Fix yaml generation in build script

This solution isn't perfect, but it works.

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+# These are supported funding model platforms
+
+github: carlosedp
+patreon: carlosedp

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is. Please do not use an Issue to ask for help deploying the stack in the cluster. Troubleshoot your cluster configuration first.
+
+**Troubleshooting**
+
+1. Which kind of Kubernetes cluster are you using? (Kubernetes, K3s, etc)
+2. Are all pods in "Running" state? If any is in CrashLoopback or Error, check it's logs.
+3. You cluster already works with other applications that have HTTP/HTTPS? If not, first deploy an example NGINX and test it's access thru the created URL.
+4. If you enabled persistence, do your cluster already provides persistent storage (PVs) to other applications?
+5. Does it provides dynamic storage thru StorageClass?
+6. If you deployed the monitoring stack and some targets are not available or showing no metrics in Grafana, make sure you don't have IPTables rules or use a firewall on your nodes before deploying Kubernetes.
+
+**Customizations**
+
+1. Did you customize `vars.jsonnet`? Put the contents below:
+
+```jsonnet
+# vars.jsonnet content
+```
+
+2. Did you change any other file? Put the contents below:
+
+```jsonnet
+# file x.yz content
+```
+
+**What did you see when trying to access Grafana and Prometheus web GUI**
+A clear and concise description with screenshots from the URLs and logs from the pods.
+
+**Additional context**
+Add any other context about the problem here.

.gitignore

@@ -0,0 +1,5 @@
+vendor
+auth
+server.crt
+server.key
+.idea

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "jsonnet.libPaths": [
+        "vendor/",
+    ],
+}

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Carlos Eduardo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,87 @@
+GOPATH = $(shell go env GOPATH)
+
+JSONNET_BIN := $(GOPATH)/bin/jsonnet
+JB_BINARY := $(GOPATH)/bin/jb
+
+JSONNET_FMT := $(GOPATH)/bin/jsonnetfmt -n 2 --max-blank-lines 2 --string-style s --comment-style s
+
+GO_MAJOR_VERSION = $(shell go version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f1)
+GO_MINOR_VERSION = $(shell go version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f2)
+MINIMUM_SUPPORTED_GO_MAJOR_VERSION = 1
+MINIMUM_SUPPORTED_GO_MINOR_VERSION = 18
+GO_VERSION_VALIDATION_ERR_MSG = Your golang version, $(GO_MAJOR_VERSION).$(GO_MINOR_VERSION), is not supported, \
+								please update to at least $(MINIMUM_SUPPORTED_GO_MAJOR_VERSION).$(MINIMUM_SUPPORTED_GO_MINOR_VERSION).
+
+.PHONY: generate vendor fmt manifests help
+
+all: manifests       ## Builds the  manifests
+
+help:	# Show help
+	@echo "Makefile targets:"
+	@echo ""
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+manifests: $(JSONNET_BIN)       ## Builds the  manifests
+	rm -rf manifests
+	./scripts/build.sh main.jsonnet $(JSONNET_BIN)
+
+docker:        ## Builds the manifests in a Docker container to avoid installing pre-requisites (Golang, Jsonnet, etc)
+	docker run -it --rm -v $(PWD):/work -w /work --rm golang bash -c "make vendor && make"
+
+update_libs: $(JB_BINARY)        ## Updates vendor libs. Require a regeneration of the manifests
+	$(JB_BINARY) update
+
+vendor: validate-go-version $(JB_BINARY) jsonnetfile.json jsonnetfile.lock.json       ## Download vendor libs
+	rm -rf vendor
+	$(JB_BINARY) install
+
+fmt:        ## Formats all jsonnet and libsonnet files (except on vendor dir)
+	@echo "Formatting jsonnet files"
+	@find . -type f \( -iname "*.libsonnet" -or -iname "*.jsonnet" \) -print -or -name "vendor" -prune | xargs -n 1 -- $(JSONNET_FMT) -i
+
+deploy:        ## Deploy current manifests to configured cluster
+	echo "Deploying stack setup manifests..."
+	kubectl apply -f ./manifests/setup/
+	echo "Will wait 10 seconds to deploy the additional manifests.."
+	sleep 10
+	kubectl apply -f ./manifests/
+
+teardown:        ## Delete all monitoring stack resources from configured cluster
+	kubectl delete -f ./manifests/
+	kubectl delete -f ./manifests/setup/
+
+tar: manifests        ## Generates a .tar.gz from manifests dir
+	rm -rf manifests.tar.gz
+	tar -cfz manifests.tar.gz manifests
+
+$(JB_BINARY):        ## Installs jsonnet-bundler utility
+	@echo "Installing jsonnet-bundler"
+	@go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
+
+$(JSONNET_BIN):        ## Installs jsonnet and jsonnetfmt utility
+	@echo "Installing jsonnet"
+	@go install github.com/google/go-jsonnet/cmd/jsonnet@latest
+	@go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
+	@go install github.com/brancz/gojsontoyaml@latest
+
+update_tools:        ## Updates jsonnet, jsonnetfmt and jb utilities
+	@echo "Updating jsonnet"
+	@go install github.com/google/go-jsonnet/cmd/jsonnet@latest
+	@go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
+	@go install github.com/brancz/gojsontoyaml@latest
+	@go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
+
+change_suffix:        ## Changes suffix for the ingress. Pass suffix=[suffixURL] as argument
+	@echo "Ingress IPs changed to [service].${suffix}"
+	@echo "Apply to your cluster with:"
+	@for f in alertmanager prometheus grafana; do \
+		cat manifests/ingress-$$f.yaml | sed -e "s/\(.*$$f\.\).*/\1${suffix}/" > manifests/ingress-$$f.yaml-tmp; \
+		mv -f manifests/ingress-$$f.yaml-tmp manifests/ingress-$$f.yaml; \
+		echo ${K3S} kubectl apply -f manifests/ingress-$$f.yaml; \
+	done
+
+validate-go-version:  ## Validates the installed version of go to allow the `go install` syntax needed for `make vendor`
+	@if [ $(GO_MAJOR_VERSION) -lt $(MINIMUM_SUPPORTED_GO_MAJOR_VERSION) -o $(GO_MINOR_VERSION) -lt $(MINIMUM_SUPPORTED_GO_MINOR_VERSION) ]; then \
+    	echo '$(GO_VERSION_VALIDATION_ERR_MSG)'; \
+    	exit 1; \
+	fi

Readme.md

@@ -1,37 +1,181 @@
-# Prometheus Operator for ARM platform
+# Cluster Monitoring stack for ARM / X86-64 platforms
 
 The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances.
 
-This project aims on porting the [official manifests](https://github.com/coreos/prometheus-operator/tree/master/contrib/kube-prometheus) and images to the ARM platform. This have been tested on a ARM64 Kubernetes cluster deployed as [this article](https://medium.com/@carlosedp/building-an-arm-kubernetes-cluster-ef31032636f9).
+This have been tested on a hybrid ARM64 / X84-64 Kubernetes cluster deployed as [this article](https://medium.com/@carlosedp/building-a-hybrid-x86-64-and-arm-kubernetes-cluster-e7f94ff6e51d).
 
-## Changes to Kubeadm for Prometheus Operator
+This repository collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. The container images support AMD64, ARM64, ARM and PPC64le architectures.
 
-According to the official deployment documentation [here](https://github.com/coreos/prometheus-operator/blob/master/contrib/kube-prometheus/docs/kube-prometheus-on-kubeadm.md), a couple of changes on the cluster are required:
+The content of this project is written in jsonnet and is an extension of the fantastic [kube-prometheus](https://github.com/coreos/prometheus-operator/blob/master/contrib/kube-prometheus) project.
 
-We need to expose the cadvisor that is installed and managed by the kubelet daemon and allow webhook token authentication. To do so, we do the following on **all the masters and nodes**:
+If you like this project and others I've been contributing and would like to support me, please check-out my [Patreon page](https://www.patreon.com/carlosedp)!
+
+Components included in this package:
+
+* The Prometheus Operator
+* Highly available Prometheus
+* Highly available Alertmanager
+* Prometheus node-exporter
+* kube-state-metrics
+* CoreDNS
+* Grafana
+* SMTP relay to Gmail for Grafana notifications (optional)
+
+There are additional modules (disabled by default) to monitor other components of the infra-structure. These can be enabled or disabled on `vars.jsonnet` file by setting the module `enabled` flag in `modules` to `true` or `false`.
+
+The additional modules are:
+
+* ARM-exporter to generate temperature metrics (works on some ARM boards like RaspberryPi)
+* MetalLB metrics
+* Traefik metrics
+* ElasticSearch metrics
+* APC UPS metrics
+* GMail SMTP relay module
+
+There are also options to set the ingress domain suffix and enable persistence for Grafana and Prometheus.
+
+The ingresses can use TLS with the default self-signed certificate from your Ingress controller by setting `TLSingress` to `true` and use a custom certificate by creating the files `server.crt` and `server.key` and enabling the `UseProvidedCerts` parameter at `vars.jsonnet`.
+
+Persistence for Prometheus and Grafana can be enabled in the `enablePersistence` section. Setting each to `true`, creates the volume PVCs. If no PV names are defined in `prometheusPV` and `grafanaPV`, the default StorageClass will be used to dynamically create the PVs The sizes can be adjusted in `prometheusSizePV` and `grafanaSizePV`.
+
+If using pre-created persistent volumes (samples in [`samples`](samples)), check permissions on the directories hosting the files. The `UID:GID` for Prometheus is `1000:0` and for Grafana is `472:472`.
+
+Changing these parameters require a rebuild of the manifests with `make` followed by `make deploy`. To avoid installing all pre-requisites like Golang, Jsonnet, Jsonnet-bundler, use the target `make docker` to build in a container.
+
+## Quickstart (non K3s)
+
+The repository already provides a set of compiled manifests to be applied into the cluster or the deployment can be customized thru the jsonnet files.
+
+If you only need the default features and adjust your cluster URL for the ingress, there is no need to rebuild the manifests(and install all tools). Use the `change_suffix` target with  argument `suffix=[suffixURL]` with the URL of your cluster ingress controller. If you have a local cluster, use the nip.io domain resolver passing `your_cluster_ip.nip.io` to the `suffix` argument. After this, just run `make deploy`.
 
 ```bash
-# Enable cadvisor port
-sudo sed -e "/cadvisor-port=0/d" -i /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+# Update the ingress URLs
+make change_suffix suffix=[suffixURL]
 
-# Enable Webhook authorization
-sudo perl -pi -e "s/(?:--authentication-token-webhook=true )*--authorization-mode=Webhook/--authentication-token-webhook=true --authorization-mode=Webhook/g" /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
-
-sudo systemctl daemon-reload
-sudo systemctl restart kubelet
+# Deploy
+make deploy
 ```
 
-In case you already have a Kubernetes deployed with kubeadm, change the address kube-controller-manager and kube-scheduler listens **on master node** in addition to previous kubelet change:
+To customize the manifests, edit `vars.jsonnet` and rebuild the manifests.
 
 ```bash
-# Make kube-controller ad kube-scheduler listen on all addresses
-sudo sed -e "s/- --address=127.0.0.1/- --address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-controller-manager.yaml
-sudo sed -e "s/- --address=127.0.0.1/- --address=0.0.0.0/" -i /etc/kubernetes/manifests/kube-scheduler.yaml
+$ make vendor
+$ make
+$ make deploy
+
+# Or manually:
+
+$ make vendor
+$ make
+$ kubectl apply -f manifests/setup/
+$ kubectl apply -f manifests/
+```
+
+If you get an error from applying the manifests, run the `make deploy` or `kubectl apply -f manifests/` again. Sometimes the resources required to apply the CRDs are not deployed yet.
+
+If you enable the SMTP relay for Gmail in `vars.jsonnet`, the pod will be in an error state after deployed since it would not find the user and password on the "smtp-account" secret. To generate, run the `scripts/create_gmail_auth.sh` script.
+
+## Quickstart on Minikube
+
+You can also test and develop the monitoring stack on Minikube. First install minikube by following the instructions [here](https://kubernetes.io/docs/tasks/tools/install-minikube/) for your platform. Then, follow the instructions similar to the non-K3s deployment:
+
+```bash
+# Start minikube (if not started)
+minikube start
+
+# Enable minikube ingress to allow access to the web interfaces
+minikube addons enable ingress
+
+# Get the minikube instance IP
+minikube ip
+
+# Run the change_suffix target
+make change_suffix suffix=[minikubeIP.nip.io]
+
+# or customize additional params on vars.jsonnet and rebuild
+make vendor
+make
+
+# and deploy the manifests
+make deploy
+
+# Get the URLs for the exposed applications and open in your browser
+kubectl get ingress -n monitoring
+```
+
+## Quickstart for K3s
+
+To deploy the monitoring stack on your K3s cluster, there are four parameters that need to be configured in the  `vars.jsonnet` file:
+
+1. Set `k3s.enabled` to `true`.
+2. Change your K3s master node IP(your VM or host IP) on `k3s.master_ip` parameter.
+3. Edit `suffixDomain` to have your node IP with the `.nip.io` suffix or your cluster URL. This will be your ingress URL suffix.
+4. Set _traefikExporter_ `enabled` parameter to `true` to collect Traefik metrics and deploy dashboard.
+
+After changing these values to deploy the stack, run:
+
+```bash
+$ make vendor
+$ make
+$ make deploy
+
+# Or manually:
+
+$ make vendor
+$ make
+$ kubectl apply -f manifests/setup/
+$ kubectl apply -f manifests/
+```
+
+If you get an error from applying the manifests, run the `make deploy` or `kubectl apply -f manifests/` again. Sometimes the resources required to apply the CRDs are not deployed yet.
+
+If you enable the SMTP relay for Gmail in `vars.jsonnet`, the pod will be in an error state after deployed since it would not find the user and password on the "smtp-account" secret. To generate, run the `scripts/create_gmail_auth.sh` script.
+
+## Ingress
+
+Now you can open the applications:
+
+To list the created ingresses, run `kubectl get ingress --all-namespaces`, if you added your cluster IP or URL suffix in `vars.jsonnet` before rebuilding the manifests, the applications will be exposed on:
+
+* Grafana on [https://grafana.[your_node_ip].nip.io](https://grafana.[your_node_ip].nip.io), 
+* Prometheus on [https://prometheus.[your_node_ip].nip.io](https://prometheus.[your_node_ip].nip.io) 
+* Alertmanager on [https://alertmanager.[your_node_ip].nip.io](https://alertmanager.[your_node_ip].nip.io) 
+
+## Updating the ingress suffixes
+
+To avoid rebuilding all manifests, there is a make target to update the Ingress URL suffix to a different suffix. Run `make change_suffix suffix="[clusterURL]"` to change the ingress route IP for Grafana, Prometheus and Alertmanager and reapply the manifests.
+
+## Customizing
+
+The content of this project consists of a set of jsonnet files making up a library to be consumed.
+
+### Pre-reqs
+
+The project requires json-bundler and the jsonnet compiler. The Makefile does the heavy-lifting of installing them. You need [Go](https://golang.org/dl/) (version 1.18 minimum) already installed:
+
+```bash
+git clone https://github.com/carlosedp/cluster-monitoring
+cd cluster-monitoring
+make vendor
+# Change the jsonnet files...
+make
+```
+
+After this, a new customized set of manifests is built into the `manifests` dir. To apply to your cluster, run:
+
+```bash
+make deploy
+```
+
+To uninstall, run:
+
+```bash
+make teardown
 ```
 
 ## Images
 
-This project depends on the following images:
+This project depends on the following images (all supports ARM, ARM64 and AMD64 thru manifests):
 
 **Alertmanager**
 **Blackbox_exporter**
@@ -60,11 +204,17 @@ This project depends on the following images:
 * Autobuild: No autobuild yet. Use provided `build_images.sh` script.
 * Images: https://hub.docker.com/r/carlosedp/prometheus-operator
 
+**Prometheus-adapter**
+
+* Source: https://github.com/DirectXMan12/k8s-prometheus-adapter
+* Autobuild: No autobuild yet. Use provided `build_images.sh` script.
+* Images: https://hub.docker.com/r/carlosedp/k8s-prometheus-adapter
+
 **Grafana**
 
 * Source: https://github.com/carlosedp/grafana-ARM
 * Autobuild: https://travis-ci.org/carlosedp/grafana-ARM
-* Images: https://hub.docker.com/r/carlosedp/monitoring-grafana/
+* Images: https://hub.docker.com/r/grafana/grafana/
 
 **Kube-state-metrics**
 
@@ -74,11 +224,11 @@ This project depends on the following images:
 
 **Addon-resizer**
 
-* Source:
+* Source: https://github.com/kubernetes/autoscaler/tree/master/addon-resizer
 * Autobuild: No autobuild yet. Use provided `build_images.sh` script.
 * Images: https://hub.docker.com/r/carlosedp/addon-resizer
 
-*Obs.* This image is a clone of [ARM64](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/addon-resizer-arm64) and [ARM](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/addon-resizer-arm64) with a manifest. It's cloned and generated by the `build_images.sh` script
+*Obs.* This image is a clone of [AMD64](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/addon-resizer-amd64), [ARM64](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/addon-resizer-arm64) and [ARM](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/addon-resizer-arm64) with a manifest. It's cloned and generated by the `build_images.sh` script
 
 **configmap_reload**
 
@@ -94,6 +244,12 @@ This project depends on the following images:
 
 **SMTP-server**
 
-Source: https://github.com/carlosedp/docker-smtp
-Autobuild: https://travis-ci.org/carlosedp/docker-smtp
-Images: https://hub.docker.com/r/carlosedp/docker-smtp
+* Source: https://github.com/carlosedp/docker-smtp
+* Autobuild: https://travis-ci.org/carlosedp/docker-smtp
+* Images: https://hub.docker.com/r/carlosedp/docker-smtp
+
+**Kube-rbac-proxy**
+
+* Source: https://github.com/brancz/kube-rbac-proxy
+* Autobuild: No autobuild yet. Use provided `build_images.sh` script.
+* Images: https://hub.docker.com/r/carlosedp/kube-rbac-proxy

base_operator_stack.jsonnet

@@ -0,0 +1,197 @@
+local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
+local utils = import 'utils.libsonnet';
+local vars = import 'vars.jsonnet';
+
+{
+  _config+:: {
+    namespace: vars._config.namespace,
+
+    urls+:: {
+      domains: [vars.suffixDomain] + vars.additionalDomains,
+      prom_ingress: ['prometheus.' + domain for domain in $._config.urls.domains],
+      alert_ingress: ['alertmanager.' + domain for domain in $._config.urls.domains],
+      grafana_ingress: ['grafana.' + domain for domain in $._config.urls.domains],
+      grafana_ingress_external: 'grafana.' + vars.suffixDomain,
+    },
+
+    prometheus+:: {
+      names: 'k8s',
+      replicas: 1,
+      namespaces: ['default', 'kube-system', 'monitoring'],
+    },
+
+    alertmanager+:: {
+      replicas: 1,
+    },
+
+    kubeStateMetrics+:: {
+      collectors: '',  // empty string gets a default set
+      scrapeInterval: '30s',
+      scrapeTimeout: '30s',
+
+      baseCPU: '100m',
+      baseMemory: '150Mi',
+      cpuPerNode: '2m',
+      memoryPerNode: '30Mi',
+    },
+
+    // Add custom Grafana dashboards
+    grafanaDashboards+:: {
+      'kubernetes-cluster-dashboard.json': (import 'grafana-dashboards/kubernetes-cluster-dashboard.json'),
+      'prometheus-dashboard.json': (import 'grafana-dashboards/prometheus-dashboard.json'),
+      'coredns-dashboard.json': (import 'grafana-dashboards/coredns-dashboard.json'),
+    },
+
+    grafana+:: {
+      config: {
+        sections: {
+          session: { provider: 'memory' },
+          'auth.basic': { enabled: false },
+          'auth.anonymous': { enabled: false },
+          smtp: {
+            enabled: true,
+            host: 'smtp-server.monitoring.svc:25',
+            user: '',
+            password: '',
+            from_address: vars.grafana.from_address,
+            from_name: 'Grafana Alert',
+            skip_verify: true,
+          },
+        },
+      },
+      plugins: vars.grafana.plugins,
+      env: vars.grafana.env
+    },
+  },
+  //---------------------------------------
+  // End of _config
+  //---------------------------------------
+
+  prometheus+:: {
+    // Add option (from vars.yaml) to enable persistence
+    local pvc = k.core.v1.persistentVolumeClaim,
+    prometheus+: {
+      spec+: {
+               // Here one can use parameters from https://coreos.com/operators/prometheus/docs/latest/api.html#prometheusspec
+               replicas: $._config.prometheus.replicas,
+               retention: vars.prometheus.retention,
+               scrapeInterval: vars.prometheus.scrapeInterval,
+               scrapeTimeout: vars.prometheus.scrapeTimeout,
+               externalUrl: 'http://' + $._config.urls.prom_ingress[0],
+             }
+             + (if vars.enablePersistence.prometheus then {
+                  storage: {
+                    volumeClaimTemplate:
+                      pvc.new() +
+                      pvc.mixin.spec.withAccessModes('ReadWriteOnce') +
+                      pvc.mixin.spec.resources.withRequests({ storage: vars.enablePersistence.prometheusSizePV }) +
+                      (if vars.enablePersistence.prometheusPV != null then pvc.mixin.spec.withVolumeName(vars.enablePersistence.prometheusPV)) +
+                      (if vars.enablePersistence.storageClass != null then pvc.mixin.spec.withStorageClassName(vars.enablePersistence.storageClass)),
+                  },
+                } else {}),
+    },
+  },
+
+  // Override deployment for Grafana data persistence
+  grafana+:: if vars.enablePersistence.grafana then {
+    deployment+: {
+      spec+: {
+        template+: {
+          spec+: {
+            securityContext: {
+              runAsUser: 472,
+              fsGroup: 472,
+              runAsNonRoot: true,
+            },
+            volumes:
+              std.map(
+                function(v)
+                  if v.name == 'grafana-storage' then
+                    {
+                      name: 'grafana-storage',
+                      persistentVolumeClaim: {
+                        claimName: 'grafana-storage',
+                      },
+                    }
+                  else v,
+                super.volumes
+              ),
+          },
+        },
+      },
+    },
+    storage:
+      local pvc = k.core.v1.persistentVolumeClaim;
+      pvc.new() +
+      pvc.mixin.metadata.withNamespace($._config.namespace) +
+      pvc.mixin.metadata.withName('grafana-storage') +
+      pvc.mixin.spec.withAccessModes('ReadWriteOnce') +
+      pvc.mixin.spec.resources.withRequests({ storage: vars.enablePersistence.grafanaSizePV }) +
+      (if vars.enablePersistence.grafanaPV != null then pvc.mixin.spec.withVolumeName(vars.enablePersistence.grafanaPV)) +
+      (if vars.enablePersistence.storageClass != null then pvc.mixin.spec.withStorageClassName(vars.enablePersistence.storageClass)),
+
+  } else {},
+
+  grafanaDashboards+:: $._config.grafanaDashboards,
+
+  // Create ingress objects per application
+  ingress+:: {
+    alertmanager:
+      local I = utils.newIngress('alertmanager-main', $._config.namespace, $._config.urls.alert_ingress, '/', 'alertmanager-main', 'web');
+      if vars.TLSingress then
+        if vars.UseProvidedCerts then
+          utils.addIngressTLS(I, $._config.urls.alert_ingress, 'ingress-secret')
+        else
+          utils.addIngressTLS(I, $._config.urls.alert_ingress)
+      else
+        I,
+
+    grafana:
+      local I = utils.newIngress('grafana', $._config.namespace, $._config.urls.grafana_ingress, '/', 'grafana', 'http');
+      if vars.TLSingress then
+        if vars.UseProvidedCerts then
+          utils.addIngressTLS(I, $._config.urls.grafana_ingress, 'ingress-secret')
+        else
+          utils.addIngressTLS(I, $._config.urls.grafana_ingress)
+      else
+        I,
+
+    prometheus:
+      local I = utils.newIngress('prometheus-k8s', $._config.namespace, $._config.urls.prom_ingress, '/', 'prometheus-k8s', 'web');
+      if vars.TLSingress then
+        if vars.UseProvidedCerts then
+          utils.addIngressTLS(I, $._config.urls.prom_ingress, 'ingress-secret')
+        else
+          utils.addIngressTLS(I, $._config.urls.prom_ingress)
+      else
+        I,
+
+    // // Example external ingress with authentication
+    // 'grafana-external':
+    //     ingress.new() +
+    //     ingress.mixin.metadata.withName('grafana-external') +
+    //     ingress.mixin.metadata.withNamespace($._config.namespace) +
+    //     ingress.mixin.metadata.withLabels({'traffic-type': 'external'}) +
+    //     ingress.mixin.metadata.withAnnotations({
+    //       'ingress.kubernetes.io/auth-type': 'basic',
+    //       'ingress.kubernetes.io/auth-secret': 'basic-auth',
+    //     }) +
+    //     ingress.mixin.spec.withRules(
+    //         ingressRule.new() +
+    //         ingressRule.withHost($._config.urls.grafana_ingress_external) +
+    //         ingressRule.mixin.http.withPaths(
+    //             httpIngressPath.new() +
+    //             httpIngressPath.withPath('/') +
+    //             httpIngressPath.mixin.backend.withServiceName('grafana') +
+    //             httpIngressPath.mixin.backend.withServicePort('http')
+    //         ),
+    //     ),
+    // 'basic-auth-secret':
+    //     // First generate the auth secret with gen_auth.sh script
+    //     secret.new('basic-auth', { auth: std.base64(importstr 'auth') }) +
+    //     secret.mixin.metadata.withNamespace($._config.namespace),
+  } + if vars.UseProvidedCerts then {
+    secret:
+      utils.newTLSSecret('ingress-secret', $._config.namespace, vars.TLSCertificate, vars.TLSKey),
+  } else {},
+}

build_images.sh

@@ -1,86 +0,0 @@
-#!/bin/bash
-
-REPO=carlosedp
-
-AOM_VERSION=2.1
-KSM_VERSION=v1.3.0
-VERSION=v0.20.0
-PROMCONFIGRELOADER_VERSION=v0.20.0
-
-# Kubernetes addon-resizer
-# Retag Addon-resizer google images to have unified manifest on DockerHub
-docker pull gcr.io/google-containers/addon-resizer-arm64:$AOM_VERSION
-docker pull gcr.io/google-containers/addon-resizer-arm:$AOM_VERSION
-
-docker tag gcr.io/google-containers/addon-resizer-arm64:$AOM_VERSION $REPO/addon-resizer:$AOM_VERSION-arm64
-docker tag gcr.io/google-containers/addon-resizer-arm:$AOM_VERSION $REPO/addon-resizer:$AOM_VERSION-arm
-
-docker push $REPO/addon-resizer:$AOM_VERSION-arm
-docker push $REPO/addon-resizer:$AOM_VERSION-arm64
-
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/addon-resizer:$AOM_VERSION-ARCH --target $REPO/addon-resizer:$AOM_VERSION
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/addon-resizer:$AOM_VERSION-ARCH --target $REPO/addon-resizer:latest
-
-# Kube-state-metrics
-go get github.com/kubernetes/kube-state-metrics
-mv $HOME/go/src/github.com/kubernetes/kube-state-metrics $HOME/go/src/k8s.io/kube-state-metrics
-cd $HOME/go/src/k8s.io/kube-state-metrics
-git checkout ${KSM_VERSION}
-GOOS=linux GOARCH=arm go build .
-docker build -t $REPO/kube-state-metrics:${KSM_VERSION}-arm .
-
-GOOS=linux GOARCH=arm64 go build .
-docker build -t $REPO/kube-state-metrics:${KSM_VERSION}-arm64 .
-
-docker push $REPO/kube-state-metrics:$KSM_VERSION-arm
-docker push $REPO/kube-state-metrics:$KSM_VERSION-arm64
-
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/kube-state-metrics:$KSM_VERSION-ARCH --target $REPO/kube-state-metrics:$KSM_VERSION
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/kube-state-metrics:$KSM_VERSION-ARCH --target $REPO/kube-state-metrics:latest
-
-
-# Prometheus-operator
-
-go get github.com/coreos/prometheus-operator
-cd $HOME/go/src/github.com/coreos/prometheus-operator
-git checkout ${VERSION}
-
-go get -u github.com/prometheus/promu
-
-cat Dockerfile |sed -e 's/\.build\/linux-amd64\/operator/operator/' |sed -e 's/^FROM.*/FROM busybox/' > Dockerfile.arm
-
-GOOS=linux GOARCH=arm $GOPATH/bin/promu build --prefix `pwd`
-docker build -t $REPO/prometheus-operator:${VERSION}-arm -f Dockerfile.arm .
-
-GOOS=linux GOARCH=arm64 $GOPATH/bin/promu build --prefix `pwd`
-docker build -t $REPO/prometheus-operator:${VERSION}-arm64 -f Dockerfile.arm .
-
-docker push $REPO/prometheus-operator:$VERSION-arm
-docker push $REPO/prometheus-operator:$VERSION-arm64
-
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-operator:$VERSION-ARCH --target $REPO/prometheus-operator:$VERSION
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-operator:$VERSION-ARCH --target $REPO/prometheus-operator:latest
-
-rm Dockerfile.arm
-
-# prometheus-config-reloader
-go get github.com/coreos/prometheus-operator
-cd $HOME/go/src/github.com/coreos/prometheus-operator/
-git checkout ${PROMCONFIGRELOADER_VERSION}
-cd $HOME/go/src/github.com/coreos/prometheus-operator/contrib/prometheus-config-reloader
-
-cat Dockerfile |sed -e 's/^FROM.*/FROM busybox/' > Dockerfile.arm
-
-GOOS=linux GOARCH=arm CGO_ENABLED=0 go build -o prometheus-config-reloader main.go
-docker build -t $REPO/prometheus-config-reloader:${PROMCONFIGRELOADER_VERSION}-arm -f Dockerfile.arm .
-
-GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o prometheus-config-reloader main.go
-docker build -t $REPO/prometheus-config-reloader:${PROMCONFIGRELOADER_VERSION}-arm64 -f Dockerfile.arm .
-
-docker push $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-arm
-docker push $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-arm64
-
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-ARCH --target $REPO/prometheus-config-reloader:$VERSION
-manifest-tool-linux-arm64 push from-args --platforms linux/arm,linux/arm64 --template $REPO/prometheus-config-reloader:$PROMCONFIGRELOADER_VERSION-ARCH --target $REPO/prometheus-config-reloader:latest
-
-rm Dockerfile.arm

deploy

@@ -1,52 +0,0 @@
-#!/usr/bin/env bash
-
-if [ -z "${KUBECONFIG}" ]; then
-    export KUBECONFIG=~/.kube/config
-fi
-
-# CAUTION - setting NAMESPACE will deploy most components to the given namespace
-# however some are hardcoded to 'monitoring'. Only use if you have reviewed all manifests.
-
-if [ -z "${NAMESPACE}" ]; then
-    NAMESPACE=monitoring
-fi
-
-kubectl create namespace "$NAMESPACE"
-
-kctl() {
-    kubectl --namespace "$NAMESPACE" "$@"
-}
-
-kubectl apply -f manifests/k8s
-
-kctl apply -f manifests/prometheus-operator
-
-# Wait for CRDs to be ready.
-printf "Waiting for Operator to register custom resource definitions..."
-until kctl get customresourcedefinitions servicemonitors.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
-until kctl get customresourcedefinitions prometheuses.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
-until kctl get customresourcedefinitions alertmanagers.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
-until kctl get servicemonitors.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
-until kctl get prometheuses.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
-until kctl get alertmanagers.monitoring.coreos.com > /dev/null 2>&1; do sleep 1; printf "."; done
-echo "done!"
-
-kctl apply -f manifests/node-exporter
-kctl apply -f manifests/armexporter/daemonset.yaml
-kctl apply -f manifests/armexporter/service.yaml
-
-kctl apply -f manifests/kube-state-metrics/kube-state-metrics-cluster-role.yaml
-kctl apply -f manifests/kube-state-metrics/kube-state-metrics-cluster-role-binding.yaml
-kctl apply -f manifests/kube-state-metrics/kube-state-metrics-role.yaml
-kctl apply -f manifests/kube-state-metrics/kube-state-metrics-role-binding.yaml
-kctl apply -f manifests/kube-state-metrics/kube-state-metrics-service-account.yaml
-kctl apply -f manifests/kube-state-metrics/kube-state-metrics-service.yaml
-kctl apply -f manifests/kube-state-metrics/kube-state-metrics-deployment.yaml
-
-kctl apply -f manifests/grafana/grafana-credentials.yaml
-kctl apply -f manifests/grafana
-find manifests/prometheus -type f ! -name prometheus-k8s-roles.yaml ! -name prometheus-k8s-role-bindings.yaml -exec kubectl --namespace "$NAMESPACE" apply -f {} \;
-kubectl apply -f manifests/prometheus/prometheus-k8s-roles.yaml
-kubectl apply -f manifests/prometheus/prometheus-k8s-role-bindings.yaml
-kctl apply -f manifests/alertmanager/
-kctl apply -f manifests/smtp-server/smtp.yaml

grafana-dashboards/apc-ups-dashboard.json

@@ -0,0 +1,693 @@
+{
+  "annotations": {
+    "list": [{
+      "builtIn": 1,
+      "datasource": "-- Grafana --",
+      "enable": true,
+      "hide": true,
+      "iconColor": "rgba(0, 211, 255, 1)",
+      "name": "Annotations & Alerts",
+      "type": "dashboard"
+    }]
+  },
+  "description": "Dashboard for single APC UPS",
+  "editable": true,
+  "gnetId": 4191,
+  "graphTooltip": 0,
+  "id": 14,
+  "links": [],
+  "panels": [{
+      "cacheTimeout": null,
+      "colorBackground": false,
+      "colorValue": false,
+      "colors": [
+        "rgba(245, 54, 54, 0.9)",
+        "rgba(237, 129, 40, 0.89)",
+        "rgba(50, 172, 45, 0.97)"
+      ],
+      "datasource": "prometheus",
+      "editable": true,
+      "error": false,
+      "format": "percent",
+      "gauge": {
+        "maxValue": 100,
+        "minValue": 0,
+        "show": true,
+        "thresholdLabels": true,
+        "thresholdMarkers": true
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 6,
+        "x": 0,
+        "y": 0
+      },
+      "id": 6,
+      "interval": null,
+      "isNew": true,
+      "links": [],
+      "mappingType": 1,
+      "mappingTypes": [{
+          "name": "value to text",
+          "value": 1
+        },
+        {
+          "name": "range to text",
+          "value": 2
+        }
+      ],
+      "maxDataPoints": 100,
+      "nullPointMode": "connected",
+      "nullText": null,
+      "postfix": "",
+      "postfixFontSize": "50%",
+      "prefix": "",
+      "prefixFontSize": "50%",
+      "rangeMaps": [{
+        "from": "null",
+        "text": "N/A",
+        "to": "null"
+      }],
+      "sparkline": {
+        "fillColor": "rgba(31, 118, 189, 0.18)",
+        "full": false,
+        "lineColor": "rgb(31, 120, 193)",
+        "show": false
+      },
+      "tableColumn": "",
+      "targets": [{
+        "expr": "apcups_battery_charge_percent",
+        "format": "time_series",
+        "interval": "10s",
+        "intervalFactor": 1,
+        "legendFormat": "",
+        "refId": "A",
+        "step": 10
+      }],
+      "thresholds": "25,50",
+      "title": "Battery Charge",
+      "type": "singlestat",
+      "valueFontSize": "80%",
+      "valueMaps": [{
+        "op": "=",
+        "text": "N/A",
+        "value": "null"
+      }],
+      "valueName": "current"
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 6,
+        "y": 0
+      },
+      "id": 1,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+        "expr": "apcups_battery_charge_percent",
+        "format": "time_series",
+        "intervalFactor": 2,
+        "legendFormat": "Battery",
+        "refId": "A"
+      }],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Charge Percent",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "decimals": null,
+          "format": "percent",
+          "label": null,
+          "logBase": 1,
+          "max": "100",
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "cacheTimeout": null,
+      "colorBackground": false,
+      "colorValue": true,
+      "colors": [
+        "#d44a3a",
+        "rgba(237, 129, 40, 0.89)",
+        "#299c46"
+      ],
+      "datasource": "prometheus",
+      "format": "m",
+      "gauge": {
+        "maxValue": 100,
+        "minValue": 0,
+        "show": false,
+        "thresholdLabels": false,
+        "thresholdMarkers": true
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 6,
+        "x": 18,
+        "y": 0
+      },
+      "id": 2,
+      "interval": null,
+      "links": [],
+      "mappingType": 1,
+      "mappingTypes": [{
+          "name": "value to text",
+          "value": 1
+        },
+        {
+          "name": "range to text",
+          "value": 2
+        }
+      ],
+      "maxDataPoints": 100,
+      "nullPointMode": "connected",
+      "nullText": null,
+      "postfix": "",
+      "postfixFontSize": "50%",
+      "prefix": "",
+      "prefixFontSize": "50%",
+      "rangeMaps": [{
+        "from": "null",
+        "text": "N/A",
+        "to": "null"
+      }],
+      "sparkline": {
+        "fillColor": "rgba(31, 118, 189, 0.18)",
+        "full": false,
+        "lineColor": "rgb(31, 120, 193)",
+        "show": false
+      },
+      "tableColumn": "",
+      "targets": [{
+        "expr": "apcups_time_left_seconds / 60",
+        "format": "time_series",
+        "intervalFactor": 2,
+        "legendFormat": "",
+        "refId": "A"
+      }],
+      "thresholds": "2,5",
+      "title": "Time on Battery",
+      "type": "singlestat",
+      "valueFontSize": "150%",
+      "valueMaps": [{
+        "op": "=",
+        "text": "N/A",
+        "value": "null"
+      }],
+      "valueName": "current"
+    },
+    {
+      "cacheTimeout": null,
+      "colorBackground": false,
+      "colorValue": false,
+      "colors": [
+        "#299c46",
+        "rgba(237, 129, 40, 0.89)",
+        "#d44a3a"
+      ],
+      "datasource": "prometheus",
+      "decimals": null,
+      "format": "none",
+      "gauge": {
+        "maxValue": 100,
+        "minValue": 0,
+        "show": false,
+        "thresholdLabels": false,
+        "thresholdMarkers": true
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 6,
+        "x": 0,
+        "y": 7
+      },
+      "id": 8,
+      "interval": null,
+      "links": [],
+      "mappingType": 1,
+      "mappingTypes": [{
+          "name": "value to text",
+          "value": 1
+        },
+        {
+          "name": "range to text",
+          "value": 2
+        }
+      ],
+      "maxDataPoints": 100,
+      "nullPointMode": "connected",
+      "nullText": null,
+      "postfix": "",
+      "postfixFontSize": "50%",
+      "prefix": "",
+      "prefixFontSize": "50%",
+      "rangeMaps": [{
+        "from": "null",
+        "text": "N/A",
+        "to": "null"
+      }],
+      "sparkline": {
+        "fillColor": "rgba(31, 118, 189, 0.18)",
+        "full": false,
+        "lineColor": "rgb(31, 120, 193)",
+        "show": false
+      },
+      "tableColumn": "",
+      "targets": [{
+        "expr": "topk(1,apcups_status == 1)",
+        "format": "time_series",
+        "intervalFactor": 1,
+        "legendFormat": "{{ status }}",
+        "refId": "A"
+      }],
+      "thresholds": "",
+      "title": "UPS Status",
+      "type": "singlestat",
+      "valueFontSize": "80%",
+      "valueMaps": [{
+        "op": "=",
+        "text": "N/A",
+        "value": "null"
+      }],
+      "valueName": "name"
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 7,
+        "w": 18,
+        "x": 6,
+        "y": 7
+      },
+      "id": 3,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+          "expr": "apcups_line_nominal_volts",
+          "format": "time_series",
+          "intervalFactor": 2,
+          "legendFormat": "Nominal",
+          "refId": "A"
+        },
+        {
+          "expr": "apcups_line_volts",
+          "format": "time_series",
+          "intervalFactor": 2,
+          "legendFormat": "Actual",
+          "refId": "B"
+        }
+      ],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Line Voltage",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "format": "volt",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 7,
+        "w": 18,
+        "x": 0,
+        "y": 14
+      },
+      "id": 4,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+        "expr": "apcups_load_percent",
+        "format": "time_series",
+        "instant": false,
+        "intervalFactor": 2,
+        "legendFormat": "Percent",
+        "refId": "A"
+      }],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Load",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "format": "percent",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "cacheTimeout": null,
+      "colorBackground": false,
+      "colorValue": false,
+      "colors": [
+        "#299c46",
+        "rgba(237, 129, 40, 0.89)",
+        "#d44a3a"
+      ],
+      "datasource": "prometheus",
+      "format": "none",
+      "gauge": {
+        "maxValue": 100,
+        "minValue": 0,
+        "show": false,
+        "thresholdLabels": false,
+        "thresholdMarkers": true
+      },
+      "gridPos": {
+        "h": 3,
+        "w": 6,
+        "x": 18,
+        "y": 14
+      },
+      "id": 10,
+      "interval": null,
+      "links": [],
+      "mappingType": 1,
+      "mappingTypes": [{
+          "name": "value to text",
+          "value": 1
+        },
+        {
+          "name": "range to text",
+          "value": 2
+        }
+      ],
+      "maxDataPoints": 100,
+      "nullPointMode": "connected",
+      "nullText": null,
+      "postfix": " W",
+      "postfixFontSize": "100%",
+      "prefix": "",
+      "prefixFontSize": "50%",
+      "rangeMaps": [{
+        "from": "null",
+        "text": "N/A",
+        "to": "null"
+      }],
+      "sparkline": {
+        "fillColor": "rgba(31, 118, 189, 0.18)",
+        "full": false,
+        "lineColor": "rgb(31, 120, 193)",
+        "show": false
+      },
+      "tableColumn": "",
+      "targets": [{
+        "expr": "apcups_nominal_power_watts*(apcups_load_percent/100)",
+        "format": "time_series",
+        "instant": true,
+        "intervalFactor": 1,
+        "legendFormat": "",
+        "refId": "A"
+      }],
+      "thresholds": "",
+      "title": "Current UPS Load",
+      "type": "singlestat",
+      "valueFontSize": "100%",
+      "valueMaps": [{
+        "op": "=",
+        "text": "N/A",
+        "value": "null"
+      }],
+      "valueName": "avg"
+    },
+    {
+      "cacheTimeout": null,
+      "colorBackground": false,
+      "colorValue": false,
+      "colors": [
+        "#299c46",
+        "rgba(237, 129, 40, 0.89)",
+        "#d44a3a"
+      ],
+      "datasource": "prometheus",
+      "format": "none",
+      "gauge": {
+        "maxValue": 100,
+        "minValue": 0,
+        "show": false,
+        "thresholdLabels": false,
+        "thresholdMarkers": true
+      },
+      "gridPos": {
+        "h": 4,
+        "w": 6,
+        "x": 18,
+        "y": 17
+      },
+      "id": 11,
+      "interval": null,
+      "links": [],
+      "mappingType": 1,
+      "mappingTypes": [{
+          "name": "value to text",
+          "value": 1
+        },
+        {
+          "name": "range to text",
+          "value": 2
+        }
+      ],
+      "maxDataPoints": 100,
+      "nullPointMode": "connected",
+      "nullText": null,
+      "postfix": " W",
+      "postfixFontSize": "100%",
+      "prefix": "",
+      "prefixFontSize": "50%",
+      "rangeMaps": [{
+        "from": "null",
+        "text": "N/A",
+        "to": "null"
+      }],
+      "sparkline": {
+        "fillColor": "rgba(31, 118, 189, 0.18)",
+        "full": false,
+        "lineColor": "rgb(31, 120, 193)",
+        "show": false
+      },
+      "tableColumn": "",
+      "targets": [{
+        "expr": "apcups_nominal_power_watts*(apcups_load_percent/100)",
+        "format": "time_series",
+        "instant": false,
+        "intervalFactor": 1,
+        "legendFormat": "",
+        "refId": "A"
+      }],
+      "thresholds": "",
+      "title": "Average UPS Load",
+      "type": "singlestat",
+      "valueFontSize": "100%",
+      "valueMaps": [{
+        "op": "=",
+        "text": "N/A",
+        "value": "null"
+      }],
+      "valueName": "avg"
+    }
+  ],
+  "refresh": "5m",
+  "schemaVersion": 16,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-30m",
+    "to": "now"
+  },
+  "timepicker": {
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ],
+    "time_options": [
+      "5m",
+      "15m",
+      "1h",
+      "6h",
+      "12h",
+      "24h",
+      "2d",
+      "7d",
+      "30d"
+    ]
+  },
+  "timezone": "",
+  "title": "UPS",
+  "version": 5
+}

grafana-dashboards/fluentd-dashboard.json

@@ -0,0 +1,553 @@
+{
+  "annotations": {
+    "list": [{
+      "builtIn": 1,
+      "datasource": "-- Grafana --",
+      "enable": true,
+      "hide": true,
+      "iconColor": "rgba(0, 211, 255, 1)",
+      "name": "Annotations & Alerts",
+      "type": "dashboard"
+    }]
+  },
+  "description": "A quick dashboard for displaying Fluentd metrics.",
+  "editable": true,
+  "gnetId": 3522,
+  "graphTooltip": 0,
+  "id": 20,
+  "links": [],
+  "panels": [{
+      "cacheTimeout": null,
+      "colorBackground": false,
+      "colorValue": false,
+      "colors": [
+        "rgba(245, 54, 54, 0.9)",
+        "rgba(45, 170, 3, 0.89)",
+        "rgba(50, 172, 45, 0.97)"
+      ],
+      "datasource": "prometheus",
+      "decimals": null,
+      "format": "percentunit",
+      "gauge": {
+        "maxValue": 1,
+        "minValue": 0,
+        "show": true,
+        "thresholdLabels": false,
+        "thresholdMarkers": true
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 5,
+        "x": 0,
+        "y": 0
+      },
+      "id": 4,
+      "interval": null,
+      "links": [],
+      "mappingType": 1,
+      "mappingTypes": [{
+          "name": "value to text",
+          "value": 1
+        },
+        {
+          "name": "range to text",
+          "value": 2
+        }
+      ],
+      "maxDataPoints": 100,
+      "nullPointMode": "connected",
+      "nullText": null,
+      "postfix": "",
+      "postfixFontSize": "50%",
+      "prefix": "",
+      "prefixFontSize": "50%",
+      "rangeMaps": [{
+        "from": "null",
+        "text": "N/A",
+        "to": "null"
+      }],
+      "sparkline": {
+        "fillColor": "rgba(31, 118, 189, 0.18)",
+        "full": false,
+        "lineColor": "rgb(31, 120, 193)",
+        "show": false
+      },
+      "tableColumn": "",
+      "targets": [{
+        "expr": "count(kube_pod_info{pod=~\"fluentd.*\"}) / count(node_boot_time_seconds)",
+        "format": "time_series",
+        "instant": true,
+        "intervalFactor": 2,
+        "refId": "A",
+        "step": 40
+      }],
+      "thresholds": "0,1",
+      "title": "Fluentd Nodes Up",
+      "type": "singlestat",
+      "valueFontSize": "80%",
+      "valueMaps": [{
+        "op": "=",
+        "text": "N/A",
+        "value": "null"
+      }],
+      "valueName": "avg"
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 8,
+        "w": 19,
+        "x": 5,
+        "y": 0
+      },
+      "id": 1,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+        "expr": "sum(fluentd_output_status_buffer_queue_length * on(pod) group_left(host_ip) kube_pod_info{pod=~\"fluentd.*\"}) by (host_ip)",
+        "format": "time_series",
+        "intervalFactor": 2,
+        "legendFormat": "{{host_ip}}",
+        "metric": "fluentd_buffer_queue_length",
+        "refId": "A",
+        "step": 2
+      }],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Output Buffer Queue Lenght",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 0,
+        "y": 8
+      },
+      "id": 3,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+        "expr": "sum(fluentd_output_status_buffer_total_bytes * on(pod) group_left(host_ip) kube_pod_info{pod=~\"fluentd.*\"}) by (host_ip)",
+        "format": "time_series",
+        "intervalFactor": 2,
+        "legendFormat": "{{host_ip}}",
+        "metric": "fluentd_buffer_total_queued_size",
+        "refId": "A",
+        "step": 2
+      }],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Output Buffer Bytes",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 7,
+        "w": 12,
+        "x": 12,
+        "y": 8
+      },
+      "id": 7,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+        "expr": "sum(fluentd_output_status_emit_records * on(pod) group_left(host_ip) kube_pod_info{pod=~\"fluentd.*\"}) by (host_ip,plugin_id)",
+        "format": "time_series",
+        "intervalFactor": 1,
+        "legendFormat": "{{ host_ip }} - {{ plugin_id }}",
+        "refId": "A"
+      }],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Emitted Records",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 15
+      },
+      "id": 8,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+        "expr": "sum(fluentd_output_status_num_errors * on(pod) group_left(host_ip) kube_pod_info{pod=~\"fluentd.*\"}) by (host_ip, plugin_id)",
+        "format": "time_series",
+        "intervalFactor": 2,
+        "legendFormat": "{{host_ip}} - {{plugin_id}}",
+        "metric": "fluentd_retry_count",
+        "refId": "A",
+        "step": 4
+      }],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Errors",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fill": 1,
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 15
+      },
+      "id": 5,
+      "legend": {
+        "avg": false,
+        "current": false,
+        "max": false,
+        "min": false,
+        "show": true,
+        "total": false,
+        "values": false
+      },
+      "lines": true,
+      "linewidth": 1,
+      "links": [],
+      "nullPointMode": "null",
+      "percentage": false,
+      "pointradius": 5,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
+      "targets": [{
+        "expr": "sum(fluentd_output_status_retry_count * on(pod) group_left(host_ip) kube_pod_info{pod=~\"fluentd.*\"}) by (host_ip, plugin_id)",
+        "format": "time_series",
+        "intervalFactor": 2,
+        "legendFormat": "{{host_ip}} - {{plugin_id}}",
+        "metric": "fluentd_retry_count",
+        "refId": "A",
+        "step": 4
+      }],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Retry Count",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [{
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    }
+  ],
+  "refresh": false,
+  "schemaVersion": 16,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-3h",
+    "to": "now"
+  },
+  "timepicker": {
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ],
+    "time_options": [
+      "5m",
+      "15m",
+      "1h",
+      "6h",
+      "12h",
+      "24h",
+      "2d",
+      "7d",
+      "30d"
+    ]
+  },
+  "timezone": "browser",
+  "title": "Fluentd dashboard (Prometheus exporter)",
+  "version": 2
+}

grafana-dashboards/speedtest-exporter-dashboard.json

@@ -0,0 +1,352 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": "-- Grafana --",
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "gnetId": null,
+  "graphTooltip": 0,
+  "links": [],
+  "panels": [
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fieldConfig": {
+        "defaults": {
+          "custom": {}
+        },
+        "overrides": []
+      },
+      "fill": 1,
+      "fillGradient": 10,
+      "gridPos": {
+        "h": 9,
+        "w": 8,
+        "x": 0,
+        "y": 0
+      },
+      "hiddenSeries": false,
+      "id": 4,
+      "legend": {
+        "alignAsTable": true,
+        "avg": true,
+        "current": false,
+        "max": true,
+        "min": true,
+        "rightSide": false,
+        "show": true,
+        "total": false,
+        "values": true
+      },
+      "lines": true,
+      "linewidth": 1,
+      "nullPointMode": "connected",
+      "options": {
+        "alertThreshold": true,
+        "dataLinks": []
+      },
+      "percentage": false,
+      "pluginVersion": "7.0.3",
+      "pointradius": 2,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": true,
+      "targets": [
+        {
+          "expr": "speedtest_ping_latency_milliseconds",
+          "format": "time_series",
+          "instant": false,
+          "interval": "",
+          "legendFormat": "Ping (ms)",
+          "refId": "A"
+        },
+        {
+          "expr": "speedtest_jitter_latency_milliseconds",
+          "format": "time_series",
+          "instant": false,
+          "interval": "",
+          "legendFormat": "Jitter (ms)",
+          "refId": "B"
+        }
+      ],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Ping and Jitter (ms)",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [
+        {
+          "$$hashKey": "object:291",
+          "format": "ms",
+          "label": "Time",
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "$$hashKey": "object:292",
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "custom": {}
+        },
+        "overrides": []
+      },
+      "fill": 1,
+      "fillGradient": 10,
+      "gridPos": {
+        "h": 9,
+        "w": 8,
+        "x": 8,
+        "y": 0
+      },
+      "hiddenSeries": false,
+      "id": 2,
+      "legend": {
+        "alignAsTable": true,
+        "avg": true,
+        "current": false,
+        "max": true,
+        "min": true,
+        "show": true,
+        "total": false,
+        "values": true
+      },
+      "lines": true,
+      "linewidth": 1,
+      "nullPointMode": "connected",
+      "options": {
+        "alertThreshold": true,
+        "dataLinks": []
+      },
+      "percentage": false,
+      "pluginVersion": "7.2.1",
+      "pointradius": 2,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": true,
+      "targets": [
+        {
+          "expr": "speedtest_download_bits_per_second*10^-6",
+          "format": "time_series",
+          "instant": false,
+          "interval": "",
+          "legendFormat": "Download Speed (Mbits/s)",
+          "refId": "A"
+        }
+      ],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Download Speed (Mbits/s)",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [
+        {
+          "$$hashKey": "object:291",
+          "format": "Mbits",
+          "label": "Download Speed",
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "$$hashKey": "object:292",
+          "decimals": null,
+          "format": "dateTimeAsLocal",
+          "label": "",
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    },
+    {
+      "aliasColors": {},
+      "bars": false,
+      "dashLength": 10,
+      "dashes": false,
+      "datasource": "prometheus",
+      "fieldConfig": {
+        "defaults": {
+          "custom": {}
+        },
+        "overrides": []
+      },
+      "fill": 1,
+      "fillGradient": 10,
+      "gridPos": {
+        "h": 9,
+        "w": 8,
+        "x": 16,
+        "y": 0
+      },
+      "hiddenSeries": false,
+      "id": 3,
+      "legend": {
+        "alignAsTable": true,
+        "avg": true,
+        "current": false,
+        "max": true,
+        "min": true,
+        "show": true,
+        "total": false,
+        "values": true
+      },
+      "lines": true,
+      "linewidth": 1,
+      "nullPointMode": "connected",
+      "options": {
+        "alertThreshold": true,
+        "dataLinks": []
+      },
+      "percentage": false,
+      "pluginVersion": "7.2.1",
+      "pointradius": 2,
+      "points": false,
+      "renderer": "flot",
+      "seriesOverrides": [],
+      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": true,
+      "targets": [
+        {
+          "expr": "speedtest_upload_bits_per_second*10^-6",
+          "format": "time_series",
+          "interval": "",
+          "legendFormat": "Upload Speed (Mbits/s)",
+          "refId": "A"
+        }
+      ],
+      "thresholds": [],
+      "timeFrom": null,
+      "timeRegions": [],
+      "timeShift": null,
+      "title": "Upload Speed (Mbits/s)",
+      "tooltip": {
+        "shared": true,
+        "sort": 0,
+        "value_type": "individual"
+      },
+      "type": "graph",
+      "xaxis": {
+        "buckets": null,
+        "mode": "time",
+        "name": null,
+        "show": true,
+        "values": []
+      },
+      "yaxes": [
+        {
+          "$$hashKey": "object:291",
+          "decimals": null,
+          "format": "Mbits",
+          "label": "Upload Speed",
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        },
+        {
+          "$$hashKey": "object:292",
+          "decimals": null,
+          "format": "short",
+          "label": null,
+          "logBase": 1,
+          "max": null,
+          "min": null,
+          "show": true
+        }
+      ],
+      "yaxis": {
+        "align": false,
+        "alignLevel": null
+      }
+    }
+  ],
+  "refresh": "15m",
+  "schemaVersion": 25,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-6h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "Speedtest Dashboard",
+  "uid": "-fs18ztMz",
+  "version": 1
+}

image_sources_versions.jsonnet

@@ -0,0 +1,37 @@
+{
+  _config+:: {
+    versions+:: {
+      prometheus: 'v2.19.1',
+      alertmanager: 'v0.21.0',
+      kubeStateMetrics: '1.9.6',
+      kubeRbacProxy: 'v0.5.0',
+      addonResizer: '2.3',
+      nodeExporter: 'v0.18.1',
+      prometheusOperator: 'v0.40.0',
+      prometheusAdapter: 'v0.7.0',
+      grafana: '7.0.3',
+      configmapReloader: 'latest',
+      prometheusConfigReloader: 'v0.40.0',
+      armExporter: 'latest',
+      smtpRelay: 'v1.0.1',
+      elasticExporter: '1.0.4rc1',
+    },
+
+    imageRepos+:: {
+      prometheus: 'prom/prometheus',
+      alertmanager: 'prom/alertmanager',
+      kubeStateMetrics: 'carlosedp/kube-state-metrics',
+      kubeRbacProxy: 'carlosedp/kube-rbac-proxy',
+      addonResizer: 'carlosedp/addon-resizer',
+      nodeExporter: 'prom/node-exporter',
+      prometheusOperator: 'carlosedp/prometheus-operator',
+      prometheusAdapter: 'directxman12/k8s-prometheus-adapter',
+      grafana: 'grafana/grafana',
+      configmapReloader: 'carlosedp/configmap-reload',
+      prometheusConfigReloader: 'carlosedp/prometheus-config-reloader',
+      armExporter: 'carlosedp/arm_exporter',
+      smtpRelay: 'carlosedp/docker-smtp',
+      elasticExporter: 'carlosedp/elasticsearch-exporter',
+    },
+  },
+}

jsonnetfile.json

@@ -0,0 +1,15 @@
+{
+  "version": 1,
+  "dependencies": [
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/coreos/kube-prometheus.git",
+          "subdir": "jsonnet/kube-prometheus"
+        }
+      },
+      "version": "master"
+    }
+  ],
+  "legacyImports": true
+}

jsonnetfile.lock.json

@@ -0,0 +1,138 @@
+{
+  "version": 1,
+  "dependencies": [
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/brancz/kubernetes-grafana.git",
+          "subdir": "grafana"
+        }
+      },
+      "version": "57b4365eacda291b82e0d55ba7eec573a8198dda",
+      "sum": "92DWADwGjnCfpZaL7Q07C0GZayxBziGla/O03qWea34="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/coreos/etcd.git",
+          "subdir": "Documentation/etcd-mixin"
+        }
+      },
+      "version": "d8c8f903eee10b8391abaef7758c38b2cd393c55",
+      "sum": "pk7mLpdUrHuJKkj2vhD6LGMU7P+oYYooBXAeZyZa398="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/coreos/kube-prometheus.git",
+          "subdir": "jsonnet/kube-prometheus"
+        }
+      },
+      "version": "17989b42aa10b1c6afa07043cb05bcd5ae492284",
+      "sum": "2FR289B1LGUf5tTN4PXBj5TjRX7okSFxE8uHkSslzDQ="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/coreos/prometheus-operator.git",
+          "subdir": "jsonnet/prometheus-operator"
+        }
+      },
+      "version": "e31c69f9b5c6555e0f4a5c1f39d0f03182dd6b41",
+      "sum": "WggWVWZ+CBEUThQCztSaRELbtqdXf9s3OFzf06HbYNA="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/grafana/grafonnet-lib.git",
+          "subdir": "grafonnet"
+        }
+      },
+      "version": "8fb95bd89990e493a8534205ee636bfcb8db67bd",
+      "sum": "tDuuSKE9f4Ew2bjBM33Rs6behLEAzkmKkShSt+jpAak="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/grafana/jsonnet-libs.git",
+          "subdir": "grafana-builder"
+        }
+      },
+      "version": "881db2241f0c5007c3e831caf34b0c645202b4ab",
+      "sum": "slxrtftVDiTlQK22ertdfrg4Epnq97gdrLI63ftUfaE="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/ksonnet/ksonnet-lib.git",
+          "subdir": ""
+        }
+      },
+      "version": "0d2f82676817bbf9e4acf6495b2090205f323b9f",
+      "sum": "h28BXZ7+vczxYJ2sCt8JuR9+yznRtU/iA6DCpQUrtEg=",
+      "name": "ksonnet"
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin.git",
+          "subdir": ""
+        }
+      },
+      "version": "b61c5a34051f8f57284a08fe78ad8a45b430252b",
+      "sum": "7Hx/5eNm7ubLTsdrpk3b2+e/FLR3XOa4HCukmbRUCAY="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/kubernetes-monitoring/kubernetes-mixin.git",
+          "subdir": "lib/promgrafonnet"
+        }
+      },
+      "version": "b61c5a34051f8f57284a08fe78ad8a45b430252b",
+      "sum": "VhgBM39yv0f4bKv8VfGg4FXkg573evGDRalip9ypKbc="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/kubernetes/kube-state-metrics.git",
+          "subdir": "jsonnet/kube-state-metrics"
+        }
+      },
+      "version": "d667979ed55ad1c4db44d331b51d646f5b903aa7",
+      "sum": "cJjGZaLBjcIGrLHZLjRPU9c3KL+ep9rZTb9dbALSKqA="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/kubernetes/kube-state-metrics.git",
+          "subdir": "jsonnet/kube-state-metrics-mixin"
+        }
+      },
+      "version": "d667979ed55ad1c4db44d331b51d646f5b903aa7",
+      "sum": "o5avaguRsfFwYFNen00ZEsub1x4i8Z/ZZ2QoEjFMff8="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/prometheus/node_exporter.git",
+          "subdir": "docs/node-mixin"
+        }
+      },
+      "version": "08ce3c6dd430deb51798826701a395e460620d60",
+      "sum": "3jFV2qsc/GZe2GADswTYqxxP2zGOiANTj73W/VNFGqc="
+    },
+    {
+      "source": {
+        "git": {
+          "remote": "https://github.com/prometheus/prometheus.git",
+          "subdir": "documentation/prometheus-mixin"
+        }
+      },
+      "version": "74207c04655e1fd93eea0e9a5d2f31b1cbc4d3d0",
+      "sum": "lEzhZ8gllSfAO4kmXeTwl4W0anapIeFd5GCaCNuDe18=",
+      "name": "prometheus"
+    }
+  ],
+  "legacyImports": false
+}

main.jsonnet

@@ -0,0 +1,39 @@
+local utils = import 'utils.libsonnet';
+local vars = import 'vars.jsonnet';
+
+local kp = (import 'kube-prometheus/kube-prometheus.libsonnet')
+           + (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet')
+           + (import 'kube-prometheus/kube-prometheus-kops-coredns.libsonnet')
+           + (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet')
+           // Additional modules are loaded dynamically from vars.jsonnet
+           + utils.join_objects([module.file for module in vars.modules if module.enabled])
+           // Load K3s customized modules
+           + utils.join_objects([m for m in [import 'modules/k3s-overrides.jsonnet'] if vars.k3s.enabled])
+           // Base stack is loaded at the end to override previous definitions
+           + (import 'base_operator_stack.jsonnet')
+           // Load image versions last to override default from modules
+           + (import 'image_sources_versions.jsonnet');
+
+// Generate core modules
+{ ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) }
+// First generate operator resources except the serviceMonitors
+{
+  ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name]
+  for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator))
+}
+// serviceMonitor is separated so that it can be created after the CRDs are ready
+{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor }
+{ ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) }
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) }
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) }
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) }
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) }
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
+{ ['ingress-' + name]: kp.ingress[name] for name in std.objectFields(kp.ingress) }
+
+{  // Dynamically generate additional modules from vars.jsonnet
+  [std.asciiLower(module.name) + '-' + name]: kp[module.name][name]
+  for module in vars.modules
+  if module.enabled
+  for name in std.objectFields(kp[module.name])
+}

manifests/alertmanager-alertmanager.yaml

@@ -0,0 +1,32 @@
+apiVersion: monitoring.coreos.com/v1
+kind: Alertmanager
+metadata:
+  labels:
+    alertmanager: main
+  name: main
+  namespace: monitoring
+spec:
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: alertmanager
+              operator: In
+              values:
+              - main
+          namespaces:
+          - monitoring
+          topologyKey: kubernetes.io/hostname
+        weight: 100
+  image: prom/alertmanager:v0.21.0
+  nodeSelector:
+    kubernetes.io/os: linux
+  replicas: 1
+  securityContext:
+    fsGroup: 2000
+    runAsNonRoot: true
+    runAsUser: 1000
+  serviceAccountName: alertmanager-main
+  version: v0.21.0

manifests/alertmanager-secret.yaml

@@ -0,0 +1,44 @@
+apiVersion: v1
+data: {}
+kind: Secret
+metadata:
+  name: alertmanager-main
+  namespace: monitoring
+stringData:
+  alertmanager.yaml: |-
+    "global":
+      "resolve_timeout": "5m"
+    "inhibit_rules":
+    - "equal":
+      - "namespace"
+      - "alertname"
+      "source_match":
+        "severity": "critical"
+      "target_match_re":
+        "severity": "warning|info"
+    - "equal":
+      - "namespace"
+      - "alertname"
+      "source_match":
+        "severity": "warning"
+      "target_match_re":
+        "severity": "info"
+    "receivers":
+    - "name": "Default"
+    - "name": "Watchdog"
+    - "name": "Critical"
+    "route":
+      "group_by":
+      - "namespace"
+      "group_interval": "5m"
+      "group_wait": "30s"
+      "receiver": "Default"
+      "repeat_interval": "12h"
+      "routes":
+      - "match":
+          "alertname": "Watchdog"
+        "receiver": "Watchdog"
+      - "match":
+          "severity": "critical"
+        "receiver": "Critical"
+type: Opaque

manifests/alertmanager-service.yaml

@@ -4,13 +4,13 @@ metadata:
   labels:
     alertmanager: main
   name: alertmanager-main
+  namespace: monitoring
 spec:
-  type: NodePort
   ports:
   - name: web
-    nodePort: 30903
     port: 9093
-    protocol: TCP
     targetPort: web
   selector:
     alertmanager: main
+    app: alertmanager
+  sessionAffinity: ClientIP

manifests/alertmanager-serviceAccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: alertmanager-main
+  namespace: monitoring

manifests/alertmanager-serviceMonitor.yaml

@@ -1,16 +1,14 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: alertmanager
   labels:
     k8s-app: alertmanager
+  name: alertmanager
+  namespace: monitoring
 spec:
+  endpoints:
+  - interval: 30s
+    port: web
   selector:
     matchLabels:
       alertmanager: main
-  namespaceSelector:
-    matchNames:
-    - monitoring
-  endpoints:
-  - port: web
-    interval: 30s

manifests/alertmanager/alertmanager-config.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: alertmanager-main
-data:
-  alertmanager.yaml: Z2xvYmFsOgogIHJlc29sdmVfdGltZW91dDogNW0Kcm91dGU6CiAgZ3JvdXBfYnk6IFsnam9iJ10KICBncm91cF93YWl0OiAzMHMKICBncm91cF9pbnRlcnZhbDogNW0KICByZXBlYXRfaW50ZXJ2YWw6IDEyaAogIHJlY2VpdmVyOiAnbnVsbCcKICByb3V0ZXM6CiAgLSBtYXRjaDoKICAgICAgYWxlcnRuYW1lOiBEZWFkTWFuc1N3aXRjaAogICAgcmVjZWl2ZXI6ICdudWxsJwpyZWNlaXZlcnM6Ci0gbmFtZTogJ251bGwnCg==

manifests/alertmanager/alertmanager-ingress.yaml

@@ -1,15 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: alertmanager
-  namespace: monitoring
-spec:
-  rules:
-  - host: alertmanager.internal.carlosedp.com
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: alertmanager-main
-          servicePort: web
-

manifests/alertmanager/alertmanager.yaml

@@ -1,11 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: Alertmanager
-metadata:
-  name: main
-  labels:
-    alertmanager: main
-spec:
-  replicas: 1
-  baseImage: carlosedp/alertmanager
-  version: v0.14.0
-

manifests/armexporter/daemonset.yaml

@@ -1,22 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  name: arm-exporter
-  namespace: monitoring
-  labels:
-    k8s-app: arm-exporter
-spec:
-  template:
-    metadata:
-      name: arm-exporter
-      labels:
-        k8s-app: arm-exporter
-    spec:
-      hostNetwork: true
-      containers:
-      - image: carlosedp/arm_exporter
-        name: arm-exporter
-        ports:
-        - name: http
-          containerPort: 9243
-          hostPort: 9243

manifests/armexporter/service.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  namespace: monitoring
-  labels:
-    app: arm-exporter
-    k8s-app: arm-exporter
-  name: arm-exporter
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: http
-    port: 9243
-    protocol: TCP
-  selector:
-    k8s-app: arm-exporter
-

manifests/grafana-config.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  grafana.ini: W2F1dGguYW5vbnltb3VzXQplbmFibGVkID0gZmFsc2UKW2F1dGguYmFzaWNdCmVuYWJsZWQgPSBmYWxzZQpbc2Vzc2lvbl0KcHJvdmlkZXIgPSBtZW1vcnkKW3NtdHBdCmVuYWJsZWQgPSB0cnVlCmZyb21fYWRkcmVzcyA9IG15ZW1haWxAZ21haWwuY29tCmZyb21fbmFtZSA9IEdyYWZhbmEgQWxlcnQKaG9zdCA9IHNtdHAtc2VydmVyLm1vbml0b3Jpbmcuc3ZjOjI1CnBhc3N3b3JkID0gCnNraXBfdmVyaWZ5ID0gdHJ1ZQp1c2VyID0gCg==
+kind: Secret
+metadata:
+  name: grafana-config
+  namespace: monitoring
+type: Opaque

manifests/grafana-dashboardDatasources.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  datasources.yaml: ewogICAgImFwaVZlcnNpb24iOiAxLAogICAgImRhdGFzb3VyY2VzIjogWwogICAgICAgIHsKICAgICAgICAgICAgImFjY2VzcyI6ICJwcm94eSIsCiAgICAgICAgICAgICJlZGl0YWJsZSI6IGZhbHNlLAogICAgICAgICAgICAibmFtZSI6ICJwcm9tZXRoZXVzIiwKICAgICAgICAgICAgIm9yZ0lkIjogMSwKICAgICAgICAgICAgInR5cGUiOiAicHJvbWV0aGV1cyIsCiAgICAgICAgICAgICJ1cmwiOiAiaHR0cDovL3Byb21ldGhldXMtazhzLm1vbml0b3Jpbmcuc3ZjOjkwOTAiLAogICAgICAgICAgICAidmVyc2lvbiI6IDEKICAgICAgICB9CiAgICBdCn0=
+kind: Secret
+metadata:
+  name: grafana-datasources
+  namespace: monitoring
+type: Opaque

manifests/grafana-dashboardSources.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+data:
+  dashboards.yaml: |-
+    {
+        "apiVersion": 1,
+        "providers": [
+            {
+                "folder": "Default",
+                "name": "0",
+                "options": {
+                    "path": "/grafana-dashboard-definitions/0"
+                },
+                "orgId": 1,
+                "type": "file"
+            }
+        ]
+    }
+kind: ConfigMap
+metadata:
+  name: grafana-dashboards
+  namespace: monitoring

manifests/grafana-deployment.yaml

@@ -0,0 +1,222 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: grafana
+  name: grafana
+  namespace: monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: grafana
+  template:
+    metadata:
+      labels:
+        app: grafana
+    spec:
+      containers:
+      - env: []
+        image: grafana/grafana:7.0.3
+        name: grafana
+        ports:
+        - containerPort: 3000
+          name: http
+        readinessProbe:
+          httpGet:
+            path: /api/health
+            port: http
+        resources:
+          limits:
+            cpu: 200m
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        volumeMounts:
+        - mountPath: /var/lib/grafana
+          name: grafana-storage
+          readOnly: false
+        - mountPath: /etc/grafana/provisioning/datasources
+          name: grafana-datasources
+          readOnly: false
+        - mountPath: /etc/grafana/provisioning/dashboards
+          name: grafana-dashboards
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/apiserver
+          name: grafana-dashboard-apiserver
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/cluster-total
+          name: grafana-dashboard-cluster-total
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/controller-manager
+          name: grafana-dashboard-controller-manager
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/coredns-dashboard
+          name: grafana-dashboard-coredns-dashboard
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/k8s-resources-cluster
+          name: grafana-dashboard-k8s-resources-cluster
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/k8s-resources-namespace
+          name: grafana-dashboard-k8s-resources-namespace
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/k8s-resources-node
+          name: grafana-dashboard-k8s-resources-node
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/k8s-resources-pod
+          name: grafana-dashboard-k8s-resources-pod
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/k8s-resources-workload
+          name: grafana-dashboard-k8s-resources-workload
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/k8s-resources-workloads-namespace
+          name: grafana-dashboard-k8s-resources-workloads-namespace
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/kubelet
+          name: grafana-dashboard-kubelet
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/kubernetes-cluster-dashboard
+          name: grafana-dashboard-kubernetes-cluster-dashboard
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/namespace-by-pod
+          name: grafana-dashboard-namespace-by-pod
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/namespace-by-workload
+          name: grafana-dashboard-namespace-by-workload
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/node-cluster-rsrc-use
+          name: grafana-dashboard-node-cluster-rsrc-use
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/node-rsrc-use
+          name: grafana-dashboard-node-rsrc-use
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/nodes
+          name: grafana-dashboard-nodes
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/persistentvolumesusage
+          name: grafana-dashboard-persistentvolumesusage
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/pod-total
+          name: grafana-dashboard-pod-total
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/prometheus-dashboard
+          name: grafana-dashboard-prometheus-dashboard
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/prometheus-remote-write
+          name: grafana-dashboard-prometheus-remote-write
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/prometheus
+          name: grafana-dashboard-prometheus
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/proxy
+          name: grafana-dashboard-proxy
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/scheduler
+          name: grafana-dashboard-scheduler
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/statefulset
+          name: grafana-dashboard-statefulset
+          readOnly: false
+        - mountPath: /grafana-dashboard-definitions/0/workload-total
+          name: grafana-dashboard-workload-total
+          readOnly: false
+        - mountPath: /etc/grafana
+          name: grafana-config
+          readOnly: false
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+      serviceAccountName: grafana
+      volumes:
+      - emptyDir: {}
+        name: grafana-storage
+      - name: grafana-datasources
+        secret:
+          secretName: grafana-datasources
+      - configMap:
+          name: grafana-dashboards
+        name: grafana-dashboards
+      - configMap:
+          name: grafana-dashboard-apiserver
+        name: grafana-dashboard-apiserver
+      - configMap:
+          name: grafana-dashboard-cluster-total
+        name: grafana-dashboard-cluster-total
+      - configMap:
+          name: grafana-dashboard-controller-manager
+        name: grafana-dashboard-controller-manager
+      - configMap:
+          name: grafana-dashboard-coredns-dashboard
+        name: grafana-dashboard-coredns-dashboard
+      - configMap:
+          name: grafana-dashboard-k8s-resources-cluster
+        name: grafana-dashboard-k8s-resources-cluster
+      - configMap:
+          name: grafana-dashboard-k8s-resources-namespace
+        name: grafana-dashboard-k8s-resources-namespace
+      - configMap:
+          name: grafana-dashboard-k8s-resources-node
+        name: grafana-dashboard-k8s-resources-node
+      - configMap:
+          name: grafana-dashboard-k8s-resources-pod
+        name: grafana-dashboard-k8s-resources-pod
+      - configMap:
+          name: grafana-dashboard-k8s-resources-workload
+        name: grafana-dashboard-k8s-resources-workload
+      - configMap:
+          name: grafana-dashboard-k8s-resources-workloads-namespace
+        name: grafana-dashboard-k8s-resources-workloads-namespace
+      - configMap:
+          name: grafana-dashboard-kubelet
+        name: grafana-dashboard-kubelet
+      - configMap:
+          name: grafana-dashboard-kubernetes-cluster-dashboard
+        name: grafana-dashboard-kubernetes-cluster-dashboard
+      - configMap:
+          name: grafana-dashboard-namespace-by-pod
+        name: grafana-dashboard-namespace-by-pod
+      - configMap:
+          name: grafana-dashboard-namespace-by-workload
+        name: grafana-dashboard-namespace-by-workload
+      - configMap:
+          name: grafana-dashboard-node-cluster-rsrc-use
+        name: grafana-dashboard-node-cluster-rsrc-use
+      - configMap:
+          name: grafana-dashboard-node-rsrc-use
+        name: grafana-dashboard-node-rsrc-use
+      - configMap:
+          name: grafana-dashboard-nodes
+        name: grafana-dashboard-nodes
+      - configMap:
+          name: grafana-dashboard-persistentvolumesusage
+        name: grafana-dashboard-persistentvolumesusage
+      - configMap:
+          name: grafana-dashboard-pod-total
+        name: grafana-dashboard-pod-total
+      - configMap:
+          name: grafana-dashboard-prometheus-dashboard
+        name: grafana-dashboard-prometheus-dashboard
+      - configMap:
+          name: grafana-dashboard-prometheus-remote-write
+        name: grafana-dashboard-prometheus-remote-write
+      - configMap:
+          name: grafana-dashboard-prometheus
+        name: grafana-dashboard-prometheus
+      - configMap:
+          name: grafana-dashboard-proxy
+        name: grafana-dashboard-proxy
+      - configMap:
+          name: grafana-dashboard-scheduler
+        name: grafana-dashboard-scheduler
+      - configMap:
+          name: grafana-dashboard-statefulset
+        name: grafana-dashboard-statefulset
+      - configMap:
+          name: grafana-dashboard-workload-total
+        name: grafana-dashboard-workload-total
+      - name: grafana-config
+        secret:
+          secretName: grafana-config

manifests/grafana-service.yaml

@@ -1,15 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: grafana
   labels:
     app: grafana
+  name: grafana
+  namespace: monitoring
 spec:
-  type: NodePort
   ports:
-  - port: 3000
-    protocol: TCP
-    nodePort: 30902
-    targetPort: web
+  - name: http
+    port: 3000
+    targetPort: http
   selector:
     app: grafana

manifests/grafana-serviceAccount.yaml

@@ -1,4 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: kube-state-metrics
+  name: grafana
+  namespace: monitoring

manifests/grafana-serviceMonitor.yaml

@@ -0,0 +1,12 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: grafana
+  namespace: monitoring
+spec:
+  endpoints:
+  - interval: 15s
+    port: http
+  selector:
+    matchLabels:
+      app: grafana

manifests/grafana/grafana-claim.yaml

@@ -1,12 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: grafana-claim
-  namespace: monitoring
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 5Gi
-

manifests/grafana/grafana-configmap.yaml

@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-config
-  namespace: monitoring
-data:
-  config.ini: |
-    [database]
-    path = /data/grafana.db
-
-    [paths]
-    data = /data
-    logs = /data/log
-    plugins = /data/plugins
-
-    [session]
-    provider = memory
-
-    [auth.basic]
-    enabled = false
-
-    [auth.anonymous]
-    enabled = false
-
-    [smtp]
-    enabled = true
-    host = smtp-server.monitoring.svc:25 
-    user =
-    password =
-    from_address = 'carlosedp@gmail.com'
-    from_name = Grafana Alert
-    skip_verify = true

manifests/grafana/grafana-credentials.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: grafana-credentials
-data:
-  user: YWRtaW4=
-  password: YWRtaW4=

manifests/grafana/grafana-dashboards.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-dashboards
-data:
-  dashboards.yaml: |+
-    - name: '0'
-      org_id: 1
-      folder: ''
-      type: file
-      options:
-        folder: /grafana-dashboard-definitions/0

manifests/grafana/grafana-datasources.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: grafana-datasources
-data:
-  prometheus.yaml: |+
-    datasources:
-     - name: prometheus
-       type: prometheus
-       access: proxy
-       org_id: 1
-       url: http://prometheus-k8s.monitoring.svc:9090
-       version: 1
-       editable: false
-

manifests/grafana/grafana-deployment.yaml

@@ -1,60 +0,0 @@
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  name: grafana
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: grafana
-    spec:
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      containers:
-      - name: grafana
-        image: carlosedp/monitoring-grafana:v5.1.3
-        volumeMounts:
-        - name: grafana-config
-          mountPath: /grafana/conf/config.ini
-          subPath: config.ini
-        - name: grafana-storage
-          mountPath: /data
-        - name: grafana-datasources
-          mountPath: /grafana/conf/provisioning/datasources
-        - name: grafana-dashboards
-          mountPath: /grafana/conf/provisioning/dashboards
-        - name: grafana-dashboard-definitions-0
-          mountPath: /grafana-dashboard-definitions/0
-        ports:
-        - name: web
-          containerPort: 3000
-        env:
-        - name: GF_INSTALL_PLUGINS
-          value: "grafana-clock-panel,grafana-piechart-panel"
-        - name: GF_PATHS_PLUGINS
-          value: "/data/plugins"
-        resources:
-          requests:
-            memory: 100Mi
-            cpu: 100m
-          limits:
-            memory: 200Mi
-            cpu: 200m
-      volumes:
-      - name: grafana-config
-        configMap:
-          name: grafana-config
-      - name: grafana-storage
-        persistentVolumeClaim:
-          claimName: grafana-claim
-      - name: grafana-datasources
-        configMap:
-          name: grafana-datasources
-      - name: grafana-dashboards
-        configMap:
-          name: grafana-dashboards
-      - name: grafana-dashboard-definitions-0
-        configMap:
-          name: grafana-dashboard-definitions-0

manifests/grafana/grafana-external-ingress.yaml

@@ -1,20 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: grafana-external
-  namespace: monitoring
-  labels:
-    traffic-type: external
-  annotations:
-    traefik.frontend.rule.type: PathPrefix
-    #traefik.frontend.redirect.regex: ^http://(.*)
-    #traefik.frontend.redirect.replacement: https://$1
-spec:
-  rules:
-  - host: grafana.cloud.carlosedp.com
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: grafana
-          servicePort: 3000

manifests/grafana/grafana-ingress.yaml

@@ -1,15 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: grafana
-  namespace: monitoring
-spec:
-  rules:
-  - host: grafana.internal.carlosedp.com
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: grafana
-          servicePort: 3000
-

manifests/ingress-alertmanager.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: alertmanager-main
+  namespace: monitoring
+spec:
+  rules:
+  - host: alertmanager.192.168.1.15.nip.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: alertmanager-main
+            port:
+              name: web
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - alertmanager.192.168.1.15.nip.io

manifests/ingress-grafana.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana
+  namespace: monitoring
+spec:
+  rules:
+  - host: grafana.192.168.1.15.nip.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: grafana
+            port:
+              name: http
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - grafana.192.168.1.15.nip.io

manifests/ingress-prometheus.yaml

@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prometheus-k8s
+  namespace: monitoring
+spec:
+  rules:
+  - host: prometheus.192.168.1.15.nip.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prometheus-k8s
+            port:
+              name: web
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - prometheus.192.168.1.15.nip.io

manifests/kube-state-metrics-clusterRole.yaml

@@ -0,0 +1,117 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 1.9.6
+  name: kube-state-metrics
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  - nodes
+  - pods
+  - services
+  - resourcequotas
+  - replicationcontrollers
+  - limitranges
+  - persistentvolumeclaims
+  - persistentvolumes
+  - namespaces
+  - endpoints
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - ingresses
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  - daemonsets
+  - deployments
+  - replicasets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - volumeattachments
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - list
+  - watch

manifests/kube-state-metrics-clusterRoleBinding.yaml

@@ -1,6 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 1.9.6
   name: kube-state-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io

manifests/kube-state-metrics-deployment.yaml

@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 1.9.6
+  name: kube-state-metrics
+  namespace: monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-state-metrics
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: kube-state-metrics
+        app.kubernetes.io/version: 1.9.6
+    spec:
+      containers:
+      - args:
+        - --host=127.0.0.1
+        - --port=8081
+        - --telemetry-host=127.0.0.1
+        - --telemetry-port=8082
+        image: carlosedp/kube-state-metrics:v1.9.6
+        name: kube-state-metrics
+        securityContext:
+          runAsUser: 65534
+      - args:
+        - --logtostderr
+        - --secure-listen-address=:8443
+        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+        - --upstream=http://127.0.0.1:8081/
+        image: carlosedp/kube-rbac-proxy:v0.5.0
+        name: kube-rbac-proxy-main
+        ports:
+        - containerPort: 8443
+          name: https-main
+        securityContext:
+          runAsUser: 65534
+      - args:
+        - --logtostderr
+        - --secure-listen-address=:9443
+        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+        - --upstream=http://127.0.0.1:8082/
+        image: carlosedp/kube-rbac-proxy:v0.5.0
+        name: kube-rbac-proxy-self
+        ports:
+        - containerPort: 9443
+          name: https-self
+        securityContext:
+          runAsUser: 65534
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: kube-state-metrics

manifests/kube-state-metrics-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 1.9.6
+  name: kube-state-metrics
+  namespace: monitoring
+spec:
+  clusterIP: None
+  ports:
+  - name: https-main
+    port: 8443
+    targetPort: https-main
+  - name: https-self
+    port: 9443
+    targetPort: https-self
+  selector:
+    app.kubernetes.io/name: kube-state-metrics

manifests/kube-state-metrics-serviceAccount.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 1.9.6
+  name: kube-state-metrics
+  namespace: monitoring

manifests/kube-state-metrics-serviceMonitor.yaml

@@ -0,0 +1,31 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 1.9.6
+  name: kube-state-metrics
+  namespace: monitoring
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    honorLabels: true
+    interval: 30s
+    port: https-main
+    relabelings:
+    - action: labeldrop
+      regex: (pod|service|endpoint|namespace)
+    scheme: https
+    scrapeTimeout: 30s
+    tlsConfig:
+      insecureSkipVerify: true
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    interval: 30s
+    port: https-self
+    scheme: https
+    tlsConfig:
+      insecureSkipVerify: true
+  jobLabel: app.kubernetes.io/name
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-state-metrics

manifests/kube-state-metrics/kube-state-metrics-cluster-role.yaml

@@ -1,45 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: kube-state-metrics
-rules:
-- apiGroups: [""]
-  resources:
-  - nodes
-  - pods
-  - services
-  - resourcequotas
-  - replicationcontrollers
-  - limitranges
-  - persistentvolumeclaims
-  - persistentvolumes
-  - namespaces
-  - endpoints
-  verbs: ["list", "watch"]
-- apiGroups: ["extensions"]
-  resources:
-  - daemonsets
-  - deployments
-  - replicasets
-  verbs: ["list", "watch"]
-- apiGroups: ["apps"]
-  resources:
-  - statefulsets
-  verbs: ["list", "watch"]
-- apiGroups: ["batch"]
-  resources:
-  - cronjobs
-  - jobs
-  verbs: ["list", "watch"]
-- apiGroups: ["autoscaling"]
-  resources:
-  - horizontalpodautoscalers
-  verbs: ["list", "watch"]
-- apiGroups: ["authentication.k8s.io"]
-  resources:
-  - tokenreviews
-  verbs: ["create"]
-- apiGroups: ["authorization.k8s.io"]
-  resources:
-  - subjectaccessreviews
-  verbs: ["create"]

manifests/kube-state-metrics/kube-state-metrics-deployment.yaml

@@ -1,55 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: kube-state-metrics
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: kube-state-metrics
-    spec:
-      serviceAccountName: kube-state-metrics
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      containers:
-      - name: kube-state-metrics
-        image: carlosedp/kube-state-metrics:v1.2.0
-        args:
-        - "--host=0.0.0.0"
-        - "--port=8443"
-        - "--telemetry-host=0.0.0.0"
-        - "--telemetry-port=9443"
-        ports:
-        - name: http-main
-          containerPort: 8443
-        - name: http-self
-          containerPort: 9443
-      - name: addon-resizer
-        image: carlosedp/addon-resizer:2.1
-        resources:
-          limits:
-            cpu: 100m
-            memory: 30Mi
-          requests:
-            cpu: 100m
-            memory: 30Mi
-        env:
-          - name: MY_POD_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.name
-          - name: MY_POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-        command:
-          - /pod_nanny
-          - --container=kube-state-metrics
-          - --cpu=100m
-          - --extra-cpu=2m
-          - --memory=150Mi
-          - --extra-memory=30Mi
-          #- --threshold=5
-          - --deployment=kube-state-metrics

manifests/kube-state-metrics/kube-state-metrics-role.yaml

@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: kube-state-metrics-resizer
-rules:
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["get"]
-- apiGroups: ["extensions"]
-  resources:
-  - deployments
-  resourceNames: ["kube-state-metrics"]
-  verbs: ["get", "update"]
-

manifests/kube-state-metrics/kube-state-metrics-service.yaml

@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: kube-state-metrics
-    k8s-app: kube-state-metrics
-  name: kube-state-metrics
-spec:
-  clusterIP: None
-  ports:
-  - name: http-main
-    port: 8443
-    targetPort: http-main
-    protocol: TCP
-  - name: http-self
-    port: 9443
-    targetPort: http-self
-    protocol: TCP
-  selector:
-    app: kube-state-metrics
-

manifests/node-exporter-clusterRole.yaml

@@ -3,11 +3,15 @@ kind: ClusterRole
 metadata:
   name: node-exporter
 rules:
-- apiGroups: ["authentication.k8s.io"]
+- apiGroups:
+  - authentication.k8s.io
   resources:
   - tokenreviews
-  verbs: ["create"]
-- apiGroups: ["authorization.k8s.io"]
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
   resources:
   - subjectaccessreviews
-  verbs: ["create"]
+  verbs:
+  - create

manifests/node-exporter-daemonset.yaml

@@ -0,0 +1,90 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app.kubernetes.io/name: node-exporter
+    app.kubernetes.io/version: v0.18.1
+  name: node-exporter
+  namespace: monitoring
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-exporter
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: node-exporter
+        app.kubernetes.io/version: v0.18.1
+    spec:
+      containers:
+      - args:
+        - --web.listen-address=127.0.0.1:9100
+        - --path.procfs=/host/proc
+        - --path.sysfs=/host/sys
+        - --path.rootfs=/host/root
+        - --no-collector.wifi
+        - --no-collector.hwmon
+        - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)
+        image: prom/node-exporter:v0.18.1
+        name: node-exporter
+        resources:
+          limits:
+            cpu: 250m
+            memory: 180Mi
+          requests:
+            cpu: 102m
+            memory: 180Mi
+        volumeMounts:
+        - mountPath: /host/proc
+          name: proc
+          readOnly: false
+        - mountPath: /host/sys
+          name: sys
+          readOnly: false
+        - mountPath: /host/root
+          mountPropagation: HostToContainer
+          name: root
+          readOnly: true
+      - args:
+        - --logtostderr
+        - --secure-listen-address=[$(IP)]:9100
+        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+        - --upstream=http://127.0.0.1:9100/
+        env:
+        - name: IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        image: carlosedp/kube-rbac-proxy:v0.5.0
+        name: kube-rbac-proxy
+        ports:
+        - containerPort: 9100
+          hostPort: 9100
+          name: https
+        resources:
+          limits:
+            cpu: 20m
+            memory: 40Mi
+          requests:
+            cpu: 10m
+            memory: 20Mi
+      hostNetwork: true
+      hostPID: true
+      nodeSelector:
+        kubernetes.io/os: linux
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+      serviceAccountName: node-exporter
+      tolerations:
+      - operator: Exists
+      volumes:
+      - hostPath:
+          path: /proc
+        name: proc
+      - hostPath:
+          path: /sys
+        name: sys
+      - hostPath:
+          path: /
+        name: root

manifests/node-exporter-service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: node-exporter
+    app.kubernetes.io/version: v0.18.1
+  name: node-exporter
+  namespace: monitoring
+spec:
+  clusterIP: None
+  ports:
+  - name: https
+    port: 9100
+    targetPort: https
+  selector:
+    app.kubernetes.io/name: node-exporter

manifests/node-exporter-serviceAccount.yaml

@@ -2,3 +2,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: node-exporter
+  namespace: monitoring

manifests/node-exporter-serviceMonitor.yaml

@@ -0,0 +1,27 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/name: node-exporter
+    app.kubernetes.io/version: v0.18.1
+  name: node-exporter
+  namespace: monitoring
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    interval: 15s
+    port: https
+    relabelings:
+    - action: replace
+      regex: (.*)
+      replacement: $1
+      sourceLabels:
+      - __meta_kubernetes_pod_node_name
+      targetLabel: instance
+    scheme: https
+    tlsConfig:
+      insecureSkipVerify: true
+  jobLabel: app.kubernetes.io/name
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: node-exporter

manifests/node-exporter/node-exporter-daemonset.yaml

@@ -1,59 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  name: node-exporter
-spec:
-  updateStrategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: node-exporter
-      name: node-exporter
-    spec:
-      serviceAccountName: node-exporter
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      hostNetwork: true
-      hostPID: true
-      containers:
-      - image: carlosedp/node_exporter:v0.15.2
-        args:
-        #- "--web.listen-address=0.0.0.1:9100"
-        - "--path.procfs=/host/proc"
-        - "--path.sysfs=/host/sys"
-        - "--collector.filesystem.ignored-mount-points"
-        - '^(\/(host|root)\/sys\/kernel\/debug\/).*'
-        name: node-exporter
-        ports:
-        - containerPort: 9100
-          hostPort: 9100
-          name: http
-        resources:
-          requests:
-            memory: 30Mi
-            cpu: 100m
-          limits:
-            memory: 50Mi
-            cpu: 200m
-        volumeMounts:
-        - name: proc
-          readOnly:  true
-          mountPath: /host/proc
-        - name: sys
-          readOnly: true
-          mountPath: /host/sys
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-      volumes:
-      - name: proc
-        hostPath:
-          path: /proc
-      - name: sys
-        hostPath:
-          path: /sys
-

manifests/node-exporter/node-exporter-service.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: node-exporter
-    k8s-app: node-exporter
-  name: node-exporter
-spec:
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: http
-    port: 9100
-    protocol: TCP
-  selector:
-    app: node-exporter
-

manifests/prometheus-adapter-apiService.yaml

@@ -0,0 +1,13 @@
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  group: metrics.k8s.io
+  groupPriorityMinimum: 100
+  insecureSkipTLSVerify: true
+  service:
+    name: prometheus-adapter
+    namespace: monitoring
+  version: v1beta1
+  versionPriority: 100

manifests/prometheus-adapter-clusterRole.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus-adapter
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - namespaces
+  - pods
+  - services
+  verbs:
+  - get
+  - list
+  - watch

manifests/prometheus-adapter-clusterRoleAggregatedMetricsReader.yaml

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+  name: system:aggregated-metrics-reader
+rules:
+- apiGroups:
+  - metrics.k8s.io
+  resources:
+  - pods
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch

manifests/prometheus-adapter-clusterRoleBinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus-adapter
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus-adapter
+subjects:
+- kind: ServiceAccount
+  name: prometheus-adapter
+  namespace: monitoring

manifests/prometheus-adapter-clusterRoleBindingDelegator.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: resource-metrics:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: prometheus-adapter
+  namespace: monitoring

manifests/prometheus-adapter-clusterRoleServerResources.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: resource-metrics-server-resources
+rules:
+- apiGroups:
+  - metrics.k8s.io
+  resources:
+  - '*'
+  verbs:
+  - '*'

manifests/prometheus-adapter-configMap.yaml

@@ -0,0 +1,33 @@
+apiVersion: v1
+data:
+  config.yaml: |-
+    "resourceRules":
+      "cpu":
+        "containerLabel": "container"
+        "containerQuery": "sum(irate(container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}[5m])) by (<<.GroupBy>>)"
+        "nodeQuery": "sum(1 - irate(node_cpu_seconds_total{mode=\"idle\"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)"
+        "resources":
+          "overrides":
+            "namespace":
+              "resource": "namespace"
+            "node":
+              "resource": "node"
+            "pod":
+              "resource": "pod"
+      "memory":
+        "containerLabel": "container"
+        "containerQuery": "sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!=\"POD\",container!=\"\",pod!=\"\"}) by (<<.GroupBy>>)"
+        "nodeQuery": "sum(node_memory_MemTotal_bytes{job=\"node-exporter\",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job=\"node-exporter\",<<.LabelMatchers>>}) by (<<.GroupBy>>)"
+        "resources":
+          "overrides":
+            "instance":
+              "resource": "node"
+            "namespace":
+              "resource": "namespace"
+            "pod":
+              "resource": "pod"
+      "window": "5m"
+kind: ConfigMap
+metadata:
+  name: adapter-config
+  namespace: monitoring

manifests/prometheus-adapter-deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prometheus-adapter
+  namespace: monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: prometheus-adapter
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        name: prometheus-adapter
+    spec:
+      containers:
+      - args:
+        - --cert-dir=/var/run/serving-cert
+        - --config=/etc/adapter/config.yaml
+        - --logtostderr=true
+        - --metrics-relist-interval=1m
+        - --prometheus-url=http://prometheus-k8s.monitoring.svc:9090/
+        - --secure-port=6443
+        image: directxman12/k8s-prometheus-adapter:v0.7.0
+        name: prometheus-adapter
+        ports:
+        - containerPort: 6443
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmpfs
+          readOnly: false
+        - mountPath: /var/run/serving-cert
+          name: volume-serving-cert
+          readOnly: false
+        - mountPath: /etc/adapter
+          name: config
+          readOnly: false
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: prometheus-adapter
+      volumes:
+      - emptyDir: {}
+        name: tmpfs
+      - emptyDir: {}
+        name: volume-serving-cert
+      - configMap:
+          name: adapter-config
+        name: config

manifests/prometheus-adapter-roleBindingAuthReader.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: resource-metrics-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: prometheus-adapter
+  namespace: monitoring

manifests/prometheus-adapter-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: prometheus-adapter
+  name: prometheus-adapter
+  namespace: monitoring
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: 6443
+  selector:
+    name: prometheus-adapter

manifests/prometheus-adapter-serviceAccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus-adapter
+  namespace: monitoring

manifests/prometheus-clusterRole.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus-k8s
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes/metrics
+  verbs:
+  - get
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get

manifests/prometheus-clusterRoleBinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus-k8s
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus-k8s
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: monitoring

manifests/prometheus-kubeControllerManagerPrometheusDiscoveryService.yaml

@@ -1,17 +1,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  namespace: kube-system
-  name: kube-controller-manager-prometheus-discovery
   labels:
     k8s-app: kube-controller-manager
+  name: kube-controller-manager-prometheus-discovery
+  namespace: kube-system
 spec:
-  selector:
-    component: kube-controller-manager
-  type: ClusterIP
   clusterIP: None
   ports:
   - name: http-metrics
     port: 10252
     targetPort: 10252
-    protocol: TCP
+  selector:
+    component: kube-controller-manager

manifests/prometheus-kubeDnsPrometheusDiscoveryService.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    k8s-app: kube-dns
+  name: kube-dns-prometheus-discovery
+  namespace: kube-system
+spec:
+  clusterIP: None
+  ports:
+  - name: metrics
+    port: 9153
+    targetPort: 9153
+  selector:
+    k8s-app: kube-dns

manifests/prometheus-kubeSchedulerPrometheusDiscoveryService.yaml

@@ -1,17 +1,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  namespace: kube-system
-  name: kube-scheduler-prometheus-discovery
   labels:
     k8s-app: kube-scheduler
+  name: kube-scheduler-prometheus-discovery
+  namespace: kube-system
 spec:
-  selector:
-    component: kube-scheduler
-  type: ClusterIP
   clusterIP: None
   ports:
   - name: http-metrics
     port: 10251
     targetPort: 10251
-    protocol: TCP
+  selector:
+    component: kube-scheduler

manifests/prometheus-operator-serviceMonitor.yaml

@@ -0,0 +1,22 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: prometheus-operator
+    app.kubernetes.io/version: v0.40.0
+  name: prometheus-operator
+  namespace: monitoring
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    honorLabels: true
+    port: https
+    scheme: https
+    tlsConfig:
+      insecureSkipVerify: true
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: controller
+      app.kubernetes.io/name: prometheus-operator
+      app.kubernetes.io/version: v0.40.0

manifests/prometheus-operator/prometheus-operator-cluster-role.yaml

@@ -1,54 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: prometheus-operator
-rules:
-- apiGroups:
-  - extensions
-  resources:
-  - thirdpartyresources
-  verbs:
-  - "*"
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - "*"
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
-  - alertmanagers
-  - prometheuses
-  - prometheuses/finalizers
-  - alertmanagers/finalizers
-  - servicemonitors
-  verbs:
-  - "*"
-- apiGroups:
-  - apps
-  resources:
-  - statefulsets
-  verbs: ["*"]
-- apiGroups: [""]
-  resources:
-  - configmaps
-  - secrets
-  verbs: ["*"]
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["list", "delete"]
-- apiGroups: [""]
-  resources:
-  - services
-  - endpoints
-  verbs: ["get", "create", "update"]
-- apiGroups: [""]
-  resources:
-  - nodes
-  verbs: ["list", "watch"]
-- apiGroups: [""]
-  resources:
-  - namespaces
-  verbs: ["list"]

manifests/prometheus-operator/prometheus-operator-service-account.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: prometheus-operator

manifests/prometheus-operator/prometheus-operator-service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: prometheus-operator
-  labels:
-    k8s-app: prometheus-operator
-spec:
-  type: ClusterIP
-  ports:
-  - name: http
-    port: 8080
-    targetPort: http
-    protocol: TCP
-  selector:
-    k8s-app: prometheus-operator

manifests/prometheus-operator/prometheus-operator.yaml

@@ -1,34 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  labels:
-    k8s-app: prometheus-operator
-  name: prometheus-operator
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        k8s-app: prometheus-operator
-    spec:
-      containers:
-      - args:
-        - --kubelet-service=kube-system/kubelet
-        - --prometheus-config-reloader=carlosedp/prometheus-config-reloader:v0.0.2
-        - --config-reloader-image=carlosedp/configmap-reload:v0.2.2-arm
-        image: carlosedp/prometheus-operator:v0.17.0
-        name: prometheus-operator
-        ports:
-        - containerPort: 8080
-          name: http
-        resources:
-          limits:
-            cpu: 200m
-            memory: 100Mi
-          requests:
-            cpu: 100m
-            memory: 50Mi
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 65534
-      serviceAccountName: prometheus-operator

manifests/prometheus-prometheus.yaml

@@ -0,0 +1,52 @@
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+  labels:
+    prometheus: k8s
+  name: k8s
+  namespace: monitoring
+spec:
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: prometheus
+              operator: In
+              values:
+              - k8s
+          namespaces:
+          - monitoring
+          topologyKey: kubernetes.io/hostname
+        weight: 100
+  alerting:
+    alertmanagers:
+    - name: alertmanager-main
+      namespace: monitoring
+      port: web
+  externalUrl: http://prometheus.192.168.1.15.nip.io
+  image: prom/prometheus:v2.19.1
+  nodeSelector:
+    kubernetes.io/os: linux
+  podMonitorNamespaceSelector: {}
+  podMonitorSelector: {}
+  replicas: 1
+  resources:
+    requests:
+      memory: 400Mi
+  retention: 15d
+  ruleSelector:
+    matchLabels:
+      prometheus: k8s
+      role: alert-rules
+  scrapeInterval: 30s
+  scrapeTimeout: 30s
+  securityContext:
+    fsGroup: 2000
+    runAsNonRoot: true
+    runAsUser: 1000
+  serviceAccountName: prometheus-k8s
+  serviceMonitorNamespaceSelector: {}
+  serviceMonitorSelector: {}
+  version: v2.19.1

manifests/prometheus-roleBindingConfig.yaml

@@ -1,12 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: kube-state-metrics
+  name: prometheus-k8s-config
+  namespace: monitoring
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: kube-state-metrics-resizer
+  name: prometheus-k8s-config
 subjects:
 - kind: ServiceAccount
-  name: kube-state-metrics
-
+  name: prometheus-k8s
+  namespace: monitoring

manifests/prometheus-roleBindingSpecificNamespaces.yaml

@@ -0,0 +1,42 @@
+apiVersion: rbac.authorization.k8s.io/v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    name: prometheus-k8s
+    namespace: default
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: prometheus-k8s
+  subjects:
+  - kind: ServiceAccount
+    name: prometheus-k8s
+    namespace: monitoring
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    name: prometheus-k8s
+    namespace: kube-system
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: prometheus-k8s
+  subjects:
+  - kind: ServiceAccount
+    name: prometheus-k8s
+    namespace: monitoring
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    name: prometheus-k8s
+    namespace: monitoring
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: prometheus-k8s
+  subjects:
+  - kind: ServiceAccount
+    name: prometheus-k8s
+    namespace: monitoring
+kind: RoleBindingList

manifests/prometheus-roleConfig.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: prometheus-k8s-config
+  namespace: monitoring
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get

manifests/prometheus-roleSpecificNamespaces.yaml

@@ -0,0 +1,51 @@
+apiVersion: rbac.authorization.k8s.io/v1
+items:
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: Role
+  metadata:
+    name: prometheus-k8s
+    namespace: default
+  rules:
+  - apiGroups:
+    - ""
+    resources:
+    - services
+    - endpoints
+    - pods
+    verbs:
+    - get
+    - list
+    - watch
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: Role
+  metadata:
+    name: prometheus-k8s
+    namespace: kube-system
+  rules:
+  - apiGroups:
+    - ""
+    resources:
+    - services
+    - endpoints
+    - pods
+    verbs:
+    - get
+    - list
+    - watch
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: Role
+  metadata:
+    name: prometheus-k8s
+    namespace: monitoring
+  rules:
+  - apiGroups:
+    - ""
+    resources:
+    - services
+    - endpoints
+    - pods
+    verbs:
+    - get
+    - list
+    - watch
+kind: RoleList