apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: zk-pdb
spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      app: zookeeper

spec:
  groups:
    - name: machine_cpu_mem_usage_active
      interval: 30s
      rules:
        - record: machine_memory_usage_active
          expr: 100*(1-node_memory_MemAvailable_bytes/node_memory_MemTotal_bytes)
    - name: machine_memory_usage_1m
      interval: 1m
      rules:
        - record: machine_memory_usage_5m
          expr: 'avg_over_time(machine_memory_usage_active[5m])'
    - name: machine_cpu_usage_1m
      interval: 1m
      rules:
        - record: machine_cpu_usage_5m
          expr: >-
            100 - (avg by (instance, clusterID)
            (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)
    - name: container_cpu_usage_10m
      interval: 1m
      rules:
        - record: container_cpu_usage_total_5m
          expr: >-
            sum by(namespace, pod,
            clusterID)(rate(container_cpu_usage_seconds_total{pod!='',image=''}[5m]))
            * 1000
    - name: container_memory_working_set_bytes_pod
      interval: 1m
      rules:
        - record: container_memory_working_set_bytes_by_pod
          expr: 'container_memory_working_set_bytes{pod!='''',image=''''}'

scrape_configs:
  - job_name: "kubernetes-cadvisor"
    # Default to scraping over https. If required, just disable this or change to
    # `http`.
    scheme: https
    
    # Starting Kubernetes 1.7.3 the cAdvisor metrics are under /metrics/cadvisor.
    # Kubernetes CIS Benchmark recommends against enabling the insecure HTTP
    # servers of Kubernetes, therefore the cAdvisor metrics on the secure handler
    # are used.
    metrics_path: /metrics/cadvisor
    
    # This TLS & authorization config is used to connect to the actual scrape
    # endpoints for cluster components. This is separate to discovery auth
    # configuration because discovery & scraping are two separate concerns in
    # Prometheus. The discovery auth config is automatic if Prometheus runs inside
    # the cluster. Otherwise, more config options have to be provided within the
    # <kubernetes_sd_config>.
    tls_config:
      ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
      # If your node certificates are self-signed or use a different CA to the
      # master CA, then disable certificate verification below. Note that
      # certificate verification is an integral part of a secure infrastructure
      # so this should only be disabled in a controlled environment. You can
      # disable certificate verification by uncommenting the line below.
      #
      insecure_skip_verify: true
    authorization:
      credentials_file: /var/run/secrets/kubernetes.io/serviceaccount/token
    
    kubernetes_sd_configs:
      - role: node
    
    relabel_configs:
      - action: labelmap
        regex: __meta_kubernetes_node_label_(.+)
 
  - job_name: 'node-exporter'
      kubernetes_sd_configs:
        - role: pod
      relabel_configs:
      - source_labels: [__meta_kubernetes_pod_name]
        regex: 'node-exporter-(.+)'
        action: keep

spec:
  groups:
    - name: machine_cpu_mem_usage_active
      interval: 30s
      rules:
        - record: machine_memory_usage_active
          expr: 100*(1-node_memory_MemAvailable_bytes/node_memory_MemTotal_bytes)
    - name: machine_memory_usage_1m
      interval: 1m
      rules:
        - record: machine_memory_usage_5m
          expr: 'avg_over_time(machine_memory_usage_active[5m])'
    - name: machine_cpu_usage_1m
      interval: 1m
      rules:
        - record: machine_cpu_usage_5m
          expr: >-
            100 - (avg by (instance)
            (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)
    - name: container_cpu_usage_10m
      interval: 1m
      rules:
        - record: container_cpu_usage_total_5m
          expr: >-
            sum by(namespace, pod)(rate(container_cpu_usage_seconds_total{pod!='',image=''}[5m])) * 1000
    - name: container_memory_working_set_bytes_pod
      interval: 1m
      rules:
        - record: container_memory_working_set_bytes_by_pod
          expr: 'container_memory_working_set_bytes{pod!='''',image=''''}'