apiVersion: v1 kind: ServiceAccount metadata: name: kube-state-metrics namespace: monitoring labels: app.kubernetes.io/name: kube-state-metrics --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: kube-state-metrics name: kube-state-metrics rules: - apiGroups: ["certificates.k8s.io"] resources: - certificatesigningrequests verbs: ["list", "watch"] - apiGroups: [""] resources: - configmaps verbs: ["list", "watch"] - apiGroups: ["batch"] resources: - cronjobs verbs: ["list", "watch"] - apiGroups: ["extensions", "apps"] resources: - daemonsets verbs: ["list", "watch"] - apiGroups: ["extensions", "apps"] resources: - deployments verbs: ["list", "watch"] - apiGroups: [""] resources: - endpoints verbs: ["list", "watch"] - apiGroups: ["autoscaling"] resources: - horizontalpodautoscalers verbs: ["list", "watch"] - apiGroups: ["extensions", "networking.k8s.io"] resources: - ingresses verbs: ["list", "watch"] - apiGroups: ["batch"] resources: - jobs verbs: ["list", "watch"] - apiGroups: [""] resources: - limitranges verbs: ["list", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: - mutatingwebhookconfigurations verbs: ["list", "watch"] - apiGroups: [""] resources: - namespaces verbs: ["list", "watch"] - apiGroups: ["networking.k8s.io"] resources: - networkpolicies verbs: ["list", "watch"] - apiGroups: [""] resources: - nodes verbs: ["list", "watch"] - apiGroups: [""] resources: - persistentvolumeclaims verbs: ["list", "watch"] - apiGroups: [""] resources: - persistentvolumes verbs: ["list", "watch"] - apiGroups: ["policy"] resources: - poddisruptionbudgets verbs: ["list", "watch"] - apiGroups: [""] resources: - pods verbs: ["list", "watch"] - apiGroups: ["extensions", "apps"] resources: - replicasets verbs: ["list", "watch"] - apiGroups: [""] resources: - replicationcontrollers verbs: ["list", "watch"] - apiGroups: [""] resources: - resourcequotas verbs: ["list", "watch"] - apiGroups: [""] resources: - secrets verbs: ["list", "watch"] - apiGroups: [""] resources: - services verbs: ["list", "watch"] - apiGroups: ["apps"] resources: - statefulsets verbs: ["list", "watch"] - apiGroups: ["storage.k8s.io"] resources: - storageclasses verbs: ["list", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: - validatingwebhookconfigurations verbs: ["list", "watch"] - apiGroups: ["storage.k8s.io"] resources: - volumeattachments verbs: ["list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: kube-state-metrics name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kube-state-metrics subjects: - kind: ServiceAccount name: kube-state-metrics namespace: monitoring --- apiVersion: v1 kind: Service metadata: name: kube-state-metrics namespace: monitoring labels: app.kubernetes.io/name: kube-state-metrics annotations: prometheus.io/scrape: 'true' spec: type: "ClusterIP" ports: - name: "http" protocol: TCP port: 8080 targetPort: 8080 selector: app.kubernetes.io/name: kube-state-metrics --- apiVersion: apps/v1 kind: Deployment metadata: name: kube-state-metrics namespace: monitoring labels: app.kubernetes.io/name: kube-state-metrics spec: selector: matchLabels: app.kubernetes.io/name: kube-state-metrics replicas: 1 template: metadata: labels: app.kubernetes.io/name: kube-state-metrics spec: serviceAccountName: kube-state-metrics securityContext: fsGroup: 65534 runAsGroup: 65534 runAsUser: 65534 containers: - name: kube-state-metrics args: #- --resources=certificatesigningrequests - --resources=configmaps - --resources=cronjobs - --resources=daemonsets - --resources=deployments #- --resources=endpoints #- --resources=horizontalpodautoscalers - --resources=ingresses - --resources=jobs #- --resources=limitranges - --resources=mutatingwebhookconfigurations - --resources=namespaces #- --resources=networkpolicies - --resources=nodes - --resources=persistentvolumeclaims - --resources=persistentvolumes - --resources=poddisruptionbudgets - --resources=pods - --resources=replicasets #- --resources=replicationcontrollers #- --resources=resourcequotas - --resources=secrets - --resources=services - --resources=statefulsets - --resources=storageclasses - --resources=validatingwebhookconfigurations #- --resources=volumeattachments imagePullPolicy: IfNotPresent image: "registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.14.0" ports: - containerPort: 8080 livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 5 timeoutSeconds: 5 readinessProbe: httpGet: path: / port: 8080 initialDelaySeconds: 5 timeoutSeconds: 5 ---