apiVersion: v1 kind: ConfigMap metadata: name: {{ template "appmesh-prometheus.fullname" . }} labels: {{ include "appmesh-prometheus.labels" . | indent 4 }} data: prometheus.yml: |- global: scrape_interval: {{ .Values.scrapeInterval }} scrape_configs: # Scrape config for AppMesh Envoy sidecar - job_name: 'appmesh-envoy' metrics_path: /stats/prometheus kubernetes_sd_configs: - role: pod relabel_configs: - source_labels: [__meta_kubernetes_pod_container_name] action: keep regex: '^envoy$' - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: ${1}:9901 target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: kubernetes_pod_name # Exclude high cardinality metrics metric_relabel_configs: - source_labels: [ cluster_name ] regex: '(outbound|inbound|prometheus_stats).*' action: drop - source_labels: [ tcp_prefix ] regex: '(outbound|inbound|prometheus_stats).*' action: drop - source_labels: [ listener_address ] regex: '(.+)' action: drop - source_labels: [ http_conn_manager_listener_prefix ] regex: '(.+)' action: drop - source_labels: [ http_conn_manager_prefix ] regex: '(.+)' action: drop - source_labels: [ __name__ ] regex: 'envoy_tls.*' action: drop - source_labels: [ __name__ ] regex: 'envoy_tcp_downstream.*' action: drop - source_labels: [ __name__ ] regex: 'envoy_http_(stats|admin).*' action: drop - source_labels: [ __name__ ] regex: 'envoy_cluster_(lb|retry|bind|internal|max|original).*' action: drop # Scrape config for API servers - job_name: 'kubernetes-apiservers' kubernetes_sd_configs: - role: endpoints namespaces: names: - default scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token relabel_configs: - source_labels: [__meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: kubernetes;https # Scrape config for cAdvisor - job_name: 'kubernetes-cadvisor' scheme: https tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt insecure_skip_verify: true bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token kubernetes_sd_configs: - role: node relabel_configs: - action: labelmap regex: __meta_kubernetes_node_label_(.+) - target_label: __address__ replacement: kubernetes.default.svc:443 - source_labels: [__meta_kubernetes_node_name] regex: (.+) target_label: __metrics_path__ replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor # Exclude high cardinality metrics metric_relabel_configs: - source_labels: [__name__] regex: (container|machine)_(cpu|memory|network|fs)_(.+) action: keep - source_labels: [__name__] regex: container_memory_failures_total action: drop # Scrape config for pods - job_name: kubernetes-pods kubernetes_sd_configs: - role: pod relabel_configs: - action: keep regex: true source_labels: - __meta_kubernetes_pod_annotation_prometheus_io_scrape - source_labels: [ __address__ ] regex: '.*9901.*' action: drop - action: replace regex: (.+) source_labels: - __meta_kubernetes_pod_annotation_prometheus_io_path target_label: __metrics_path__ - action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 source_labels: - __address__ - __meta_kubernetes_pod_annotation_prometheus_io_port target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace source_labels: - __meta_kubernetes_namespace target_label: kubernetes_namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: kubernetes_pod_name