diff --git a/k8s/operators/kube-prometheus/kustomization.yaml b/k8s/operators/kube-prometheus/kustomization.yaml new file mode 100644 index 0000000..ccd693d --- /dev/null +++ b/k8s/operators/kube-prometheus/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - https://github.com/prometheus-operator/kube-prometheus?ref=b5b59bc0b45508b85647eb7a84b96dc167be15f1 +patches: + # patch node-exporter to listen from the host on 9100 and move the internal https listener to 9101 + - path: node-exporter-patch.yaml + target: + kind: DaemonSet + name: node-exporter + + # Patch network policies to allow traefik to access them + - path: network-policies-patch.yaml + target: + kind: NetworkPolicy + name: grafana + + - path: network-policies-patch.yaml + target: + kind: NetworkPolicy + name: prometheus-k8s + + - path: network-policies-patch.yaml + target: + kind: NetworkPolicy + name: alertmanager-main diff --git a/k8s/operators/kube-prometheus/network-policies-patch.yaml b/k8s/operators/kube-prometheus/network-policies-patch.yaml new file mode 100644 index 0000000..0741aa3 --- /dev/null +++ b/k8s/operators/kube-prometheus/network-policies-patch.yaml @@ -0,0 +1,9 @@ +- op: add + path: /spec/ingress/0/from/- + value: + podSelector: + matchLabels: + app.kubernetes.io/name: traefik + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system diff --git a/k8s/operators/kube-prometheus/node-exporter-patch.yaml b/k8s/operators/kube-prometheus/node-exporter-patch.yaml new file mode 100644 index 0000000..f966229 --- /dev/null +++ b/k8s/operators/kube-prometheus/node-exporter-patch.yaml @@ -0,0 +1,19 @@ +--- +- op: replace + path: "/spec/template/spec/containers/0/args/0" + value: "--web.listen-address=0.0.0.0:9100" +- op: add + path: "/spec/template/spec/containers/0/ports" + value: + - containerPort: 9100 + hostPort: 9100 + name: http +- op: replace + path: "/spec/template/spec/containers/1/args/0" + value: "--secure-listen-address=[$(IP)]:9101" +- op: replace + path: "/spec/template/spec/containers/1/ports/0/containerPort" + value: 9101 +- op: replace + path: "/spec/template/spec/containers/1/ports/0/hostPort" + value: 9101