From bb1f390af060d63e9dd019e076a26c3682cf4194 Mon Sep 17 00:00:00 2001 From: chemavx Date: Thu, 26 Mar 2026 17:06:30 +0000 Subject: [PATCH] Add monitoring/statefulsets.yaml --- monitoring/statefulsets.yaml | 600 +++++++++++++++++++++++++++++++++++ 1 file changed, 600 insertions(+) create mode 100644 monitoring/statefulsets.yaml diff --git a/monitoring/statefulsets.yaml b/monitoring/statefulsets.yaml new file mode 100644 index 0000000..a839d37 --- /dev/null +++ b/monitoring/statefulsets.yaml @@ -0,0 +1,600 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + meta.helm.sh/release-name: kube-prometheus-stack + meta.helm.sh/release-namespace: monitoring + prometheus-operator-input-hash: '14538553773263736579' + labels: + alertmanager: kube-prometheus-stack-alertmanager + app: kube-prometheus-stack-alertmanager + app.kubernetes.io/instance: kube-prometheus-stack-alertmanager + app.kubernetes.io/managed-by: prometheus-operator + app.kubernetes.io/name: alertmanager + app.kubernetes.io/part-of: kube-prometheus-stack + app.kubernetes.io/version: 82.13.5 + chart: kube-prometheus-stack-82.13.5 + heritage: Helm + managed-by: prometheus-operator + release: kube-prometheus-stack + name: alertmanager-kube-prometheus-stack-alertmanager + namespace: monitoring + ownerReferences: + - apiVersion: monitoring.coreos.com/v1 + blockOwnerDeletion: true + controller: true + kind: Alertmanager + name: kube-prometheus-stack-alertmanager + uid: 162620f6-2ae0-4fb4-b0d8-b386f6b7e809 +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: Parallel + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + alertmanager: kube-prometheus-stack-alertmanager + app.kubernetes.io/instance: kube-prometheus-stack-alertmanager + app.kubernetes.io/managed-by: prometheus-operator + app.kubernetes.io/name: alertmanager + serviceName: alertmanager-operated + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: alertmanager + labels: + alertmanager: kube-prometheus-stack-alertmanager + app.kubernetes.io/instance: kube-prometheus-stack-alertmanager + app.kubernetes.io/managed-by: prometheus-operator + app.kubernetes.io/name: alertmanager + app.kubernetes.io/version: 0.31.1 + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - alertmanager + - key: alertmanager + operator: In + values: + - kube-prometheus-stack-alertmanager + topologyKey: kubernetes.io/hostname + weight: 100 + automountServiceAccountToken: true + containers: + - args: + - --config.file=/etc/alertmanager/config_out/alertmanager.env.yaml + - --storage.path=/alertmanager + - --data.retention=120h + - --cluster.listen-address= + - --web.listen-address=:9093 + - --web.external-url=http://kube-prometheus-stack-alertmanager.monitoring:9093 + - --web.route-prefix=/ + - --cluster.label=monitoring/kube-prometheus-stack-alertmanager + - --cluster.peer=alertmanager-kube-prometheus-stack-alertmanager-0.alertmanager-operated:9094 + - --cluster.reconnect-timeout=5m + - --web.config.file=/etc/alertmanager/web_config/web-config.yaml + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: quay.io/prometheus/alertmanager:v0.31.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + httpGet: + path: /-/healthy + port: http-web + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + name: alertmanager + ports: + - containerPort: 9093 + name: http-web + protocol: TCP + - containerPort: 9094 + name: mesh-tcp + protocol: TCP + - containerPort: 9094 + name: mesh-udp + protocol: UDP + readinessProbe: + failureThreshold: 10 + httpGet: + path: /-/ready + port: http-web + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: + requests: + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/alertmanager/config + name: config-volume + - mountPath: /etc/alertmanager/config_out + name: config-out + readOnly: true + - mountPath: /etc/alertmanager/certs + name: tls-assets + readOnly: true + - mountPath: /alertmanager + name: alertmanager-kube-prometheus-stack-alertmanager-db + subPath: alertmanager-db + - mountPath: /etc/alertmanager/web_config/web-config.yaml + name: web-config + readOnly: true + subPath: web-config.yaml + - mountPath: /etc/alertmanager/cluster_tls_config/cluster-tls-config.yaml + name: cluster-tls-config + readOnly: true + subPath: cluster-tls-config.yaml + - args: + - --listen-address=:8080 + - --web-config-file=/etc/alertmanager/web_config/web-config.yaml + - --reload-url=http://127.0.0.1:9093/-/reload + - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz + - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml + - --watched-dir=/etc/alertmanager/config + command: + - /bin/prometheus-config-reloader + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SHARD + value: '-1' + image: quay.io/prometheus-operator/prometheus-config-reloader:v0.89.0 + imagePullPolicy: IfNotPresent + name: config-reloader + ports: + - containerPort: 8080 + name: reloader-web + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/alertmanager/config + name: config-volume + readOnly: true + - mountPath: /etc/alertmanager/config_out + name: config-out + - mountPath: /etc/alertmanager/web_config/web-config.yaml + name: web-config + readOnly: true + subPath: web-config.yaml + dnsPolicy: ClusterFirst + initContainers: + - args: + - --watch-interval=0 + - --listen-address=:8081 + - --config-file=/etc/alertmanager/config/alertmanager.yaml.gz + - --config-envsubst-file=/etc/alertmanager/config_out/alertmanager.env.yaml + - --watched-dir=/etc/alertmanager/config + command: + - /bin/prometheus-config-reloader + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SHARD + value: '-1' + image: quay.io/prometheus-operator/prometheus-config-reloader:v0.89.0 + imagePullPolicy: IfNotPresent + name: init-config-reloader + ports: + - containerPort: 8081 + name: reloader-init + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/alertmanager/config + name: config-volume + readOnly: true + - mountPath: /etc/alertmanager/config_out + name: config-out + - mountPath: /etc/alertmanager/web_config/web-config.yaml + name: web-config + readOnly: true + subPath: web-config.yaml + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 2000 + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + serviceAccount: kube-prometheus-stack-alertmanager + serviceAccountName: kube-prometheus-stack-alertmanager + terminationGracePeriodSeconds: 120 + volumes: + - name: config-volume + secret: + defaultMode: 420 + secretName: alertmanager-kube-prometheus-stack-alertmanager-generated + - name: tls-assets + projected: + defaultMode: 420 + sources: + - secret: + name: alertmanager-kube-prometheus-stack-alertmanager-tls-assets-0 + - emptyDir: + medium: Memory + name: config-out + - name: web-config + secret: + defaultMode: 420 + secretName: alertmanager-kube-prometheus-stack-alertmanager-web-config + - name: cluster-tls-config + secret: + defaultMode: 420 + secretName: alertmanager-kube-prometheus-stack-alertmanager-cluster-tls-config + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: alertmanager-kube-prometheus-stack-alertmanager-db + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + storageClassName: local-path + volumeMode: Filesystem + status: + phase: Pending +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + meta.helm.sh/release-name: kube-prometheus-stack + meta.helm.sh/release-namespace: monitoring + prometheus-operator-input-hash: '11828693200364279105' + labels: + app: kube-prometheus-stack-prometheus + app.kubernetes.io/instance: kube-prometheus-stack-prometheus + app.kubernetes.io/managed-by: prometheus-operator + app.kubernetes.io/name: prometheus + app.kubernetes.io/part-of: kube-prometheus-stack + app.kubernetes.io/version: 82.13.5 + chart: kube-prometheus-stack-82.13.5 + heritage: Helm + managed-by: prometheus-operator + operator.prometheus.io/mode: server + operator.prometheus.io/name: kube-prometheus-stack-prometheus + operator.prometheus.io/shard: '0' + prometheus: kube-prometheus-stack-prometheus + release: kube-prometheus-stack + name: prometheus-kube-prometheus-stack-prometheus + namespace: monitoring + ownerReferences: + - apiVersion: monitoring.coreos.com/v1 + blockOwnerDeletion: true + controller: true + kind: Prometheus + name: kube-prometheus-stack-prometheus + uid: 8152f0d6-a644-48fb-a14b-f68ea1e1ab9f +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + podManagementPolicy: Parallel + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: kube-prometheus-stack-prometheus + app.kubernetes.io/managed-by: prometheus-operator + app.kubernetes.io/name: prometheus + operator.prometheus.io/name: kube-prometheus-stack-prometheus + operator.prometheus.io/shard: '0' + prometheus: kube-prometheus-stack-prometheus + serviceName: prometheus-operated + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: prometheus + labels: + app.kubernetes.io/instance: kube-prometheus-stack-prometheus + app.kubernetes.io/managed-by: prometheus-operator + app.kubernetes.io/name: prometheus + app.kubernetes.io/version: 3.10.0 + operator.prometheus.io/name: kube-prometheus-stack-prometheus + operator.prometheus.io/shard: '0' + prometheus: kube-prometheus-stack-prometheus + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - prometheus + - key: app.kubernetes.io/instance + operator: In + values: + - kube-prometheus-stack-prometheus + topologyKey: kubernetes.io/hostname + weight: 100 + automountServiceAccountToken: true + containers: + - args: + - --config.file=/etc/prometheus/config_out/prometheus.env.yaml + - --web.enable-lifecycle + - --web.external-url=http://kube-prometheus-stack-prometheus.monitoring:9090 + - --web.route-prefix=/ + - --storage.tsdb.retention.time=15d + - --storage.tsdb.path=/prometheus + - --storage.tsdb.wal-compression + - --web.config.file=/etc/prometheus/web_config/web-config.yaml + image: quay.io/prometheus/prometheus:v3.10.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /-/healthy + port: http-web + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + name: prometheus + ports: + - containerPort: 9090 + name: http-web + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /-/ready + port: http-web + scheme: HTTP + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /-/ready + port: http-web + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 3 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/prometheus/config_out + name: config-out + readOnly: true + - mountPath: /etc/prometheus/certs + name: tls-assets + readOnly: true + - mountPath: /prometheus + name: prometheus-kube-prometheus-stack-prometheus-db + subPath: prometheus-db + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + readOnly: true + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + readOnly: true + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + readOnly: true + - mountPath: /etc/prometheus/web_config/web-config.yaml + name: web-config + readOnly: true + subPath: web-config.yaml + - args: + - --listen-address=:8080 + - --reload-url=http://127.0.0.1:9090/-/reload + - --config-file=/etc/prometheus/config/prometheus.yaml.gz + - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml + - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + command: + - /bin/prometheus-config-reloader + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SHARD + value: '0' + image: quay.io/prometheus-operator/prometheus-config-reloader:v0.89.0 + imagePullPolicy: IfNotPresent + name: config-reloader + ports: + - containerPort: 8080 + name: reloader-web + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/prometheus/config + name: config + - mountPath: /etc/prometheus/config_out + name: config-out + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + dnsPolicy: ClusterFirst + initContainers: + - args: + - --watch-interval=0 + - --listen-address=:8081 + - --config-file=/etc/prometheus/config/prometheus.yaml.gz + - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml + - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + command: + - /bin/prometheus-config-reloader + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SHARD + value: '0' + image: quay.io/prometheus-operator/prometheus-config-reloader:v0.89.0 + imagePullPolicy: IfNotPresent + name: init-config-reloader + ports: + - containerPort: 8081 + name: reloader-init + protocol: TCP + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/prometheus/config + name: config + - mountPath: /etc/prometheus/config_out + name: config-out + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 2000 + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + serviceAccount: kube-prometheus-stack-prometheus + serviceAccountName: kube-prometheus-stack-prometheus + shareProcessNamespace: false + terminationGracePeriodSeconds: 600 + volumes: + - name: config + secret: + defaultMode: 420 + secretName: prometheus-kube-prometheus-stack-prometheus + - name: tls-assets + projected: + defaultMode: 420 + sources: + - secret: + name: prometheus-kube-prometheus-stack-prometheus-tls-assets-0 + - emptyDir: + medium: Memory + name: config-out + - configMap: + defaultMode: 420 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + optional: true + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 + - configMap: + defaultMode: 420 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + optional: true + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-1 + - configMap: + defaultMode: 420 + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + optional: true + name: prometheus-kube-prometheus-stack-prometheus-rulefiles-2 + - name: web-config + secret: + defaultMode: 420 + secretName: prometheus-kube-prometheus-stack-prometheus-web-config + updateStrategy: + type: RollingUpdate + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: prometheus-kube-prometheus-stack-prometheus-db + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: local-path + volumeMode: Filesystem + status: + phase: Pending +