innohub/k3s
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

neue prometheus.yaml

Browse Source
This commit is contained in:
titver968
2025-08-19 10:34:33 +02:00
parent c69577888b
commit 6e2b879d69
1 changed files with 89 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
argocd/apps/prometheus/prometheus.yaml
View File

@@ -40,10 +40,28 @@ spec:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
# Security Context für Prometheus Server
securityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
capabilities:
drop:
- ALL
# Node Exporter deaktiviert - wird separat installiert
nodeExporter: nodeExporter:
enabled: true enabled: false
service:
type: ClusterIP
kubeStateMetrics: kubeStateMetrics:
enabled: true enabled: true
@@ -52,15 +70,12 @@ spec:
enabled: true enabled: true
service: service:
type: ClusterIP type: ClusterIP
persistentVolume: persistentVolume:
enabled: true enabled: true
size: 2Gi size: 2Gi
storageClass: "local-path" storageClass: "local-path"
pushgateway:
enabled: true
service:
type: ClusterIP
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65534 runAsUser: 65534
@@ -68,15 +83,72 @@ spec:
fsGroup: 65534 fsGroup: 65534
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false # PUSHGATEWAY KOMPLETT DEAKTIVIEREN
readOnlyRootFilesystem: true pushgateway:
runAsNonRoot: true enabled: false
runAsUser: 65534
runAsGroup: 65534 # Zusätzliche Scrape-Konfiguration für k3s
capabilities: serverFiles:
drop: prometheus.yml:
- ALL global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
- job_name: 'kubernetes-nodes'
kubernetes_sd_configs:
- role: node
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: kubernetes_pod_name
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc