--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus rules: - apiGroups: [""] resources: - nodes - nodes/proxy - services - endpoints - pods verbs: ["get", "list", "watch"] - apiGroups: - extensions resources: - ingresses verbs: ["get", "list", "watch"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- apiVersion: v1 kind: ServiceAccount metadata: name: default namespace: monitoring --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: prometheus subjects: - kind: ServiceAccount name: default namespace: monitoring --- apiVersion: apps/v1 kind: Deployment metadata: labels: name: prometheus name: prometheus namespace: monitoring spec: replicas: 1 selector: matchLabels: name: prometheus strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: creationTimestamp: null labels: name: prometheus annotations: prometheus.io/scrape: "true" prometheus.io/port: "9090" spec: containers: - args: - --config.file=/etc/prometheus/prometheus.yml - --storage.tsdb.path=/prometheus - --storage.tsdb.retention=24h command: - /bin/prometheus image: prom/prometheus imagePullPolicy: Always name: prometheus ports: - containerPort: 9090 protocol: TCP resources: limits: cpu: 500m memory: 2500Mi requests: cpu: 10m memory: 100Mi volumeMounts: - mountPath: /prometheus name: data - mountPath: /etc/prometheus name: config-volume restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 volumes: - emptyDir: {} name: data - configMap: name: prometheus-config name: config-volume