1

app03/app-deploy.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: miles01
-  namespace: app02
+  namespace: default
   labels:
     app: fastapi
 spec:

app03/app-service.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: miles01
-  namespace: app02
+  namespace: default
 spec:
   type: NodePort
   ports:

prometheus/prometheus-config.yaml

@@ -1,14 +1,46 @@
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: prometheus-config
-  namespace: monitor
 data:
-  prometheus.yml: |
+  prometheus.yml: |-
     global:
       scrape_interval:     15s 
       evaluation_interval: 15s
     scrape_configs:
-      - job_name: 'prometheus'
+
-        static_configs:
+    - job_name: 'kubernetes-nodes'
-        - targets: ['localhost:9090']
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      kubernetes_sd_configs:
+      - role: node
+
+    - job_name: 'kubernetes-service'
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      kubernetes_sd_configs:
+      - role: service
+
+    - job_name: 'kubernetes-endpoints'
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      kubernetes_sd_configs:
+      - role: endpoints
+
+    - job_name: 'kubernetes-ingress'
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      kubernetes_sd_configs:
+      - role: ingress
+
+    - job_name: 'kubernetes-pods'
+      tls_config:
+        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+      kubernetes_sd_configs:
+      - role: pod
+
+kind: ConfigMap
+metadata:
+  name: prometheus-config

prometheus/prometheus-deploy.yaml

@@ -49,3 +49,6 @@ spec:
         - name: prometheus-config
           configMap:
             name: prometheus-config
+      serviceAccountName: prometheus
+      serviceAccount: prometheus
+#https://www.acagroup.be/en/blog/auto-discovery-of-kubernetes-endpoint-services-prometheus/s

prometheus/prometheus-rbac-setup.yml

@@ -0,0 +1,45 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+  - apiGroups: [""]
+    resources:
+      - nodes
+      - nodes/proxy
+      - services
+      - endpoints
+      - pods
+    verbs: ["get", "list", "watch"]
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs: ["get", "list", "watch"]
+  - nonResourceURLs: ["/metrics"]
+    verbs: ["get"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+  namespace: default
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+  namespace: monitor
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+  - kind: ServiceAccount
+    name: prometheus
+    namespace: default

readme.md

@@ -15,6 +15,8 @@ kubectl config set-context test --namespace=app01 \
 kubectl config set-context prod --namespace=production \
   --cluster=docker-desktop \
   --user=docker-desktop
+ kubectl config set-context monitor --namespace=monitor --cluster=kubernetes-cluster --user=kubernetes-admin
+
 kubectl config view
 # 切换环境到DEV
 kubectl config use-context test