innohub/k3s
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nodeExporter enabled false

Browse Source
This commit is contained in:
titver968
2025-08-19 10:42:23 +02:00
parent 6e2b879d69
commit 9b0e60b8cc
1 changed files with 15 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
argocd/apps/prometheus/prometheus.yaml
View File

@@ -39,30 +39,10 @@ spec:
requests: requests:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
# Security Context für Prometheus Server
securityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
capabilities:
drop:
- ALL
# Node Exporter deaktiviert - wird separat installiert
nodeExporter: nodeExporter:
enabled: false enabled: false
kubeStateMetrics: kubeStateMetrics:
enabled: true enabled: true
@@ -70,12 +50,15 @@ spec:
enabled: true enabled: true
service: service:
type: ClusterIP type: ClusterIP
persistentVolume: persistentVolume:
enabled: true enabled: true
size: 2Gi size: 2Gi
storageClass: "local-path" storageClass: "local-path"
pushgateway:
enabled: true
service:
type: ClusterIP
securityContext: securityContext:
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65534 runAsUser: 65534
@@ -83,72 +66,15 @@ spec:
fsGroup: 65534 fsGroup: 65534
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
containerSecurityContext:
# PUSHGATEWAY KOMPLETT DEAKTIVIEREN allowPrivilegeEscalation: false
pushgateway: readOnlyRootFilesystem: true
enabled: false runAsNonRoot: true
runAsUser: 65534
# Zusätzliche Scrape-Konfiguration für k3s runAsGroup: 65534
serverFiles: capabilities:
prometheus.yml: drop:
global: - ALL
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
- job_name: 'kubernetes-nodes'
kubernetes_sd_configs:
- role: node
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: kubernetes_pod_name
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc