From 9b0e60b8cc6098e6b2454e417524de2ac9ce21a4 Mon Sep 17 00:00:00 2001 From: titver968 Date: Tue, 19 Aug 2025 10:42:23 +0200 Subject: [PATCH] nodeExporter enabled false --- argocd/apps/prometheus/prometheus.yaml | 104 ++++--------------------- 1 file changed, 15 insertions(+), 89 deletions(-) diff --git a/argocd/apps/prometheus/prometheus.yaml b/argocd/apps/prometheus/prometheus.yaml index 209a268..9ccb974 100644 --- a/argocd/apps/prometheus/prometheus.yaml +++ b/argocd/apps/prometheus/prometheus.yaml @@ -39,30 +39,10 @@ spec: requests: cpu: 100m memory: 128Mi - - # Security Context für Prometheus Server - securityContext: - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 - seccompProfile: - type: RuntimeDefault - - containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - capabilities: - drop: - - ALL - # Node Exporter deaktiviert - wird separat installiert nodeExporter: enabled: false - + kubeStateMetrics: enabled: true @@ -70,12 +50,15 @@ spec: enabled: true service: type: ClusterIP - persistentVolume: enabled: true size: 2Gi storageClass: "local-path" - + + pushgateway: + enabled: true + service: + type: ClusterIP securityContext: runAsNonRoot: true runAsUser: 65534 @@ -83,72 +66,15 @@ spec: fsGroup: 65534 seccompProfile: type: RuntimeDefault - - # PUSHGATEWAY KOMPLETT DEAKTIVIEREN - pushgateway: - enabled: false - - # Zusätzliche Scrape-Konfiguration für k3s - serverFiles: - prometheus.yml: - global: - scrape_interval: 15s - evaluation_interval: 15s - - scrape_configs: - - job_name: 'prometheus' - static_configs: - - targets: ['localhost:9090'] - - - job_name: 'kubernetes-apiservers' - kubernetes_sd_configs: - - role: endpoints - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] - action: keep - regex: default;kubernetes;https - - - job_name: 'kubernetes-nodes' - kubernetes_sd_configs: - - role: node - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - - job_name: 'kubernetes-pods' - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name + containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + capabilities: + drop: + - ALL destination: server: https://kubernetes.default.svc