1apiVersion: monitoring.coreos.com/v1 2kind: ServiceMonitor 3metadata: 4 name: istio-mesh-monitor 5 namespace: {{ .Release.Namespace }} 6 labels: 7 monitoring: istio-mesh 8 release: {{ .Release.Name }} 9spec: 10 selector: 11 matchExpressions: 12 - {key: istio, operator: In, values: [mixer]} 13 namespaceSelector: 14 matchNames: 15 - {{ .Values.global.telemetryNamespace }} 16 endpoints: 17 - port: prometheus 18 interval: {{ .Values.prometheusOperator.scrapeInterval }} 19--- 20apiVersion: monitoring.coreos.com/v1 21kind: ServiceMonitor 22metadata: 23 name: istio-component-monitor 24 namespace: {{ .Release.Namespace }} 25 labels: 26 monitoring: istio-components 27 release: {{ .Release.Name }} 28spec: 29 jobLabel: istio 30 targetLabels: [app] 31 selector: 32 matchExpressions: 33 - {key: istio, operator: In, values: [mixer,pilot,galley,citadel,sidecar-injector]} 34 namespaceSelector: 35 any: true 36 endpoints: 37 - port: http-monitoring 38 interval: {{ .Values.prometheusOperator.scrapeInterval }} 39 - port: http-policy-monitoring 40 interval: {{ .Values.prometheusOperator.scrapeInterval }} 41--- 42apiVersion: monitoring.coreos.com/v1 43kind: ServiceMonitor 44metadata: 45 name: envoy-stats-monitor 46 namespace: {{ .Release.Namespace }} 47 labels: 48 monitoring: istio-proxies 49 release: {{ .Release.Name }} 50spec: 51 selector: 52 matchExpressions: 53 - {key: istio-prometheus-ignore, operator: DoesNotExist} 54 namespaceSelector: 55 any: true 56 jobLabel: envoy-stats 57 endpoints: 58 - path: /stats/prometheus 59 targetPort: 15090 60 interval: {{ .Values.prometheusOperator.scrapeInterval }} 61 relabelings: 62 - sourceLabels: [__meta_kubernetes_pod_container_port_name] 63 action: keep 64 regex: '.*-envoy-prom' 65 - action: labeldrop 66 regex: "__meta_kubernetes_pod_label_(.+)" 67 - sourceLabels: [__meta_kubernetes_namespace] 68 action: replace 69 targetLabel: namespace 70 - sourceLabels: [__meta_kubernetes_pod_name] 71 action: replace 72 targetLabel: pod_name 73--- 74apiVersion: monitoring.coreos.com/v1 75kind: ServiceMonitor 76metadata: 77 name: kubernetes-pods-monitor 78 namespace: {{ .Release.Namespace }} 79 labels: 80 monitoring: kube-pods 81 release: {{ .Release.Name }} 82spec: 83 selector: 84 matchExpressions: 85 - {key: istio-prometheus-ignore, operator: DoesNotExist} 86 namespaceSelector: 87 any: true 88 jobLabel: kubernetes-pods 89 endpoints: 90 - interval: {{ .Values.prometheusOperator.scrapeInterval }} 91 relabelings: 92 - sourceLabels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 93 action: keep 94 regex: 'true' 95 - sourceLabels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_prometheus_io_scheme] 96 action: keep 97 regex: '((;.*)|(.*;http)|(.??))' 98 - sourceLabels: [__meta_kubernetes_pod_annotation_istio_mtls] 99 action: drop 100 regex: 'true' 101 - sourceLabels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 102 action: replace 103 targetLabel: __metrics_path__ 104 regex: '(.+)' 105 - sourceLabels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 106 action: replace 107 regex: '([^:]+)(?::\d+)?;(\d+)' 108 replacement: $1:$2 109 targetLabel: __address__ 110 - action: labelmap 111 regex: '__meta_kubernetes_pod_label_(.+)' 112 - sourceLabels: [__meta_kubernetes_namespace] 113 action: replace 114 targetLabel: namespace 115 - sourceLabels: [__meta_kubernetes_pod_name] 116 action: replace 117 targetLabel: pod_name 118--- 119{{- if .Values.prometheus.provisionPrometheusCert }} 120apiVersion: monitoring.coreos.com/v1 121kind: ServiceMonitor 122metadata: 123 name: kubernetes-pods-secure-monitor 124 namespace: {{ .Release.Namespace }} 125 labels: 126 monitoring: kube-pods-secure 127 release: {{ .Release.Name }} 128spec: 129 selector: 130 matchExpressions: 131 - {key: istio-prometheus-ignore, operator: DoesNotExist} 132 namespaceSelector: 133 any: true 134 jobLabel: kubernetes-pods-secure 135 endpoints: 136 - interval: {{ .Values.prometheusOperator.scrapeInterval }} 137 scheme: https 138 tlsConfig: 139 caFile: /etc/prometheus/secrets/istio.prometheus/root-cert.pem 140 certFile: /etc/prometheus/secrets/istio.prometheus/cert-chain.pem 141 keyFile: /etc/prometheus/secrets/istio.prometheus/key.pem 142 insecureSkipVerify: true # prometheus does not support secure naming. 143 relabelings: 144 - sourceLabels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 145 action: keep 146 regex: 'true' 147 # sidecar status annotation is added by sidecar injector and 148 # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. 149 - sourceLabels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] 150 action: keep 151 regex: '(([^;]+);([^;]*))|(([^;]*);(true))' 152 - sourceLabels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme] 153 action: drop 154 regex: '(http)' 155 - sourceLabels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 156 action: replace 157 targetLabel: __metrics_path__ 158 regex: '(.+)' 159 - sourceLabels: [__address__] # Only keep address that is host:port 160 action: keep # otherwise an extra target with ':443' is added for https scheme 161 regex: '([^:]+):(\d+)' 162 - sourceLabels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 163 action: replace 164 regex: '([^:]+)(?::\d+)?;(\d+)' 165 replacement: $1:$2 166 targetLabel: __address__ 167 - action: labelmap 168 regex: '__meta_kubernetes_pod_label_(.+)' 169 - sourceLabels: [__meta_kubernetes_namespace] 170 action: replace 171 targetLabel: namespace 172 - sourceLabels: [__meta_kubernetes_pod_name] 173 action: replace 174 targetLabel: pod_name 175{{- end }} 176--- 177apiVersion: monitoring.coreos.com/v1 178kind: ServiceMonitor 179metadata: 180 name: kubernetes-services-monitor 181 namespace: {{ .Release.Namespace }} 182 labels: 183 monitoring: kube-services 184 release: {{ .Release.Name }} 185spec: 186 selector: 187 matchExpressions: 188 - {key: istio-prometheus-ignore, operator: DoesNotExist} 189 namespaceSelector: 190 any: true 191 jobLabel: kubernetes-services 192 endpoints: 193 - interval: {{ .Values.prometheusOperator.scrapeInterval }} 194 relabelings: 195 - sourceLabels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] 196 action: keep 197 regex: 'true' 198 - sourceLabels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_service_annotation_prometheus_io_scheme] 199 action: keep 200 regex: '((;.*)|(.*;http)|(.??))' 201 - sourceLabels: [__meta_kubernetes_pod_annotation_istio_mtls] 202 action: drop 203 regex: 'true' 204 - sourceLabels: [__meta_kubernetes_service_annotation_prometheus_io_path] 205 action: replace 206 targetLabel: __metrics_path__ 207 regex: '(.+)' 208 - sourceLabels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] 209 action: replace 210 regex: '([^:]+)(?::\d+)?;(\d+)' 211 replacement: $1:$2 212 targetLabel: __address__ 213 - action: labelmap 214 regex: '__meta_kubernetes_pod_label_(.+)' 215 - sourceLabels: [__meta_kubernetes_namespace] 216 action: replace 217 targetLabel: namespace 218 - sourceLabels: [__meta_kubernetes_pod_name] 219 action: replace 220 targetLabel: pod_name 221--- 222{{- if .Values.prometheus.provisionPrometheusCert }} 223apiVersion: monitoring.coreos.com/v1 224kind: ServiceMonitor 225metadata: 226 name: kubernetes-services-secure-monitor 227 namespace: {{ .Release.Namespace }} 228 labels: 229 monitoring: kube-services-secure 230 release: {{ .Release.Name }} 231spec: 232 selector: 233 matchExpressions: 234 - {key: istio-prometheus-ignore, operator: DoesNotExist} 235 namespaceSelector: 236 any: true 237 jobLabel: kubernetes-services-secure 238 endpoints: 239 - interval: {{ .Values.prometheusOperator.scrapeInterval }} 240 scheme: https 241 tlsConfig: 242 caFile: /etc/prometheus/secrets/istio.prometheus/root-cert.pem 243 certFile: /etc/prometheus/secrets/istio.prometheus/cert-chain.pem 244 keyFile: /etc/prometheus/secrets/istio.prometheus/key.pem 245 insecureSkipVerify: true # prometheus does not support secure naming. 246 relabelings: 247 - sourceLabels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] 248 action: keep 249 regex: 'true' 250 # sidecar status annotation is added by sidecar injector and 251 # istio_workload_mtls_ability can be specifically placed on a pod to indicate its ability to receive mtls traffic. 252 - sourceLabels: [__meta_kubernetes_pod_annotation_sidecar_istio_io_status, __meta_kubernetes_pod_annotation_istio_mtls] 253 action: keep 254 regex: '(([^;]+);([^;]*))|(([^;]*);(true))' 255 - sourceLabels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] 256 action: drop 257 regex: '(http)' 258 - sourceLabels: [__meta_kubernetes_service_annotation_prometheus_io_path] 259 action: replace 260 targetLabel: __metrics_path__ 261 regex: '(.+)' 262 - sourceLabels: [__address__] # Only keep address that is host:port 263 action: keep # otherwise an extra target with ':443' is added for https scheme 264 regex: '([^:]+):(\d+)' 265 - sourceLabels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] 266 action: replace 267 regex: '([^:]+)(?::\d+)?;(\d+)' 268 replacement: $1:$2 269 targetLabel: __address__ 270 - action: labelmap 271 regex: '__meta_kubernetes_pod_label_(.+)' 272 - sourceLabels: [__meta_kubernetes_namespace] 273 action: replace 274 targetLabel: namespace 275 - sourceLabels: [__meta_kubernetes_pod_name] 276 action: replace 277 targetLabel: pod_name 278{{- end }} 279--- 280apiVersion: monitoring.coreos.com/v1 281kind: ServiceMonitor 282metadata: 283 name: kubelet 284 namespace: {{ .Release.Namespace }} 285 labels: 286 monitoring: kubelet-monitor 287 release: {{ .Release.Name }} 288spec: 289 endpoints: 290 - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 291 honorLabels: true 292 interval: {{ .Values.prometheusOperator.scrapeInterval }} 293 port: http-metrics 294 scheme: http 295 tlsConfig: 296 insecureSkipVerify: true 297 - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 298 honorLabels: true 299 interval: {{ .Values.prometheusOperator.scrapeInterval }} 300 relabelings: 301 - sourceLabels: [job] 302 action: replace 303 replacement: kubernetes-cadvisor 304 targetLabel: job 305 metricRelabelings: 306 - action: drop 307 regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) 308 sourceLabels: 309 - __name__ 310 path: /metrics/cadvisor 311 port: http-metrics 312 scheme: http 313 tlsConfig: 314 insecureSkipVerify: true 315 jobLabel: k8s-app 316 namespaceSelector: 317 matchNames: 318 - kube-system 319 selector: 320 matchLabels: 321 k8s-app: kubelet 322