jsonnet dependencies. #1220
* [ENHANCEMENT] Adapt kube-prometheus to changes to ovn veth interfaces names. #1224
* [ENHANCEMENT] Add example release-0.3 to release-0.8 migration to docs. #1235
* [ENHANCEMENT] Consolidate intervals used in prometheus-adapter CPU queries. #1231
* [ENHANCEMENT] Create dashboardDefinitions if rawDashboards or folderDashboards are specified. #1255
* [ENHANCEMENT] Relabel instance with node name for CNI DaemonSet on EKS. #1259
* [ENHANCEMENT] Update doc on Prometheus rule updates since release 0.8. #1253
* [ENHANCEMENT] Point runbooks to https://runbooks.prometheus-operator.dev. #1267
* [ENHANCEMENT] Allow setting of kubeRbacProxyMainResources in kube-state-metrics. #1257
* [ENHANCEMENT] Automate release branch updates. #1293 #1303
* [ENHANCEMENT] Create Thanos Sidecar rules separately from Prometheus ones. #1308
* [ENHANCEMENT] Allow using newer jsonnet-bundler dependency resolution when using windows addon. #1310
* [ENHANCEMENT] Prometheus ruleSelector defaults to all rules.
* [BUGFIX] Fix kube-state-metrics metric denylist regex pattern. #1146
* [BUGFIX] Fix missing resource config in blackbox exporter. #1148
* [BUGFIX] Fix adding private repository. #1169
* [BUGFIX] Fix kops selectors for scheduler, controllerManager and kube-dns. #1164
* [BUGFIX] Fix scheduler and controller selectors for Kubespray. #1142
* [BUGFIX] Fix label selector for coredns ServiceMonitor. #1200
* [BUGFIX] Fix name for blackbox-exporter PodSecurityPolicy. #1213
* [BUGFIX] Fix ingress path rules for networking.k8s.io/v1. #1212
* [BUGFIX] Disable insecure cypher suites for prometheus-adapter. #1216
* [BUGFIX] Fix CNI metrics relabelings on EKS. #1277
* [BUGFIX] Fix node-exporter ignore list for OVN. #1283
* [BUGFIX] Revert back to awscni_total_ip_addresses-based alert on EKS. #1292
* [BUGFIX] Allow passing `thanos: {}` to prometheus configuration. #1325
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing
This project is licensed under the [Apache 2.0 license](LICENSE) and accept
contributions via GitHub pull requests. This document outlines some of the
conventions on development workflow, commit message formatting, contact points
and other resources to make it easier to get your contribution accepted.
To maintain a safe and welcoming community, all participants must adhere to the
project's [Code of Conduct](code-of-conduct.md).
## Community
The project is developed in the open. Here are some of the channels we use to communicate and contribute:
[**Kubernetes Slack**](https://slack.k8s.io/): [#prometheus-operator](https://kubernetes.slack.com/archives/CFFDS2Z7F) -
General discussions channel
[**Kubernetes Slack**](https://slack.k8s.io/): [#prometheus-operator-dev](https://kubernetes.slack.com/archives/C01B03QCSMN) -
Channel used for project developers discussions
**Discussion forum**: [GitHub discussions](https://github.com/prometheus-operator/kube-prometheus/discussions)
**Twitter**: [@PromOperator](https://twitter.com/PromOperator)
**GitHub**: To file bugs and feature requests. For questions and discussions use the GitHub discussions. Generally,
the other community channels listed here are best suited to get support or discuss overarching topics.
Please avoid emailing maintainers directly.
We host publicy bi-weekly meetings focused on project development and contributions. It’s meant for developers
and maintainers to meet and get unblocked, pair review, and discuss development aspects of this project and related
projects (e.g kubernetes-mixin). The document linked below contains all the details, including how to register.
**Office Hours**: [Prometheus Operator & Kube-prometheus Contributor Office Hours](https://docs.google.com/document/d/1-fjJmzrwRpKmSPHtXN5u6VZnn39M28KqyQGBEJsqUOk)
## Getting Started
- Fork the repository on GitHub
- Read the [README](README.md) for build and test instructions
- Play with the project, submit bug fixes, submit patches!
## Contribution Flow
This is a rough outline of what a contributor's workflow looks like:
- Create a topic branch from where you want to base your work (usually `main`).
- Make commits of logical units.
- Make sure your commit messages are in the proper format (see below).
- Push your changes to a topic branch in your fork of the repository.
- Make sure the tests pass, and add any new tests as appropriate.
- Submit a pull request to the original repository.
Thanks for your contributions!
### Generated Files
All `.yaml` files in the `/manifests` folder are generated via
[Jsonnet](https://jsonnet.org/). Contributing changes will most likely include
the following process:
1. Make your changes in the respective `*.jsonnet` or `*.libsonnet` file.
2. Commit your changes (This is currently necessary due to our vendoring
process. This is likely to change in the future).
3. Generate dependent `*.yaml` files: `make generate`
4. Commit the generated changes.
### Format of the Commit Message
We follow a rough convention for commit messages that is designed to answer two
questions: what changed and why. The subject line should feature the what and
the body of the commit should describe the why.
```
scripts: add the test-cluster command
this uses tmux to setup a test cluster that you can easily kill and
start for debugging.
Fixes #38
```
The format can be described more formally as follows:
```
<subsystem>: <what changed>
<BLANK LINE>
<why this change was made>
<BLANK LINE>
<footer>
```
The first line is the subject and should be no longer than 70 characters, the
second line is always blank, and other lines should be wrapped at 80 characters.
This allows the message to be easier to read on GitHub as well as in various
git tools.
================================================
FILE: LICENSE
================================================
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
================================================
FILE: Makefile
================================================
SHELL=/bin/bash -o pipefail
BIN_DIR?=$(shell pwd)/tmp/bin
MDOX_BIN=$(BIN_DIR)/mdox
JB_BIN=$(BIN_DIR)/jb
GOJSONTOYAML_BIN=$(BIN_DIR)/gojsontoyaml
JSONNET_BIN=$(BIN_DIR)/jsonnet
JSONNETLINT_BIN=$(BIN_DIR)/jsonnet-lint
JSONNETFMT_BIN=$(BIN_DIR)/jsonnetfmt
KUBECONFORM_BIN=$(BIN_DIR)/kubeconform
KUBESCAPE_BIN=~/.kubescape/bin/kubescape
TOOLING=$(JB_BIN) $(GOJSONTOYAML_BIN) $(JSONNET_BIN) $(JSONNETLINT_BIN) $(JSONNETFMT_BIN) $(KUBECONFORM_BIN) $(MDOX_BIN)
JSONNETFMT_ARGS=-n 2 --max-blank-lines 2 --string-style s --comment-style s
MDOX_VALIDATE_CONFIG?=.mdox.validate.yaml
MD_FILES_TO_FORMAT=$(shell find docs developer-workspace examples experimental jsonnet manifests -name "*.md") $(shell ls *.md)
KUBESCAPE_THRESHOLD=1
all: generate fmt test docs
.PHONY: clean
clean:
# Remove all files and directories ignored by git.
git clean -Xfd .
.PHONY: docs
docs: $(MDOX_BIN) $(shell find examples) build.sh example.jsonnet
@echo ">> formatting and local/remote links"
$(MDOX_BIN) fmt --soft-wraps -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT)
.PHONY: check-docs
check-docs: $(MDOX_BIN) $(shell find examples) build.sh example.jsonnet
@echo ">> checking formatting and local/remote links"
$(MDOX_BIN) fmt --soft-wraps --check -l --links.localize.address-regex="https://prometheus-operator.dev/.*" --links.validate.config-file=$(MDOX_VALIDATE_CONFIG) $(MD_FILES_TO_FORMAT)
.PHONY: generate
generate: manifests
manifests: examples/kustomize.jsonnet $(GOJSONTOYAML_BIN) vendor
./build.sh $<
vendor: $(JB_BIN) jsonnetfile.json jsonnetfile.lock.json
rm -rf vendor
$(JB_BIN) install
crdschemas: vendor
./scripts/generate-schemas.sh
.PHONY: update
update: $(JB_BIN)
$(JB_BIN) update
.PHONY: validate
validate: validate-1.33 validate-1.34 validate-1.35
validate-1.33:
KUBE_VERSION=1.33.9 $(MAKE) kubeconform
validate-1.34:
KUBE_VERSION=1.34.5 $(MAKE) kubeconform
validate-1.35:
KUBE_VERSION=1.35.2 $(MAKE) kubeconform
.PHONY: kubeconform
kubeconform: crdschemas manifests $(KUBECONFORM_BIN)
$(KUBECONFORM_BIN) -kubernetes-version $(KUBE_VERSION) -schema-location 'default' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/
.PHONY: kubescape
kubescape: $(KUBESCAPE_BIN) ## Runs a security analysis on generated manifests - failing if risk score is above threshold percentage 't'
$(KUBESCAPE_BIN) scan framework nsa --compliance-threshold $(KUBESCAPE_THRESHOLD) -v --exceptions 'kubescape-exceptions.json' manifests/
$(KUBESCAPE_BIN):
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
.PHONY: fmt
fmt: $(JSONNETFMT_BIN)
find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
xargs -n 1 -- $(JSONNETFMT_BIN) $(JSONNETFMT_ARGS) -i
.PHONY: lint
lint: $(JSONNETLINT_BIN) vendor
find jsonnet/ -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
xargs -n 1 -- $(JSONNETLINT_BIN) -J vendor
.PHONY: test
test: $(JB_BIN)
$(JB_BIN) install
./scripts/test.sh
.PHONY: test-e2e
test-e2e:
go test -timeout 55m -v ./tests/e2e -count=1
$(BIN_DIR):
mkdir -p $(BIN_DIR)
$(TOOLING): $(BIN_DIR)
@echo Installing tools from scripts/tools.go
@cd scripts && cat tools.go | grep _ | awk -F'"' '{print $$2}' | xargs -tI % go build -modfile=go.mod -o $(BIN_DIR) %
.PHONY: deploy
deploy:
./developer-workspace/codespaces/prepare-kind.sh
./developer-workspace/common/deploy-kube-prometheus.sh
================================================
FILE: README.md
================================================
# kube-prometheus
[](https://github.com/prometheus-operator/kube-prometheus/actions)
[](http://slack.k8s.io/)
> [!WARNING]
> Everything is experimental and may change significantly at any time.
This repository collects Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the Prometheus Operator.
The content of this project is written in [jsonnet](http://jsonnet.org/). This project could both be described as a package as well as a library.
Components included in this package:
* The [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
* Highly available [Prometheus](https://prometheus.io/)
* Highly available [Alertmanager](https://github.com/prometheus/alertmanager)
* [Prometheus node-exporter](https://github.com/prometheus/node_exporter)
* [Prometheus blackbox-exporter](https://github.com/prometheus/blackbox_exporter)
* [Prometheus Adapter for Kubernetes Metrics APIs](https://github.com/kubernetes-sigs/prometheus-adapter)
* [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)
* [Grafana](https://grafana.com/)
This stack is meant for cluster monitoring, so it is pre-configured to collect metrics from all Kubernetes components. In addition to that it delivers a default set of dashboards and alerting rules. Many of the useful dashboards and alerts come from the [kubernetes-mixin project](https://github.com/kubernetes-monitoring/kubernetes-mixin), similar to this project it provides composable jsonnet as a library for users to customize to their needs.
## Prerequisites
You will need a Kubernetes cluster, that's it! By default it is assumed, that the kubelet uses token authentication and authorization, as otherwise Prometheus needs a client certificate, which gives it full access to the kubelet, rather than just the metrics. Token authentication and authorization allows more fine grained and easier access control.
This means the kubelet configuration must contain these flags:
* `--authentication-token-webhook=true` This flag enables, that a `ServiceAccount` token can be used to authenticate against the kubelet(s). This can also be enabled by setting the kubelet configuration value `authentication.webhook.enabled` to `true`.
* `--authorization-mode=Webhook` This flag enables, that the kubelet will perform an RBAC request with the API to determine, whether the requesting entity (Prometheus in this case) is allowed to access a resource, in specific for this project the `/metrics` endpoint. This can also be enabled by setting the kubelet configuration value `authorization.mode` to `Webhook`.
This stack provides [resource metrics](https://github.com/kubernetes/metrics#resource-metrics-api) by deploying
the [Prometheus Adapter](https://github.com/kubernetes-sigs/prometheus-adapter).
This adapter is an Extension API Server and Kubernetes needs to be have this feature enabled, otherwise the adapter has
no effect, but is still deployed.
## Compatibility
The following Kubernetes versions are supported and work as we test against these versions in their respective branches. But note that other versions might work!
> [!NOTE]
> In CI we will be testing only last two releases and main branch on a regular basis.
| kube-prometheus stack | Kubernetes 1.31 | Kubernetes 1.32 | Kubernetes 1.33 | Kubernetes 1.34 | Kubernetes 1.35 |
|--------------------------------------------------------------------------------------------|-----------------|-----------------|-----------------|-----------------|-----------------|
| [`release-0.15`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.15) | ✔ | ✔ | ✔ | x | x |
| [`release-0.16`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.16) | x | ✔ | ✔ | ✔ | x |
| [`release-0.17`](https://github.com/prometheus-operator/kube-prometheus/tree/release-0.17) | x | x | ✔ | ✔ | ✔ |
| [`main`](https://github.com/prometheus-operator/kube-prometheus/tree/main) | x | x | ✔ | ✔ | ✔ |
## Quickstart
This project is intended to be used as a library (i.e. the intent is not for you to create your own modified copy of this repository).
Though for a quickstart a compiled version of the Kubernetes [manifests](manifests) generated with this library (specifically with `example.jsonnet`) is checked into this repository in order to try the content out quickly. To try out the stack un-customized run:
* Create the monitoring stack using the config in the `manifests` directory:
```shell
# Create the namespace and CRDs, and then wait for them to be available before creating the remaining resources
# Note that due to some CRD size we are using kubectl server-side apply feature which is generally available since kubernetes 1.22.
# If you are using previous kubernetes versions this feature may not be available and you would need to use kubectl create instead.
kubectl apply --server-side -f manifests/setup
kubectl wait \
--for condition=Established \
--all CustomResourceDefinition \
--namespace=monitoring
kubectl apply -f manifests/
```
We create the namespace and CustomResourceDefinitions first to avoid race conditions when deploying the monitoring components.
Alternatively, the resources in both folders can be applied with a single command
`kubectl apply --server-side -f manifests/setup -f manifests`, but it may be necessary to run the command multiple times for all components to
be created successfully.
* To teardown the stack:
```shell
kubectl delete --ignore-not-found=true -f manifests/ -f manifests/setup
```
The [official documentation](http://prometheus-operator.dev/docs/getting-started/installation/) contains the full version of this quick-start guide, and includes [instructions](https://prometheus-operator.dev/kube-prometheus/kube/access-ui/) on how to access Prometheus, AlertManager, and Grafana.
### minikube
To try out this stack, start [minikube](https://github.com/kubernetes/minikube) with the following command:
```shell
minikube delete && minikube start --container-runtime=containerd --kubernetes-version=v1.33.1 --memory=6g --bootstrapper=kubeadm --extra-config=kubelet.authentication-token-webhook=true --extra-config=kubelet.authorization-mode=Webhook --extra-config=scheduler.bind-address=0.0.0.0 --extra-config=controller-manager.bind-address=0.0.0.0
```
The kube-prometheus stack includes a resource metrics API server, so the metrics-server addon is not necessary. Ensure the metrics-server addon is disabled on minikube:
```shell
minikube addons disable metrics-server
```
## Getting started
Before deploying kube-prometheus in a production environment, read:
1. [Customizing kube-prometheus](docs/customizing.md)
2. [Customization examples](docs/customizations)
3. [Accessing Graphical User Interfaces](docs/access-ui.md)
4. [Troubleshooting kube-prometheus](docs/troubleshooting.md)
## Documentation
1. [Continuous Delivery](examples/continuous-delivery)
2. [Update to new version](docs/update.md)
3. For more documentation on the project refer to `docs/` directory.
## Contributing
To contribute to kube-prometheus, refer to [Contributing](CONTRIBUTING.md).
## Join the discussion
If you have any questions or feedback regarding kube-prometheus, join the [kube-prometheus discussion](https://github.com/prometheus-operator/kube-prometheus/discussions). Alternatively, consider joining [#prometheus-operator](https://kubernetes.slack.com/archives/CFFDS2Z7F) slack channel or project's bi-weekly [Contributor Office Hours](https://docs.google.com/document/d/1-fjJmzrwRpKmSPHtXN5u6VZnn39M28KqyQGBEJsqUOk/edit#).
## License
Apache License 2.0, see [LICENSE](https://github.com/prometheus-operator/kube-prometheus/blob/main/LICENSE).
================================================
FILE: RELEASE.md
================================================
# Release schedule
kube-prometheus will follow the [Kubernetes release schedule](https://kubernetes.io/releases).
For every new Kubernetes release, there will be a corresponding minor release of
kube-prometheus, although it may not be immediate.
We do not guarantee backports from the `main` branch to older release branches.
| Release | Kubernetes Version | Release shepherd |
|---------|--------------------|-----------------------------------------|
| v0.18.0 | 1.36 | **searching for volunteer** |
| v0.17.0 | 1.35 | Jayapriya Pai (Github:@slashpai) |
| v0.16.0 | 1.34 | Simon Pasquier (GitHub: @simonpasquier) |
| v0.15.0 | 1.33 | Jayapriya Pai (Github: @slashpai) |
| v0.14.0 | 1.31 | Philip Gough (GitHub: @philipgough) |
| v0.13.0 | 1.28 | Philip Gough (GitHub: @philipgough) |
## How to cut a new release
> This guide is strongly based on the [prometheus-operator release
> instructions](https://github.com/prometheus-operator/prometheus-operator/blob/master/RELEASE.md).
## Branch management and versioning strategy
We use [Semantic Versioning](http://semver.org/).
We maintain a separate branch for each minor release, named
`release-<major>.<minor>`, e.g. `release-1.1`, `release-2.0`.
The usual flow is to merge new features, changes and bug fixes into the `main` branch.
The decision to backport bugfixes into release branches is made on a case-by-case basis.
Maintaining the release branches for older minor releases is best-effort.
## Update components version
Every release of kube-prometheus should include the latest versions of each
component. Updating them is automated via a CI job that can be triggered
manually from this
[workflow](https://github.com/prometheus-operator/kube-prometheus/actions/workflows/versions.yaml).
Once the workflow is completed, the prometheus-operator bot will create some
PRs. You should merge the one prefixed by `[bot][main]` if created before
proceeding. If the bot didn't create the PR, it is either because the workflow
failed or because the main branch was already up-to-date.
## Update Kubernetes supported versions
The `main` branch of kube-prometheus should support at least the last 2 versions of
Kubernetes. We need to make sure that the CI on the main branch is testing the
kube-prometheus configuration against these versions by updating the [CI
worklow](.github/workflows/ci.yaml) to include the latest kind version and the
latest images versions that are attached to the kind release. Once that is
done, the [compatibility matrix](README.md#compatibility) in
the README should also be updated to reflect the CI changes.
## Update Kubernetes versions used by kubeconform
Update the versions of Kubernetes used when validating manifests with
kubeconform in the [Makefile](Makefile) to align with the compatibility
matrix.
## Create pull request to cut the release
### Pin Jsonnet dependencies
Pin jsonnet dependencies in
[jsonnetfile.json](jsonnet/kube-prometheus/jsonnetfile.json). Each dependency
should be pinned to the latest release branch or if it doesn't have one, pinned
to the latest commit.
### Start with a fresh environment
```bash
make clean
```
### Update Jsonnet dependencies
```bash
make update
```
### Generate manifests
```bash
make generate
```
### Update the compatibility matrix
Update the [compatibility matrix](README.md#compatibility) in
the README, by adding the new release based on the `main` branch compatibility
and removing the oldest release branch to only keep the latest 5 branches in the
matrix.
### Update changelog
Iterate over the PRs that were merged between the latest release of kube-prometheus and the HEAD and add the changelog entries to the [CHANGELOG](CHANGELOG.md).
## Create release branch
Once the PR cutting the release is merged, pull the changes, create a new
release branch named `release-x.y` based on the latest changes and push it to
the upstream repository or create the branch from Github UI directly.
## Create the release
From the Github UI, draft a new [release](https://github.com/prometheus-operator/kube-prometheus/releases/new). Give the correct tag name and select the newly created release branch as the Target. Fill the description and click the `Publish release` button.
> [!NOTE]
> The new tag will be created automatically when the release is published.
> [!TIP]
> If we click `Generate release notes` while creating the release to compare with the last released tag, along with the commit changes from last release it will also find new contributors. We can skip the release notes generated but can keep the `New Contributors` section. See [example](https://github.com/prometheus-operator/kube-prometheus/releases/tag/v0.15.0) for reference.
## Create follow-up pull request
### Unpin Jsonnet dependencies
Revert previous changes made when pinning the jsonnet dependencies since we want
the main branch to be in sync with the latest changes of its dependencies.
### Update CI workflow
Update the [versions workflow](.github/workflows/versions.yaml) to include the latest release branch and remove the oldest one to reflect the list of supported releases.
================================================
FILE: build.sh
================================================
#!/usr/bin/env bash
# This script uses arg $1 (name of *.jsonnet file to use) to generate the manifests/*.yaml files.
set -e
set -x
# only exit with zero if all commands of the pipeline exit successfully
set -o pipefail
# Make sure to use project tooling
PATH="$(pwd)/tmp/bin:${PATH}"
# Make sure to start with a clean 'manifests' dir
rm -rf manifests
mkdir -p manifests/setup
# Calling gojsontoyaml is optional, but we would like to generate yaml, not json
jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml' -- {}
# Make sure to remove json files
find manifests -type f ! -name '*.yaml' -delete
rm -f kustomization
================================================
FILE: code-of-conduct.md
================================================
## Community Code of Conduct
### Contributor Code of Conduct
As contributors and maintainers of this project, and in the interest of
fostering an open and welcoming community, we pledge to respect all people who
contribute through reporting issues, posting feature requests, updating
documentation, submitting pull requests or patches, and other activities.
We are committed to making participation in this project a harassment-free
experience for everyone, regardless of level of experience, gender, gender
identity and expression, sexual orientation, disability, personal appearance,
body size, race, ethnicity, age, religion, or nationality.
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery
* Personal attacks
* Trolling or insulting/derogatory comments
* Public or private harassment
* Publishing others' private information, such as physical or electronic addresses, without explicit permission
* Other unethical or unprofessional conduct.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct. By adopting this Code of Conduct,
project maintainers commit themselves to fairly and consistently applying these
principles to every aspect of managing this project. Project maintainers who do
not follow or enforce the Code of Conduct may be permanently removed from the
project team.
This code of conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community.
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting a project maintainer listed in
https://github.com/prometheus-operator/prometheus-operator/blob/master/MAINTAINERS.md.
This Code of Conduct is adapted from the Contributor Covenant
(http://contributor-covenant.org), version 1.2.0, available at
http://contributor-covenant.org/version/1/2/0/
================================================
FILE: developer-workspace/README.md
================================================
# Ephemeral developer workspaces
Aiming to provide better developer experience when making contributions to kube-prometheus, whether by actively developing new features/bug fixes or by reviewing pull requests, we want to provide ephemeral developer workspaces with everything already configured (as far as tooling makes it possible).
A developer workspace provides a brand new Kubernetes cluster, where kube-prometheus can be easily deployed and the contributor can easily see the impact that a pull request is proposing.
Today only [Github Codespaces](https://github.com/features/codespaces) is supported. Unfortunately, Codespaces is not available for everyone. If you are fortunate to have access to it, you can open a new workspace from a specific branch, or even from Pull Requests.
After your workspace start, you can deploy a kube-prometheus inside a Kind cluster inside by running `make deploy`.
If you are reviewing a PR, you'll have a fully-functional kubernetes cluster, generating real monitoring data that can be used to review if the proposed changes works as described.
If you are working on new features/bug fixes, you can regenerate kube-prometheus's YAML manifests with `make generate` and deploy it again with `make deploy`.
================================================
FILE: developer-workspace/codespaces/prepare-kind.sh
================================================
#!/bin/bash
which kind
if [[ $? != 0 ]]; then
echo 'kind not available in $PATH, installing latest kind'
# Install latest kind
curl -s https://api.github.com/repos/kubernetes-sigs/kind/releases/latest \
| grep "browser_download_url.*kind-linux-amd64" \
| cut -d : -f 2,3 \
| tr -d \" \
| wget -qi -
mv kind-linux-amd64 developer-workspace/codespaces/kind && chmod +x developer-workspace/codespaces/kind
export PATH=$PATH:$PWD/developer-workspace/codespaces
fi
cluster_created=$($PWD/developer-workspace/codespaces/kind get clusters 2>&1)
if [[ "$cluster_created" == "No kind clusters found." ]]; then
$PWD/developer-workspace/codespaces/kind create cluster --config $PWD/.github/workflows/kind/config.yml
else
echo "Cluster '$cluster_created' already present"
fi
helm repo add --force-update cilium https://helm.cilium.io/
helm install cilium cilium/cilium --version 1.9.13 \
--namespace kube-system \
--set nodeinit.enabled=true \
--set kubeProxyReplacement=partial \
--set hostServices.enabled=false \
--set externalIPs.enabled=true \
--set nodePort.enabled=true \
--set hostPort.enabled=true \
--set bpf.masquerade=false \
--set image.pullPolicy=IfNotPresent \
--set ipam.mode=kubernetes \
--set operator.replicas=1
================================================
FILE: developer-workspace/common/deploy-kube-prometheus.sh
================================================
#!/bin/bash
kubectl apply --server-side -f manifests/setup
# Safety wait for CRDs to be working
sleep 30
kubectl apply -f manifests/
sleep 30
# Safety wait for resources to be created
kubectl rollout status -n monitoring daemonset node-exporter
kubectl rollout status -n monitoring statefulset alertmanager-main
kubectl rollout status -n monitoring statefulset prometheus-k8s
kubectl rollout status -n monitoring deployment grafana
kubectl rollout status -n monitoring deployment kube-state-metrics
kubectl port-forward -n monitoring svc/grafana 3000 > /dev/null 2>&1 &
kubectl port-forward -n monitoring svc/alertmanager-main 9093 > /dev/null 2>&1 &
kubectl port-forward -n monitoring svc/prometheus-k8s 9090 > /dev/null 2>&1 &
================================================
FILE: developer-workspace/gitpod/prepare-k3s.sh
================================================
#!/bin/bash
script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
rootfslock="${script_dirname}/_output/rootfs/rootfs-ready.lock"
k3sreadylock="${script_dirname}/_output/rootfs/k3s-ready.lock"
if test -f "${k3sreadylock}"; then
exit 0
fi
cd $script_dirname
function waitssh() {
while ! nc -z 127.0.0.1 2222; do
sleep 0.1
done
./ssh.sh "whoami" &>/dev/null
if [ $? -ne 0 ]; then
sleep 1
waitssh
fi
}
function waitrootfs() {
while ! test -f "${rootfslock}"; do
sleep 0.1
done
}
echo "🔥 Installing everything, this will be done only one time per workspace."
echo "Waiting for the rootfs to become available, it can take a while, open the terminal #2 for progress"
waitrootfs
echo "✅ rootfs available"
echo "Waiting for the ssh server to become available, it can take a while, after this k3s is getting installed"
waitssh
echo "✅ ssh server available"
./ssh.sh "curl -sfL https://get.k3s.io | sh -"
mkdir -p ~/.kube
./scp.sh root@127.0.0.1:/etc/rancher/k3s/k3s.yaml ~/.kube/config
echo "✅ k3s server is ready"
touch "${k3sreadylock}"
# safety wait for cluster availability
sleep 30s
================================================
FILE: developer-workspace/gitpod/prepare-rootfs.sh
================================================
#!/bin/bash
set -euo pipefail
img_url="https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64.tar.gz"
script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
outdir="${script_dirname}/_output/rootfs"
rm -Rf $outdir
mkdir -p $outdir
curl -L -o "${outdir}/rootfs.tar.gz" $img_url
cd $outdir
tar -xvf rootfs.tar.gz
qemu-img resize hirsute-server-cloudimg-amd64.img +20G
sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'resize2fs /dev/sda'
sudo virt-customize -a hirsute-server-cloudimg-amd64.img --root-password password:root
netconf="
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: yes
"
# networking setup
sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "echo '${netconf}' > /etc/netplan/01-net.yaml"
# copy kernel modules
sudo virt-customize -a hirsute-server-cloudimg-amd64.img --copy-in /lib/modules/$(uname -r):/lib/modules
# ssh
sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command 'apt remove openssh-server -y && apt install openssh-server -y'
sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config"
sudo virt-customize -a hirsute-server-cloudimg-amd64.img --run-command "sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config"
# mark as ready
touch rootfs-ready.lock
echo "k3s development environment is ready"
================================================
FILE: developer-workspace/gitpod/qemu.sh
================================================
#!/bin/bash
set -xeuo pipefail
script_dirname="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
outdir="${script_dirname}/_output"
sudo qemu-system-x86_64 -kernel "/boot/vmlinuz" \
-boot c -m 3073M -hda "${outdir}/rootfs/hirsute-server-cloudimg-amd64.img" \
-net user \
-smp 8 \
-append "root=/dev/sda rw console=ttyS0,115200 acpi=off nokaslr" \
-nic user,hostfwd=tcp::2222-:22,hostfwd=tcp::6443-:6443 \
-serial mon:stdio -display none
================================================
FILE: developer-workspace/gitpod/scp.sh
================================================
#!/bin/bash
sshpass -p 'root' scp -o StrictHostKeychecking=no -P 2222 $@
================================================
FILE: developer-workspace/gitpod/ssh.sh
================================================
#!/bin/bash
sshpass -p 'root' ssh -o StrictHostKeychecking=no -p 2222 root@127.0.0.1 "$@"
================================================
FILE: docs/EKS-cni-support.md
================================================
# CNI monitoring special configuration updates for EKS
AWS EKS uses [CNI](https://github.com/aws/amazon-vpc-cni-k8s) networking plugin for pod networking in Kubernetes using Elastic Network Interfaces on AWS
One fatal issue that can occur is that you run out of IP addresses in your eks cluster. (Generally happens due to error configs where pods keep scheduling).
You can monitor the `awscni` using kube-promethus with :
```jsonnet mdox-exec="cat examples/eks-cni-example.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
kubePrometheus+: {
platform: 'eks',
},
},
kubernetesControlPlane+: {
prometheusRuleEksCNI+: {
spec+: {
groups+: [
{
name: 'example-group',
rules: [
{
record: 'aws_eks_available_ip',
expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < 10',
},
],
},
],
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
```
After you have the required yaml file please run
```
kubectl apply -f manifests/prometheus-serviceMonitorAwsEksCNI.yaml
```
================================================
FILE: docs/GKE-cadvisor-support.md
================================================
# Kubelet / cAdvisor special configuration updates for GKE
Prior to GKE 1.11, the kubelet does not support token
authentication. Until it does, Prometheus must use HTTP (not HTTPS)
for scraping.
You can configure this behavior through kube-prometheus with:
```
local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
(import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet') +
{
_config+:: {
# ... config here
}
};
```
Or, you can patch and re-apply your existing manifests with:
On linux:
```
sed -i -e 's/https/http/g' manifests/prometheus-serviceMonitorKubelet.yaml
```
On MacOs:
```
sed -i '' -e 's/https/http/g' manifests/prometheus-serviceMonitorKubelet.yaml
```
After you have modified the yaml file please run
```
kubectl apply -f manifests/prometheus-serviceMonitorKubelet.yaml
```
================================================
FILE: docs/access-ui.md
================================================
---
weight: 300
toc: true
title: Access Dashboards
menu:
docs:
parent: kube
images: []
draft: false
---
Prometheus, Grafana, and Alertmanager dashboards can be accessed quickly using `kubectl port-forward` after running the quickstart via the commands below.
> Kubernetes 1.10 or later is required.
You can also learn how to [expose Prometheus/Alertmanager/Grafana via Ingress](https://prometheus-operator.dev/kube-prometheus/kube/exposing-prometheus-alertmanager-grafana-ingress/)
## Prometheus
```shell
kubectl --namespace monitoring port-forward svc/prometheus-k8s 9090
```
Open Prometheus on [http://localhost:9090](http://localhost:9090) in your browser.
Check out the [alerts](http://localhost:9090/alerts) and [rules](http://localhost:9090/rules) pages with the pre-configured rules and alerts!
This Prometheus is supposed to monitor your Kubernetes cluster and make sure to alert you if there’s a problem with it.
For your own applications we recommend running one or more other instances.
## Grafana
```shell
kubectl --namespace monitoring port-forward svc/grafana 3000
```
Open Grafana on [localhost:3000](https://localhost:3000) in your browser.
You can login with the username `admin` and password `admin`.
## Alertmanager
```shell
kubectl --namespace monitoring port-forward svc/alertmanager-main 9093
```
Open Alertmanager on [localhost:9093](http://localhost:9093) in your browser.
================================================
FILE: docs/blackbox-exporter.md
================================================
---
weight: 304
toc: true
title: Blackbox Exporter
menu:
docs:
parent: kube
lead: This guide will help you deploying the blackbox-exporter with the Probe custom resource definition.
images: []
draft: false
description: This guide will help you deploying the blackbox-exporter with the Probe custom resource definition.
date: "2021-03-08T08:49:31+00:00"
---
# Setting up a blackbox exporter
The `prometheus-operator` defines a `Probe` resource type that can be used to describe blackbox checks. To execute these, a separate component called [`blackbox_exporter`](https://github.com/prometheus/blackbox_exporter) has to be deployed, which can be scraped to retrieve the results of these checks. You can use `kube-prometheus` to set up such a blackbox exporter within your Kubernetes cluster.
## Adding blackbox exporter manifests to an existing `kube-prometheus` configuration
1. Override blackbox-related configuration parameters as needed.
2. Add the following to the list of renderers to render the blackbox exporter manifests:
```
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) }
```
## Configuration parameters influencing the blackbox exporter
* `_config.namespace`: the namespace where the various generated resources (`ConfigMap`, `Deployment`, `Service`, `ServiceAccount` and `ServiceMonitor`) will reside. This does not affect where you can place `Probe` objects; that is determined by the configuration of the `Prometheus` resource. This option is shared with other `kube-prometheus` components; defaults to `default`.
* `_config.imageRepos.blackboxExporter`: the name of the blackbox exporter image to deploy. Defaults to `quay.io/prometheus/blackbox-exporter`.
* `_config.versions.blackboxExporter`: the tag of the blackbox exporter image to deploy. Defaults to the version `kube-prometheus` was tested with.
* `_config.imageRepos.configmapReloader`: the name of the ConfigMap reloader image to deploy. Defaults to `ghcr.io/jimmidyson/configmap-reload`.
* `_config.versions.configmapReloader`: the tag of the ConfigMap reloader image to deploy. Defaults to the version `kube-prometheus` was tested with.
* `_config.resources.blackbox-exporter.requests`: the requested resources; this is used for each container. Defaults to `10m` CPU and `20Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.
* `_config.resources.blackbox-exporter.limits`: the resource limits; this is used for each container. Defaults to `20m` CPU and `40Mi` RAM. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for details.
* `_config.blackboxExporter.port`: the exposed HTTPS port of the exporter. This is what Prometheus can scrape for metrics related to the blackbox exporter itself. Defaults to `9115`.
* `_config.blackboxExporter.internalPort`: the internal plaintext port of the exporter. Prometheus scrapes configured via `Probe` objects cannot access the HTTPS port right now, so you have to specify this port in the `url` field. Defaults to `19115`.
* `_config.blackboxExporter.replicas`: the number of exporter replicas to be deployed. Defaults to `1`.
* `_config.blackboxExporter.matchLabels`: map of the labels to be used to select resources belonging to the instance deployed. Defaults to `{ 'app.kubernetes.io/name': 'blackbox-exporter' }`
* `_config.blackboxExporter.assignLabels`: map of the labels applied to components of the instance deployed. Defaults to all the labels included in the `matchLabels` option, and additionally `app.kubernetes.io/version` is set to the version of the blackbox exporter.
* `_config.blackboxExporter.modules`: the modules available in the blackbox exporter installation, i.e. the types of checks it can perform. The default value includes most of the modules defined in the default blackbox exporter configuration: `http_2xx`, `http_post_2xx`, `tcp_connect`, `pop3s_banner`, `ssh_banner`, and `irc_banner`. `icmp` is omitted so the exporter can be run with minimum privileges, but you can add it back if needed - see the example below. See https://github.com/prometheus/blackbox_exporter/blob/master/CONFIGURATION.md for the configuration format, except you have to use JSON instead of YAML here.
* `_config.blackboxExporter.privileged`: whether the `blackbox-exporter` container should be running as non-root (`false`) or root with heavily-restricted capability set (`true`). Defaults to `true` if you have any ICMP modules defined (which need the extra permissions) and `false` otherwise.
## Complete example
```jsonnet
local kp =
(import 'kube-prometheus/kube-prometheus.libsonnet') +
{
_config+:: {
namespace: 'monitoring',
blackboxExporter+:: {
modules+:: {
icmp: {
prober: 'icmp',
},
},
},
},
};
{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
} +
// serviceMonitor is separated so that it can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
After installing the generated manifests, you can create `Probe` resources, for example:
```yaml
kind: Probe
apiVersion: monitoring.coreos.com/v1
metadata:
name: example-com-website
namespace: monitoring
spec:
interval: 60s
module: http_2xx
prober:
url: blackbox-exporter.monitoring.svc.cluster.local:19115
targets:
staticConfig:
static:
- http://example.com
- https://example.com
```
================================================
FILE: docs/community-support.md
================================================
# Community support
For bugs, you can use the GitHub [issue tracker](https://github.com/prometheus-operator/kube-prometheus/issues/new/choose).
For questions, you can use the GitHub [discussions forum](https://github.com/prometheus-operator/kube-prometheus/discussions).
Many of the `kube-prometheus` project's contributors and users can also be found on the #prometheus-operator channel of the [Kubernetes Slack](https://slack.k8s.io/).
`kube-prometheus` is the aggregation of many projects that all have different
channels to reach out for help and support. This community strives at
supporting all users and you should never be afraid of asking us first. However
if your request relates specifically to one of the projects listed below, it is
often more efficient to reach out to the project directly. If you are unsure,
please feel free to open an issue in this repository and we will redirect you
if applicable.
## prometheus-operator
For documentation, check the project's [documentation directory](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation).
For questions, use the #prometheus-operator channel on the [Kubernetes Slack](https://slack.k8s.io/).
For bugs, use the GitHub [issue tracker](https://github.com/prometheus-operator/prometheus-operator/issues/new/choose).
## Prometheus, Alertmanager, node_exporter
For documentation, check the Prometheus [online docs](https://prometheus.io/docs/). There is a
[section](https://prometheus.io/docs/introduction/media/) with links to blog
posts, recorded talks and presentations. This [repository](https://github.com/roaldnefs/awesome-prometheus)
(not affiliated to the Prometheus project) has also a list of curated resources
related to the Prometheus ecosystem.
For questions, see the Prometheus [community page](https://prometheus.io/community/) for the various channels.
There is also a #prometheus channel on the [CNCF Slack](https://slack.cncf.io/).
## kube-state-metrics
For documentation, see the project's [docs directory](https://github.com/kubernetes/kube-state-metrics/tree/main/docs).
For questions, use the #kube-state-metrics channel on the [Kubernetes Slack](https://slack.k8s.io/).
For bugs, use the GitHub [issue tracker](https://github.com/kubernetes/kube-state-metrics/issues/new/choose).
## Kubernetes
For documentation, check the [Kubernetes docs](https://kubernetes.io/docs/home/).
For questions, use the [community forums](https://discuss.kubernetes.io/) and the [Kubernetes Slack](https://slack.k8s.io/). Check also the [community page](https://kubernetes.io/community/#discuss).
For bugs, use the GitHub [issue tracker](https://github.com/kubernetes/kubernetes/issues/new/choose).
## Prometheus adapter
For documentation, check the project's [README](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/README.md).
For questions, use the #sig-instrumentation channel on the [Kubernetes Slack](https://slack.k8s.io/).
For bugs, use the GitHub [issue tracker](https://github.com/DirectXMan12/k8s-prometheus-adapter/issues/new).
## Grafana
For documentation, check the [Grafana docs](https://grafana.com/docs/grafana/latest/).
For questions, use the [community forums](https://community.grafana.com/).
For bugs, use the GitHub [issue tracker](https://github.com/grafana/grafana/issues/new/choose).
## kubernetes-mixin
For documentation, check the project's [README](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/README.md).
For questions, use #monitoring-mixins channel on the [Kubernetes Slack](https://slack.k8s.io/).
For bugs, use the GitHub [issue tracker](https://github.com/kubernetes-monitoring/kubernetes-mixin/issues/new).
## Jsonnet
For documentation, check the [Jsonnet](https://jsonnet.org/) website.
For questions, use the [mailing list](https://groups.google.com/forum/#!forum/jsonnet).
================================================
FILE: docs/customizations/alertmanager-configuration.md
================================================
### Alertmanager configuration
The Alertmanager configuration is located in the `values.alertmanager.config` configuration field. In order to set a custom Alertmanager configuration simply set this field.
```jsonnet mdox-exec="cat examples/alertmanager-config.jsonnet"
((import 'kube-prometheus/main.libsonnet') + {
values+:: {
alertmanager+: {
config: |||
global:
resolve_timeout: 10m
route:
group_by: ['job']
group_wait: 30s
group_interval: 5m
repeat_interval: 12h
receiver: 'null'
routes:
- match:
alertname: Watchdog
receiver: 'null'
receivers:
- name: 'null'
|||,
},
},
}).alertmanager.secret
```
In the above example the configuration has been inlined, but can just as well be an external file imported in jsonnet via the `importstr` function.
```jsonnet mdox-exec="cat examples/alertmanager-config-external.jsonnet"
((import 'kube-prometheus/main.libsonnet') + {
values+:: {
alertmanager+: {
config: importstr 'alertmanager-config.yaml',
},
},
}).alertmanager.secret
```
================================================
FILE: docs/customizations/components-name-namespace-overrides.md
================================================
### Components' name and namespace overrides
It is possible to override the namespace where kube-prometheus is going to be deployed, like the example below:
```jsonnet
local kp = (import 'kube-prometheus/main.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
},
};
```
If prefered, it can be changed individually by component. It is also possible to change the name of Prometheus and Alertmanager Custom Resources, like shown below:
```jsonnet mdox-exec="cat examples/name-namespace-overrides.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
prometheus+: {
namespace: 'foo',
name: 'bar',
},
alertmanager+: {
namespace: 'bar',
name: 'foo',
},
},
};
{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
// Add the restricted psp to setup
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
} +
// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
```
================================================
FILE: docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md
================================================
---
weight: 307
toc: true
title: Prometheus Rules and Grafana Dashboards
menu:
docs:
parent: kube
lead: This guide will help you adding Prometheus Rules and Grafana Dashboards on top of kube-prometheus
images: []
draft: false
description: This guide will help you adding Prometheus Rules and Grafana Dashboards on top of kube-prometheus
---
`kube-prometheus` ships with a set of default [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) and [Grafana](http://grafana.com/) dashboards. At some point one might like to extend them, the purpose of this document is to explain how to do this.
All manifests of kube-prometheus are generated using [jsonnet](https://jsonnet.org/).
Prometheus rules and Grafana dashboards in specific follow the
[Prometheus Monitoring Mixins proposal](https://github.com/monitoring-mixins/docs/blob/master/design.pdf).
For both the Prometheus rules and the Grafana dashboards Kubernetes `ConfigMap`s are generated within kube-prometheus. In order to add additional rules and dashboards simply merge them onto the existing json objects. This document illustrates examples for rules as well as dashboards.
As a basis, all examples in this guide are based on the base example of the kube-prometheus [readme](https://github.com/prometheus-operator/kube-prometheus/blob/main/README.md):
```jsonnet mdox-exec="cat example.jsonnet"
local kp =
(import 'kube-prometheus/main.libsonnet') +
// Uncomment the following imports to enable its patches
// (import 'kube-prometheus/addons/anti-affinity.libsonnet') +
// (import 'kube-prometheus/addons/managed-cluster.libsonnet') +
// (import 'kube-prometheus/addons/node-ports.libsonnet') +
// (import 'kube-prometheus/addons/static-etcd.libsonnet') +
// (import 'kube-prometheus/addons/custom-metrics.libsonnet') +
// (import 'kube-prometheus/addons/external-metrics.libsonnet') +
// (import 'kube-prometheus/addons/pyrra.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
},
};
{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
} +
// { 'setup/pyrra-slo-CustomResourceDefinition': kp.pyrra.crd } +
// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
// { ['pyrra-' + name]: kp.pyrra[name] for name in std.objectFields(kp.pyrra) if name != 'crd' } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
```
## Prometheus rules
### Alerting rules
As per the [Prometheus Monitoring Mixins proposal](https://github.com/monitoring-mixins/docs/blob/master/design.pdf)
Prometheus alerting rules are under the key `prometheusAlerts` in the top level object.
Additional alerting rules can be added by merging into the existing object.
The format is exactly the Prometheus format, so there should be no changes necessary should you have existing rules that you want to include.
> Note that alerts can also be included into this file, using the jsonnet `import` function.
> In this example it is just inlined in order to demonstrate their use in a single file.
```jsonnet mdox-exec="cat examples/prometheus-additional-alert-rule-example.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
},
exampleApplication: {
prometheusRuleExample: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
name: 'my-prometheus-rule',
namespace: $.values.common.namespace,
},
spec: {
groups: [
{
name: 'example-group',
rules: [
{
alert: 'ExampleAlert',
expr: 'vector(1)',
labels: {
severity: 'warning',
},
annotations: {
description: 'This is an example alert.',
},
},
],
},
],
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
```
### Recording rules
In order to add a recording rule, simply do the same with the `prometheusRules` field.
> Note that rules can just as well be included into this file, using the jsonnet `import` function.
> In this example it is just inlined in order to demonstrate their use in a single file.
```jsonnet mdox-exec="cat examples/prometheus-additional-recording-rule-example.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
},
exampleApplication: {
prometheusRuleExample: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
name: 'my-prometheus-rule',
namespace: $.values.common.namespace,
},
spec: {
groups: [
{
name: 'example-group',
rules: [
{
record: 'some_recording_rule_name',
expr: 'vector(1)',
},
],
},
],
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
```
### Pre-rendered rules
We acknowledge, that users may need to transition existing rules, and therefore allow an option to add additional pre-rendered rules. Luckily the yaml and json formats are very close so the yaml rules just need to be converted to json without any manual interaction needed. Just a tool to convert yaml to json is needed:
```
go get -u -v github.com/brancz/gojsontoyaml
```
And convert the existing rule file:
```
cat existingrule.yaml | gojsontoyaml -yamltojson > existingrule.json
```
Then import it in jsonnet:
```jsonnet mdox-exec="cat examples/prometheus-additional-rendered-rule-example.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
},
exampleApplication: {
prometheusRuleExample: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
name: 'my-prometheus-rule',
namespace: $.values.common.namespace,
},
spec: {
groups: (import 'existingrule.json').groups,
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
```
### Changing default rules
Along with adding additional rules, we give the user the option to filter or adjust the existing rules imported by `kube-prometheus/main.libsonnet`.
The recording rules can be found in [kube-prometheus/components/mixin/rules](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/components/mixin/rules)
and [kubernetes-mixin/rules](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/rules).
The alerting rules can be found in [kube-prometheus/components/mixin/alerts](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/components/mixin/alerts)
and [kubernetes-mixin/alerts](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/alerts).
Knowing which rules to change, the user can now use functions from the [Jsonnet standard library](https://jsonnet.org/ref/stdlib.html) to make these changes.
Below are examples of both a filter and an adjustment being made to the default rules.
These changes can be assigned to a local variable and then added to the `local kp` object as seen in the examples above.
#### Filter
Here the alert `KubeStatefulSetReplicasMismatch` is being filtered out of the group `kubernetes-apps`.
The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet).
You first need to find out in which component the rule is defined (here it is kuberentesControlPlane).
```jsonnet
local filter = {
kubernetesControlPlane+: {
prometheusRule+: {
spec+: {
groups: std.map(
function(group)
if group.name == 'kubernetes-apps' then
group {
rules: std.filter(
function(rule)
rule.alert != 'KubeStatefulSetReplicasMismatch',
group.rules
),
}
else
group,
super.groups
),
},
},
},
};
```
#### Adjustment
Here the expression for another alert in the same component is updated from its previous value.
The default rule can be seen [here](https://github.com/kubernetes-monitoring/kubernetes-mixin/blob/master/alerts/apps_alerts.libsonnet).
```jsonnet
local update = {
kubernetesControlPlane+: {
prometheusRule+: {
spec+: {
groups: std.map(
function(group)
if group.name == 'kubernetes-apps' then
group {
rules: std.map(
function(rule)
if rule.alert == 'KubePodCrashLooping' then
rule {
expr: 'rate(kube_pod_container_status_restarts_total{namespace=kube-system,job="kube-state-metrics"}[10m]) * 60 * 5 > 0',
}
else
rule,
group.rules
),
}
else
group,
super.groups
),
},
},
},
};
```
Using the example from above about adding in pre-rendered rules, the new local variables can be added in as follows:
```jsonnet
local add = {
exampleApplication:: {
prometheusRule+: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
name: 'example-application-rules',
namespace: $.values.common.namespace,
},
spec: (import 'existingrule.json'),
},
},
};
local kp = (import 'kube-prometheus/main.libsonnet') + filter + update + add;
local kp = (import 'kube-prometheus/main.libsonnet') +
filter +
update +
add + {
values+:: {
common+: {
namespace: 'monitoring',
},
},
};
{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
} +
// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) } +
{ ['exampleApplication-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
```
## Dashboards
Dashboards can either be added using jsonnet or simply a pre-rendered json dashboard.
### Jsonnet dashboard
We recommend using the [grafonnet](https://github.com/grafana/grafonnet-lib/) library for jsonnet,
which gives you a simple DSL to generate Grafana dashboards.
Following the [Prometheus Monitoring Mixins proposal](https://github.com/monitoring-mixins/docs/blob/master/design.pdf)
additional dashboards are added to the `grafanaDashboards` key, located in the top level object.
To add new jsonnet dashboards, simply add one.
> Note that dashboards can just as well be included into this file, using the jsonnet `import` function.
> In this example it is just inlined in order to demonstrate their use in a single file.
```jsonnet mdox-exec="cat examples/grafana-additional-jsonnet-dashboard-example.jsonnet"
local grafana = import 'grafonnet/grafana.libsonnet';
local dashboard = grafana.dashboard;
local row = grafana.row;
local prometheus = grafana.prometheus;
local template = grafana.template;
local graphPanel = grafana.graphPanel;
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+:: {
namespace: 'monitoring',
},
grafana+: {
dashboards+:: {
'my-dashboard.json':
dashboard.new('My Dashboard')
.addTemplate(
{
current: {
text: 'Prometheus',
value: 'Prometheus',
},
hide: 0,
label: null,
name: 'datasource',
options: [],
query: 'prometheus',
refresh: 1,
regex: '',
type: 'datasource',
},
)
.addRow(
row.new()
.addPanel(graphPanel.new('My Panel', span=6, datasource='$datasource')
.addTarget(prometheus.target('vector(1)')))
),
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
### Pre-rendered Grafana dashboards
As jsonnet is a superset of json, the jsonnet `import` function can be used to include Grafana dashboard json blobs.
In this example we are importing a [provided example dashboard](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/example-grafana-dashboard.json).
```jsonnet mdox-exec="cat examples/grafana-additional-rendered-dashboard-example.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+:: {
namespace: 'monitoring',
},
grafana+: {
dashboards+:: { // use this method to import your dashboards to Grafana
'my-dashboard.json': (import 'example-grafana-dashboard.json'),
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
In case you have lots of json dashboard exported out from grafana UI the above approach is going to take lots of time.
To improve performance we can use `rawDashboards` field and provide it's value as json string by using `importstr`
```jsonnet mdox-exec="cat examples/grafana-additional-rendered-dashboard-example-2.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+:: {
namespace: 'monitoring',
},
grafana+: {
rawDashboards+:: {
'my-dashboard.json': (importstr 'example-grafana-dashboard.json'),
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
### Mixins
Kube-prometheus comes with a couple of default mixins as the Kubernetes-mixin and the Node-exporter mixin,
however there [are many more mixins](https://monitoring.mixins.dev/).
To use other mixins, kube-prometheus has a jsonnet library for creating a PrometheusRule CRD and Grafana dashboards from a mixin.
Below is an example of creating a mixin object that has Prometheus rules and Grafana dashboards:
```jsonnet
// Import the library function for adding mixins
local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet');
// Create your mixin
local myMixin = addMixin({
name: 'myMixin',
mixin: import 'my-mixin/mixin.libsonnet',
});
```
The myMixin object will have two objects - `prometheusRules` and `grafanaDashboards`. The `grafanaDashboards` object will be needed to be added to the `dashboards` field as in the example below:
```jsonnet
values+:: {
grafana+:: {
dashboards+:: myMixin.grafanaDashboards
```
The `prometheusRules` object is a PrometheusRule CRD. It should be defined as its own jsonnet object.
If you define multiple mixins in a single jsonnet object, there is a possibility that they will overwrite each others'
configuration and there will be unintended effects.
Therefore, use the `prometheusRules` object as its own jsonnet object:
```jsonnet
...
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ 'external-mixins/my-mixin-prometheus-rules': myMixin.prometheusRules } // one object for each mixin
```
As mentioned above each mixin is configurable and you would configure the mixin as in the example below:
```jsonnet
local myMixin = addMixin({
name: 'myMixin',
mixin: (import 'my-mixin/mixin.libsonnet') + {
_config+:: {
myMixinSelector: 'my-selector',
interval: '30d', // example
},
},
});
```
The library has also two optional parameters - the namespace for the `PrometheusRule` CRD and the dashboard folder for the Grafana dashboards.
The below example shows how to use both:
```jsonnet
local myMixin = addMixin({
name: 'myMixin',
namespace: 'prometheus', // default is monitoring
dashboardFolder: 'Observability',
mixin: (import 'my-mixin/mixin.libsonnet') + {
_config+:: {
myMixinSelector: 'my-selector',
interval: '30d', // example
},
},
});
```
The created `prometheusRules` object will have the metadata field `namespace` added and the usage will remain the same.
However, the `grafanaDasboards` will be added to the `folderDashboards` field instead of the `dashboards` field as shown in the example below:
```jsonnet
values+:: {
grafana+:: {
folderDashboards+:: {
Kubernetes: {
...
},
Misc: {
'grafana-home.json': import 'dashboards/misc/grafana-home.json',
},
} + myMixin.grafanaDashboards
```
Full example of including etcd mixin using method described above:
```jsonnet mdox-exec="cat examples/mixin-inclusion.jsonnet"
local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet');
local etcdMixin = addMixin({
name: 'etcd',
mixin: (import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + {
_config+: {}, // mixin configuration object
},
});
local kp = (import 'kube-prometheus/main.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
grafana+: {
// Adding new dashboard to grafana. This will modify grafana configMap with dashboards
dashboards+: etcdMixin.grafanaDashboards,
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
// Rendering prometheusRules object. This is an object compatible with prometheus-operator CRD definition for prometheusRule
{ 'external-mixins/etcd-mixin-prometheus-rules': etcdMixin.prometheusRules }
```
================================================
FILE: docs/customizations/dropping-unwanted-dashboards.md
================================================
### Dropping unwanted dashboards
When deploying kube-prometheus, your Grafana instance is deployed with a lot of dashboards by default. All those dashboards are comming from upstream projects like [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin), [prometheus-mixin](https://github.com/prometheus/prometheus/tree/main/documentation/prometheus-mixin) and [node-exporter-mixin](https://github.com/prometheus/node_exporter/tree/master/docs/node-mixin), among others.
In case you find out that you don't need some of them, you can choose to remove those dashboards like in the example below, which removes the [`alertmanager-overview.json`](https://github.com/prometheus/alertmanager/blob/main/doc/alertmanager-mixin/dashboards/overview.libsonnet) dashboard.
```jsonnet mdox-exec="cat examples/drop-dashboards.jsonnet"
local kp =
(import 'kube-prometheus/main.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
grafana+: {
dashboards: std.mergePatch(super.dashboards, {
// Add more unwanted dashboards here
'alertmanager-overview.json': null,
}),
},
},
};
{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
} +
// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
```
================================================
FILE: docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md
================================================
---
weight: 303
toc: true
title: Expose via Ingress
menu:
docs:
parent: kube
lead: This guide will help you deploying a Kubernetes Ingress to expose Prometheus, Alertmanager and Grafana.
images: []
draft: false
description: This guide will help you deploying a Kubernetes Ingress to expose Prometheus, Alertmanager and Grafana.
---
In order to access the web interfaces via the Internet [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is a popular option. This guide explains, how Kubernetes Ingress can be setup, in order to expose the Prometheus, Alertmanager and Grafana UIs, that are included in the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.
Note: before continuing, it is recommended to first get familiar with the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) stack by itself.
## Prerequisites
Apart from a running Kubernetes cluster with a running [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) stack, a Kubernetes Ingress controller must be installed and functional. This guide was tested with the [nginx-ingress-controller](https://github.com/kubernetes/ingress-nginx). If you wish to reproduce the exact result in as depicted in this guide we recommend using the nginx-ingress-controller.
## Setting up Ingress
The setup of Ingress objects is the same for Prometheus, Alertmanager and Grafana. Therefore this guides demonstrates it in detail for Prometheus as it can easily be adapted for the other applications.
As monitoring data may contain sensitive data, this guide describes how to setup Ingress with basic auth as an example of minimal security. Of course this should be adapted to the preferred authentication mean of any particular organization, but we feel it is important to at least provide an example with a minimum of security.
In order to setup basic auth, a secret with the `htpasswd` formatted file needs to be created. To do this, first install the [`htpasswd`](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) tool.
To create the `htpasswd` formatted file called `auth` run:
```
htpasswd -c auth <username>
```
In order to use this a secret needs to be created containing the name of the `htpasswd`, and with annotations on the Ingress object basic auth can be configured.
Also, the applications provide external links to themselves in alerts and various places. When an ingress is used in front of the applications these links need to be based on the external URL's. This can be configured for each application in jsonnet.
```jsonnet
local kp =
(import 'kube-prometheus/main.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
},
prometheus+:: {
prometheus+: {
spec+: {
externalUrl: 'http://prometheus.example.com',
},
},
},
ingress+:: {
'prometheus-k8s': {
apiVersion: 'networking.k8s.io/v1',
kind: 'Ingress',
metadata: {
name: $.prometheus.prometheus.metadata.name,
namespace: $.prometheus.prometheus.metadata.namespace,
annotations: {
'nginx.ingress.kubernetes.io/auth-type': 'basic',
'nginx.ingress.kubernetes.io/auth-secret': 'basic-auth',
'nginx.ingress.kubernetes.io/auth-realm': 'Authentication Required',
},
},
spec: {
rules: [{
host: 'prometheus.example.com',
http: {
paths: [{
backend: {
service: {
name: $.prometheus.service.metadata.name,
port: 'web',
},
},
}],
},
}],
},
},
} + {
ingress+:: {
'basic-auth-secret': {
apiVersion: 'v1',
kind: 'Secret',
metadata: {
name: 'basic-auth',
namespace: $._config.namespace,
},
data: { auth: std.base64(importstr 'auth') },
type: 'Opaque',
},
},
};
// Output a kubernetes List object with both ingresses (k8s-libsonnet)
k.core.v1.list.new([
kp.ingress['prometheus-k8s'],
kp.ingress['basic-auth-secret'],
])
```
In order to expose Alertmanager and Grafana, simply create additional fields containing an ingress object, but simply pointing at the `alertmanager` or `grafana` instead of the `prometheus-k8s` Service. Make sure to also use the correct port respectively, for Alertmanager it is also `web`, for Grafana it is `http`. Be sure to also specify the appropriate external URL. Note that the external URL for grafana is set in a different way than the external URL for Prometheus or Alertmanager. See [ingress.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/ingress.jsonnet) for how to set the Grafana external URL.
In order to render the ingress objects similar to the other objects use as demonstrated in the [main readme](https://github.com/prometheus-operator/kube-prometheus/tree/main/README.md):
```jsonnet
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['ingress-' + name]: kp.ingress[name] for name in std.objectFields(kp.ingress) }
```
Note, that in comparison only the last line was added, the rest is identical to the original.
See [ingress.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/ingress.jsonnet) for an example implementation.
## Adding Ingress namespace to NetworkPolicies
NetworkPolicies restricting access to the components are added by default. These can either be removed as in
[networkpolicies-disabled.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/networkpolicies-disabled.jsonnet) or modified as
described here.
This is an example for grafana, but the same can be applied to alertmanager and prometheus.
```jsonnet
{
alertmanager+:: {
networkPolicy+: {
spec+: {
ingress: [
super.ingress[0] + {
from+: [
{
namespaceSelector: {
matchLabels: {
'app.kubernetes.io/name': 'ingress-nginx',
},
},
},
],
},
] + super.ingress[1:],
},
},
},
}
```
================================================
FILE: docs/customizations/monitoring-additional-namespaces.md
================================================
### Monitoring additional namespaces
In order to monitor additional namespaces, the Prometheus server requires the appropriate `Role` and `RoleBinding` to be able to discover targets from that namespace. By default the Prometheus server is limited to the three namespaces it requires: default, kube-system and the namespace you configure the stack to run in via `$.values.namespace`. This is specified in `$.values.prometheus.namespaces`, to add new namespaces to monitor, simply append the additional namespaces:
```jsonnet mdox-exec="cat examples/additional-namespaces.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
prometheus+: {
namespaces+: ['my-namespace', 'my-second-namespace'],
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
#### Defining the ServiceMonitor for each additional Namespace
In order to Prometheus be able to discovery and scrape services inside the additional namespaces specified in previous step you need to define a ServiceMonitor resource.
> Typically it is up to the users of a namespace to provision the ServiceMonitor resource, but in case you want to generate it with the same tooling as the rest of the cluster monitoring infrastructure, this is a guide on how to achieve this.
You can define ServiceMonitor resources in your `jsonnet` spec. See the snippet bellow:
```jsonnet mdox-exec="cat examples/additional-namespaces-servicemonitor.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
prometheus+:: {
namespaces+: ['my-namespace', 'my-second-namespace'],
},
},
exampleApplication: {
serviceMonitorMyNamespace: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'ServiceMonitor',
metadata: {
name: 'my-servicemonitor',
namespace: 'my-namespace',
},
spec: {
jobLabel: 'app',
endpoints: [
{
port: 'http-metrics',
},
],
selector: {
matchLabels: {
'app.kubernetes.io/name': 'myapp',
},
},
},
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['example-application-' + name]: kp.exampleApplication[name] for name in std.objectFields(kp.exampleApplication) }
```
> NOTE: make sure your service resources have the right labels (eg. `'app': 'myapp'`) applied. Prometheus uses kubernetes labels to discover resources inside the namespaces.
================================================
FILE: docs/customizations/monitoring-all-namespaces.md
================================================
### Monitoring all namespaces
In case you want to monitor all namespaces in a cluster, you can add the following mixin. Also, make sure to empty the namespaces defined in prometheus so that roleBindings are not created against them.
```jsonnet mdox-exec="cat examples/all-namespaces.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') +
(import 'kube-prometheus/addons/all-namespaces.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
prometheus+: {
namespaces: [],
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
> NOTE: This configuration can potentially make your cluster insecure especially in a multi-tenant cluster. This is because this gives Prometheus visibility over the whole cluster which might not be expected in a scenario when certain namespaces are locked down for security reasons.
Proceed with [creating ServiceMonitors for the services in the namespaces](monitoring-additional-namespaces.md#defining-the-servicemonitor-for-each-additional-namespace) you actually want to monitor
================================================
FILE: docs/customizations/node-ports.md
================================================
### NodePorts
Another mixin that may be useful for exploring the stack is to expose the UIs of Prometheus, Alertmanager and Grafana on NodePorts:
```jsonnet mdox-exec="cat examples/jsonnet-snippets/node-ports.jsonnet"
(import 'kube-prometheus/main.libsonnet') +
(import 'kube-prometheus/addons/node-ports.libsonnet')
```
================================================
FILE: docs/customizations/platform-specific.md
================================================
### Running kube-prometheus on specific platforms
A common example is that not all Kubernetes clusters are created exactly the same way, meaning the configuration to monitor them may be slightly different. For the following clusters there are mixins available to easily configure them:
* aws
* bootkube
* eks
* gke
* kops
* kops_coredns
* kubeadm
* kubespray
These mixins are selectable via the `platform` field of kubePrometheus:
```jsonnet mdox-exec="cat examples/jsonnet-snippets/platform.jsonnet"
(import 'kube-prometheus/main.libsonnet') +
{
values+:: {
common+: {
platform: 'example-platform',
},
},
}
```
================================================
FILE: docs/customizations/pod-anti-affinity.md
================================================
### Pod Anti-Affinity
To prevent `Prometheus` and `Alertmanager` instances from being deployed onto the same node when
possible, one can include the [kube-prometheus-anti-affinity.libsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/addons/anti-affinity.libsonnet) mixin:
```jsonnet mdox-exec="cat examples/anti-affinity.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') +
(import 'kube-prometheus/addons/anti-affinity.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
================================================
FILE: docs/customizations/prometheus-agent.md
================================================
### Prometheus-agent mode
***ATTENTION***: Although it is possible to run Prometheus in Agent mode with Prometheus-Operator, it requires strategic merge patches. This practice is not recommended and we do not provide support if Prometheus doesn't work as you expect. **Try it at your own risk!**
```jsonnet mdox-exec="cat examples/prometheus-agent.jsonnet"
local kp =
(import 'kube-prometheus/main.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
prometheus+: {
resources: {
requests: { memory: '100Mi' },
},
enableFeatures: ['agent'],
},
},
prometheus+: {
prometheus+: {
spec+: {
replicas: 1,
alerting:: {},
ruleSelector:: {},
remoteWrite: [{
url: 'http://remote-write-url.com',
}],
containers+: [
{
name: 'prometheus',
args+: [
'--config.file=/etc/prometheus/config_out/prometheus.env.yaml',
'--storage.agent.path=/prometheus',
'--enable-feature=agent',
'--web.enable-lifecycle',
],
},
],
},
},
},
};
{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
} +
// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
```
================================================
FILE: docs/customizations/static-etcd-configuration.md
================================================
### Static etcd configuration
In order to configure a static etcd cluster to scrape there is a simple [static-etcd.libsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/jsonnet/kube-prometheus/addons/static-etcd.libsonnet) mixin prepared.
An example of how to use it can be seen below:
```jsonnet mdox-exec="cat examples/etcd.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') +
(import 'kube-prometheus/addons/static-etcd.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
etcd+: {
// Configure this to be the IP(s) to scrape - i.e. your etcd node(s) (use commas to separate multiple values).
ips: ['127.0.0.1'],
// Reference info:
// * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitorspec (has endpoints)
// * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint (has tlsConfig)
// * https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig (has: caFile, certFile, keyFile, serverName, & insecureSkipVerify)
// Set these three variables to the fully qualified directory path on your work machine to the certificate files that are valid to scrape etcd metrics with (check the apiserver container).
// Most likely these certificates are generated somewhere in an infrastructure repository, so using the jsonnet `importstr` function can
// be useful here. (Kube-aws stores these three files inside the credential folder.)
// All the sensitive information on the certificates will end up in a Kubernetes Secret.
clientCA: importstr 'etcd-client-ca.crt',
clientKey: importstr 'etcd-client.key',
clientCert: importstr 'etcd-client.crt',
// Note that you should specify a value EITHER for 'serverName' OR for 'insecureSkipVerify'. (Don't specify a value for both of them, and don't specify a value for neither of them.)
// * Specifying serverName: Ideally you should provide a valid value for serverName (and then insecureSkipVerify should be left as false - so that serverName gets used).
// * Specifying insecureSkipVerify: insecureSkipVerify is only to be used (i.e. set to true) if you cannot (based on how your etcd certificates were created) use a Subject Alternative Name.
// * If you specify a value:
// ** for both of these variables: When 'insecureSkipVerify: true' is specified, then also specifying a value for serverName won't hurt anything but it will be ignored.
// ** for neither of these variables: then you'll get authentication errors on the prom '/targets' page with your etcd targets.
// A valid name (DNS or Subject Alternative Name) that the client (i.e. prometheus) will use to verify the etcd TLS certificate.
// * Note that doing `nslookup etcd.kube-system.svc.cluster.local` (on a pod in a K8s cluster where kube-prometheus has been installed) shows that kube-prometheus sets up this hostname.
// * `openssl x509 -noout -text -in etcd-client.pem` will print the Subject Alternative Names.
serverName: 'etcd.kube-system.svc.cluster.local',
// When insecureSkipVerify isn't specified, the default value is "false".
//insecureSkipVerify: true,
// In case you have generated the etcd certificate with kube-aws:
// * If you only have one etcd node, you can use the value from 'etcd.internalDomainName' (specified in your kube-aws cluster.yaml) as the value for 'serverName'.
// * But if you have multiple etcd nodes, you will need to use 'insecureSkipVerify: true' (if using default certificate generators method), as the valid certificate domain
// will be different for each etcd node. (kube-aws default certificates are not valid against the IP - they were created for the DNS.)
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
If you'd like to monitor an etcd instance that lives outside the cluster, see [Monitoring external etcd](../monitoring-external-etcd.md) for more information.
> Note that monitoring etcd in minikube is currently not possible because of how etcd is setup. (minikube's etcd binds to 127.0.0.1:2379 only, and within host networking namespace.)
================================================
FILE: docs/customizations/strip-limits.md
================================================
### Stripping container resource limits
Sometimes in small clusters, the CPU/memory limits can get high enough for alerts to be fired continuously. To prevent this, one can strip off the predefined limits.
To do that, one can import the following mixin
```jsonnet mdox-exec="cat examples/strip-limits.jsonnet"
local kp = (import 'kube-prometheus/main.libsonnet') +
(import 'kube-prometheus/addons/strip-limits.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
},
};
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
================================================
FILE: docs/customizations/using-custom-container-registry.md
================================================
### Internal Registry
Some Kubernetes installations source all their images from an internal registry. kube-prometheus supports this use case and helps the user synchronize every image it uses to the internal registry and generate manifests pointing at the internal registry.
To produce the `docker pull/tag/push` commands that will synchronize upstream images to `internal-registry.com/organization` (after having run the `jb` command to populate the vendor directory):
```shell
$ jsonnet -J vendor -S --tla-str repository=internal-registry.com/organization examples/sync-to-internal-registry.jsonnet
$ docker pull k8s.gcr.io/addon-resizer:1.8.4
$ docker tag k8s.gcr.io/addon-resizer:1.8.4 internal-registry.com/organization/addon-resizer:1.8.4
$ docker push internal-registry.com/organization/addon-resizer:1.8.4
$ docker pull quay.io/prometheus/alertmanager:v0.16.2
$ docker tag quay.io/prometheus/alertmanager:v0.16.2 internal-registry.com/organization/alertmanager:v0.16.2
$ docker push internal-registry.com/organization/alertmanager:v0.16.2
...
```
The output of this command can be piped to a shell to be executed by appending `| sh`.
Then to generate manifests with `internal-registry.com/organization`, use the `withImageRepository` mixin:
```jsonnet mdox-exec="cat examples/internal-registry.jsonnet"
local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet';
local kp = (import 'kube-prometheus/main.libsonnet') + {
values+:: {
common+: {
namespace: 'monitoring',
},
},
} + mixin.withImageRepository('internal-registry.com/organization');
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
```
================================================
FILE: docs/customizing.md
================================================
# Customizing Kube-Prometheus
This section:
* describes how to customize the kube-prometheus library via compiling the kube-prometheus manifests yourself (as an alternative to the [README.md quickstart section](../README.md#quickstart)).
* still doesn't require you to make a copy of this entire repository, but rather only a copy of a few select files.
## Installing
The content of this project consists of a set of [jsonnet](http://jsonnet.org/) files making up a library to be consumed.
Install this library in your own project with [jsonnet-bundler](https://github.com/jsonnet-bundler/jsonnet-bundler#install) (the jsonnet package manager):
```shell
$ mkdir my-kube-prometheus; cd my-kube-prometheus
$ jb init # Creates the initial/empty `jsonnetfile.json`
# Install the kube-prometheus dependency
$ jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main # Creates `vendor/` & `jsonnetfile.lock.json`, and fills in `jsonnetfile.json`
$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/example.jsonnet -O example.jsonnet
$ wget https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/build.sh -O build.sh
$ chmod +x build.sh
```
> `jb` can be installed with `go install -a github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest`
> An e.g. of how to install a given version of this library: `jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main`
In order to update the kube-prometheus dependency, simply use the jsonnet-bundler update functionality:
```shell
$ jb update
```
## Generating
e.g. of how to compile the manifests: `./build.sh example.jsonnet`
> before compiling, install `gojsontoyaml` tool with `go install github.com/brancz/gojsontoyaml@latest` and `jsonnet` with `go install github.com/google/go-jsonnet/cmd/jsonnet@latest`
Here's [example.jsonnet](../example.jsonnet):
> Note: some of the following components must be configured beforehand. See [configuration](#configuring) and [customization-examples](customizations).
```jsonnet mdox-exec="cat example.jsonnet"
local kp =
(import 'kube-prometheus/main.libsonnet') +
// Uncomment the following imports to enable its patches
// (import 'kube-prometheus/addons/anti-affinity.libsonnet') +
// (import 'kube-prometheus/addons/managed-cluster.libsonnet') +
// (import 'kube-prometheus/addons/node-ports.libsonnet') +
// (import 'kube-prometheus/addons/static-etcd.libsonnet') +
// (import 'kube-prometheus/addons/custom-metrics.libsonnet') +
// (import 'kube-prometheus/addons/external-metrics.libsonnet') +
// (import 'kube-prometheus/addons/pyrra.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
},
};
{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
} +
// { 'setup/pyrra-slo-CustomResourceDefinition': kp.pyrra.crd } +
// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
// { ['pyrra-' + name]: kp.pyrra[name] for name in std.objectFields(kp.pyrra) if name != 'crd' } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
```
And here's the [build.sh](../build.sh) script (which uses `vendor/` to render all manifests in a json structure of `{filename: manifest-content}`):
```sh mdox-exec="cat ./build.sh"
#!/usr/bin/env bash
# This script uses arg $1 (name of *.jsonnet file to use) to generate the manifests/*.yaml files.
set -e
set -x
# only exit with zero if all commands of the pipeline exit successfully
set -o pipefail
# Make sure to use project tooling
PATH="$(pwd)/tmp/bin:${PATH}"
# Make sure to start with a clean 'manifests' dir
rm -rf manifests
mkdir -p manifests/setup
# Calling gojsontoyaml is optional, but we would like to generate yaml, not json
jsonnet -J vendor -m manifests "${1-example.jsonnet}" | xargs -I{} sh -c 'cat {} | gojsontoyaml > {}.yaml' -- {}
# Make sure to remove json files
find manifests -type f ! -name '*.yaml' -delete
rm -f kustomization
```
> Note you need `jsonnet` (`go install github.com/google/go-jsonnet/cmd/jsonnet@latest`) and `gojsontoyaml` (`go install github.com/brancz/gojsontoyaml@latest`) installed to run `build.sh`. If you just want json output, not yaml, then you can skip the pipe and everything afterwards.
This script runs the jsonnet code, then reads each key of the generated json and uses that as the file name, and writes the value of that key to that file, and converts each json manifest to yaml.
## Configuring
Jsonnet has the concept of hidden fields. These are fields, that are not going to be rendered in a result. This is used to configure the kube-prometheus components in jsonnet. In the example jsonnet code of the above [Generating section](#generating), you can see an example of this, where the `namespace` is being configured to be `monitoring`. In order to not override the whole object, use the `+::` construct of jsonnet, to merge objects, this way you can override individual settings, but retain all other settings and defaults.
The available fields and their default values can be seen in [main.libsonnet](../jsonnet/kube-prometheus/main.libsonnet). Note that many of the fields get their default values from variables, and for example the version numbers are imported from [versions.json](../jsonnet/kube-prometheus/versions.json).
Configuration is mainly done in the `values` map. You can see this being used in the `example.jsonnet` to set the namespace to `monitoring`. This is done in the `common` field, which all other components take their default value from. See for example how Alertmanager is configured in `main.libsonnet`:
```
alertmanager: {
name: 'main',
// Use the namespace specified under values.common by default.
namespace: $.values.common.namespace,
version: $.values.common.versions.alertmanager,
image: $.values.common.images.alertmanager,
mixin+: { ruleLabels: $.values.common.ruleLabels },
},
```
The grafana definition is located in a different project (https://github.com/brancz/kubernetes-grafana ), but needed configuration can be customized from the same top level `values` field. For example to allow anonymous access to grafana, add the following `values` section:
```
grafana+:: {
config: { // http://docs.grafana.org/installation/configuration/
sections: {
"auth.anonymous": {enabled: true},
},
},
},
```
## Apply the kube-prometheus stack
The previous generation step has created a bunch of manifest files in the manifest/ folder.
Now simply use `kubectl` to install Prometheus and Grafana as per your configuration:
```shell
# Update the namespace and CRDs, and then wait for them to be available before creating the remaining resources
$ kubectl apply --server-side -f manifests/setup
$ kubectl apply -f manifests/
```
> Note that due to some CRD size we are using kubectl server-side apply feature which is generally available since
> kubernetes 1.22. If you are using previous kubernetes versions this feature may not be available and you would need to
> use `kubectl create` instead.
Alternatively, the resources in both folders can be applied with a single command
`kubectl apply --server-side -Rf manifests`, but it may be necessary to run the command multiple times for all components to
be created successfully.
Check the monitoring namespace (or the namespace you have specific in `namespace: `) and make sure the pods are running. Prometheus and Grafana should be up and running soon.
## Minikube Example
To use an easy to reproduce example, see [minikube.jsonnet](../examples/minikube.jsonnet), which uses the minikube setup as demonstrated in [Prerequisites](../README.md#prerequisites). Because we would like easy access to our Prometheus, Alertmanager and Grafana UIs, `minikube.jsonnet` exposes the services as NodePort type services.
================================================
FILE: docs/deploy-kind.md
================================================
---
weight: 301
toc: true
title: Deploy to kind
menu:
docs:
parent: kube
lead: This guide will help you deploying kube-prometheus on Kubernetes kind.
images: []
draft: false
description: This guide will help you deploying kube-prometheus on Kubernetes kind.
---
Time to explain how!
Your chance of [**contributing**](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/deploy-kind.md)!
================================================
FILE: docs/endpoints-migration.md
================================================
# Migration from Endpoints to EndpointSlice
`kube-prometheus` 0.17+ automatically configures Prometheus to use EndpointSlice instead of Endpoints for Kubernetes service discovery (Endpoints have been deprecated in Kubernetes 1.33).
While the migration should be seamless for "regular" pods, it requires a few manual steps for components running as host services (e.g. node_exporter and kubelet):
1. The node_exporter and kubelet ServiceMonitors rely on the Prometheus operator's kubelet controller which manages the `kube-system/kubelet` Service.
2. With `kube-prometheus` 0.17, the Prometheus operator starts with both `--kubelet-endpoints=true` and `--kubelet-endpointslice=true` to ensure that a) the operator synchronizes the EndpointSlice object(s) backing the `kube-system/kubelet` Service and b) Kubernetes stops mirroring the `kube-system/kubelet` Endpoints object to EndpointSlice object(s) (otherwise the operator and kube-controller-manager would fight for the same resources).
3. After verifying that all targets are correctly discovered, it is ok to modify the operator's deployment and use `--kubelet-endpoints=false` instead. This will become the default in a future version of `kube-prometheus`.
4. The `kube-system/kubelet` Endpoints object should be removed manually.
To verify the status of the Endpoints and EndpointSlice objects, run:
```shell
kubectl get -n kube-system endpoints kubelet
kubectl get -n kube-system endpointslice -l endpointslice.kubernetes.io/managed-by=prometheus-operator
```
================================================
FILE: docs/kube-prometheus-on-kubeadm.md
================================================
---
weight: 302
toc: true
title: Deploy to kubeadm
menu:
docs:
parent: kube
lead: This guide will help you deploying kube-prometheus on Kubernetes kubeadm.
images: []
draft: false
description: This guide will help you deploying kube-prometheus on Kubernetes kubeadm.
---
The [kubeadm](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) tool is linked by Kubernetes as the offical way to deploy and manage self-hosted clusters. kubeadm does a lot of heavy lifting by automatically configuring your Kubernetes cluster with some common options. This guide is intended to show you how to deploy Prometheus, Prometheus Operator and Kube Prometheus to get you started monitoring your cluster that was deployed with kubeadm.
This guide assumes you have a basic understanding of how to use the functionality the Prometheus Operator implements. If you haven't yet, we recommend reading through the [getting started guide](https://prometheus-operator.dev/docs/platform/platform-guide/) as well as the [alerting guide](https://prometheus-operator.dev/docs/developer/alerting/).
## kubeadm Pre-requisites
This guide assumes you have some familiarity with `kubeadm` or at least have deployed a cluster using `kubeadm`. By default, `kubeadm` does not expose two of the services that we will be monitoring. Therefore, in order to get the most out of the `kube-prometheus` package, we need to make some quick tweaks to the Kubernetes cluster. Since we will be monitoring the `kube-controller-manager` and `kube-scheduler`, we must expose them to the cluster.
By default, `kubeadm` runs these pods on your master and bound to `127.0.0.1`. There are a couple of ways to change this. The recommended way to change these features is to use the [kubeadm config file](https://kubernetes.io/docs/reference/generated/kubeadm/#config-file). An example configuration file can be used:
```yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
controlPlaneEndpoint: "192.168.1.173:6443"
apiServer:
extraArgs:
authorization-mode: "Node,RBAC"
controllerManager:
extraArgs:
bind-address: "0.0.0.0"
scheduler:
extraArgs:
bind-address: "0.0.0.0"
certificatesDir: "/etc/kubernetes/pki"
etcd:
# one of local or external
local:
dataDir: "/var/lib/etcd"
kubernetesVersion: "v1.23.1"
networking:
dnsDomain: "cluster.local"
serviceSubnet: "10.96.0.0/12"
imageRepository: "registry.k8s.io"
```
Notice the `.scheduler.extraArgs` and `.controllerManager.extraArgs`. This exposes the `kube-controller-manager` and `kube-scheduler` services to the rest of the cluster. If you have kubernetes core components as pods in the kube-system namespace, ensure that the `kube-prometheus-exporter-kube-scheduler` and `kube-prometheus-exporter-kube-controller-manager` services' `spec.selector` values match those of pods.
In previous versions of Kubernetes, we had to make a change to the `kubelet` setting with regard to `cAdvisor` monitoring on the control-plane as well as all the nodes. But this is **no longer required due to [the change of Kubernetes](https://github.com/kubernetes/kubernetes/issues/56523)**.
In case you already have a Kubernetes deployed with kubeadm, change the address kube-controller-manager and kube-scheduler listens in addition to previous kubelet change:
```
sed -e "s/- --bind-address=127.0.0.1/- --bind-address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-controller-manager.yaml
sed -e "s/- --bind-address=127.0.0.1/- --bind-address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-scheduler.yaml
```
With these changes, your Kubernetes cluster is ready.
## Metric Sources
Monitoring a Kubernetes cluster with Prometheus is a natural choice as Kubernetes components themselves are instrumented with Prometheus metrics, therefore those components simply have to be discovered by Prometheus and most of the cluster is monitored.
Metrics that are rather about cluster state than a single component's metrics is exposed by the add-on component [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics).
Additionally, to have an overview of cluster nodes' resources the Prometheus [node_exporter](https://github.com/prometheus/node_exporter) is used. The node_exporter allows monitoring a node's resources: CPU, memory and disk utilization and more.
Once you complete this guide you will monitor the following:
* cluster state via kube-state-metrics
* nodes via the node_exporter
* kubelets
* apiserver
* kube-scheduler
* kube-controller-manager
## Getting Up and Running Fast with Kube-Prometheus
To help get started more quickly with monitoring Kubernetes clusters, [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) was created. It is a collection of manifests including dashboards and alerting rules that can easily be deployed. It utilizes the Prometheus Operator and all the manifests demonstrated in this guide.
This section represent a quick installation and is not intended to teach you about all the components. The easiest way to get started is to clone this repository and use the `kube-prometheus` section of the code.
```
git clone https://github.com/prometheus-operator/kube-prometheus
cd kube-prometheus/
```
First, create the namespace in which you want the monitoring tool suite to be running.
```
export NAMESPACE='monitoring'
kubectl create namespace "$NAMESPACE"
```
Now we will create the components for the Prometheus operator
```
kubectl --namespace="$NAMESPACE" apply -f manifests/prometheus-operator
```
This will create all the Prometheus Operator components. You might need to wait a short amount of time before the Custom Resource Definitions are available in the cluster. You can wait for them:
```
until kubectl --namespace="$NAMESPACE" get alertmanagers.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
```
Next, we will install the node exporter and then kube-state-metrics:
```
kubectl --namespace="$NAMESPACE" apply -f manifests/node-exporter
kubectl --namespace="$NAMESPACE" apply -f manifests/kube-state-metrics
```
Then, we can deploy the grafana credentials. By default, the username/password will be `admin/admin`, you should change these for your production clusters.
```
kubectl --namespace="$NAMESPACE" apply -f manifests/grafana/grafana-credentials.yaml
```
Then install grafana itself:
```
kubectl --namespace="$NAMESPACE" apply -f manifests/grafana
```
Next up is the `Prometheus` object itself. We will deploy the application, and then the roles/role-bindings.
```
find manifests/prometheus -type f ! -name prometheus-k8s-roles.yaml ! -name prometheus-k8s-role-bindings.yaml -exec kubectl --namespace "$NAMESPACE" apply -f {} \;
kubectl apply -f manifests/prometheus/prometheus-k8s-roles.yaml
kubectl apply -f manifests/prometheus/prometheus-k8s-role-bindings.yaml
```
Finally, install the [Alertmanager](https://prometheus-operator.dev/docs/developer/alerting)
```
kubectl --namespace="$NAMESPACE" apply -f manifests/alertmanager
```
Now you should have a working cluster. After all the pods are ready, you should be able to reach:
* Prometheus UI on node port `30900`
* Alertmanager UI on node port `30903`
* Grafana on node port `30902`
These can of course be changed via the Service definitions. It is recommended to look at the [Exposing Prometheus and Alert Manager](https://prometheus-operator.dev/docs/platform/exposing-prometheus-and-alertmanager/) documentation for more detailed information on how to expose these services.
================================================
FILE: docs/migration-example/my.release-0.3.jsonnet
================================================
// Has the following customisations
// Custom alert manager config
// Ingresses for the alert manager, prometheus and grafana
// Grafana admin user password
// Custom prometheus rules
// Custom grafana dashboards
// Custom prometheus config - Data retention, memory, etc.
// Node exporter role and role binding so we can use a PSP for the node exporter
// External variables
// See https://jsonnet.org/learning/tutorial.html
local cluster_identifier = std.extVar('cluster_identifier');
local etcd_ip = std.extVar('etcd_ip');
local etcd_tls_ca = std.extVar('etcd_tls_ca');
local etcd_tls_cert = std.extVar('etcd_tls_cert');
local etcd_tls_key = std.extVar('etcd_tls_key');
local grafana_admin_password = std.extVar('grafana_admin_password');
local prometheus_data_retention_period = std.extVar('prometheus_data_retention_period');
local prometheus_request_memory = std.extVar('prometheus_request_memory');
// Derived variables
local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local';
local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local';
local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local';
// Imports
local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
local ingress = k.extensions.v1beta1.ingress;
local ingressRule = ingress.mixin.spec.rulesType;
local ingressRuleHttpPath = ingressRule.mixin.http.pathsType;
local ingressTls = ingress.mixin.spec.tlsType;
local role = k.rbac.v1.role;
local roleBinding = k.rbac.v1.roleBinding;
local roleRulesType = k.rbac.v1.role.rulesType;
local kp =
(import 'kube-prometheus/kube-prometheus.libsonnet') +
(import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') +
(import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
{
_config+:: {
// Override namespace
namespace: 'monitoring',
// Override alert manager config
// See https://github.com/coreos/kube-prometheus/tree/master/examples/alertmanager-config-external.jsonnet
alertmanager+: {
config: importstr 'alertmanager.yaml',
},
// Override etcd config
// See https://github.com/coreos/kube-prometheus/blob/master/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
// See https://github.com/coreos/kube-prometheus/blob/master/examples/etcd-skip-verify.jsonnet
etcd+:: {
clientCA: etcd_tls_ca,
clientCert: etcd_tls_cert,
clientKey: etcd_tls_key,
ips: [etcd_ip],
},
// Override grafana config
// anonymous access
// See http://docs.grafana.org/installation/configuration/
// See http://docs.grafana.org/auth/overview/#anonymous-authentication
// admin_password
// See http://docs.grafana.org/installation/configuration/#admin-password
grafana+:: {
config: {
sections: {
'auth.anonymous': {
enabled: true,
},
security: {
admin_password: grafana_admin_password,
},
},
},
},
},
// Additional grafana dashboards
grafanaDashboards+:: {
'my-specific.json': (import 'my-grafana-dashboard-definitions.json'),
},
// Alert manager needs an externalUrl
alertmanager+:: {
alertmanager+: {
spec+: {
// See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
// See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md
externalUrl: 'https://' + alert_manager_host,
},
},
},
// Add additional ingresses
// See https://github.com/coreos/kube-prometheus/tree/master/examples/ingress.jsonnet
ingress+:: {
alertmanager:
ingress.new() +
ingress.mixin.metadata.withName('alertmanager') +
ingress.mixin.metadata.withNamespace($._config.namespace) +
ingress.mixin.metadata.withAnnotations({
'kubernetes.io/ingress.class': 'nginx-api',
}) +
ingress.mixin.spec.withRules(
ingressRule.new() +
ingressRule.withHost(alert_manager_host) +
ingressRule.mixin.http.withPaths(
ingressRuleHttpPath.new() +
ingressRuleHttpPath.mixin.backend.withServiceName('alertmanager-operated') +
ingressRuleHttpPath.mixin.backend.withServicePort(9093)
),
) +
// Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard
// secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371
ingress.mixin.spec.withTls(
ingressTls.new() +
ingressTls.withHosts(alert_manager_host)
),
grafana:
ingress.new() +
ingress.mixin.metadata.withName('grafana') +
ingress.mixin.metadata.withNamespace($._config.namespace) +
ingress.mixin.metadata.withAnnotations({
'kubernetes.io/ingress.class': 'nginx-api',
}) +
ingress.mixin.spec.withRules(
ingressRule.new() +
ingressRule.withHost(grafana_host) +
ingressRule.mixin.http.withPaths(
ingressRuleHttpPath.new() +
ingressRuleHttpPath.mixin.backend.withServiceName('grafana') +
ingressRuleHttpPath.mixin.backend.withServicePort(3000)
),
) +
// Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard
// secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371
ingress.mixin.spec.withTls(
ingressTls.new() +
ingressTls.withHosts(grafana_host)
),
prometheus:
ingress.new() +
ingress.mixin.metadata.withName('prometheus') +
ingress.mixin.metadata.withNamespace($._config.namespace) +
ingress.mixin.metadata.withAnnotations({
'kubernetes.io/ingress.class': 'nginx-api',
}) +
ingress.mixin.spec.withRules(
ingressRule.new() +
ingressRule.withHost(prometheus_host) +
ingressRule.mixin.http.withPaths(
ingressRuleHttpPath.new() +
ingressRuleHttpPath.mixin.backend.withServiceName('prometheus-operated') +
ingressRuleHttpPath.mixin.backend.withServicePort(9090)
),
) +
// Note we do not need a TLS secretName here as we are going to use the nginx-ingress default secret which is a wildcard
// secretName would need to be in the same namespace at this time, see https://github.com/kubernetes/ingress-nginx/issues/2371
ingress.mixin.spec.withTls(
ingressTls.new() +
ingressTls.withHosts(prometheus_host)
),
},
// Node exporter PSP role and role binding
// Add a new top level field for this, the "node-exporter" PSP already exists, so not defining here just referencing
// See https://github.com/coreos/prometheus-operator/issues/787
nodeExporterPSP: {
role:
role.new() +
role.mixin.metadata.withName('node-exporter-psp') +
role.mixin.metadata.withNamespace($._config.namespace) +
role.withRules([
roleRulesType.new() +
roleRulesType.withApiGroups(['policy']) +
roleRulesType.withResources(['podsecuritypolicies']) +
roleRulesType.withVerbs(['use']) +
roleRulesType.withResourceNames(['node-exporter']),
]),
roleBinding:
roleBinding.new() +
roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
roleBinding.mixin.metadata.withName('node-exporter-psp') +
roleBinding.mixin.metadata.withNamespace($._config.namespace) +
roleBinding.mixin.roleRef.withName('node-exporter-psp') +
roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) +
roleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'node-exporter' }]),
},
// Prometheus needs some extra custom config
prometheus+:: {
prometheus+: {
spec+: {
// See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
externalLabels: {
cluster: cluster_identifier,
},
// See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
// See https://github.com/coreos/prometheus-operator/blob/master/Documentation/user-guides/exposing-prometheus-and-alertmanager.md
externalUrl: 'https://' + prometheus_host,
// Override reuest memory
resources: {
requests: {
memory: prometheus_request_memory,
},
},
// Override data retention period
retention: prometheus_data_retention_period,
},
},
},
// Additional prometheus rules
// See https://github.com/coreos/kube-prometheus/docs/developing-prometheus-rules-and-grafana-dashboards.md
// cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json
prometheusRules+:: {
groups+: import 'my-prometheus-rules.json',
},
};
// Render
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['node-exporter-psp-' + name]: kp.nodeExporterPSP[name] for name in std.objectFields(kp.nodeExporterPSP) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
================================================
FILE: docs/migration-example/my.release-0.8.jsonnet
================================================
// Has the following customisations
// Custom alert manager config
// Ingresses for the alert manager, prometheus and grafana
// Grafana admin user password
// Custom prometheus rules
// Custom grafana dashboards
// Custom prometheus config - Data retention, memory, etc.
// Node exporter role and role binding so we can use a PSP for the node exporter
// for help with expected content, see https://github.com/thaum-xyz/ankhmorpork
// External variables
// See https://jsonnet.org/learning/tutorial.html
local cluster_identifier = std.extVar('cluster_identifier');
local etcd_ip = std.extVar('etcd_ip');
local etcd_tls_ca = std.extVar('etcd_tls_ca');
local etcd_tls_cert = std.extVar('etcd_tls_cert');
local etcd_tls_key = std.extVar('etcd_tls_key');
local grafana_admin_password = std.extVar('grafana_admin_password');
local prometheus_data_retention_period = std.extVar('prometheus_data_retention_period');
local prometheus_request_memory = std.extVar('prometheus_request_memory');
// Derived variables
local alert_manager_host = 'alertmanager.' + cluster_identifier + '.myorg.local';
local grafana_host = 'grafana.' + cluster_identifier + '.myorg.local';
local prometheus_host = 'prometheus.' + cluster_identifier + '.myorg.local';
// ksonnet no longer required
local kp =
(import 'kube-prometheus/main.libsonnet') +
// kubeadm now achieved by setting platform value - see 9 lines below
(import 'kube-prometheus/addons/static-etcd.libsonnet') +
(import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
// Add kubeadm platform-specific items,
// including kube-contoller-manager and kube-scheduler discovery
kubePrometheus+: {
platform: 'kubeadm',
},
// Override alert manager config
// See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/alertmanager-config-external.jsonnet
alertmanager+: {
config: importstr 'alertmanager.yaml',
},
// Override etcd config
// See https://github.com/prometheus-operator/kube-prometheus/blob/main/jsonnet/kube-prometheus/addons/static-etcd.libsonnet
// See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/etcd-skip-verify.jsonnet
etcd+:: {
clientCA: etcd_tls_ca,
clientCert: etcd_tls_cert,
clientKey: etcd_tls_key,
ips: [etcd_ip],
},
// Override grafana config
// anonymous access
// See http://docs.grafana.org/installation/configuration/
// See http://docs.grafana.org/auth/overview/#anonymous-authentication
// admin_password
// See http://docs.grafana.org/installation/configuration/#admin-password
grafana+:: {
config: {
sections: {
'auth.anonymous': {
enabled: true,
},
security: {
admin_password: grafana_admin_password,
},
},
},
// Additional grafana dashboards
dashboards+:: {
'my-specific.json': (import 'my-grafana-dashboard-definitions.json'),
},
},
},
// Alert manager needs an externalUrl
alertmanager+:: {
alertmanager+: {
spec+: {
// See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md
externalUrl: 'https://' + alert_manager_host,
},
},
},
// Add additional ingresses
// See https://github.com/prometheus-operator/kube-prometheus/blob/main/examples/ingress.jsonnet
ingress+:: {
alertmanager: {
apiVersion: 'networking.k8s.io/v1',
kind: 'Ingress',
metadata: {
name: 'alertmanager',
namespace: $.values.common.namespace,
annotations: {
'kubernetes.io/ingress.class': 'nginx-api',
},
},
spec: {
rules: [{
host: alert_manager_host,
http: {
paths: [{
path: '/',
pathType: 'Prefix',
backend: {
service: {
name: 'alertmanager-operated',
port: {
number: 9093,
},
},
},
}],
},
}],
tls: [{
hosts: [alert_manager_host],
}],
},
},
grafana: {
apiVersion: 'networking.k8s.io/v1',
kind: 'Ingress',
metadata: {
name: 'grafana',
namespace: $.values.common.namespace,
annotations: {
'kubernetes.io/ingress.class': 'nginx-api',
},
},
spec: {
rules: [{
host: grafana_host,
http: {
paths: [{
path: '/',
pathType: 'Prefix',
backend: {
service: {
name: 'grafana',
port: {
number: 3000,
},
},
},
}],
},
}],
tls: [{
hosts: [grafana_host],
}],
},
},
prometheus: {
apiVersion: 'networking.k8s.io/v1',
kind: 'Ingress',
metadata: {
name: 'prometheus',
namespace: $.values.common.namespace,
annotations: {
'kubernetes.io/ingress.class': 'nginx-api',
},
},
spec: {
rules: [{
host: prometheus_host,
http: {
paths: [{
path: '/',
pathType: 'Prefix',
backend: {
service: {
name: 'prometheus-operated',
port: {
number: 9090,
},
},
},
}],
},
}],
tls: [{
hosts: [prometheus_host],
}],
},
},
},
// Node exporter PSP role and role binding
nodeExporter+: {
'psp-role'+: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'Role',
metadata: {
name: 'node-exporter-psp',
namespace: $.values.common.namespace,
},
rules: [{
apiGroups: ['policy'],
resources: ['podsecuritypolicies'],
verbs: ['use'],
resourceNames: ['node-exporter'],
}],
},
'psp-rolebinding'+: {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
metadata: {
name: 'node-exporter-psp',
namespace: $.values.common.namespace,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
name: 'node-exporter-psp',
kind: 'Role',
},
subjects: [{
kind: 'ServiceAccount',
name: 'node-exporter',
}],
},
},
// Prometheus needs some extra custom config
prometheus+:: {
prometheus+: {
spec+: {
externalLabels: {
cluster: cluster_identifier,
},
// See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/exposing-prometheus-alertmanager-grafana-ingress.md
externalUrl: 'https://' + prometheus_host,
// Override reuest memory
resources: {
requests: {
memory: prometheus_request_memory,
},
},
// Override data retention period
retention: prometheus_data_retention_period,
},
},
},
// Additional prometheus rules
// See https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/developing-prometheus-rules-and-grafana-dashboards.md#pre-rendered-rules
// cat my-prometheus-rules.yaml | gojsontoyaml -yamltojson | jq . > my-prometheus-rules.json
prometheusMe: {
rules: {
apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule',
metadata: {
name: 'my-prometheus-rule',
namespace: $.values.common.namespace,
labels: {
'app.kubernetes.io/name': 'kube-prometheus',
'app.kubernetes.io/part-of': 'kube-prometheus',
prometheus: 'k8s',
role: 'alert-rules',
},
},
spec: {
groups: import 'my-prometheus-rules.json',
},
},
},
};
// Render
{ 'setup/0namespace-namespace': kp.kubePrometheus.namespace } +
{
['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
for name in std.filter((function(name) name != 'serviceMonitor' && name != 'prometheusRule'), std.objectFields(kp.prometheusOperator))
} +
// serviceMonitor and prometheusRule are separated so that they can be created after the CRDs are ready
{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } +
{ 'prometheus-operator-prometheusRule': kp.prometheusOperator.prometheusRule } +
{ 'kube-prometheus-prometheusRule': kp.kubePrometheus.prometheusRule } +
{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
{ ['blackbox-exporter-' + name]: kp.blackboxExporter[name] for name in std.objectFields(kp.blackboxExporter) } +
{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } +
{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
{ ['kubernetes-' + name]: kp.kubernetesControlPlane[name] for name in std.objectFields(kp.kubernetesControlPlane) }
{ [name + '-ingress']: kp.ingress[name] for name in std.objectFields(kp.ingress) } +
{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
+ { ['prometheus-my-' + name]: kp.prometheusMe[name] for name in std.objectFields(kp.prometheusMe) }
================================================
FILE: docs/migration-example/readme.md
================================================
## Example of conversion of a legacy my.jsonnet file
An example conversion of a legacy custom jsonnet file to release-0.8
format can be seen by viewing and comparing this
[release-0.3 jsonnet file](my.release-0.3.jsonnet) (when the github
repo was under `https://github.com/coreos/kube-prometheus...`)
and the corresponding [release-0.8 jsonnet file](my.release-0.8.jsonnet).
These two files have had necessary blank lines added so that they
can be compared side-by-side and line-by-line on screen.
The conversion covers both the change of stopping using ksonnet after
release-0.3 and also the major migration after release-0.7 as described in
[migration-guide.md](../migration-guide.md)
The sample files are intended as an example of format conversion and
not necessarily best practice for the files in release-0.3 or release-0.8.
Below are three sample extracts of the conversion as an indication of the
changes required.
<table>
<tr>
<th> release-0.3 </th>
<th> release-0.8 </th>
</tr>
<tr>
<td>
```jsonnet
local kp =
(import 'kube-prometheus/kube-prometheus.libsonnet') +
(import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') +
(import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') +
{
_config+:: {
// Override namespace
namespace: 'monitoring',
```
</td>
<td>
```jsonnet
local kp =
(import 'kube-prometheus/main.libsonnet') +
// kubeadm now achieved by setting platform value - see 9 lines below
(import 'kube-prometheus/addons/static-etcd.libsonnet') +
(import 'kube-prometheus/addons/podsecuritypolicies.libsonnet') +
{
values+:: {
common+: {
namespace: 'monitoring',
},
// Add kubeadm platform-specific items,
// including kube-contoller-manager and kube-scheduler discovery
kubePrometheus+: {
platform: 'kubeadm',
},
```
</td>
</tr>
</table>
<table>
<tr>
<th> release-0.3 </th>
<th> release-0.8 </th>
</tr>
<tr>
<td>
```jsonnet
// Add additional ingresses
// See https://github.com/coreos/kube-prometheus/...
// tree/master/examples/ingress.jsonnet
ingress+:: {
alertmanager:
ingress.new() +
ingress.mixin.metadata.withName('alertmanager') +
ingress.mixin.metadata.withNamespace($._config.namespace) +
ingress.mixin.metadata.withAnnotations({
'kubernetes.io/ingress.class': 'nginx-api',
}) +
ingress.mixin.spec.withRules(
ingressRule.new() +
ingressRule.withHost(alert_manager_host) +
ingressRule.mixin.http.withPaths(
ingressRuleHttpPath.new() +
ingressRuleHttpPath.mixin.backend
.withServiceName('alertmanager-operated') +
ingressRuleHttpPath.mixin.backend.withServicePort(9093)
),
) +
// Note we do not need a TLS secretName here as we are going to use the
// nginx-ingress default secret which is a wildcard
// secretName would need to be in the same namespace at this time,
// see https://github.com/kubernetes/ingress-nginx/issues/2371
ingress.mixin.spec.withTls(
ingressTls.new() +
ingressTls.withHosts(alert_manager_host)
),
```
</td>
<td>
```jsonnet
// Add additional ingresses
// See https://github.com/prometheus-operator/kube-prometheus/...
// blob/main/examples/ingress.jsonnet
ingress+:: {
alertmanager: {
apiVersion: 'networking.k8s.io/v1',
kind: 'Ingress',
met
gitextract_4x2izfw2/
├── .github/
│ ├── CODEOWNERS
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug.md
│ │ ├── feature.md
│ │ └── support.md
│ ├── PULL_REQUEST_TEMPLATE.md
│ ├── dependabot.yml
│ ├── env
│ └── workflows/
│ ├── action-lint.yaml
│ ├── ci.yaml
│ ├── stale.yaml
│ └── versions.yaml
├── .gitignore
├── .gitpod.yml
├── .mdox.validate.yaml
├── CHANGELOG.md
├── CONTRIBUTING.md
├── LICENSE
├── Makefile
├── README.md
├── RELEASE.md
├── build.sh
├── code-of-conduct.md
├── developer-workspace/
│ ├── README.md
│ ├── codespaces/
│ │ └── prepare-kind.sh
│ ├── common/
│ │ └── deploy-kube-prometheus.sh
│ └── gitpod/
│ ├── prepare-k3s.sh
│ ├── prepare-rootfs.sh
│ ├── qemu.sh
│ ├── scp.sh
│ └── ssh.sh
├── docs/
│ ├── EKS-cni-support.md
│ ├── GKE-cadvisor-support.md
│ ├── access-ui.md
│ ├── blackbox-exporter.md
│ ├── community-support.md
│ ├── customizations/
│ │ ├── alertmanager-configuration.md
│ │ ├── components-name-namespace-overrides.md
│ │ ├── developing-prometheus-rules-and-grafana-dashboards.md
│ │ ├── dropping-unwanted-dashboards.md
│ │ ├── exposing-prometheus-alertmanager-grafana-ingress.md
│ │ ├── monitoring-additional-namespaces.md
│ │ ├── monitoring-all-namespaces.md
│ │ ├── node-ports.md
│ │ ├── platform-specific.md
│ │ ├── pod-anti-affinity.md
│ │ ├── prometheus-agent.md
│ │ ├── static-etcd-configuration.md
│ │ ├── strip-limits.md
│ │ └── using-custom-container-registry.md
│ ├── customizing.md
│ ├── deploy-kind.md
│ ├── endpoints-migration.md
│ ├── kube-prometheus-on-kubeadm.md
│ ├── migration-example/
│ │ ├── my.release-0.3.jsonnet
│ │ ├── my.release-0.8.jsonnet
│ │ └── readme.md
│ ├── migration-guide.md
│ ├── monitoring-external-etcd.md
│ ├── monitoring-other-namespaces.md
│ ├── security.md
│ ├── troubleshooting.md
│ ├── update.md
│ ├── weave-net-support.md
│ └── windows.md
├── example.jsonnet
├── examples/
│ ├── additional-namespaces-servicemonitor.jsonnet
│ ├── additional-namespaces.jsonnet
│ ├── alertmanager-alert-template.tmpl
│ ├── alertmanager-config-external.jsonnet
│ ├── alertmanager-config-template-external.jsonnet
│ ├── alertmanager-config-with-template.yaml
│ ├── alertmanager-config.jsonnet
│ ├── alertmanager-config.yaml
│ ├── all-namespaces.jsonnet
│ ├── anti-affinity.jsonnet
│ ├── auth
│ ├── basic-auth/
│ │ ├── secrets.yaml
│ │ └── service-monitor.yaml
│ ├── changing-default-rules.libsonnet
│ ├── continuous-delivery/
│ │ └── argocd/
│ │ ├── README.md
│ │ ├── application.yaml
│ │ ├── appproject.yaml
│ │ └── kube-prometheus/
│ │ └── argocd-basic.jsonnet
│ ├── drop-dashboards.jsonnet
│ ├── eks-cni-example.jsonnet
│ ├── etcd-client-ca.crt
│ ├── etcd-client.crt
│ ├── etcd-client.key
│ ├── etcd-skip-verify.jsonnet
│ ├── etcd.jsonnet
│ ├── example-app/
│ │ ├── example-app.yaml
│ │ ├── prometheus-frontend-alertmanager-discovery-role-binding.yaml
│ │ ├── prometheus-frontend-alertmanager-discovery-role.yaml
│ │ ├── prometheus-frontend-role-binding.yaml
│ │ ├── prometheus-frontend-role.yaml
│ │ ├── prometheus-frontend-service-account.yaml
│ │ ├── prometheus-frontend-svc.yaml
│ │ ├── prometheus-frontend.yaml
│ │ └── servicemonitor-frontend.yaml
│ ├── example-grafana-dashboard.json
│ ├── existingrule.json
│ ├── existingrule.yaml
│ ├── grafana-additional-jsonnet-dashboard-example.jsonnet
│ ├── grafana-additional-rendered-dashboard-example-2.jsonnet
│ ├── grafana-additional-rendered-dashboard-example.jsonnet
│ ├── grafana-ldap.jsonnet
│ ├── grafana-only-dashboards.jsonnet
│ ├── ingress-one-to-many.jsonnet
│ ├── ingress.jsonnet
│ ├── internal-registry.jsonnet
│ ├── jsonnet-build-snippet/
│ │ └── build-snippet.jsonnet
│ ├── jsonnet-snippets/
│ │ ├── node-ports.jsonnet
│ │ └── platform.jsonnet
│ ├── kubeProxy.jsonnet
│ ├── kustomize.jsonnet
│ ├── minikube.jsonnet
│ ├── mixin-inclusion.jsonnet
│ ├── name-namespace-overrides.jsonnet
│ ├── networkpolicies-disabled.jsonnet
│ ├── pod-security-policies.jsonnet
│ ├── prometheus-additional-alert-rule-example.jsonnet
│ ├── prometheus-additional-recording-rule-example.jsonnet
│ ├── prometheus-additional-rendered-rule-example.jsonnet
│ ├── prometheus-agent.jsonnet
│ ├── prometheus-pvc.jsonnet
│ ├── prometheus-thanos.jsonnet
│ ├── rule-patcher.jsonnet
│ ├── rule-patches.libsonnet
│ ├── strip-limits.jsonnet
│ ├── sync-to-internal-registry.jsonnet
│ ├── thanos-sidecar.jsonnet
│ ├── tolerations.libsonnet
│ ├── weave-net-example.jsonnet
│ ├── windows-hostprocess.jsonnet
│ └── windows.jsonnet
├── experimental/
│ └── metrics-server/
│ ├── auth-delegator.yaml
│ ├── auth-reader.yaml
│ ├── metrics-apiservice.yaml
│ ├── metrics-server-cluster-role-binding.yaml
│ ├── metrics-server-cluster-role.yaml
│ ├── metrics-server-deployment.yaml
│ ├── metrics-server-service-account.yaml
│ └── metrics-server-service.yaml
├── go.mod
├── go.sum
├── jsonnet/
│ └── kube-prometheus/
│ ├── .gitignore
│ ├── addons/
│ │ ├── all-namespaces.libsonnet
│ │ ├── anti-affinity.libsonnet
│ │ ├── aws-vpc-cni.libsonnet
│ │ ├── config-mixins.libsonnet
│ │ ├── custom-metrics.libsonnet
│ │ ├── dropping-deprecated-metrics-relabelings.libsonnet
│ │ ├── external-metrics.libsonnet
│ │ ├── insecure-kubelet.libsonnet
│ │ ├── ksm-autoscaler.libsonnet
│ │ ├── ksm-lite.libsonnet
│ │ ├── managed-cluster.libsonnet
│ │ ├── networkpolicies-disabled.libsonnet
│ │ ├── node-ports.libsonnet
│ │ ├── podsecuritypolicies.libsonnet
│ │ ├── pyrra.libsonnet
│ │ ├── static-etcd.libsonnet
│ │ ├── strip-limits.libsonnet
│ │ ├── user-facing-roles.libsonnet
│ │ ├── weave-net/
│ │ │ ├── alerts.libsonnet
│ │ │ ├── grafana-weave-net-cluster.json
│ │ │ ├── grafana-weave-net.json
│ │ │ └── weave-net.libsonnet
│ │ ├── windows-hostprocess.libsonnet
│ │ └── windows.libsonnet
│ ├── components/
│ │ ├── alertmanager.libsonnet
│ │ ├── blackbox-exporter.libsonnet
│ │ ├── grafana.libsonnet
│ │ ├── k8s-control-plane.libsonnet
│ │ ├── kube-rbac-proxy.libsonnet
│ │ ├── kube-state-metrics.libsonnet
│ │ ├── mixin/
│ │ │ ├── alerts/
│ │ │ │ ├── alerts.libsonnet
│ │ │ │ ├── general.libsonnet
│ │ │ │ └── node.libsonnet
│ │ │ ├── custom.libsonnet
│ │ │ └── rules/
│ │ │ ├── general.libsonnet
│ │ │ ├── node-rules.libsonnet
│ │ │ └── rules.libsonnet
│ │ ├── node-exporter.libsonnet
│ │ ├── prometheus-adapter.libsonnet
│ │ ├── prometheus-operator.libsonnet
│ │ └── prometheus.libsonnet
│ ├── jsonnetfile.json
│ ├── lib/
│ │ ├── mixin.libsonnet
│ │ ├── rule-sanitizer.libsonnet
│ │ └── utils.libsonnet
│ ├── main.libsonnet
│ ├── platforms/
│ │ ├── README.md
│ │ ├── aks.libsonnet
│ │ ├── aws.libsonnet
│ │ ├── bootkube.libsonnet
│ │ ├── eks.libsonnet
│ │ ├── gke.libsonnet
│ │ ├── kops-coredns.libsonnet
│ │ ├── kops.libsonnet
│ │ ├── kubeadm.libsonnet
│ │ ├── kubespray.libsonnet
│ │ └── platforms.libsonnet
│ └── versions.json
├── jsonnetfile.json
├── jsonnetfile.lock.json
├── kubescape-exceptions.json
├── kustomization.yaml
├── manifests/
│ ├── alertmanager-alertmanager.yaml
│ ├── alertmanager-networkPolicy.yaml
│ ├── alertmanager-podDisruptionBudget.yaml
│ ├── alertmanager-prometheusRule.yaml
│ ├── alertmanager-secret.yaml
│ ├── alertmanager-service.yaml
│ ├── alertmanager-serviceAccount.yaml
│ ├── alertmanager-serviceMonitor.yaml
│ ├── blackboxExporter-clusterRole.yaml
│ ├── blackboxExporter-clusterRoleBinding.yaml
│ ├── blackboxExporter-configuration.yaml
│ ├── blackboxExporter-deployment.yaml
│ ├── blackboxExporter-networkPolicy.yaml
│ ├── blackboxExporter-service.yaml
│ ├── blackboxExporter-serviceAccount.yaml
│ ├── blackboxExporter-serviceMonitor.yaml
│ ├── grafana-config.yaml
│ ├── grafana-dashboardDatasources.yaml
│ ├── grafana-dashboardDefinitions.yaml
│ ├── grafana-dashboardSources.yaml
│ ├── grafana-deployment.yaml
│ ├── grafana-networkPolicy.yaml
│ ├── grafana-prometheusRule.yaml
│ ├── grafana-service.yaml
│ ├── grafana-serviceAccount.yaml
│ ├── grafana-serviceMonitor.yaml
│ ├── kubePrometheus-prometheusRule.yaml
│ ├── kubeStateMetrics-clusterRole.yaml
│ ├── kubeStateMetrics-clusterRoleBinding.yaml
│ ├── kubeStateMetrics-deployment.yaml
│ ├── kubeStateMetrics-networkPolicy.yaml
│ ├── kubeStateMetrics-prometheusRule.yaml
│ ├── kubeStateMetrics-service.yaml
│ ├── kubeStateMetrics-serviceAccount.yaml
│ ├── kubeStateMetrics-serviceMonitor.yaml
│ ├── kubernetesControlPlane-prometheusRule.yaml
│ ├── kubernetesControlPlane-serviceMonitorApiserver.yaml
│ ├── kubernetesControlPlane-serviceMonitorCoreDNS.yaml
│ ├── kubernetesControlPlane-serviceMonitorKubeControllerManager.yaml
│ ├── kubernetesControlPlane-serviceMonitorKubeScheduler.yaml
│ ├── kubernetesControlPlane-serviceMonitorKubelet.yaml
│ ├── nodeExporter-clusterRole.yaml
│ ├── nodeExporter-clusterRoleBinding.yaml
│ ├── nodeExporter-daemonset.yaml
│ ├── nodeExporter-networkPolicy.yaml
│ ├── nodeExporter-prometheusRule.yaml
│ ├── nodeExporter-service.yaml
│ ├── nodeExporter-serviceAccount.yaml
│ ├── nodeExporter-serviceMonitor.yaml
│ ├── prometheus-clusterRole.yaml
│ ├── prometheus-clusterRoleBinding.yaml
│ ├── prometheus-networkPolicy.yaml
│ ├── prometheus-podDisruptionBudget.yaml
│ ├── prometheus-prometheus.yaml
│ ├── prometheus-prometheusRule.yaml
│ ├── prometheus-roleBindingConfig.yaml
│ ├── prometheus-roleBindingSpecificNamespaces.yaml
│ ├── prometheus-roleConfig.yaml
│ ├── prometheus-roleSpecificNamespaces.yaml
│ ├── prometheus-service.yaml
│ ├── prometheus-serviceAccount.yaml
│ ├── prometheus-serviceMonitor.yaml
│ ├── prometheusAdapter-apiService.yaml
│ ├── prometheusAdapter-clusterRole.yaml
│ ├── prometheusAdapter-clusterRoleAggregatedMetricsReader.yaml
│ ├── prometheusAdapter-clusterRoleBinding.yaml
│ ├── prometheusAdapter-clusterRoleBindingDelegator.yaml
│ ├── prometheusAdapter-clusterRoleServerResources.yaml
│ ├── prometheusAdapter-configMap.yaml
│ ├── prometheusAdapter-deployment.yaml
│ ├── prometheusAdapter-networkPolicy.yaml
│ ├── prometheusAdapter-podDisruptionBudget.yaml
│ ├── prometheusAdapter-roleBindingAuthReader.yaml
│ ├── prometheusAdapter-service.yaml
│ ├── prometheusAdapter-serviceAccount.yaml
│ ├── prometheusAdapter-serviceMonitor.yaml
│ ├── prometheusOperator-clusterRole.yaml
│ ├── prometheusOperator-clusterRoleBinding.yaml
│ ├── prometheusOperator-deployment.yaml
│ ├── prometheusOperator-networkPolicy.yaml
│ ├── prometheusOperator-prometheusRule.yaml
│ ├── prometheusOperator-service.yaml
│ ├── prometheusOperator-serviceAccount.yaml
│ ├── prometheusOperator-serviceMonitor.yaml
│ └── setup/
│ ├── 0alertmanagerConfigCustomResourceDefinition.yaml
│ ├── 0alertmanagerCustomResourceDefinition.yaml
│ ├── 0podmonitorCustomResourceDefinition.yaml
│ ├── 0probeCustomResourceDefinition.yaml
│ ├── 0prometheusCustomResourceDefinition.yaml
│ ├── 0prometheusagentCustomResourceDefinition.yaml
│ ├── 0prometheusruleCustomResourceDefinition.yaml
│ ├── 0scrapeconfigCustomResourceDefinition.yaml
│ ├── 0servicemonitorCustomResourceDefinition.yaml
│ ├── 0thanosrulerCustomResourceDefinition.yaml
│ └── namespace.yaml
├── scripts/
│ ├── generate-schemas.sh
│ ├── generate-versions.sh
│ ├── get-new-changelogs.sh
│ ├── go.mod
│ ├── go.sum
│ ├── minikube-start-kvm.sh
│ ├── minikube-start.sh
│ ├── monitoring-deploy.sh
│ ├── test.sh
│ └── tools.go
└── tests/
└── e2e/
├── kind/
│ ├── config.yml
│ ├── kube-router.yaml
│ ├── kubernetesControlPlane-kubeControllerManagerPrometheusDiscoveryService.yaml
│ ├── kubernetesControlPlane-kubeSchedulerPrometheusDiscoveryService.yaml
│ └── patches/
│ └── kube-controller-manager.yaml
├── main_test.go
└── prometheus_client.go
SYMBOL INDEX (15 symbols across 2 files)
FILE: tests/e2e/main_test.go
function TestMain (line 36) | func TestMain(m *testing.M) {
function testMain (line 43) | func testMain(m *testing.M) int {
function pollCondition (line 64) | func pollCondition(timeout time.Duration, conditionFunc func() error) er...
function TestQueryPrometheus (line 79) | func TestQueryPrometheus(t *testing.T) {
function TestDroppedMetrics (line 144) | func TestDroppedMetrics(t *testing.T) {
function TestTargetsScheme (line 180) | func TestTargetsScheme(t *testing.T) {
function TestFailedRuleEvaluations (line 208) | func TestFailedRuleEvaluations(t *testing.T) {
function TestGrafana (line 317) | func TestGrafana(t *testing.T) {
FILE: tests/e2e/prometheus_client.go
type prometheusClient (line 29) | type prometheusClient struct
method apiRequest (line 45) | func (c *prometheusClient) apiRequest(endpoint string, selector string...
method query (line 74) | func (c *prometheusClient) query(query string) (int, error) {
method metadata (line 98) | func (c *prometheusClient) metadata(query string) ([]promv1.MetricMeta...
method targets (line 113) | func (c *prometheusClient) targets() (promv1.TargetsResult, error) {
function newPrometheusClient (line 33) | func newPrometheusClient(kubeClient kubernetes.Interface) *prometheusCli...
type Response (line 39) | type Response struct
Condensed preview — 320 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (6,659K chars).
[
{
"path": ".github/CODEOWNERS",
"chars": 50,
"preview": "* @prometheus-operator/kube-prometheus-reviewers\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug.md",
"chars": 963,
"preview": "---\nname: Bug\nabout: Report a bug related to kube-prometheus\nlabels: kind/bug\n---\n\n<!--\n\nFeel free to ask questions in #"
},
{
"path": ".github/ISSUE_TEMPLATE/feature.md",
"chars": 341,
"preview": "---\nname: Feature\nabout: If you want to propose a new feature or enhancement\nlabels: kind/feature\n---\n\n<!--\n\nFeel free t"
},
{
"path": ".github/ISSUE_TEMPLATE/support.md",
"chars": 471,
"preview": "---\nname: Support\nabout: If you have questions about kube-prometheus\nlabels: kind/support\n---\n\nThis repository now has t"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 1479,
"preview": "<!--\nWARNING: Not using this template will result in a longer review process and your change won't be visible in CHANGEL"
},
{
"path": ".github/dependabot.yml",
"chars": 285,
"preview": "version: 2\nupdates:\n - package-ecosystem: gomod\n directory: /\n schedule:\n interval: daily\n\n - package-ecosy"
},
{
"path": ".github/env",
"chars": 41,
"preview": "kind-version=v0.31.0\ngolang-version=1.25\n"
},
{
"path": ".github/workflows/action-lint.yaml",
"chars": 582,
"preview": "name: lint gitHub action workflows\non:\n push:\n paths:\n - \".github/workflows/**\"\n pull_request:\n paths:\n "
},
{
"path": ".github/workflows/ci.yaml",
"chars": 4937,
"preview": "name: ci\non:\n - push\n - pull_request\njobs:\n generate:\n runs-on: ${{ matrix.os }}\n strategy:\n matrix:\n "
},
{
"path": ".github/workflows/stale.yaml",
"chars": 843,
"preview": "name: 'Close stale issues and PRs'\non:\n schedule:\n - cron: '30 3 * * *'\n\njobs:\n stale:\n runs-on: ubuntu-latest\n "
},
{
"path": ".github/workflows/versions.yaml",
"chars": 3605,
"preview": "name: Upgrade to latest versions\n\non:\n workflow_dispatch:\n schedule:\n - cron: \"37 7 * * 1\"\njobs:\n versions:\n ru"
},
{
"path": ".gitignore",
"chars": 141,
"preview": "tmp/\nminikube-manifests/\nvendor/\n./auth\n.swp\ncrdschemas/\n.mdoxcache\n\ndeveloper-workspace/gitpod/_output\ndeveloper-worksp"
},
{
"path": ".gitpod.yml",
"chars": 1474,
"preview": "image: gitpod/workspace-full\ncheckoutLocation: gitpod-k3s\ntasks: \n - init: |\n make --always-make\n export PATH"
},
{
"path": ".mdox.validate.yaml",
"chars": 876,
"preview": "version: 1\n\nvalidators:\n # Ignore localhost links.\n - regex: 'localhost'\n type: \"ignore\"\n # Ignore release links.\n"
},
{
"path": "CHANGELOG.md",
"chars": 18518,
"preview": "## release-0.17 / 2026-03-19\n\n* [CHANGE] Remove `alertmanagerName` and `thanosSelector` configuration options from `prom"
},
{
"path": "CONTRIBUTING.md",
"chars": 3780,
"preview": "# Contributing\n\nThis project is licensed under the [Apache 2.0 license](LICENSE) and accept\ncontributions via GitHub pul"
},
{
"path": "LICENSE",
"chars": 11325,
"preview": "Apache License\n Version 2.0, January 2004\n http://www.apache.org/licens"
},
{
"path": "Makefile",
"chars": 3565,
"preview": "SHELL=/bin/bash -o pipefail\n\nBIN_DIR?=$(shell pwd)/tmp/bin\n\nMDOX_BIN=$(BIN_DIR)/mdox\nJB_BIN=$(BIN_DIR)/jb\nGOJSONTOYAML_B"
},
{
"path": "README.md",
"chars": 8530,
"preview": "# kube-prometheus\n\n[](http"
},
{
"path": "RELEASE.md",
"chars": 5269,
"preview": "# Release schedule\n\nkube-prometheus will follow the [Kubernetes release schedule](https://kubernetes.io/releases).\nFor e"
},
{
"path": "build.sh",
"chars": 679,
"preview": "#!/usr/bin/env bash\n\n# This script uses arg $1 (name of *.jsonnet file to use) to generate the manifests/*.yaml files.\n\n"
},
{
"path": "code-of-conduct.md",
"chars": 2020,
"preview": "## Community Code of Conduct\n\n### Contributor Code of Conduct\n\nAs contributors and maintainers of this project, and in t"
},
{
"path": "developer-workspace/README.md",
"chars": 1476,
"preview": "# Ephemeral developer workspaces\n\nAiming to provide better developer experience when making contributions to kube-promet"
},
{
"path": "developer-workspace/codespaces/prepare-kind.sh",
"chars": 1290,
"preview": "#!/bin/bash\n\nwhich kind\nif [[ $? != 0 ]]; then\n echo 'kind not available in $PATH, installing latest kind'\n # Inst"
},
{
"path": "developer-workspace/common/deploy-kube-prometheus.sh",
"chars": 734,
"preview": "#!/bin/bash\n\nkubectl apply --server-side -f manifests/setup\n\n# Safety wait for CRDs to be working\nsleep 30\n\nkubectl appl"
},
{
"path": "developer-workspace/gitpod/prepare-k3s.sh",
"chars": 1153,
"preview": "#!/bin/bash\n\nscript_dirname=\"$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" &> /dev/null && pwd )\"\nrootfslock=\"${script_dirnam"
},
{
"path": "developer-workspace/gitpod/prepare-rootfs.sh",
"chars": 1515,
"preview": "#!/bin/bash\n\nset -euo pipefail\n\nimg_url=\"https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64.t"
},
{
"path": "developer-workspace/gitpod/qemu.sh",
"chars": 453,
"preview": "#!/bin/bash\n\nset -xeuo pipefail\n\nscript_dirname=\"$( cd \"$( dirname \"${BASH_SOURCE[0]}\" )\" &> /dev/null && pwd )\"\noutdir="
},
{
"path": "developer-workspace/gitpod/scp.sh",
"chars": 73,
"preview": "#!/bin/bash\n\nsshpass -p 'root' scp -o StrictHostKeychecking=no -P 2222 $@"
},
{
"path": "developer-workspace/gitpod/ssh.sh",
"chars": 91,
"preview": "#!/bin/bash\n\nsshpass -p 'root' ssh -o StrictHostKeychecking=no -p 2222 root@127.0.0.1 \"$@\""
},
{
"path": "docs/EKS-cni-support.md",
"chars": 1874,
"preview": "# CNI monitoring special configuration updates for EKS\n\nAWS EKS uses [CNI](https://github.com/aws/amazon-vpc-cni-k8s) ne"
},
{
"path": "docs/GKE-cadvisor-support.md",
"chars": 844,
"preview": "# Kubelet / cAdvisor special configuration updates for GKE\n\nPrior to GKE 1.11, the kubelet does not support token\nauthen"
},
{
"path": "docs/access-ui.md",
"chars": 1423,
"preview": "---\nweight: 300\ntoc: true\ntitle: Access Dashboards\nmenu:\n docs:\n parent: kube\nimages: []\ndraft: false\n---\n\nPro"
},
{
"path": "docs/blackbox-exporter.md",
"chars": 6489,
"preview": "---\nweight: 304\ntoc: true\ntitle: Blackbox Exporter\nmenu:\n docs:\n parent: kube\nlead: This guide will help you d"
},
{
"path": "docs/community-support.md",
"chars": 3888,
"preview": "# Community support\n\nFor bugs, you can use the GitHub [issue tracker](https://github.com/prometheus-operator/kube-promet"
},
{
"path": "docs/customizations/alertmanager-configuration.md",
"chars": 1189,
"preview": "### Alertmanager configuration\n\nThe Alertmanager configuration is located in the `values.alertmanager.config` configurat"
},
{
"path": "docs/customizations/components-name-namespace-overrides.md",
"chars": 2472,
"preview": "### Components' name and namespace overrides\n\nIt is possible to override the namespace where kube-prometheus is going to"
},
{
"path": "docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md",
"chars": 25834,
"preview": "---\nweight: 307\ntoc: true\ntitle: Prometheus Rules and Grafana Dashboards\nmenu:\n docs:\n parent: kube\nlead: This"
},
{
"path": "docs/customizations/dropping-unwanted-dashboards.md",
"chars": 2638,
"preview": "### Dropping unwanted dashboards\n\nWhen deploying kube-prometheus, your Grafana instance is deployed with a lot of dashbo"
},
{
"path": "docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md",
"chars": 7030,
"preview": "---\nweight: 303\ntoc: true\ntitle: Expose via Ingress\nmenu:\n docs:\n parent: kube\nlead: This guide will help you "
},
{
"path": "docs/customizations/monitoring-additional-namespaces.md",
"chars": 3902,
"preview": "### Monitoring additional namespaces\n\nIn order to monitor additional namespaces, the Prometheus server requires the appr"
},
{
"path": "docs/customizations/monitoring-all-namespaces.md",
"chars": 1751,
"preview": "### Monitoring all namespaces\n\nIn case you want to monitor all namespaces in a cluster, you can add the following mixin."
},
{
"path": "docs/customizations/node-ports.md",
"chars": 323,
"preview": "### NodePorts\n\nAnother mixin that may be useful for exploring the stack is to expose the UIs of Prometheus, Alertmanager"
},
{
"path": "docs/customizations/platform-specific.md",
"chars": 634,
"preview": "### Running kube-prometheus on specific platforms\n\nA common example is that not all Kubernetes clusters are created exac"
},
{
"path": "docs/customizations/pod-anti-affinity.md",
"chars": 1302,
"preview": "### Pod Anti-Affinity\n\nTo prevent `Prometheus` and `Alertmanager` instances from being deployed onto the same node when\n"
},
{
"path": "docs/customizations/prometheus-agent.md",
"chars": 2608,
"preview": "### Prometheus-agent mode\n\n***ATTENTION***: Although it is possible to run Prometheus in Agent mode with Prometheus-Oper"
},
{
"path": "docs/customizations/static-etcd-configuration.md",
"chars": 5004,
"preview": "### Static etcd configuration\n\nIn order to configure a static etcd cluster to scrape there is a simple [static-etcd.libs"
},
{
"path": "docs/customizations/strip-limits.md",
"chars": 1234,
"preview": "### Stripping container resource limits\n\nSometimes in small clusters, the CPU/memory limits can get high enough for aler"
},
{
"path": "docs/customizations/using-custom-container-registry.md",
"chars": 2307,
"preview": "### Internal Registry\n\nSome Kubernetes installations source all their images from an internal registry. kube-prometheus "
},
{
"path": "docs/customizing.md",
"chars": 9170,
"preview": "# Customizing Kube-Prometheus\n\nThis section:\n* describes how to customize the kube-prometheus library via compiling the "
},
{
"path": "docs/deploy-kind.md",
"chars": 418,
"preview": "---\nweight: 301\ntoc: true\ntitle: Deploy to kind\nmenu:\n docs:\n parent: kube\nlead: This guide will help you depl"
},
{
"path": "docs/endpoints-migration.md",
"chars": 1521,
"preview": "# Migration from Endpoints to EndpointSlice\n\n`kube-prometheus` 0.17+ automatically configures Prometheus to use Endpoint"
},
{
"path": "docs/kube-prometheus-on-kubeadm.md",
"chars": 7523,
"preview": "---\nweight: 302\ntoc: true\ntitle: Deploy to kubeadm\nmenu:\n docs:\n parent: kube\nlead: This guide will help you d"
},
{
"path": "docs/migration-example/my.release-0.3.jsonnet",
"chars": 10433,
"preview": "// Has the following customisations\n// \tCustom alert manager config\n// \tIngresses for the alert manager, prometheus and "
},
{
"path": "docs/migration-example/my.release-0.8.jsonnet",
"chars": 10298,
"preview": "// Has the following customisations\n// \tCustom alert manager config\n// \tIngresses for the alert manager, prometheus and "
},
{
"path": "docs/migration-example/readme.md",
"chars": 5904,
"preview": "## Example of conversion of a legacy my.jsonnet file\n\nAn example conversion of a legacy custom jsonnet file to release-0"
},
{
"path": "docs/migration-guide.md",
"chars": 6820,
"preview": "# Migration guide from release-0.7 and earlier\n\n## Why?\n\nThanks to our community we identified a lot of short-commings o"
},
{
"path": "docs/monitoring-external-etcd.md",
"chars": 2502,
"preview": "---\nweight: 305\ntoc: true\ntitle: Monitoring external etcd\nmenu:\n docs:\n parent: kube\nlead: This guide will hel"
},
{
"path": "docs/monitoring-other-namespaces.md",
"chars": 2400,
"preview": "---\nweight: 306\ntoc: true\ntitle: Monitoring other Namespaces\nmenu:\n docs:\n parent: kube\nlead: This guide will "
},
{
"path": "docs/security.md",
"chars": 1690,
"preview": "## Security\n\nThe manifests generated in this repository are subject to a security audit in CI via [kubescape](https://gi"
},
{
"path": "docs/troubleshooting.md",
"chars": 2677,
"preview": "# Troubleshooting\n\nSee the general [guidelines](community-support.md) for getting support from the community.\n\n## Error "
},
{
"path": "docs/update.md",
"chars": 1074,
"preview": "# Update kube-prometheus\n\nYou may wish to fetch changes made on this project so they are available to you.\n\n## Update jb"
},
{
"path": "docs/weave-net-support.md",
"chars": 4321,
"preview": "# Setup Weave Net monitoring using kube-prometheus\n\n[Weave Net](https://kubernetes.io/docs/concepts/cluster-administrati"
},
{
"path": "docs/windows.md",
"chars": 2152,
"preview": "# Windows\n\nThe [Windows hostprocess addon](../examples/windows-hostprocess.jsonnet) adds the dashboards and rules from ["
},
{
"path": "example.jsonnet",
"chars": 2273,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n // Uncomment the following imports to enable its patches\n //"
},
{
"path": "examples/additional-namespaces-servicemonitor.jsonnet",
"chars": 1552,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/additional-namespaces.jsonnet",
"chars": 935,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/alertmanager-alert-template.tmpl",
"chars": 1095,
"preview": "# to know more about custom template language read alertmanager documentation\n# inspired by : https://gist.github.com/mi"
},
{
"path": "examples/alertmanager-config-external.jsonnet",
"chars": 175,
"preview": "((import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n alertmanager+: {\n config: importstr 'alertmanag"
},
{
"path": "examples/alertmanager-config-template-external.jsonnet",
"chars": 975,
"preview": "local configmap(name, namespace, data) = {\n apiVersion: 'v1',\n kind: 'ConfigMap',\n metadata: {\n name: name,\n na"
},
{
"path": "examples/alertmanager-config-with-template.yaml",
"chars": 619,
"preview": "# external alertmanager yaml\nglobal:\n resolve_timeout: 10m\n slack_api_url: url\nroute:\n group_by: ['job']\n group_wait"
},
{
"path": "examples/alertmanager-config.jsonnet",
"chars": 512,
"preview": "((import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n alertmanager+: {\n config: |||\n global:\n"
},
{
"path": "examples/alertmanager-config.yaml",
"chars": 895,
"preview": "# external alertmanager yaml\nglobal:\n resolve_timeout: 10m\n slack_api_url: url\nroute:\n group_by: ['job']\n group_wait"
},
{
"path": "examples/all-namespaces.jsonnet",
"chars": 968,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/all-namespaces.libsonn"
},
{
"path": "examples/anti-affinity.jsonnet",
"chars": 919,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/anti-affinity.libsonne"
},
{
"path": "examples/auth",
"chars": 105,
"preview": "# This file should not ever be used, it's just a mock.\ndontusethis:$apr1$heg6VIp7$1PSzJ/Z6fYboQ5pYrbgSy.\n"
},
{
"path": "examples/basic-auth/secrets.yaml",
"chars": 128,
"preview": "apiVersion: v1\nkind: Secret\nmetadata:\n name: basic-auth\ndata:\n password: dG9vcg== # toor\n user: YWRtaW4= # admin\ntype"
},
{
"path": "examples/basic-auth/service-monitor.yaml",
"chars": 427,
"preview": "apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n labels:\n k8s-apps: basic-auth-example\n name: b"
},
{
"path": "examples/changing-default-rules.libsonnet",
"chars": 3332,
"preview": "local filter = {\n kubernetesControlPlane+: {\n prometheusRule+: {\n spec+: {\n groups: std.map(\n f"
},
{
"path": "examples/continuous-delivery/argocd/README.md",
"chars": 733,
"preview": "## ArgoCD Example\n\nThis is the simplest, working example of an argocd app, the JSON object built is now an array of obje"
},
{
"path": "examples/continuous-delivery/argocd/application.yaml",
"chars": 587,
"preview": "---\napiVersion: argoproj.io/v1alpha1\nkind: Application\nmetadata:\n name: kube-prometheus\n namespace: argocd\n annotatio"
},
{
"path": "examples/continuous-delivery/argocd/appproject.yaml",
"chars": 613,
"preview": "apiVersion: argoproj.io/v1alpha1\nkind: AppProject\nmetadata:\n annotations:\n recipients.argocd-notifications.argoproj."
},
{
"path": "examples/continuous-delivery/argocd/kube-prometheus/argocd-basic.jsonnet",
"chars": 3298,
"preview": "// NB! Make sure that argocd-cm has `application.instanceLabelKey` set to something else than `app.kubernetes.io/instanc"
},
{
"path": "examples/drop-dashboards.jsonnet",
"chars": 1788,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n {\n values+:: {\n common+: {\n namespace: 'monito"
},
{
"path": "examples/eks-cni-example.jsonnet",
"chars": 1258,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/etcd-client-ca.crt",
"chars": 0,
"preview": ""
},
{
"path": "examples/etcd-client.crt",
"chars": 0,
"preview": ""
},
{
"path": "examples/etcd-client.key",
"chars": 0,
"preview": ""
},
{
"path": "examples/etcd-skip-verify.jsonnet",
"chars": 1137,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/static-etcd.libsonnet'"
},
{
"path": "examples/etcd.jsonnet",
"chars": 4297,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/static-etcd.libsonnet'"
},
{
"path": "examples/example-app/example-app.yaml",
"chars": 750,
"preview": "kind: Service\napiVersion: v1\nmetadata:\n name: example-app\n labels:\n tier: frontend\n namespace: default\nspec:\n sel"
},
{
"path": "examples/example-app/prometheus-frontend-alertmanager-discovery-role-binding.yaml",
"chars": 294,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: prometheus-frontend\n namespace: monitoring"
},
{
"path": "examples/example-app/prometheus-frontend-alertmanager-discovery-role.yaml",
"chars": 218,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: alertmanager-discovery\n namespace: monitoring\nrul"
},
{
"path": "examples/example-app/prometheus-frontend-role-binding.yaml",
"chars": 288,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: prometheus-frontend\n namespace: default\nro"
},
{
"path": "examples/example-app/prometheus-frontend-role.yaml",
"chars": 292,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n name: prometheus-frontend\n namespace: default\nrules:\n- "
},
{
"path": "examples/example-app/prometheus-frontend-service-account.yaml",
"chars": 95,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: prometheus-frontend\n namespace: default\n"
},
{
"path": "examples/example-app/prometheus-frontend-svc.yaml",
"chars": 244,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: prometheus-frontend\n namespace: default\nspec:\n type: NodePort\n ports:\n"
},
{
"path": "examples/example-app/prometheus-frontend.yaml",
"chars": 662,
"preview": "apiVersion: monitoring.coreos.com/v1\nkind: Prometheus\nmetadata:\n name: frontend\n namespace: default\n labels:\n prom"
},
{
"path": "examples/example-app/servicemonitor-frontend.yaml",
"chars": 316,
"preview": "apiVersion: monitoring.coreos.com/v1\nkind: ServiceMonitor\nmetadata:\n name: frontend\n namespace: default\n labels:\n "
},
{
"path": "examples/example-grafana-dashboard.json",
"chars": 4768,
"preview": "{\n \"annotations\": {\n \"list\": [\n\n ]\n },\n \"editable\": false,\n \"gnetid\": null,\n \"graphtooltip\""
},
{
"path": "examples/existingrule.json",
"chars": 181,
"preview": "{\"groups\":[{\"name\":\"example-group\",\"rules\":[{\"alert\":\"ExampleAlert\",\"annotations\":{\"description\":\"This is an example ale"
},
{
"path": "examples/existingrule.yaml",
"chars": 183,
"preview": "groups:\n- name: example-group\n rules:\n - alert: ExampleAlert\n expr: vector(1)\n labels:\n severity: \"warning\""
},
{
"path": "examples/grafana-additional-jsonnet-dashboard-example.jsonnet",
"chars": 1816,
"preview": "local grafana = import 'grafonnet/grafana.libsonnet';\nlocal dashboard = grafana.dashboard;\nlocal row = grafana.row;\nloca"
},
{
"path": "examples/grafana-additional-rendered-dashboard-example-2.jsonnet",
"chars": 981,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+:: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/grafana-additional-rendered-dashboard-example.jsonnet",
"chars": 1032,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+:: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/grafana-ldap.jsonnet",
"chars": 848,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n {\n values+:: {\n common+: {\n namespace: 'monito"
},
{
"path": "examples/grafana-only-dashboards.jsonnet",
"chars": 555,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n {\n values+:: {\n common+: {\n namespace: 'monito"
},
{
"path": "examples/ingress-one-to-many.jsonnet",
"chars": 2682,
"preview": "local ingress(name, namespace, rules) = {\n apiVersion: 'networking.k8s.io/v1',\n kind: 'Ingress',\n metadata: {\n nam"
},
{
"path": "examples/ingress.jsonnet",
"chars": 3113,
"preview": "local ingress(name, namespace, rules) = {\n apiVersion: 'networking.k8s.io/v1',\n kind: 'Ingress',\n metadata: {\n nam"
},
{
"path": "examples/internal-registry.jsonnet",
"chars": 985,
"preview": "local mixin = import 'kube-prometheus/addons/config-mixins.libsonnet';\nlocal kp = (import 'kube-prometheus/main.libsonne"
},
{
"path": "examples/jsonnet-build-snippet/build-snippet.jsonnet",
"chars": 831,
"preview": "{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +\n{ ['0prometheus-o"
},
{
"path": "examples/jsonnet-snippets/node-ports.jsonnet",
"chars": 99,
"preview": "(import 'kube-prometheus/main.libsonnet') +\n(import 'kube-prometheus/addons/node-ports.libsonnet')\n"
},
{
"path": "examples/jsonnet-snippets/platform.jsonnet",
"chars": 125,
"preview": "(import 'kube-prometheus/main.libsonnet') +\n{\n values+:: {\n common+: {\n platform: 'example-platform',\n },\n "
},
{
"path": "examples/kubeProxy.jsonnet",
"chars": 1028,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/kustomize.jsonnet",
"chars": 1102,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitori"
},
{
"path": "examples/minikube.jsonnet",
"chars": 2777,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n // Note that NodePort type services is likely not a good idea"
},
{
"path": "examples/mixin-inclusion.jsonnet",
"chars": 1584,
"preview": "local addMixin = (import 'kube-prometheus/lib/mixin.libsonnet');\nlocal etcdMixin = addMixin({\n name: 'etcd',\n mixin: ("
},
{
"path": "examples/name-namespace-overrides.jsonnet",
"chars": 1927,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n {\n values+:: {\n common+: {\n "
},
{
"path": "examples/networkpolicies-disabled.jsonnet",
"chars": 814,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/networkpolicies-disabl"
},
{
"path": "examples/pod-security-policies.jsonnet",
"chars": 1688,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/podsecuritypolicies.libsonnet"
},
{
"path": "examples/prometheus-additional-alert-rule-example.jsonnet",
"chars": 1782,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/prometheus-additional-recording-rule-example.jsonnet",
"chars": 1601,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/prometheus-additional-rendered-rule-example.jsonnet",
"chars": 1409,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') + {\n values+:: {\n common+: {\n namespace: 'monitoring',\n "
},
{
"path": "examples/prometheus-agent.jsonnet",
"chars": 2245,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n {\n values+:: {\n common+: {\n namespace: 'monito"
},
{
"path": "examples/prometheus-pvc.jsonnet",
"chars": 4584,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n // Uncomment the following imports to enable its patches\n //"
},
{
"path": "examples/prometheus-thanos.jsonnet",
"chars": 2529,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n // Uncomment the following imports to enable its patches\n //"
},
{
"path": "examples/rule-patcher.jsonnet",
"chars": 2191,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n {\n values+:: {\n common+: {\n namespace: 'monito"
},
{
"path": "examples/rule-patches.libsonnet",
"chars": 435,
"preview": "{\n excludedRuleGroups: [\n 'alertmanager.rules',\n ],\n excludedRules: [\n {\n name: 'prometheus-operator',\n "
},
{
"path": "examples/strip-limits.jsonnet",
"chars": 918,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/strip-limits.libsonnet"
},
{
"path": "examples/sync-to-internal-registry.jsonnet",
"chars": 867,
"preview": "local l = import 'kube-prometheus/addons/config-mixins.libsonnet';\nlocal kp = import 'kube-prometheus/main.libsonnet';\nl"
},
{
"path": "examples/thanos-sidecar.jsonnet",
"chars": 1578,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n {\n values+:: {\n common+: {\n namespace: 'monito"
},
{
"path": "examples/tolerations.libsonnet",
"chars": 336,
"preview": "{\n prometheus+: {\n prometheus+: {\n spec+: {\n tolerations: [\n {\n key: 'key1',\n "
},
{
"path": "examples/weave-net-example.jsonnet",
"chars": 1806,
"preview": "local kp = (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/weave-net/weave-net.li"
},
{
"path": "examples/windows-hostprocess.jsonnet",
"chars": 1906,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/windows-hostprocess.libsonnet"
},
{
"path": "examples/windows.jsonnet",
"chars": 1797,
"preview": "local kp =\n (import 'kube-prometheus/main.libsonnet') +\n (import 'kube-prometheus/addons/windows.libsonnet') +\n {\n "
},
{
"path": "experimental/metrics-server/auth-delegator.yaml",
"chars": 299,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: metrics-server:system:auth-delegator"
},
{
"path": "experimental/metrics-server/auth-reader.yaml",
"chars": 320,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: metrics-server-auth-reader\n namespace: kub"
},
{
"path": "experimental/metrics-server/metrics-apiservice.yaml",
"chars": 294,
"preview": "apiVersion: apiregistration.k8s.io/v1beta1\nkind: APIService\nmetadata:\n name: v1beta1.metrics.k8s.io\nspec:\n service:\n "
},
{
"path": "experimental/metrics-server/metrics-server-cluster-role-binding.yaml",
"chars": 284,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: system:metrics-server\nroleRef:\n api"
},
{
"path": "experimental/metrics-server/metrics-server-cluster-role.yaml",
"chars": 409,
"preview": "apiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: system:metrics-server\nrules:\n- apiGroups:\n "
},
{
"path": "experimental/metrics-server/metrics-server-deployment.yaml",
"chars": 583,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: metrics-server\n namespace: kube-system\n labels:\n k8s-app: me"
},
{
"path": "experimental/metrics-server/metrics-server-service-account.yaml",
"chars": 94,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: metrics-server\n namespace: kube-system\n"
},
{
"path": "experimental/metrics-server/metrics-server-service.yaml",
"chars": 245,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: metrics-server\n namespace: kube-system\n labels:\n kubernetes.io/name:"
},
{
"path": "go.mod",
"chars": 2159,
"preview": "module github.com/prometheus-operator/kube-prometheus\n\ngo 1.25.0\n\nrequire (\n\tgithub.com/Jeffail/gabs v1.4.0\n\tgithub.com/"
},
{
"path": "go.sum",
"chars": 13080,
"preview": "github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo=\ngithub.com/Jeffail/gabs v1.4.0/go.mod h1:"
},
{
"path": "jsonnet/kube-prometheus/.gitignore",
"chars": 30,
"preview": "jsonnetfile.lock.json\nvendor/\n"
},
{
"path": "jsonnet/kube-prometheus/addons/all-namespaces.libsonnet",
"chars": 720,
"preview": "{\n prometheus+: {\n clusterRole+: {\n rules+: [\n {\n apiGroups: ['discovery.k8s.io'],\n re"
},
{
"path": "jsonnet/kube-prometheus/addons/anti-affinity.libsonnet",
"chars": 2564,
"preview": "{\n values+:: {\n alertmanager+: {\n podAntiAffinity: 'soft',\n podAntiAffinityTopologyKey: 'kubernetes.io/hos"
},
{
"path": "jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet",
"chars": 3666,
"preview": "{\n values+:: {\n awsVpcCni: {\n // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`.\n //\n "
},
{
"path": "jsonnet/kube-prometheus/addons/config-mixins.libsonnet",
"chars": 1011,
"preview": "local imageName(image) =\n local parts = std.split(image, '/');\n local len = std.length(parts);\n if len == 3 then\n "
},
{
"path": "jsonnet/kube-prometheus/addons/custom-metrics.libsonnet",
"chars": 5518,
"preview": "// Custom metrics API allows the HPA v2 to scale based on arbirary metrics.\n// For more details on usage visit https://g"
},
{
"path": "jsonnet/kube-prometheus/addons/dropping-deprecated-metrics-relabelings.libsonnet",
"chars": 9268,
"preview": "[\n // Drop all kubelet metrics which are deprecated in kubernetes.\n {\n sourceLabels: ['__name__'],\n regex: 'kube"
},
{
"path": "jsonnet/kube-prometheus/addons/external-metrics.libsonnet",
"chars": 2742,
"preview": "// External metrics API allows the HPA v2 to scale based on metrics coming from outside of Kubernetes cluster\n// For mor"
},
{
"path": "jsonnet/kube-prometheus/addons/insecure-kubelet.libsonnet",
"chars": 1334,
"preview": "{\n prometheus+: {\n serviceMonitorKubelet+:\n {\n spec+: {\n endpoints: [\n {\n "
},
{
"path": "jsonnet/kube-prometheus/addons/ksm-autoscaler.libsonnet",
"chars": 4122,
"preview": "{\n values+:: {\n clusterVerticalAutoscaler: {\n version: '0.8.1',\n image: 'gcr.io/google_containers/cpvpa-am"
},
{
"path": "jsonnet/kube-prometheus/addons/ksm-lite.libsonnet",
"chars": 1046,
"preview": "local addArgs(args, name, containers) = std.map(\n function(c) if c.name == name then\n c {\n args+: args,\n }\n "
},
{
"path": "jsonnet/kube-prometheus/addons/managed-cluster.libsonnet",
"chars": 614,
"preview": "// On managed Kubernetes clusters some of the control plane components are not exposed to customers.\n// Disable scrape j"
},
{
"path": "jsonnet/kube-prometheus/addons/networkpolicies-disabled.libsonnet",
"chars": 448,
"preview": "// Disables creation of NetworkPolicies\n\n{\n blackboxExporter+: {\n networkPolicy:: {},\n },\n\n kubeStateMetrics+: {\n "
},
{
"path": "jsonnet/kube-prometheus/addons/node-ports.libsonnet",
"chars": 418,
"preview": "local patch(ports) = {\n spec+: {\n ports: ports,\n type: 'NodePort',\n },\n};\n\n{\n prometheus+: {\n service+: patc"
},
{
"path": "jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet",
"chars": 6415,
"preview": "local restrictedPodSecurityPolicy = {\n apiVersion: 'policy/v1beta1',\n kind: 'PodSecurityPolicy',\n metadata: {\n nam"
},
{
"path": "jsonnet/kube-prometheus/addons/pyrra.libsonnet",
"chars": 17874,
"preview": "{\n values+:: {\n common+: {\n versions+: {\n pyrra: error 'must provide version',\n } + (import '../ver"
},
{
"path": "jsonnet/kube-prometheus/addons/static-etcd.libsonnet",
"chars": 3128,
"preview": "(import 'github.com/etcd-io/etcd/contrib/mixin/mixin.libsonnet') + {\n values+:: {\n etcd: {\n ips: [],\n clie"
},
{
"path": "jsonnet/kube-prometheus/addons/strip-limits.libsonnet",
"chars": 1060,
"preview": "// Strips spec.containers[].limits for certain containers\n// https://github.com/prometheus-operator/kube-prometheus/issu"
},
{
"path": "jsonnet/kube-prometheus/addons/user-facing-roles.libsonnet",
"chars": 1570,
"preview": "// user facing roles for monitors, probe, and rules\n// ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac"
},
{
"path": "jsonnet/kube-prometheus/addons/weave-net/alerts.libsonnet",
"chars": 3890,
"preview": "[\n {\n alert: 'WeaveNetIPAMSplitBrain',\n expr: 'max(weave_ipam_unreachable_percentage) - min(weave_ipam_unreachabl"
},
{
"path": "jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net-cluster.json",
"chars": 75361,
"preview": "{\n \"__inputs\": [],\n \"__requires\": [\n {\n \"type\": \"grafana\",\n \"id\": \"grafana\",\n \"name\": \"Grafana\",\n "
},
{
"path": "jsonnet/kube-prometheus/addons/weave-net/grafana-weave-net.json",
"chars": 58543,
"preview": "{\n \"__inputs\": [],\n \"__requires\": [\n {\n \"type\": \"grafana\",\n \"id\": \"grafana\",\n \"name\": \"Grafana\",\n "
},
{
"path": "jsonnet/kube-prometheus/addons/weave-net/weave-net.libsonnet",
"chars": 1774,
"preview": "{\n prometheus+: {\n local p = self,\n serviceWeaveNet: {\n apiVersion: 'v1',\n kind: 'Service',\n metad"
},
{
"path": "jsonnet/kube-prometheus/addons/windows-hostprocess.libsonnet",
"chars": 5904,
"preview": "local windowsdashboards = import 'github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet';\nlocal"
},
{
"path": "jsonnet/kube-prometheus/addons/windows.libsonnet",
"chars": 1976,
"preview": "local windowsdashboards = import 'github.com/kubernetes-monitoring/kubernetes-mixin/dashboards/windows.libsonnet';\nlocal"
},
{
"path": "jsonnet/kube-prometheus/components/alertmanager.libsonnet",
"chars": 6870,
"preview": "local defaults = {\n local defaults = self,\n // Convention: Top-level fields related to CRDs are public, other fields a"
},
{
"path": "jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet",
"chars": 8580,
"preview": "local krp = import './kube-rbac-proxy.libsonnet';\n\nlocal defaults = {\n local defaults = self,\n // Convention: Top-leve"
},
{
"path": "jsonnet/kube-prometheus/components/grafana.libsonnet",
"chars": 3674,
"preview": "local kubernetesGrafana = import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet';\n\nlocal defaults = {\n "
},
{
"path": "jsonnet/kube-prometheus/components/k8s-control-plane.libsonnet",
"chars": 14435,
"preview": "local relabelings = import '../addons/dropping-deprecated-metrics-relabelings.libsonnet';\n\nlocal defaults = {\n // Conve"
},
{
"path": "jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet",
"chars": 3204,
"preview": "local defaults = {\n // Convention: Top-level fields related to CRDs are public, other fields are hidden\n // If there i"
},
{
"path": "jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet",
"chars": 6656,
"preview": "local krp = import './kube-rbac-proxy.libsonnet';\n\nlocal defaults = {\n local defaults = self,\n // Convention: Top-leve"
},
{
"path": "jsonnet/kube-prometheus/components/mixin/alerts/alerts.libsonnet",
"chars": 57,
"preview": "(import 'general.libsonnet') +\n(import 'node.libsonnet')\n"
},
{
"path": "jsonnet/kube-prometheus/components/mixin/alerts/general.libsonnet",
"chars": 2545,
"preview": "{\n prometheusAlerts+:: {\n groups+: [\n {\n name: 'general.rules',\n rules: [\n {\n "
},
{
"path": "jsonnet/kube-prometheus/components/mixin/alerts/node.libsonnet",
"chars": 734,
"preview": "{\n prometheusAlerts+:: {\n groups+: [\n {\n name: 'node-network',\n rules: [\n {\n "
},
{
"path": "jsonnet/kube-prometheus/components/mixin/custom.libsonnet",
"chars": 1411,
"preview": "local defaults = {\n name: 'kube-prometheus',\n namespace: error 'must provide namespace',\n commonLabels:: {\n 'app.k"
},
{
"path": "jsonnet/kube-prometheus/components/mixin/rules/general.libsonnet",
"chars": 394,
"preview": "{\n prometheusRules+:: {\n groups+: [\n {\n name: 'kube-prometheus-general.rules',\n rules: [\n "
},
{
"path": "jsonnet/kube-prometheus/components/mixin/rules/node-rules.libsonnet",
"chars": 1342,
"preview": "{\n prometheusRules+:: {\n groups+: [\n {\n name: 'kube-prometheus-node-recording.rules',\n rules: [\n "
},
{
"path": "jsonnet/kube-prometheus/components/mixin/rules/rules.libsonnet",
"chars": 63,
"preview": "(import 'node-rules.libsonnet') +\n(import 'general.libsonnet')\n"
},
{
"path": "jsonnet/kube-prometheus/components/node-exporter.libsonnet",
"chars": 10364,
"preview": "local krp = import './kube-rbac-proxy.libsonnet';\n\nlocal defaults = {\n local defaults = self,\n // Convention: Top-leve"
},
{
"path": "jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet",
"chars": 13842,
"preview": "local defaults = {\n local defaults = self,\n // Convention: Top-level fields related to CRDs are public, other fields a"
},
{
"path": "jsonnet/kube-prometheus/components/prometheus-operator.libsonnet",
"chars": 5458,
"preview": "local krp = import './kube-rbac-proxy.libsonnet';\nlocal prometheusOperator = import 'github.com/prometheus-operator/prom"
},
{
"path": "jsonnet/kube-prometheus/components/prometheus.libsonnet",
"chars": 12928,
"preview": "local defaults = {\n local defaults = self,\n // Convention: Top-level fields related to CRDs are public, other fields a"
},
{
"path": "jsonnet/kube-prometheus/jsonnetfile.json",
"chars": 2854,
"preview": "{\n \"version\": 1,\n \"dependencies\": [\n {\n \"source\": {\n \"git\": {\n \"remote\": \"https://github.com/b"
},
{
"path": "jsonnet/kube-prometheus/lib/mixin.libsonnet",
"chars": 1214,
"preview": "local defaults = {\n name: error 'provide name',\n namespace: 'monitoring',\n labels: {\n prometheus: 'k8s',\n },\n mi"
},
{
"path": "jsonnet/kube-prometheus/lib/rule-sanitizer.libsonnet",
"chars": 4783,
"preview": "local defaults = {\n /* name of rule groups to exclude */\n excludedRuleGroups: [],\n /* Rule match is based on field \"a"
},
{
"path": "jsonnet/kube-prometheus/lib/utils.libsonnet",
"chars": 285,
"preview": "{\n // rangeInterval takes a scrape interval and convert its to a range interval\n // following Prometheus rule of thumb"
},
{
"path": "jsonnet/kube-prometheus/main.libsonnet",
"chars": 7414,
"preview": "local alertmanager = import './components/alertmanager.libsonnet';\nlocal blackboxExporter = import './components/blackbo"
},
{
"path": "jsonnet/kube-prometheus/platforms/README.md",
"chars": 441,
"preview": "# Adding a new platform specific configuration\n\nAdding a new platform specific configuration requires to update the [cus"
},
{
"path": "jsonnet/kube-prometheus/platforms/aks.libsonnet",
"chars": 792,
"preview": "(import '../addons/managed-cluster.libsonnet') + {\n values+:: {\n prometheusAdapter+: {\n config+: {\n reso"
},
{
"path": "jsonnet/kube-prometheus/platforms/aws.libsonnet",
"chars": 942,
"preview": "local service(name, namespace, labels, selector, ports) = {\n apiVersion: 'v1',\n kind: 'Service',\n metadata: {\n nam"
},
{
"path": "jsonnet/kube-prometheus/platforms/bootkube.libsonnet",
"chars": 1291,
"preview": "local service(name, namespace, labels, selector, ports) = {\n apiVersion: 'v1',\n kind: 'Service',\n metadata: {\n nam"
},
{
"path": "jsonnet/kube-prometheus/platforms/eks.libsonnet",
"chars": 393,
"preview": "(import '../addons/aws-vpc-cni.libsonnet') +\n(import '../addons/managed-cluster.libsonnet') + {\n kubernetesControlPlane"
},
{
"path": "jsonnet/kube-prometheus/platforms/gke.libsonnet",
"chars": 215,
"preview": "(import '../addons/managed-cluster.libsonnet') + {\n values+:: {\n prometheusAdapter+: {\n config+: {\n reso"
},
{
"path": "jsonnet/kube-prometheus/platforms/kops-coredns.libsonnet",
"chars": 498,
"preview": "{\n kubernetesControlPlane+: {\n kubeDnsPrometheusDiscoveryService: {\n apiVersion: 'v1',\n kind: 'Service',\n "
},
{
"path": "jsonnet/kube-prometheus/platforms/kops.libsonnet",
"chars": 1346,
"preview": "local service(name, namespace, labels, selector, ports) = {\n apiVersion: 'v1',\n kind: 'Service',\n metadata: {\n nam"
}
]
// ... and 120 more files (download for full content)
About this extraction
This page contains the full source code of the prometheus-operator/kube-prometheus GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 320 files (6.1 MB), approximately 1.6M tokens, and a symbol index with 15 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.