diff --git a/manifests/kube-state-metrics/clusterrole.yaml b/manifests/kube-state-metrics/clusterrole.yaml index e69de29..6132c43 100644 --- a/manifests/kube-state-metrics/clusterrole.yaml +++ b/manifests/kube-state-metrics/clusterrole.yaml @@ -0,0 +1,128 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.15.0 + name: kube-state-metrics +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + - nodes + - pods + - services + - serviceaccounts + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingressclasses + - ingresses + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - list + - watch diff --git a/manifests/kube-state-metrics/clusterrolebinding.yaml b/manifests/kube-state-metrics/clusterrolebinding.yaml index e69de29..6dd0dd6 100644 --- a/manifests/kube-state-metrics/clusterrolebinding.yaml +++ b/manifests/kube-state-metrics/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.15.0 + name: kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: kube-system diff --git a/manifests/kube-state-metrics/deployment.yaml b/manifests/kube-state-metrics/deployment.yaml index e69de29..1940ab7 100644 --- a/manifests/kube-state-metrics/deployment.yaml +++ b/manifests/kube-state-metrics/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.15.0 + name: kube-state-metrics + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + template: + metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.15.0 + spec: + automountServiceAccountToken: true + containers: + - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0 + livenessProbe: + httpGet: + path: /livez + port: http-metrics + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http-metrics + - containerPort: 8081 + name: telemetry + readinessProbe: + httpGet: + path: /readyz + port: telemetry + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: kube-state-metrics diff --git a/manifests/kube-state-metrics/service.yaml b/manifests/kube-state-metrics/service.yaml index e69de29..ef7489c 100644 --- a/manifests/kube-state-metrics/service.yaml +++ b/manifests/kube-state-metrics/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.15.0 + name: kube-state-metrics + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: 8080 + targetPort: http-metrics + - name: telemetry + port: 8081 + targetPort: telemetry + selector: + app.kubernetes.io/name: kube-state-metrics diff --git a/manifests/kube-state-metrics/serviceaccount.yaml b/manifests/kube-state-metrics/serviceaccount.yaml index e69de29..10bf81a 100644 --- a/manifests/kube-state-metrics/serviceaccount.yaml +++ b/manifests/kube-state-metrics/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.15.0 + name: kube-state-metrics + namespace: kube-system diff --git a/manifests/kube-state-metrics/servicemonitor.yaml b/manifests/kube-state-metrics/servicemonitor.yaml index 1fb7400..8685b2c 100644 --- a/manifests/kube-state-metrics/servicemonitor.yaml +++ b/manifests/kube-state-metrics/servicemonitor.yaml @@ -11,3 +11,6 @@ spec: endpoints: - port: http-metrics path: /metrics + relabelings: + - sourceLabels: [__meta_kubernetes_pod_node_name] + targetLabel: instance