前言
在之前的博客,我介绍了consonl对node的自动发现,kube-api的自动发现,今天介绍Prometheus的自动发现,也就是Prometheus的容器化部署。
实验部署
(1)创建node的yaml文件
mkdir /opt/prometheus/node
vim node/yamlapiVersion: apps/v1
kind: DaemonSet
metadata:name: node-exporternamespace: monitor-salabels:name: node-exporter
spec:selector:matchLabels:name: node-exportertemplate:metadata:labels: name: node-exporterspec:hostPID: truehostIPC: truehostNetwork: true
#共用节点服务器的网络,进程和进程通信命名空间containers:- name: node-exporterimage: prom/node-exporter
#image从指定仓库下载ports:- containerPort: 9100resources:limits:cpu: "2"securityContext:privileged: true
#给容器在节点服务器上拥有权限args: - --path.procfs- /host/proc- --path.sysfs- /host/sys- --collector.filesystem.ignored-mount-points- '"^/(sys|proc|dev|host|etc)($|/)"'
#收集节点的系统配置,网络配置,硬件设备,主机信息。volumeMounts:- name: devmountPath: /host/dev- name: procmountPath: /host/proc- name: sysmountPath: /host/sys- name: rootfsmountPath: /rootfsvolumes:- name: prochostPath:path: /proc- name: devhostPath:path: /dev- name: syshostPath:path: /sys- name: rootfshostPath:path: /wq
kubectl create ns monitor-sa
创建指定命名空间cd /opt/prometheus
curl -Ls http://20.0.0.61:9100/metrics | grep node_cpu_seconds获取节点能够监控的信息(2)创建账号,让普罗米修斯可以管理集群信息
kubectl create serviceaccount monitor -n monitor-sakubectl create clusterrolebinding monitor-clusterrolebinding -n monitor-sa --clusterrole=cluster-admin --serviceaccount=monitor-sa:monitor(3)创建configmap
apiVersion: v1
kind: ConfigMap
metadata:labels:app: prometheusname: prometheus-confignamespace: monitor-sa
data:prometheus.yml: |global:scrape_interval: 15sscrape_timeout: 10sevaluation_interval: 1mscrape_configs:- job_name: 'kubernetes-node'kubernetes_sd_configs:- role: noderelabel_configs:- source_labels: [__address__]regex: '(.*):10250'replacement: '${1}:9100'target_label: __address__action: replace- action: labelmapregex: __meta_kubernetes_node_label_(.+)- job_name: 'kubernetes-node-cadvisor'kubernetes_sd_configs:- role: nodescheme: httpstls_config:ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtbearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/tokenrelabel_configs:- action: labelmapregex: __meta_kubernetes_node_label_(.+)- target_label: __address__replacement: kubernetes.default.svc:443- source_labels: [__meta_kubernetes_node_name]regex: (.+)target_label: __metrics#通过kube-api的方式自动发现K8s的内部服务,包括node,pod,service,ingress,我们可以访问api-server,可以获取集群的所有信息(4)创建prom-deploy.yaml,基于deployment创建pod
apiVersion: apps/v1
kind: Deployment
metadata:name: prometheus-servernamespace: monitor-salabels:app: prometheus
spec:replicas: 1selector:matchLabels:app: prometheuscomponent: servertemplate:metadata: labels:app: prometheuscomponent: serverannotations:prometheus.io/scrape: 'false'
#prometheus能够获取集群信息spec:serviceAccountName: monitorinitContainers:- name: init-chmodimage: busybox:latest
#busybox是最精简的centos系统command: ['sh','-c','chmod -R 777 /prometheus']volumeMounts:- mountPath: /prometheusname: prometheus-storage-volumecontainers:- name: prometheusimage: prom/prometheus:v2.45.0command:- prometheus- --config.file=/etc/prometheus/prometheus.yml- --storage.tsdb.path=/prometheus- --storage.tsdb.retention=720h- --web.enable-lifecycleports:- containerPort: 9090volumeMounts:- name: prometheus-configmountPath: /etc/prometheus/prometheus.ymlsubPath: prometheus.yml- mountPath: /prometheus/name: prometheus-storage-volumevolumes:- name: promehtwswqchmod 777 /data(5)创建svc,以访问Prometheus
apiVersion: v1
kind: Service
metadata:name: prometheusnamespace: monitor-salabels:app: prometheus
spec:type: NodePortports:- port: 9090targetPort: 9090protocol: TCPselector:app: prometheuscomponent: server部署完之后用浏览器访问
(6)部署grafana
部署grafana
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: grafananamespace: kube-system
spec:accessModes:- ReadWriteManystorageClassName: nfs-client-storageclassresources:requests:storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:name: monitoring-grafananamespace: kube-system
spec:replicas: 1selector:matchLabels:task: monitoringk8s-app: grafanatemplate:metadata:labels:task: monitoringk8s-app: grafanaspec:containers:- name: grafanaimage: grafana/grafana:7.5.11securityContext:runAsUser: 104runAsGroup: 107ports:- containerPort: 3000protocol: TCPvolumeMounts:- mountPath: /etc/ssl/certsname: ca-certificatesreadOnly: false- mountPath: /varname: grafana-storage- mountPath: /var/lib/grafananame: graf-testenv:- name: INFLUXDB_HOSTvalue: monitoring-influxdb- name: GF_SERVER_HTTP_PORTvalue: "3000"- name: GF_AUTH_BASIC_ENABLEDvalue: "false"- name: GF_AUTH_ANONYMOUS_ENABLEDvalue: "true"- name: GF_AUTH_ANONYMOUS_ORG_ROLEvalue: Admin- name: GF_SERVER_ROOT_URLvalue: /volumes:- name: ca-certificateshostPath:path: /etc/ssl/certs- name: grafana-storageemptyDir: {}- name: graf-testpersistentVolumeClaim:claimName: grafana
---
apiVersion: v1
kind: Service
metadata:labels:name: monitoring-grafananamespace: kube-system
spec:ports:- port: 80targetPort: 3000selector:k8s-app: grafanatype: NodePort
添加pod来进行监控
压力测试
