攀枝花网站开发,有用织梦做的大网站吗,哪里有专门做gif的网站,wordpress邮件订阅功能一、监控部署 1、将k8s集群中kube-state-metrics指标进行收集#xff0c;服务进行部署 1.1 pod性能指标#xff08;k8s集群组件自动集成#xff09; k8s组件本身提供组件自身运行的监控指标以及容器相关的监控指标。通过cAdvisor 是一个开源的分析容器资源使用率和性能特性的…一、监控部署 1、将k8s集群中kube-state-metrics指标进行收集服务进行部署 1.1 pod性能指标k8s集群组件自动集成 k8s组件本身提供组件自身运行的监控指标以及容器相关的监控指标。通过cAdvisor 是一个开源的分析容器资源使用率和性能特性的代理工具集成到 Kubelet中当Kubelet启动时会同时启动cAdvisor且一个cAdvisor只监控一个Node节点的信息。cAdvisor 自动查找所有在其所在节点上的容器自动采集 CPU、内存、文件系统和网络使用的统计信息。cAdvisor 通过它所在节点机的 Root 容器采集并分析该节点机的全面使用情况。 当然kubelet也会输出一些监控指标数据因此pod的监控数据有kubelet和cadvisor监控url分别为 https://NodeIP:10250/metrics https://NodeIP:10250/metrics/cadvisor 1.2 K8S资源监控k8s集群内部署 kube-state-metrics是一个简单的服务它监听Kubernetes API服务器并生成关联对象的指标。它不关注单个Kubernetes组件的运行状况而是关注内部各种对象如deployment、node、pod等的运行状况。 注先手动检查下集群是否已经安装kube-state-metrics 如果集群没有安装可参考如下步骤进行部署
docker pull gcr.io/google_containers/kube-state-metrics:v1.6.0
// 镜像打标签设置为当前k8s配置的镜像仓库地址
docker tag quay.io/coreos/kube-state-metrics:v1.9.0 dockerhub.kubekey.local/library/kube-state-metrics:v1.9.0
// 推进仓库
docker push dockerhub.kubekey.local/library/kube-state-metrics:v1.9.01.3 编辑kube-state-metrics.yml文件
vim kube-state-metrics.yml---
apiVersion: v1
kind: ServiceAccount
metadata:labels:app: kube-state-metricsname: kube-state-metricsnamespace: prometheus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:name: kube-state-metrics
rules:
- apiGroups: []resources:- configmaps- secrets- nodes- pods- services- resourcequotas- replicationcontrollers- limitranges- persistentvolumeclaims- persistentvolumes- namespaces- endpointsverbs: [list, watch]
- apiGroups: [extensions]resources:- daemonsets- deployments- replicasets- ingressesverbs: [list, watch]
- apiGroups: [apps]resources:- daemonsets- deployments- replicasets- statefulsetsverbs: [list, watch]
- apiGroups: [batch]resources:- cronjobs- jobsverbs: [list, watch]
- apiGroups: [autoscaling]resources:- horizontalpodautoscalersverbs: [list, watch]
- apiGroups: [policy]resources:- poddisruptionbudgetsverbs: [list, watch]
- apiGroups: [certificates.k8s.io]resources:- certificatesigningrequestsverbs: [list, watch]
- apiGroups: [storage.k8s.io]resources:- storageclassesverbs: [list, watch]
- apiGroups: [autoscaling.k8s.io]resources:- verticalpodautoscalersverbs: [list, watch]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:labels:app: kube-state-metricsname: kube-state-metrics
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kube-state-metrics
subjects:
- kind: ServiceAccountname: kube-state-metricsnamespace: prometheus
---
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: kube-state-metricsname: kube-state-metricsnamespace: prometheus
spec:replicas: 1selector:matchLabels:app: kube-state-metricsstrategy:rollingUpdate:maxSurge: 1maxUnavailable: 0type: RollingUpdatetemplate:metadata:labels:app: kube-state-metricsspec:containers:# 注意这里image地址修改为你k8s配置的仓库地址- image: dockerhub.kubekey.local/library/kube-state-metrics:v1.9.0imagePullPolicy: IfNotPresentlivenessProbe:failureThreshold: 3httpGet:path: /port: 8080scheme: HTTPinitialDelaySeconds: 30periodSeconds: 10successThreshold: 1timeoutSeconds: 30name: kube-state-metricsports:- containerPort: 8080protocol: TCPreadinessProbe:failureThreshold: 3httpGet:path: /port: 8080scheme: HTTPinitialDelaySeconds: 30periodSeconds: 10successThreshold: 1timeoutSeconds: 5resources:limits:cpu: 500mmemory: 768Mirequests:cpu: 250mmemory: 768MirestartPolicy: AlwaysserviceAccount: kube-state-metricsserviceAccountName: kube-state-metrics
---
apiVersion: v1
kind: Service
metadata:labels:app: kube-state-metricsname: kube-state-metricsnamespace: prometheus
spec:ports:- name: kube-state-metricsport: 80protocol: TCPtargetPort: 8080selector:app: kube-state-metrics## 注意这里kube-state-metrics暴露类型修改为NodePort对外暴露type: NodePort1.4 启动yaml文件
kubectl apply -f kube-state-metrics.yaml1.5 查看pod信息
kubectl get pod -n prometheus1.6 查看service信息
kubectl get svc -n prometheus这里可以看到k8s集群对外暴露的端口为 62177 1.7 查看集群信息
kubectl get po -n prometheus -owide然后查看metrics信息 可以手动
curl k8s02:62177/metrics正常数据metrics就会出现 二、创建token供集群外部访问 集群外部监控K8s集群通过访问kube-apiserver来访问集群资源。通过这种方式集群外部prometheus也能自动发现k8s集群服务
# 1.创建serviceaccounts
kubectl create sa prometheus -n default
# 2.创建prometheus角色并对其绑定cluster-admin
kubectl create clusterrolebinding prometheus --clusterrole cluster-admin --serviceaccountdefault:prometheus
# 3. 创建secret; k8s1.24之后默认不会为serveiceaccounts创建secret
kubectl apply -f - EOF
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:name: prometheus-tokennamespace: defaultannotations:kubernetes.io/service-account.name: prometheus
EOF
# 4. 测试访问kube-apiserver
APISERVER$(kubectl config view --minify -o jsonpath{.clusters[0].cluster.server})
TOKEN$(kubectl get secret prometheus-token -n default -o jsonpath{.data.token} | base64 --decode)
curl $APISERVER/api --header Authorization: Bearer $TOKEN --insecure
# 5. 保存token
echo $TOKEN k8s_token
# 6. 测试访问指标
# 访问pod性能资源指标访问kubelet
# 注意master1为当前master节点的hostname需要修改
curl $APISERVER/api/v1/nodes/master1:10250/proxy/metrics --header Authorization: Bearer $TOKEN --insecure三、集成Prometheus配置
vim prometheus.ymlscrape_configs:- job_name: k8s-cadvisorhonor_timestamps: truemetrics_path: /metricsscheme: httpskubernetes_sd_configs:- api_server: https://10.142.155.202:6443role: nodebearer_token_file: /prometheus/data/k8s_tokentls_config:insecure_skip_verify: truebearer_token_file: /prometheus/data/k8s_tokentls_config:insecure_skip_verify: truerelabel_configs:- action: labelmapregex: __meta_kubernetes_node_label_(.)- separator: ;regex: (.*)target_label: __address__replacement: 10.142.155.202:6443action: replace- source_labels: [__meta_kubernetes_node_name]separator: ;regex: (.)target_label: __metrics_path__replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisoraction: replace- job_name: kube-node-kubeletscheme: httpstls_config:insecure_skip_verify: truebearer_token_file: /prometheus/data/k8s_tokenkubernetes_sd_configs:- role: nodeapi_server: https://10.142.155.202:6443 // 修改为对应的k8s master的节点tls_config:insecure_skip_verify: truebearer_token_file: /prometheus/data/k8s_tokenrelabel_configs:- target_label: __address__replacement: 10.142.155.202:6443- source_labels: [__meta_kubernetes_node_name]regex: (.)target_label: __metrics_path__replacement: /api/v1/nodes/${1}:10250/proxy/metrics- action: labelmapregex: __meta_kubernetes_service_label_(.)- source_labels: [__meta_kubernetes_namespace]action: replacetarget_label: kubernetes_namespace- source_labels: [__meta_kubernetes_service_name]action: replacetarget_label: service_name注意bearer_token_file: /prometheus/data/k8s_token 这里的token为上面生成的token信息请根据目录进行配置即可 然后重启prometheus 如果是容器部署的prometheus需要考虑映射token可docker cp到/prometheus/data/ 即可 即可
docker restart prometheus3、进入prometheus界面查看相关指标 默认情况下 prometheus url http://IP:9090 4、集成grafana 导入grafana JSON ID, 747 4.1、导入node信息指标 load 即可 4.2、导入pod信息指标 JSON ID15760 大盘信息即可完全展示~
