# prometheus.yaml # ArgoCD Application für Prometheus apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: prometheus namespace: argocd finalizers: - resources-finalizer.argocd.argoproj.io spec: project: default source: repoURL: https://prometheus-community.github.io/helm-charts targetRevision: 27.*.* chart: prometheus helm: valueFiles: - values.yaml values: | server: global: scrape_interval: 15s evaluation_interval: 15s service: type: ClusterIP servicePort: 80 persistentVolume: enabled: true size: 10Gi storageClass: "local-path" resources: limits: cpu: 1000m memory: 2Gi requests: cpu: 200m memory: 512Mi prometheus-node-exporter: enabled: true containerSecurityContext: allowPrivilegeEscalation: true readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 runAsGroup: 65534 capabilities: drop: - ALL kubeStateMetrics: enabled: true alertmanager: enabled: true service: type: ClusterIP persistentVolume: enabled: true size: 2Gi storageClass: "local-path" pushgateway: enabled: true service: type: ClusterIP securityContext: runAsNonRoot: true runAsUser: 65534 runAsGroup: 65534 fsGroup: 65534 seccompProfile: type: RuntimeDefault containerSecurityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 runAsGroup: 65534 capabilities: drop: - ALL destination: server: https://kubernetes.default.svc namespace: prometheus syncPolicy: managedNamespaceMetadata: labels: pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/warn: privileged automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true - PrunePropagationPolicy=foreground - RespectIgnoreDifferences=true