pub/kyverno-2026-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
815bc94a3d618b600d7dd23ede726c84fda6bd9e
kyverno-2026-example/03-mutation/02-sidecar/inject-prometheus-exporter.yaml
Vassiliy Yegorov 34fbdd1412 init
2026-04-08 20:22:14 +07:00

59 lines
1.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: inject-prometheus-exporter
annotations:
policies.kyverno.io/title: "Автовнедрение Prometheus exporter"
policies.kyverno.io/category: Monitoring
policies.kyverno.io/severity: low
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
Добавляет node-exporter sidecar ко всем подам с аннотацией
monitoring.company.com/scrape: "true".
Порт scraping берётся из аннотации monitoring.company.com/port
или дефолт 8080.
spec:
rules:
- name: inject-exporter
match:
resources:
kinds:
- Pod
preconditions:
all:
- key: "{{ request.object.metadata.annotations.\"monitoring.company.com/scrape\" }}"
operator: Equals
value: "true"
- key: "prometheus-exporter"
operator: NotIn
value: "{{ request.object.spec.containers[].name }}"
mutate:
patchStrategicMerge:
metadata:
annotations:
# Аннотация для Prometheus autodiscovery
+(prometheus.io/scrape): "true"
+(prometheus.io/port): >-
{{ request.object.metadata.annotations.\"monitoring.company.com/port\" || '9100' }}
+(prometheus.io/path): "/metrics"
spec:
containers:
- name: prometheus-exporter
image: prom/node-exporter:v1.7.0
ports:
- name: metrics
containerPort: 9100
protocol: TCP
resources:
limits:
cpu: 100m
memory: 64Mi
requests:
cpu: 50m
memory: 32Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
Reference in New Issue View Git Blame Copy Permalink