monitoring: Specify resource limits

2024-08-24 12:36:37 +03:00
parent 3fbecab179
commit d7287018ac
3 changed files with 68 additions and 23 deletions
--- a/monitoring/prometheus.yaml
+++ b/monitoring/prometheus.yaml
@@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
  name: metrics
+  namespace: monitoring
 spec:
  namespaceSelector: {}
  selector: {}
@@ -14,6 +15,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: Prometheus
 metadata:
  name: prometheus
+  namespace: monitoring
 spec:
  topologySpreadConstraints:
    - maxSkew: 1
@@ -53,11 +55,18 @@ spec:
  ruleNamespaceSelector: {}
  ruleSelector: {}
  retentionSize: 8GB
+  resources:
+    limits:
+      cpu: 500m
+      memory: 2Gi
+    requests:
+      cpu: 100m
+      memory: 700Mi
  storage:
    volumeClaimTemplate:
      spec:
        accessModes:
-        - ReadWriteOnce
+          - ReadWriteOnce
        resources:
          requests:
            storage: 10Gi
@@ -67,36 +76,50 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: prometheus
+  namespace: monitoring
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: prometheus
+  namespace: monitoring
 rules:
- apiGroups: [""]
-  resources:
-  - nodes
-  - nodes/metrics
-  - services
-  - endpoints
-  - pods
-  verbs: ["get", "list", "watch"]
- apiGroups: [""]
-  resources:
-  - configmaps
-  verbs: ["get"]
- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
-  verbs: ["get"]
+  - resources:
+      - nodes
+      - nodes/metrics
+      - services
+      - endpoints
+      - pods
+    apiGroups:
+      - ""
+    verbs:
+      - get
+      - list
+      - watch
+  - resources:
+      - configmaps
+    apiGroups:
+      - ""
+    verbs:
+      - get
+  - resources:
+      - ingresses
+    apiGroups:
+      - networking.k8s.io
+    verbs:
+      - get
+      - list
+      - watch
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: prometheus
+  namespace: monitoring
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@@ -110,6 +133,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: prometheus
+  namespace: monitoring
 spec:
  groups:
  - name: prometheus
@@ -356,6 +380,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: prometheus
+  namespace: monitoring
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
@@ -381,6 +406,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: alertmanager
+  namespace: monitoring
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
@@ -406,6 +432,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
  name: prometheus
+  namespace: monitoring
 spec:
  selector:
    matchLabels:
@@ -417,6 +444,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
  name: alertmanager
+  namespace: monitoring
 spec:
  selector:
    matchLabels:
@@ -428,6 +456,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
  name: operator
+  namespace: monitoring
 spec:
  selector:
    matchLabels:
@@ -439,6 +468,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
  name: kubelet
+  namespace: monitoring
 spec:
  endpoints:
  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
@@ -467,6 +497,7 @@ apiVersion: codemowers.cloud/v1beta1
 kind: OIDCMiddlewareClient
 metadata:
  name: prometheus
+  namespace: monitoring
 spec:
  displayName: Prometheus
  uri: 'https://prom.k-space.ee'
@@ -482,6 +513,7 @@ apiVersion: codemowers.cloud/v1beta1
 kind: OIDCMiddlewareClient
 metadata:
  name: alertmanager
+  namespace: monitoring
 spec:
  displayName: AlertManager
  uri: 'https://am.k-space.ee'