| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| labels: |
| app: prometheus |
| release: istio |
| name: prometheus |
| namespace: istio-system |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app: prometheus |
| template: |
| metadata: |
| annotations: |
| sidecar.istio.io/inject: "false" |
| labels: |
| app: prometheus |
| release: istio |
| spec: |
| affinity: |
| nodeAffinity: |
| preferredDuringSchedulingIgnoredDuringExecution: |
| - preference: |
| matchExpressions: |
| - key: beta.kubernetes.io/arch |
| operator: In |
| values: |
| - amd64 |
| weight: 2 |
| - preference: |
| matchExpressions: |
| - key: beta.kubernetes.io/arch |
| operator: In |
| values: |
| - ppc64le |
| weight: 2 |
| - preference: |
| matchExpressions: |
| - key: beta.kubernetes.io/arch |
| operator: In |
| values: |
| - s390x |
| weight: 2 |
| requiredDuringSchedulingIgnoredDuringExecution: |
| nodeSelectorTerms: |
| - matchExpressions: |
| - key: beta.kubernetes.io/arch |
| operator: In |
| values: |
| - amd64 |
| - ppc64le |
| - s390x |
| containers: |
| - args: |
| - --storage.tsdb.retention=6h |
| - --config.file=/etc/prometheus/prometheus.yml |
| image: docker.io/prom/prometheus:v2.15.1 |
| livenessProbe: |
| httpGet: |
| path: /-/healthy |
| port: 9090 |
| name: prometheus |
| ports: |
| - containerPort: 9090 |
| name: http |
| readinessProbe: |
| httpGet: |
| path: /-/ready |
| port: 9090 |
| resources: |
| requests: |
| cpu: 10m |
| volumeMounts: |
| - mountPath: /etc/prometheus |
| name: config-volume |
| - mountPath: /etc/istio-certs |
| name: istio-certs |
| - args: |
| - proxy |
| - sidecar |
| - --domain |
| - $(POD_NAMESPACE).svc.cluster.local |
| - istio-proxy-prometheus |
| - --proxyLogLevel=warning |
| - --proxyComponentLogLevel=misc:error |
| - --controlPlaneAuthPolicy |
| - NONE |
| - --trust-domain=cluster.local |
| env: |
| - name: OUTPUT_CERTS |
| value: /etc/istio-certs |
| - name: JWT_POLICY |
| value: first-party-jwt |
| - name: PILOT_CERT_PROVIDER |
| value: istiod |
| - name: CA_ADDR |
| value: istiod.istio-system.svc:15012 |
| - name: POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| - name: INSTANCE_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.podIP |
| - name: SERVICE_ACCOUNT |
| valueFrom: |
| fieldRef: |
| fieldPath: spec.serviceAccountName |
| - name: HOST_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.hostIP |
| - name: ISTIO_META_MESH_ID |
| value: cluster.local |
| - name: ISTIO_META_CLUSTER_ID |
| value: Kubernetes |
| image: docker.io/istio/proxyv2:1.6.3 |
| imagePullPolicy: Always |
| name: istio-proxy |
| ports: |
| - containerPort: 15090 |
| name: http-envoy-prom |
| protocol: TCP |
| readinessProbe: |
| failureThreshold: 30 |
| httpGet: |
| path: /healthz/ready |
| port: 15020 |
| scheme: HTTP |
| initialDelaySeconds: 1 |
| periodSeconds: 2 |
| successThreshold: 1 |
| timeoutSeconds: 1 |
| volumeMounts: |
| - mountPath: /var/run/secrets/istio |
| name: istiod-ca-cert |
| - mountPath: /etc/istio/proxy |
| name: istio-envoy |
| - mountPath: /etc/istio-certs/ |
| name: istio-certs |
| - mountPath: /etc/istio/config |
| name: istio-config-volume |
| nodeSelector: {} |
| serviceAccountName: prometheus |
| tolerations: [] |
| volumes: |
| - configMap: |
| name: istio |
| optional: true |
| name: istio-config-volume |
| - configMap: |
| name: prometheus |
| name: config-volume |
| - emptyDir: |
| medium: Memory |
| name: istio-certs |
| - emptyDir: |
| medium: Memory |
| name: istio-envoy |
| - configMap: |
| defaultMode: 420 |
| name: istio-ca-root-cert |
| name: istiod-ca-cert |