Prometheus K8S deployed
Deployment: https: //github.com/kubernetes/kubernetes/tree/master/cluster/addons/prometheus
Source directory: kubernetes / cluster / addons / prometheus
Service Discovery: https: //prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config
Deployment Requirements
1, K8S deploy internal DNS service
2, can be used in existing dynamic PV
Profiles
The following is a good profile has been modified, self-trimming according to the conditions
- # Api access authorization
- prometheus-rbac.yaml
-
apiVersion: v1 # 创建 ServiceAccount 授予权限 kind: ServiceAccount metadata: name: prometheus namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: prometheus labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - "" # 授予的权限 resources: - nodes - nodes/metrics - services - endpoints - pods verbs: - get - list - watch - apiGroups: - "" resources: - configmaps verbs: - get - nonResourceURLs: - "/metrics" verbs: - get --- # 角色绑定 apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: prometheus labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: prometheus subjects: - kind: ServiceAccount name: prometheus namespace: kube-system
- # Management prometheus profile
- prometheus-configmap.yaml
-
# Prometheus the format https://prometheus.io/docs/prometheus/latest/configuration/configuration/ Configuration apiVersion: V1 kind: The ConfigMap Metadata: name: Prometheus - config namespace: Kube - System Labels: kubernetes.io / Cluster-Service-: " to true " addonmanager.kubernetes.io / the MODE: EnsureExists the Data: # store prometheus profile prometheus.yml: | # configure acquisition target scrape_configs: - job_name: prometheus static_configs: - targets: # Collection itself - localhost: 9090 # collection: Apiserver survival Index # the Job name name created for apiservers-Kubernetes - job_name: kubernetes- apiservers # discovery based k8s service kubernetes_sd_configs: - Role: Endpoints # using communication markup tags relabel_configs: # reserved. regular matching tags - Action: the Keep # already contains regex: default; Kubernetes; HTTPS source_labels: - __meta_kubernetes_namespace - __meta_kubernetes_service_name - __meta_kubernetes_endpoint_port_name # use as https, the default HTTP scheme: https tls_config: # promethus access Apiserver use the certification ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ ca.crt # skip https certification insecure_skip_verify: to true # promethus access Apiserver use certification bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/ token # collection: kubelet survival index - job_name: Kubernetes-nodes- kubelet kubernetes_sd_configs: # found a cluster of all the Node - Role: the Node relabel_configs: #Access to key information REGEX - Action: labelmap REGEX: __meta_kubernetes_node_label_ (+. ) Scheme: HTTPS tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ in ca.crt insecure_skip_verify: to true bearer_token_file: / var / RUN / Secrets /kubernetes.io/serviceaccount/ token # collection: nodes-cadvisor information - job_name: Kubernetes-nodes- cadvisor kubernetes_sd_configs: - Role: the Node relabel_configs: - Action: labelmap regex:__meta_kubernetes_node_label_ (. + ) # rename tags - target_label: __metrics_path__ Replacement: / metrics / cadvisor scheme: HTTPS tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ in ca.crt insecure_skip_verify: to true bearer_token_file: / var / RUN / Secrets / kubernetes.io / serviceaccount / token # collection: service-endpoints information - job_name: Kubernetes-Service- Endpoints # selected indicators kubernetes_sd_configs: - Role: Endpoints relabel_configs: - action: keep regex: true # 指定源标签 source_labels: - __meta_kubernetes_service_annotation_prometheus_io_scrape - action: replace regex: (https?) source_labels: - __meta_kubernetes_service_annotation_prometheus_io_scheme # 重命名标签采集 target_label: __scheme__ - action: replace regex: (.+) source_labels: - __meta_kubernetes_service_annotation_prometheus_io_path target_label: __metrics_path__ - action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 source_labels: - __address__ - __meta_kubernetes_service_annotation_prometheus_io_port target_label: __address__ - action: labelmap regex: __meta_kubernetes_service_label_(.+) - action: replace source_labels: - __meta_kubernetes_namespace target_label: kubernetes_namespace - action: replace source_labels: -__meta_kubernetes_service_name target_label: kubernetes_name # collection: kubernetes-services service indicators - job_name: kubernetes- Services kubernetes_sd_configs: - Role: Service # black-box detection, detection IP and port is available metrics_path: / the Probe params: Module: - http_2xx relabel_configs: - Action: the Keep regex: to true source_labels: - __meta_kubernetes_service_annotation_prometheus_io_probe - source_labels: - __address__ target_label:__param_target # 使用 blackbox进行黑盒探测 - replacement: blackbox target_label: __address__ - source_labels: - __param_target target_label: instance - action: labelmap regex: __meta_kubernetes_service_label_(.+) - source_labels: - __meta_kubernetes_namespace target_label: kubernetes_namespace - source_labels: - __meta_kubernetes_service_name target_label: kubernetes_name #Acquisition: kubernetes-pods Information - job_name: kubernetes- PODS kubernetes_sd_configs: - Role: POD relabel_configs: - Action: the Keep regex: to true source_labels: # retain only information collected - __meta_kubernetes_pod_annotation_prometheus_io_scrape - Action: the replace (.: Regex + ) source_labels: - __meta_kubernetes_pod_annotation_prometheus_io_path target_label: __metrics_path__ - Action: the replace regex: ([ ^:] +) (:: \ d +?); (\ d +? ) replacement: $1:$2 source_labels: # 采集地址 - __address__ # 采集端口 - __meta_kubernetes_pod_annotation_prometheus_io_port target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - action: replace source_labels: - __meta_kubernetes_namespace target_label: kubernetes_namespace - action: replace source_labels: - __meta_kubernetes_pod_name target_label: kubernetes_pod_name Alerting: # alert profile alertmanagers: - kubernetes_sd_configs: # dynamic acquisition - Role: POD tls_config: ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ in ca.crt bearer_token_file: / var / RUN / Secrets /kubernetes.io/serviceaccount/ token relabel_configs: - source_labels: [ __meta_kubernetes_namespace ] REGEX: Kube - System Action: Keep - source_labels: [ __meta_kubernetes_pod_label_k8s_app ] regex: alertmanager action: keep - source_labels: [__meta_kubernetes_pod_container_port_number] regex: action: drop
- # Expose the prometheus access
- prometheus-service.yaml
-
apiVersion: apps/v1 kind: StatefulSet metadata: name: prometheus # 部署命名空间 namespace: kube-system labels: k8s-app: prometheus kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile version: v2.2.1 spec: serviceName: "prometheus" replicas: 1 podManagementPolicy: "Parallel" updateStrategy: type: "RollingUpdate" selector: matchLabels: k8s-app: prometheus template: metadata: labels: k8s-app: prometheus annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: priorityClassName: system-cluster-critical serviceAccountName: prometheus # 初始化容器 initContainers: - name: "init-chown-data" image: "busybox:latest" imagePullPolicy: "IfNotPresent" command: ["chown", "-R", "65534:65534", "/data"] volumeMounts: - name: prometheus-data mountPath: /data subPath: "" containers: - name: prometheus-server-configmap-reload image: "jimmidyson/configmap-reload:v0.1" imagePullPolicy: "IfNotPresent" args: - --volume-dir=/etc/config - --webhook-url=http://localhost:9090/-/reload volumeMounts: - name: config-volume mountPath: /etc/config readOnly: true resources: limits: cpu: 10m memory: 10Mi requests: cpu: 10m memory: 10Mi - name: prometheus-server # 主要使用镜像 image: "prom/prometheus:v2.2.1" imagePullPolicy: "IfNotPresent" args: - --config.file=/etc/config/prometheus.yml - --storage.tsdb.path=/data - --web.console.libraries=/etc/prometheus/console_libraries - --web.console.templates=/etc/prometheus/consoles - --web.enable-lifecycle ports: - containerPort: 9090 readinessProbe: # 健康检查 httpGet: path: /-/ready port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 livenessProbe: httpGet: path: /-/healthy port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 # based on 10 running nodes with 30 pods each resources: limits: cpu: 200m memory: 1000Mi requests: cpu: 200m memory: 1000Mi # 数据卷 volumeMounts: - name: config-volume MountPath:/ etc / config - name: prometheus- the Data MountPath: / the Data subPath: "" terminationGracePeriodSeconds: 300 Volumes: - name: config- Volume configMap: name: Prometheus - config volumeClaimTemplates: - the Metadata: name: Prometheus - the Data spec: # Use dynamic PV, PV dynamically modified to store the created storageClassName: NFS-safe locking-Managed storage accessModes: - ReadWriteOnce Resources: requests: storage: "16Gi"
- # In the form of state will have to deploy prometheus
- prometheus-statefulset.yaml
-
kind: Service apiVersion: v1 the Metadata: name: Prometheus # Specify the namespace namespace: kube- System Labels: kubernetes.io / name: " Prometheus " kubernetes.io / Cluster-Service: " to true " addonmanager.kubernetes.io / the MODE: Reconcile spec: # add an external access of the type: NodePort # specify the internal protocol access the ports: - name: HTTP Port: 9090 protocol: TCP TARGETPORT: 9090 Selector: K8S-app: prometheus
deploy
1, download the package github: https: //github.com/kubernetes/kubernetes/
2, copy files to a specified directory
mkdir ~/prometheus
cp ~/kubernetes/cluster/addons/prometheus/* ~/prometheus/
3, enter the directory
cd ~/prometheus/
4, k8s create a configuration file to run container
kubectl apply -f prometheus-rbac.yaml kubectl apply -f prometheus-configmap.yaml kubectl apply -f prometheus-statefulset.yaml kubectl apply -f prometheus-service.yaml
5, create a resource view
kubectl get pod,svc -n kube-system NAME READY STATUS RESTARTS AGE pod/coredns-64479cf49b-lsqqn 1/1 Running 0 75m pod/prometheus-0 2/2 Running 0 2m12s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kube-dns ClusterIP 10.0.0.2 <none> 53/UDP,53/TCP,9153/TCP 75m service/prometheus NodePort 10.0.0.170 <none> 9090:42575/TCP 8s
6, test access port open through monitoring terminal port