Merge pull request #1125 from fabric8io/kubernetes-discovery

Kubernetes SD example: separate out cluster level components & services
This commit is contained in:
Julius Volz 2015-09-29 12:34:48 +02:00
commit bf4e4a8ff0
2 changed files with 58 additions and 10 deletions

View file

@ -1,22 +1,62 @@
# A scrape configuration for running prometheus in cluster on kubernetes. It # A scrape configuration for running Prometheus on a Kubernetes cluster.
# will create endpoints for node and master roles, as well as any service # This uses separate scrape configs for cluster components (i.e. master, node)
# which is annotated with `prometheus_io_scrape=true` # and services to allow each to use different authentication configs.
#
# Kubernetes labels will be added as Prometheus labels on metrics via the
# `labelmap` relabeling action.
# Scrape config for cluster components.
scrape_configs: scrape_configs:
- job_name: 'kubernetes' - job_name: 'kubernetes-cluster'
# This TLS & bearer token file config is used to connect to the actual scrape
# endpoints for cluster components. This is separate to discovery auth
# configuration (`in_cluster` below) because discovery & scraping are two
# separate concerns in Prometheus.
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs: kubernetes_sd_configs:
- masters: - masters:
- 'https://kubernetes.default.svc' - 'https://kubernetes.default.svc'
in_cluster: true in_cluster: true
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs: relabel_configs:
- source_labels: [__meta_kubernetes_role, __meta_kubernetes_service_annotation_prometheus_io_scrape] - source_labels: [__meta_kubernetes_role]
action: keep action: keep
regex: ^(?:(?:master|node);.*|.*;true)$ regex: ^(?:master|node)$
- action: labelmap
regex: ^__meta_kubernetes_node_label_(.+)$
replacement: $1
- source_labels: [__meta_kubernetes_role]
action: replace
regex: ^(.+)$
target_label: kubernetes_role
replacement: $1
# Scrape config for services.
#
# The relabeling allows the actual service scrape endpoint to be configured
# via the following annotations:
#
# * `prometheus.io/scrape`: Only scrape services that have a value of `true`
# * `prometheus.io/scheme`: If the metrics endpoint is secured then you will need
# to set this to `https` & most likely set the `tls_config` of the scrape config.
# * `prometheus.io/path`: If the metrics path is not `/metrics` override this.
# * `prometheus.io/port`: If the metrics are exposed on a different port to the
# service then set this appropriately.
- job_name: 'kubernetes-services'
kubernetes_sd_configs:
- masters:
- 'https://kubernetes.default.svc'
in_cluster: true
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
action: keep
regex: ^true$
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace action: replace
target_label: __scheme__ target_label: __scheme__
@ -32,3 +72,11 @@ scrape_configs:
target_label: __address__ target_label: __address__
regex: ^(.+)(?::\d+);(\d+)$ regex: ^(.+)(?::\d+);(\d+)$
replacement: $1:$2 replacement: $1:$2
- action: labelmap
regex: ^__meta_kubernetes_service_label_(.+)$
replacement: $1
- source_labels: [__meta_kubernetes_role]
action: replace
regex: ^(.+)$
target_label: kubernetes_role
replacement: $1

View file

@ -584,7 +584,7 @@ func newKubernetesHTTPClient(conf *config.KubernetesSDConfig) (*http.Client, err
bearerTokenFile = serviceAccountToken bearerTokenFile = serviceAccountToken
} }
if len(caFile) == 0 { if len(caFile) == 0 {
// With recent versions, the CA certificate is provided as a token // With recent versions, the CA certificate is mounted as a secret
// but we need to handle older versions too. In this case, don't // but we need to handle older versions too. In this case, don't
// set the CAFile & the configuration will have to use InsecureSkipVerify. // set the CAFile & the configuration will have to use InsecureSkipVerify.
if _, err := os.Stat(serviceAccountCACert); err == nil { if _, err := os.Stat(serviceAccountCACert); err == nil {