Kubernetes系列之kubernetes Prometheus Operator

時間  2020-03-23
標籤 kubernetes 系列 prometheus operator 简体版
原文   原文鏈接

Kubernetes系列之kubernetes Prometheus Operatornode

Operator是由CoreOS公司開發的用來擴展Kubernetes API的特定應用程序控制器,用來建立、配置和管理複雜的有狀態應用,例如Mysql、緩存和監控系統。目前CoreOS官方提供了幾種Operator的代碼實現,其中就包括Prometheus Operatorgit

下圖爲Prometheus Operator 架構圖github

Operator做爲一個核心的控制器,它會建立Prometheus、ServiceMonitor、alertmanager以及咱們的prometheus-rule這四個資源對象,operator會一直監控並維持這四個資源對象的狀態,其中建立Prometheus資源對象就是做爲Prometheus Server進行監控,而ServiceMonitor就是咱們用的exporter的各類抽象(exporter前面文章已經介紹了,就是提供咱們各類服務的metrics的工具)Prometheus就是經過ServiceMonitor提供的metrics數據接口把咱們數據pull過來的。如今咱們監控prometheus不須要每一個服務單首創建修改規則。經過直接管理Operator來進行集羣的監控。這裏還要說一下,一個ServiceMonitor能夠經過咱們的label標籤去匹配集羣內部的service,而咱們的prometheus也能夠經過label匹配多個ServiceMonitorsql

prometheus-operator.png-147.6kB

其中,Operator是核心部分,做爲一個控制器而存在,Operator會建立Prometheus、ServiceMonitor、AlertManager及PrometheusRule這4個CRD資源對象,而後一直監控並維持這4個CRD資源對象的狀態vim

  • Prometheus 資源對象是做爲Prometheus Service存在的
  • ServiceMonitor 資源對象是專門提供metrics數據接口的exporter的抽象,Prometheus就是經過ServiceMonitor提供的metrics數據接口去 pull 數據的
  • AlerManager 資源對象是對應alertmanager組件
  • PrometheusRule 資源對象是被Prometheus實例使用的告警規則文件

CRD簡介
全稱CustomResourceDefinition,在Kubernetes中一切均可視爲資源,在Kubernetes1.7以後增長對CRD自定義資源二次開發能力開擴展Kubernetes API,當咱們建立一個新的CRD時,Kubernetes API服務器將爲你制定的每一個版本建立一個新的RESTful資源路徑,咱們能夠根據該API路徑來建立一些咱們本身定義的類型資源。CRD能夠是命名空間,也能夠是集羣範圍。由CRD的做用域scpoe字段中所制定的,與現有的內置對象同樣,刪除名稱空間將刪除該名稱中的全部自定義對象api

簡單的來講CRD是對Kubernetes API的擴展,Kubernetes中的每一個資源都是一個API對象的集合,例如yaml文件中定義spec那樣,都是對Kubernetes中資源對象的定義,全部的自定義資源能夠跟Kubernetes中內建的資源同樣使用Kubectl緩存

這樣,在集羣中監控數據,就變成Kubernetes直接去監控資源對象,Service和ServiceMonitor都是Kubernetes的資源對象,一個ServiceMonitor能夠經過labelSelector匹配一類Service,Prometheus也能夠經過labelSelector匹配多個ServiceMonitor,而且Prometheus和AlertManager都是自動感知監控告警配置的變化,不須要認爲進行reload操做。服務器

安裝

Operator是原生支持Prometheus的,能夠經過服務發現來監控集羣,而且是通用安裝。也就是operator提供的yaml文件,基本上在Prometheus是能夠直接使用的,須要改動的地方可能就只有幾處架構

#官方下載 (使用官方下載的出現鏡像版本不相同請本身找鏡像版本)
wget -P /root/ https://github.com/coreos/kube-prometheus/archive/master.zip
unzip master.zip
cd /root/kube-prometheus-master/manifests

prometheus-serviceMonitorKubelet.yaml (這個文件是用來收集咱們service的metrics數據的)app

不須要修改

cat prometheus-serviceMonitorKubelet.yaml

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
k8s-app: kubelet
name: kubelet
namespace: monitoring
spec:
endpoints:

  • bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
    honorLabels: true
    interval: 30s
    port: https-metrics
    scheme: https
    tlsConfig:
    insecureSkipVerify: true
  • bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
    honorLabels: true
    interval: 30s
    metricRelabelings:
    • action: drop
      regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s)
      sourceLabels:
      • name
        path: /metrics/cadvisor
        port: https-metrics
        scheme: https
        tlsConfig:
        insecureSkipVerify: true
        jobLabel: k8s-app
        namespaceSelector: #匹配命名空間,這個表明的意思就是會去匹配kube-system命名空間下,具備k8s-app=kubelet的標籤,會將匹配的標籤歸入咱們prometheus監控中
        matchNames:
    • kube-system
      selector: #這三行是用來匹配咱們的service
      matchLabels:
      k8s-app: kubelet 
      這裏修改完畢後,咱們就能夠直接建立配置文件

      [root@HUOBAN-K8S-MASTER01 manifests]# kubectl apply -f ./
      namespace/monitoring unchanged
      customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com unchanged
      customresourcedefinition.apiextensions.k8s.io/podmonitors.monitoring.coreos.com unchanged
      customresourcedefinition.apiextensions.k8s.io/prometheuses.monitoring.coreos.com unchanged
      customresourcedefinition.apiextensions.k8s.io/prometheusrules.monitoring.coreos.com unchanged
      customresourcedefinition.apiextensions.k8s.io/servicemonitors.monitoring.coreos.com unchanged
      clusterrole.rbac.authorization.k8s.io/prometheus-operator unchanged
      clusterrolebinding.rbac.authorization.k8s.io/prometheus-operator unchanged
      deployment.apps/prometheus-operator unchanged
      service/prometheus-operator unchanged
      serviceaccount/prometheus-operator unchanged
      servicemonitor.monitoring.coreos.com/prometheus-operator created
      alertmanager.monitoring.coreos.com/main created
      secret/alertmanager-main unchanged
      service/alertmanager-main unchanged
      serviceaccount/alertmanager-main unchanged
      servicemonitor.monitoring.coreos.com/alertmanager created
      secret/grafana-datasources unchanged
      configmap/grafana-dashboard-apiserver unchanged
      configmap/grafana-dashboard-controller-manager unchanged
      configmap/grafana-dashboard-k8s-resources-cluster unchanged
      configmap/grafana-dashboard-k8s-resources-namespace unchanged
      configmap/grafana-dashboard-k8s-resources-node unchanged
      configmap/grafana-dashboard-k8s-resources-pod unchanged
      configmap/grafana-dashboard-k8s-resources-workload unchanged
      configmap/grafana-dashboard-k8s-resources-workloads-namespace unchanged
      configmap/grafana-dashboard-kubelet unchanged
      configmap/grafana-dashboard-node-cluster-rsrc-use unchanged
      configmap/grafana-dashboard-node-rsrc-use unchanged
      configmap/grafana-dashboard-nodes unchanged
      configmap/grafana-dashboard-persistentvolumesusage unchanged
      configmap/grafana-dashboard-pods unchanged
      configmap/grafana-dashboard-prometheus-remote-write unchanged
      configmap/grafana-dashboard-prometheus unchanged
      configmap/grafana-dashboard-proxy unchanged
      configmap/grafana-dashboard-scheduler unchanged
      configmap/grafana-dashboard-statefulset unchanged
      configmap/grafana-dashboards unchanged
      deployment.apps/grafana configured
      service/grafana unchanged
      serviceaccount/grafana unchanged
      servicemonitor.monitoring.coreos.com/grafana created
      clusterrole.rbac.authorization.k8s.io/kube-state-metrics unchanged
      clusterrolebinding.rbac.authorization.k8s.io/kube-state-metrics unchanged
      deployment.apps/kube-state-metrics unchanged
      role.rbac.authorization.k8s.io/kube-state-metrics unchanged
      rolebinding.rbac.authorization.k8s.io/kube-state-metrics unchanged
      service/kube-state-metrics unchanged
      serviceaccount/kube-state-metrics unchanged
      servicemonitor.monitoring.coreos.com/kube-state-metrics created
      clusterrole.rbac.authorization.k8s.io/node-exporter unchanged
      clusterrolebinding.rbac.authorization.k8s.io/node-exporter unchanged
      daemonset.apps/node-exporter configured
      service/node-exporter unchanged
      serviceaccount/node-exporter unchanged
      servicemonitor.monitoring.coreos.com/node-exporter created
      apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io unchanged
      clusterrole.rbac.authorization.k8s.io/prometheus-adapter unchanged
      clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader unchanged
      clusterrolebinding.rbac.authorization.k8s.io/prometheus-adapter unchanged
      clusterrolebinding.rbac.authorization.k8s.io/resource-metrics:system:auth-delegator unchanged
      clusterrole.rbac.authorization.k8s.io/resource-metrics-server-resources unchanged
      configmap/adapter-config unchanged
      deployment.apps/prometheus-adapter configured
      rolebinding.rbac.authorization.k8s.io/resource-metrics-auth-reader unchanged
      service/prometheus-adapter unchanged
      serviceaccount/prometheus-adapter unchanged
      clusterrole.rbac.authorization.k8s.io/prometheus-k8s unchanged
      clusterrolebinding.rbac.authorization.k8s.io/prometheus-k8s unchanged
      prometheus.monitoring.coreos.com/k8s created
      rolebinding.rbac.authorization.k8s.io/prometheus-k8s-config unchanged
      rolebinding.rbac.authorization.k8s.io/prometheus-k8s unchanged
      rolebinding.rbac.authorization.k8s.io/prometheus-k8s unchanged
      rolebinding.rbac.authorization.k8s.io/prometheus-k8s unchanged
      role.rbac.authorization.k8s.io/prometheus-k8s-config unchanged
      role.rbac.authorization.k8s.io/prometheus-k8s unchanged
      role.rbac.authorization.k8s.io/prometheus-k8s unchanged
      role.rbac.authorization.k8s.io/prometheus-k8s unchanged
      prometheusrule.monitoring.coreos.com/prometheus-k8s-rules created
      service/prometheus-k8s unchanged
      serviceaccount/prometheus-k8s unchanged
      servicemonitor.monitoring.coreos.com/prometheus created
      servicemonitor.monitoring.coreos.com/kube-apiserver created
      servicemonitor.monitoring.coreos.com/coredns created
      servicemonitor.monitoring.coreos.com/kube-controller-manager created
      servicemonitor.monitoring.coreos.com/kube-scheduler created
      servicemonitor.monitoring.coreos.com/kubelet created

      當咱們部署成功以後,咱們能夠查看一下crd,yaml文件會自動幫咱們建立crd文件。只有咱們建立了crd文件,咱們的serviceMonitor纔會有用

      [root@HUOBAN-K8S-MASTER01 manifests]# kubectl get crd
      NAME CREATED AT
      alertmanagers.monitoring.coreos.com 2019-10-18T08:32:57Z
      podmonitors.monitoring.coreos.com 2019-10-18T08:32:58Z
      prometheuses.monitoring.coreos.com 2019-10-18T08:32:58Z
      prometheusrules.monitoring.coreos.com 2019-10-18T08:32:58Z
      servicemonitors.monitoring.coreos.com 2019-10-18T08:32:59Z

      其餘的資源文件都會部署在一個命名空間下面,在monitoring裏面是operator Pod對應的列表

      [root@HUOBAN-K8S-MASTER01 manifests]# kubectl get pod -n monitoring
      NAME READY STATUS RESTARTS AGE
      alertmanager-main-0 2/2 Running 0 11m
      alertmanager-main-1 2/2 Running 0 11m
      alertmanager-main-2 2/2 Running 0 11m
      grafana-55488b566f-g2sm9 1/1 Running 0 11m
      kube-state-metrics-ff5cb7949-wq7pb 3/3 Running 0 11m
      node-exporter-6wb5v 2/2 Running 0 11m
      node-exporter-785rf 2/2 Running 0 11m
      node-exporter-7kvkp 2/2 Running 0 11m
      node-exporter-85bnh 2/2 Running 0 11m
      node-exporter-9vxwf 2/2 Running 0 11m
      node-exporter-bvf4r 2/2 Running 0 11m
      node-exporter-j6d2d 2/2 Running 0 11m
      prometheus-adapter-668748ddbd-d8k7f 1/1 Running 0 11m
      prometheus-k8s-0 3/3 Running 1 11m
      prometheus-k8s-1 3/3 Running 1 11m
      prometheus-operator-55b978b89-qpzfk 1/1 Running 0 11m

      其中prometheus和alertmanager採用的StatefulSet,其餘的Pod則採用deployment建立

      [root@HUOBAN-K8S-MASTER01 manifests]# kubectl get deployments.apps -n monitoring
      NAME READY UP-TO-DATE AVAILABLE AGE
      grafana 1/1 1 1 12m
      kube-state-metrics 1/1 1 1 12m
      prometheus-adapter 1/1 1 1 12m
      prometheus-operator 1/1 1 1 12m
      [root@HUOBAN-K8S-MASTER01 manifests]# kubectl get statefulsets.apps -n monitoring
      NAME READY AGE
      alertmanager-main 3/3 11m
      prometheus-k8s 2/2 11m

#其中prometheus-operator是咱們的核心文件,它是監控咱們prometheus和alertmanager的文件

如今建立完成後咱們還沒法直接訪問prometheus

[root@HUOBAN-K8S-MASTER01 manifests]# kubectl get svc -n monitoring |egrep "prometheus|grafana|alertmanage"
alertmanager-main ClusterIP 10.96.226.38 <none> 9093/TCP 3m55s
alertmanager-operated ClusterIP None <none> 9093/TCP,9094/TCP,9094/UDP 3m10s
grafana ClusterIP 10.97.175.234 <none> 3000/TCP 3m53s
prometheus-adapter ClusterIP 10.96.43.155 <none> 443/TCP 3m53s
prometheus-k8s ClusterIP 10.105.75.186 <none> 9090/TCP 3m52s
prometheus-operated ClusterIP None <none> 9090/TCP 3m
prometheus-operator ClusterIP None <none> 8080/TCP 3m55s

因爲默認的yaml文件svc採用的是ClusterIP,咱們沒法進行訪問。這裏咱們可使用ingress進行代理,或者使用node-port臨時訪問。我這裏就修改一下svc,使用node-port進行訪問

#我這裏使用edit進行修改,或者修改yaml文件apply下便可

kubectl edit svc -n monitoring prometheus-k8s
#注意修改的svc是prometheus-k8s由於這個有clusterIP
kubectl edit svc -n monitoring grafana
kubectl edit svc -n monitoring alertmanager-main
#三個文件都須要修改,不要修改錯了。都是修改有clusterIP的
...
type: NodePort #將這行修改成NodePort

prometheus-k8s、grafana和alertmanager-main都是隻修改type=clusterIP這行

![image.png](https://upload-images.jianshu.io/upload_images/6064401-efe1ddb97a7d8c65.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)

修改完畢後,咱們在查看svc,就會發現這幾個都包含node端口了,接下來在任意集羣節點訪問便可

[root@HUOBAN-K8S-MASTER01 manifests]# kubectl get svc -n monitoring |egrep "prometheus|grafana|alertmanage"
alertmanager-main NodePort 10.96.226.38 <none> 9093:32477/TCP 13m
alertmanager-operated ClusterIP None <none> 9093/TCP,9094/TCP,9094/UDP 12m
grafana NodePort 10.97.175.234 <none> 3000:32474/TCP 13m
prometheus-adapter ClusterIP 10.96.43.155 <none> 443/TCP 13m
prometheus-k8s NodePort 10.105.75.186 <none> 9090:32489/TCP 13m
prometheus-operated ClusterIP None <none> 9090/TCP 12m
prometheus-operator ClusterIP None <none> 8080/TCP 13m

接下來咱們查看prometheus的Ui界面

[root@HUOBAN-K8S-MASTER01 manifests]# kubectl get svc -n monitoring |grep prometheus-k8s
prometheus-k8s NodePort 10.105.75.186 <none> 9090:32489/TCP 19m
[root@HUOBAN-K8S-MASTER01 manifests]# hostname -i
172.16.17.191

咱們訪問的集羣172.16.17.191:32489

![image.png](https://upload-images.jianshu.io/upload_images/6064401-90275be27c1d9f95.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)

這裏kube-controller-manager和kube-scheduler並管理的目標,其餘的都有。這裏的就是和官方yaml文件裏面定義的有關係
![image.png](https://upload-images.jianshu.io/upload_images/6064401-80b0213e740d6398.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)

配置文件解釋

vim prometheus-serviceMonitorKubeScheduler.yaml

apiVersion: monitoring.coreos.com/v1 #kubectl get crd裏面包含的,不進行修改
kind: ServiceMonitor
metadata:
labels:
k8s-app: kube-scheduler
name: kube-scheduler #定義的名稱
namespace: monitoring
spec:
endpoints:

  • interval: 30s
    port: http-metrics #這裏定義的就是在svc上的端口名稱
    jobLabel: k8s-app
    namespaceSelector: #表示匹配哪個命名空間,配置any:true則回去全部命名空間中查詢
    matchNames:
    • kube-systemselector: #這裏大概意思就是匹配kube-system命名空間下具備k8s-app=kube-scheduler標籤的svcmatchLabels:k8s-app: kube-scheduler
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程