59 lines
1.9 KiB
YAML
59 lines
1.9 KiB
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: inject-prometheus-exporter
|
|
annotations:
|
|
policies.kyverno.io/title: "Автовнедрение Prometheus exporter"
|
|
policies.kyverno.io/category: Monitoring
|
|
policies.kyverno.io/severity: low
|
|
policies.kyverno.io/subject: Pod
|
|
policies.kyverno.io/description: >-
|
|
Добавляет node-exporter sidecar ко всем подам с аннотацией
|
|
monitoring.company.com/scrape: "true".
|
|
Порт scraping берётся из аннотации monitoring.company.com/port
|
|
или дефолт 8080.
|
|
spec:
|
|
rules:
|
|
- name: inject-exporter
|
|
match:
|
|
resources:
|
|
kinds:
|
|
- Pod
|
|
preconditions:
|
|
all:
|
|
- key: "{{ request.object.metadata.annotations.\"monitoring.company.com/scrape\" }}"
|
|
operator: Equals
|
|
value: "true"
|
|
- key: "prometheus-exporter"
|
|
operator: NotIn
|
|
value: "{{ request.object.spec.containers[].name }}"
|
|
mutate:
|
|
patchStrategicMerge:
|
|
metadata:
|
|
annotations:
|
|
# Аннотация для Prometheus autodiscovery
|
|
+(prometheus.io/scrape): "true"
|
|
+(prometheus.io/port): >-
|
|
{{ request.object.metadata.annotations.\"monitoring.company.com/port\" || '9100' }}
|
|
+(prometheus.io/path): "/metrics"
|
|
spec:
|
|
containers:
|
|
- name: prometheus-exporter
|
|
image: prom/node-exporter:v1.7.0
|
|
ports:
|
|
- name: metrics
|
|
containerPort: 9100
|
|
protocol: TCP
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 32Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|