CoCalc -- agent-operator.yaml

GitHub Repository: aos/grafana-agent
Path: blob/main/production/operator/templates/agent-operator.yaml
⁴⁰⁹⁶ views
1
apiVersion: v1
2
kind: ServiceAccount
3
metadata:
4
  name: grafana-agent
5
  namespace: ${NAMESPACE}
6
---
7
apiVersion: v1
8
kind: ServiceAccount
9
metadata:
10
  name: grafana-agent-operator
11
  namespace: ${NAMESPACE}
12
---
13
apiVersion: v1
14
automountServiceAccountToken: false
15
kind: ServiceAccount
16
metadata:
17
  labels:
18
    app.kubernetes.io/component: exporter
19
    app.kubernetes.io/name: kube-state-metrics
20
    app.kubernetes.io/version: 2.5.0
21
  name: kube-state-metrics
22
  namespace: ${NAMESPACE}
23
---
24
apiVersion: v1
25
data: {}
26
kind: Secret
27
metadata:
28
  name: logs-secret
29
  namespace: ${NAMESPACE}
30
stringData:
31
  password: ${LOGS_KEY}
32
  username: ${LOGS_USER}
33
type: Opaque
34
---
35
apiVersion: v1
36
data: {}
37
kind: Secret
38
metadata:
39
  name: metrics-secret
40
  namespace: ${NAMESPACE}
41
stringData:
42
  password: ${METRICS_KEY}
43
  username: ${METRICS_USER}
44
type: Opaque
45
---
46
apiVersion: v1
47
kind: PersistentVolumeClaim
48
metadata:
49
  name: agent-eventhandler
50
  namespace: ${NAMESPACE}
51
spec:
52
  accessModes:
53
  - ReadWriteOnce
54
  resources:
55
    requests:
56
      storage: 1Gi
57
---
58
apiVersion: rbac.authorization.k8s.io/v1
59
kind: ClusterRole
60
metadata:
61
  name: grafana-agent
62
rules:
63
- apiGroups:
64
  - ""
65
  resources:
66
  - nodes
67
  - nodes/proxy
68
  - nodes/metrics
69
  - services
70
  - endpoints
71
  - pods
72
  - events
73
  verbs:
74
  - get
75
  - list
76
  - watch
77
- apiGroups:
78
  - networking.k8s.io
79
  resources:
80
  - ingresses
81
  verbs:
82
  - get
83
  - list
84
  - watch
85
- nonResourceURLs:
86
  - /metrics
87
  - /metrics/cadvisor
88
  verbs:
89
  - get
90
---
91
apiVersion: rbac.authorization.k8s.io/v1
92
kind: ClusterRole
93
metadata:
94
  name: grafana-agent-operator
95
rules:
96
- apiGroups:
97
  - monitoring.grafana.com
98
  resources:
99
  - grafanaagents
100
  - metricsinstances
101
  - logsinstances
102
  - podlogs
103
  - integrations
104
  verbs:
105
  - get
106
  - list
107
  - watch
108
- apiGroups:
109
  - monitoring.grafana.com
110
  resources:
111
  - grafanaagents/finalizers
112
  - metricsinstances/finalizers
113
  - logsinstances/finalizers
114
  - podlogs/finalizers
115
  - integrations/finalizers
116
  verbs:
117
  - get
118
  - list
119
  - watch
120
  - update
121
- apiGroups:
122
  - monitoring.coreos.com
123
  resources:
124
  - podmonitors
125
  - probes
126
  - servicemonitors
127
  verbs:
128
  - get
129
  - list
130
  - watch
131
- apiGroups:
132
  - monitoring.coreos.com
133
  resources:
134
  - podmonitors/finalizers
135
  - probes/finalizers
136
  - servicemonitors/finalizers
137
  verbs:
138
  - get
139
  - list
140
  - watch
141
  - update
142
- apiGroups:
143
  - ""
144
  resources:
145
  - namespaces
146
  - nodes
147
  verbs:
148
  - get
149
  - list
150
  - watch
151
- apiGroups:
152
  - ""
153
  resources:
154
  - secrets
155
  - services
156
  - configmaps
157
  - endpoints
158
  verbs:
159
  - get
160
  - list
161
  - watch
162
  - create
163
  - update
164
  - patch
165
  - delete
166
- apiGroups:
167
  - apps
168
  resources:
169
  - statefulsets
170
  - daemonsets
171
  - deployments
172
  verbs:
173
  - get
174
  - list
175
  - watch
176
  - create
177
  - update
178
  - patch
179
  - delete
180
---
181
apiVersion: rbac.authorization.k8s.io/v1
182
kind: ClusterRole
183
metadata:
184
  labels:
185
    app.kubernetes.io/component: exporter
186
    app.kubernetes.io/name: kube-state-metrics
187
    app.kubernetes.io/version: 2.5.0
188
  name: kube-state-metrics
189
rules:
190
- apiGroups:
191
  - ""
192
  resources:
193
  - configmaps
194
  - secrets
195
  - nodes
196
  - pods
197
  - services
198
  - resourcequotas
199
  - replicationcontrollers
200
  - limitranges
201
  - persistentvolumeclaims
202
  - persistentvolumes
203
  - namespaces
204
  - endpoints
205
  verbs:
206
  - list
207
  - watch
208
- apiGroups:
209
  - apps
210
  resources:
211
  - statefulsets
212
  - daemonsets
213
  - deployments
214
  - replicasets
215
  verbs:
216
  - list
217
  - watch
218
- apiGroups:
219
  - batch
220
  resources:
221
  - cronjobs
222
  - jobs
223
  verbs:
224
  - list
225
  - watch
226
- apiGroups:
227
  - autoscaling
228
  resources:
229
  - horizontalpodautoscalers
230
  verbs:
231
  - list
232
  - watch
233
- apiGroups:
234
  - authentication.k8s.io
235
  resources:
236
  - tokenreviews
237
  verbs:
238
  - create
239
- apiGroups:
240
  - authorization.k8s.io
241
  resources:
242
  - subjectaccessreviews
243
  verbs:
244
  - create
245
- apiGroups:
246
  - policy
247
  resources:
248
  - poddisruptionbudgets
249
  verbs:
250
  - list
251
  - watch
252
- apiGroups:
253
  - certificates.k8s.io
254
  resources:
255
  - certificatesigningrequests
256
  verbs:
257
  - list
258
  - watch
259
- apiGroups:
260
  - storage.k8s.io
261
  resources:
262
  - storageclasses
263
  - volumeattachments
264
  verbs:
265
  - list
266
  - watch
267
- apiGroups:
268
  - admissionregistration.k8s.io
269
  resources:
270
  - mutatingwebhookconfigurations
271
  - validatingwebhookconfigurations
272
  verbs:
273
  - list
274
  - watch
275
- apiGroups:
276
  - networking.k8s.io
277
  resources:
278
  - networkpolicies
279
  - ingresses
280
  verbs:
281
  - list
282
  - watch
283
- apiGroups:
284
  - coordination.k8s.io
285
  resources:
286
  - leases
287
  verbs:
288
  - list
289
  - watch
290
---
291
apiVersion: rbac.authorization.k8s.io/v1
292
kind: ClusterRoleBinding
293
metadata:
294
  name: grafana-agent
295
roleRef:
296
  apiGroup: rbac.authorization.k8s.io
297
  kind: ClusterRole
298
  name: grafana-agent
299
subjects:
300
- kind: ServiceAccount
301
  name: grafana-agent
302
  namespace: ${NAMESPACE}
303
---
304
apiVersion: rbac.authorization.k8s.io/v1
305
kind: ClusterRoleBinding
306
metadata:
307
  name: grafana-agent-operator
308
roleRef:
309
  apiGroup: rbac.authorization.k8s.io
310
  kind: ClusterRole
311
  name: grafana-agent-operator
312
subjects:
313
- kind: ServiceAccount
314
  name: grafana-agent-operator
315
  namespace: ${NAMESPACE}
316
---
317
apiVersion: rbac.authorization.k8s.io/v1
318
kind: ClusterRoleBinding
319
metadata:
320
  labels:
321
    app.kubernetes.io/component: exporter
322
    app.kubernetes.io/name: kube-state-metrics
323
    app.kubernetes.io/version: 2.5.0
324
  name: kube-state-metrics
325
roleRef:
326
  apiGroup: rbac.authorization.k8s.io
327
  kind: ClusterRole
328
  name: kube-state-metrics
329
subjects:
330
- kind: ServiceAccount
331
  name: kube-state-metrics
332
  namespace: ${NAMESPACE}
333
---
334
apiVersion: v1
335
kind: Service
336
metadata:
337
  labels:
338
    app.kubernetes.io/component: exporter
339
    app.kubernetes.io/name: kube-state-metrics
340
    app.kubernetes.io/version: 2.5.0
341
  name: kube-state-metrics
342
  namespace: ${NAMESPACE}
343
spec:
344
  clusterIP: None
345
  ports:
346
  - name: http-metrics
347
    port: 8080
348
    targetPort: http-metrics
349
  - name: telemetry
350
    port: 8081
351
    targetPort: telemetry
352
  selector:
353
    app.kubernetes.io/name: kube-state-metrics
354
---
355
apiVersion: apps/v1
356
kind: Deployment
357
metadata:
358
  name: grafana-agent-operator
359
  namespace: ${NAMESPACE}
360
spec:
361
  minReadySeconds: 10
362
  replicas: 1
363
  revisionHistoryLimit: 10
364
  selector:
365
    matchLabels:
366
      name: grafana-agent-operator
367
  template:
368
    metadata:
369
      labels:
370
        name: grafana-agent-operator
371
    spec:
372
      containers:
373
      - args:
374
        - --kubelet-service=default/kubelet
375
        image: grafana/agent-operator:v0.33.2
376
        imagePullPolicy: IfNotPresent
377
        name: grafana-agent-operator
378
      serviceAccount: grafana-agent-operator
379
---
380
apiVersion: apps/v1
381
kind: Deployment
382
metadata:
383
  labels:
384
    app.kubernetes.io/component: exporter
385
    app.kubernetes.io/name: kube-state-metrics
386
    app.kubernetes.io/version: 2.5.0
387
  name: kube-state-metrics
388
  namespace: ${NAMESPACE}
389
spec:
390
  replicas: 1
391
  selector:
392
    matchLabels:
393
      app.kubernetes.io/name: kube-state-metrics
394
  template:
395
    metadata:
396
      labels:
397
        app.kubernetes.io/component: exporter
398
        app.kubernetes.io/name: kube-state-metrics
399
        app.kubernetes.io/version: 2.5.0
400
    spec:
401
      automountServiceAccountToken: true
402
      containers:
403
      - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.5.0
404
        livenessProbe:
405
          httpGet:
406
            path: /healthz
407
            port: 8080
408
          initialDelaySeconds: 5
409
          timeoutSeconds: 5
410
        name: kube-state-metrics
411
        ports:
412
        - containerPort: 8080
413
          name: http-metrics
414
        - containerPort: 8081
415
          name: telemetry
416
        readinessProbe:
417
          httpGet:
418
            path: /
419
            port: 8081
420
          initialDelaySeconds: 5
421
          timeoutSeconds: 5
422
        securityContext:
423
          allowPrivilegeEscalation: false
424
          capabilities:
425
            drop:
426
            - ALL
427
          readOnlyRootFilesystem: true
428
          runAsUser: 65534
429
      nodeSelector:
430
        kubernetes.io/os: linux
431
      serviceAccountName: kube-state-metrics
432
---
433
apiVersion: monitoring.grafana.com/v1alpha1
434
kind: GrafanaAgent
435
metadata:
436
  name: grafana-agent
437
  namespace: ${NAMESPACE}
438
spec:
439
  image: grafana/agent:v0.33.2
440
  integrations:
441
    selector:
442
      matchLabels:
443
        agent: grafana-agent
444
  logs:
445
    instanceSelector:
446
      matchLabels:
447
        agent: grafana-agent
448
  metrics:
449
    externalLabels:
450
      cluster: ${CLUSTER}
451
    instanceSelector:
452
      matchLabels:
453
        agent: grafana-agent
454
  serviceAccountName: grafana-agent
455
---
456
apiVersion: monitoring.grafana.com/v1alpha1
457
kind: Integration
458
metadata:
459
  labels:
460
    agent: grafana-agent
461
  name: agent-eventhandler
462
  namespace: ${NAMESPACE}
463
spec:
464
  config:
465
    cache_path: /etc/eventhandler/eventhandler.cache
466
    logs_instance: ${NAMESPACE}/grafana-agent-logs
467
  name: eventhandler
468
  type:
469
    unique: true
470
  volumeMounts:
471
  - mountPath: /etc/eventhandler
472
    name: agent-eventhandler
473
  volumes:
474
  - name: agent-eventhandler
475
    persistentVolumeClaim:
476
      claimName: agent-eventhandler
477
---
478
apiVersion: monitoring.grafana.com/v1alpha1
479
kind: LogsInstance
480
metadata:
481
  labels:
482
    agent: grafana-agent
483
  name: grafana-agent-logs
484
  namespace: ${NAMESPACE}
485
spec:
486
  clients:
487
  - basicAuth:
488
      password:
489
        key: password
490
        name: logs-secret
491
      username:
492
        key: username
493
        name: logs-secret
494
    externalLabels:
495
      cluster: ${CLUSTER}
496
    url: ${LOGS_URL}
497
  podLogsNamespaceSelector: {}
498
  podLogsSelector:
499
    matchLabels:
500
      instance: primary
501
---
502
apiVersion: monitoring.grafana.com/v1alpha1
503
kind: MetricsInstance
504
metadata:
505
  labels:
506
    agent: grafana-agent
507
  name: grafana-agent-metrics
508
  namespace: ${NAMESPACE}
509
spec:
510
  remoteWrite:
511
  - basicAuth:
512
      password:
513
        key: password
514
        name: metrics-secret
515
      username:
516
        key: username
517
        name: metrics-secret
518
    url: ${METRICS_URL}
519
  serviceMonitorNamespaceSelector: {}
520
  serviceMonitorSelector:
521
    matchLabels:
522
      instance: primary
523
---
524
apiVersion: monitoring.grafana.com/v1alpha1
525
kind: PodLogs
526
metadata:
527
  labels:
528
    instance: primary
529
  name: kubernetes-logs
530
  namespace: ${NAMESPACE}
531
spec:
532
  namespaceSelector:
533
    any: true
534
  pipelineStages:
535
  - cri: {}
536
  relabelings:
537
  - sourceLabels:
538
    - __meta_kubernetes_pod_node_name
539
    targetLabel: __host__
540
  - action: replace
541
    sourceLabels:
542
    - __meta_kubernetes_namespace
543
    targetLabel: namespace
544
  - action: replace
545
    sourceLabels:
546
    - __meta_kubernetes_pod_name
547
    targetLabel: pod
548
  - action: replace
549
    sourceLabels:
550
    - __meta_kubernetes_pod_container_name
551
    targetLabel: container
552
  - replacement: /var/log/pods/*$1/*.log
553
    separator: /
554
    sourceLabels:
555
    - __meta_kubernetes_pod_uid
556
    - __meta_kubernetes_pod_container_name
557
    targetLabel: __path__
558
  selector:
559
    matchLabels: {}
560
---
561
apiVersion: monitoring.coreos.com/v1
562
kind: ServiceMonitor
563
metadata:
564
  labels:
565
    instance: primary
566
  name: ksm-monitor
567
  namespace: ${NAMESPACE}
568
spec:
569
  endpoints:
570
  - honorLabels: true
571
    interval: 60s
572
    path: /metrics
573
    port: http-metrics
574
    relabelings:
575
    - action: replace
576
      replacement: kube-state-metrics
577
      targetLabel: job
578
  namespaceSelector:
579
    matchNames:
580
    - ${NAMESPACE}
581
  selector:
582
    matchLabels:
583
      app.kubernetes.io/name: kube-state-metrics
584
---
585
apiVersion: monitoring.coreos.com/v1
586
kind: ServiceMonitor
587
metadata:
588
  labels:
589
    instance: primary
590
  name: kubelet-monitor
591
  namespace: ${NAMESPACE}
592
spec:
593
  endpoints:
594
  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
595
    honorLabels: true
596
    interval: 60s
597
    path: /metrics
598
    port: https-metrics
599
    relabelings:
600
    - sourceLabels:
601
      - __metrics_path__
602
      targetLabel: metrics_path
603
    - action: replace
604
      replacement: kubelet
605
      targetLabel: job
606
    scheme: https
607
    tlsConfig:
608
      insecureSkipVerify: true
609
  namespaceSelector:
610
    matchNames:
611
    - ${NAMESPACE}
612
  selector:
613
    matchLabels:
614
      app.kubernetes.io/name: kubelet
615
---
616
apiVersion: monitoring.coreos.com/v1
617
kind: ServiceMonitor
618
metadata:
619
  labels:
620
    instance: primary
621
  name: cadvisor-monitor
622
  namespace: default
623
spec:
624
  endpoints:
625
  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
626
    honorLabels: true
627
    interval: 60s
628
    path: /metrics/cadvisor
629
    port: https-metrics
630
    relabelings:
631
    - sourceLabels:
632
      - __metrics_path__
633
      targetLabel: metrics_path
634
    - action: replace
635
      replacement: cadvisor
636
      targetLabel: job
637
    scheme: https
638
    tlsConfig:
639
      insecureSkipVerify: true
640
  namespaceSelector:
641
    matchNames:
642
    - ${NAMESPACE}
643
  selector:
644
    matchLabels:
645
      app.kubernetes.io/name: kubelet
646

647
Product

Resources

Company
