kube-prometheus-stack 部署

已于 2023-05-08 16:39:42 修改
阅读量1.6k 收藏 5
点赞数 1
文章标签: kubernetes linux 运维
于 2022-11-07 10:18:48 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cl18707602767/article/details/127726056
版权

1. helm kube-prometheus-stack chart 下载

通过 helm 的方式,对 kube-prometheus-stack chart 服务的进行部署:

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm search repo  kube-prometheus-stack
helm pull prometheus/kube-prometheus-stack
tar xf kube-prometheus-stack-41.4.1.tgz && cd kube-prometheus-stack

2. 修改 values.yaml 文件

在部署 Prometheus 之前,已进行以下准备:

  • 创建了一个名为 nfs-client 的 storageclass
  • 在 ingress-nginx 的名称空间,部署 ingress
## 编辑 values.yaml,对以下配置进行调整
alertmanager:
  ingress:
    enabled: true
    ingressClassName: nginx
    hosts:
    - alertmanager.local
    paths:
    - /
  alertmanagerSpec:
    retention: 720h
    storage: 
      volumeClaimTemplate:
        spec:
          storageClassName: nfs-client
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 100Gi  	
---
grafana:
  adminPassword: 1qaz2wsx	
  ingress:
    enabled: true
    ingressClassName: nginx
	hosts: 
    - grafana.local
---
prometheus:
  ingress: 
    enabled: true
    ingressClassName: nginx
    hosts:
    - prometheus.local
	paths:
	- /
  prometheusSpes:
    retention: 360d
    storageSpec:
      volumeClaimTemplate:
        spec:
          storageClassName: nfs-client
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 300Gi    
## 修改镜像的地址
prometheusOperator:
  admissionWebhooks
    patch:
      image:
        repository: registry.aliyuncs.com/google_containers/kube-webhook-certgen
---		
## charts/grafana/values.yaml
persistence:
  enabled: true
  storageClassName: nfs-client
  size: 100Gi
## chart/kube-state-metrics/values.yaml
## 修改镜像的地址
image:
  repository: bitnami/kube-state-metrics
  tag: 2.6.0

3. 部署

## 将服务部署到 monitoring 名称空间
kubectl create ns monitoring
helm install promethues . -n monitoring
## 检查是否正常
kubectl get all -n monitoring
NAME                                                         READY   STATUS    RESTARTS        AGE
pod/alertmanager-prometheus-kube-prometheus-alertmanager-0   2/2     Running   1 (2m37s ago)   102s
pod/prometheus-grafana-7c466d88c5-tq9zh                      3/3     Running   0               17m
pod/prometheus-kube-prometheus-operator-67b84b5d9b-z7cws     1/1     Running   0               17m
pod/prometheus-kube-state-metrics-77d5757f57-chrnx           1/1     Running   0               17m
pod/prometheus-prometheus-kube-prometheus-prometheus-0       2/2     Running   0               17m
pod/prometheus-prometheus-node-exporter-gj6rr                1/1     Running   0               17m
pod/prometheus-prometheus-node-exporter-rkl6q                1/1     Running   0               17m

NAME                                              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
service/alertmanager-operated                     ClusterIP   None             <none>        9093/TCP,9094/TCP,9094/UDP   17m
service/prometheus-grafana                        ClusterIP   172.24.140.186   <none>        80/TCP                       17m
service/prometheus-kube-prometheus-alertmanager   ClusterIP   172.24.60.136    <none>        9093/TCP                     17m
service/prometheus-kube-prometheus-operator       ClusterIP   172.24.106.230   <none>        443/TCP                      17m
service/prometheus-kube-prometheus-prometheus     ClusterIP   172.24.114.84    <none>        9090/TCP                     17m
service/prometheus-kube-state-metrics             ClusterIP   172.24.250.206   <none>        8080/TCP                     17m
service/prometheus-operated                       ClusterIP   None             <none>        9090/TCP                     17m
service/prometheus-prometheus-node-exporter       ClusterIP   172.24.74.178    <none>        9100/TCP                     17m

NAME                                                 DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/prometheus-prometheus-node-exporter   2         2         2       2            2           <none>          17m

NAME                                                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/prometheus-grafana                    1/1     1            1           17m
deployment.apps/prometheus-kube-prometheus-operator   1/1     1            1           17m
deployment.apps/prometheus-kube-state-metrics         1/1     1            1           17m

NAME                                                             DESIRED   CURRENT   READY   AGE
replicaset.apps/prometheus-grafana-7c466d88c5                    1         1         1       17m
replicaset.apps/prometheus-kube-prometheus-operator-67b84b5d9b   1         1         1       17m
replicaset.apps/prometheus-kube-state-metrics-77d5757f57         1         1         1       17m

NAME                                                                    READY   AGE
statefulset.apps/alertmanager-prometheus-kube-prometheus-alertmanager   1/1     17m
statefulset.apps/prometheus-prometheus-kube-prometheus-prometheus       1/1     17m

报错处理:

报错1:**‘The CustomResourceDefinition “prometheuses.monitoring.coreos.com” is invalid: metadata.annotations: Too long: must have at most 262144 bytes’
处理**:cd ./kube-prometheus-stack/crds/ && kubectl create -f crd-prometheuses.yaml
报错2:‘failed calling webhook “prometheusrulemutate.monitoring.coreos.com”’
处理:应该是之前有装过不同版本的prometheus,在卸载后,相关 webhook 资源未完全删除。通过 kubectl get mutatingwebhookconfigurations 、 kubectl get validatingwebhookconfigurations 命令,查找报错的资源对象,删除即可:kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io prometheus-kube-prometheus-admission,最后再更新部署。

4. 配置调整

访问 prometheus.local 时,点击Status-> Targets 页面,会发现 Prometheus 并不能正常获取一些组件的 metrices。对于 Kubernetes 的组件,大多情况可以通过 HTTP/HTTPS 访问组件的 /metrics 端点来获取组件的metrics,对于一些默认情况下不暴露端点的组件,可以使用 --bind-address 标志进行启用。
在这里插入图片描述

把 prometheus.local/alertmanager.local/grafana.local 本地解析更新到 hosts 文件中

4.1 kube-controller-manager

  • 修改配置
    kube-controller-manager 组件暴露 metrics 的端口是 10257,当访问时测试时,会报 “curl: (7) Failed connect to 10.49.18.103:10257; Connection refused ”的错误。结合kube-controller-manager 官网说明,调整组件 bind-address 参数的配置:
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
  containers:
  - command:
    - kube-controller-manager
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    ### 修改
    #- --bind-address=127.0.0.1
    - --bind-address=0.0.0.0
    ...省略...

参考:https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/#options
–bind-address string Default: 0.0.0.0
The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank or an unspecified address (0.0.0.0 or :: ), all interfaces will be used.

  • 验证
lsof -i:10257
COMMAND     PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
kube-cont 13515 root    7u  IPv6 38954551      0t0  TCP *:10257 (LISTEN)
kube-cont 13515 root   34u  IPv6 38968508      0t0  TCP master01.pl.hpc:10257->node1:61771 (ESTABLISHED)

### 10257 是安全端口,接收的是 https 请求
curl https://10.49.18.103:10257/metrics --cacert /etc/kubernetes/pki/ca.crt --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt --key /etc/kubernetes/pki/apiserver-kubelet-client.key 
 sent to the audit backend.
# TYPE apiserver_audit_event_total counter
apiserver_audit_event_total 0
# HELP apiserver_audit_requests_rejected_total [ALPHA] Counter of apiserver requests rejected due to an error in audit logging backend.
# TYPE apiserver_audit_requests_rejected_total counter
apiserver_audit_requests_rejected_total 0
# HELP apiserver_client_certificate_expiration_seconds [ALPHA] Distribution of the remaining lifetime on the certificate used to authenticate a request.
# TYPE apiserver_client_certificate_expiration_seconds histogram
apiserver_client_certificate_expiration_seconds_bucket{le="0"} 0
apiserver_client_certificate_expiration_seconds_bucket{le="1800"} 0

...省略...

4.2 kube-proxy 组件

  • 修改配置
kubectl edit cm -n kube-system kube-proxy
...省略...
    kind: KubeProxyConfiguration
    ### 修改
    # metricsBindAddress: ""
    metricsBindAddress: 0.0.0.0:10249
    mode: ipvs
...省略...

备注:kube-proxy 配置是通过 configmap 的方式挂载到容器中,所以不要直接在 kube-proxy daemonset 中添加 metricBindAddress 参数,这种方式添加不会生效。

  • 验证
lsof -i:10249
COMMAND     PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
kube-prox 36749 root   13u  IPv6 39030529      0t0  TCP master01.pl.hpc:10249->node1:38685 (ESTABLISHED)
kube-prox 36749 root   14u  IPv6 39100619      0t0  TCP *:10249 (LISTEN)

curl 10.49.18.103:10249/metrics
# TYPE apiserver_audit_event_total counter
apiserver_audit_event_total 0
# HELP apiserver_audit_requests_rejected_total [ALPHA] Counter of apiserver requests rejected due to an error in
 audit logging backend.
# TYPE apiserver_audit_requests_rejected_total counter
apiserver_audit_requests_rejected_total 0
# HELP go_gc_cycles_automatic_gc_cycles_total Count of completed GC cycles generated by the Go runtime.
# TYPE go_gc_cycles_automatic_gc_cycles_total counter
go_gc_cycles_automatic_gc_cycles_total 13
# HELP go_gc_cycles_forced_gc_cycles_total Count of completed GC cycles forced by the application.
# TYPE go_gc_cycles_forced_gc_cycles_total counter
...省略...

参考:https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/
–metrics-bind-address ipport Default: 127.0.0.1:10249
The IP address with port for the metrics server to serve on (set to ‘0.0.0.0:10249’ for all IPv4 interfaces and ‘[::]:10249’ for all IPv6 interfaces). Set empty to disable. This parameter is ignored if a config file is specified by --config.

4.3 kube-scheduler 组件

  • 修改配置
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
...省略...
spec:
  containers:
  - command:
    - kube-controller-manager
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
   ### 修改 
   #- --bind-address=127.0.0.1
    - --bind-address=0.0.0.0
...省略...
  • 验证
lsof -i:10259
COMMAND     PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
kube-sche 24404 root    7u  IPv6 38957456      0t0  TCP *:10259 (LISTEN)
kube-sche 24404 root   10u  IPv6 39009914      0t0  TCP master01.pl.hpc:10259->node1:29900 (ESTABLISHED)
### 10259 是安全端口,接收的是 https 请求
curl https://10.49.18.103:10259/metrics --cacert /etc/kubernetes/pki/ca.crt --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt --key /etc/kubernetes/pki/apiserver-kubelet-client.key   --insecure
# TYPE apiserver_audit_event_total counter
apiserver_audit_event_total 0
# HELP apiserver_audit_requests_rejected_total [ALPHA] Counter of apiserver requests rejected due to an error in audit logging backend.
# TYPE apiserver_audit_requests_rejected_total counter
apiserver_audit_requests_rejected_total 0
# HELP apiserver_client_certificate_expiration_seconds [ALPHA] Distribution of the remaining lifetime on the certificate used to authenticate a request.
# TYPE apiserver_client_certificate_expiration_seconds histogram
apiserver_client_certificate_expiration_seconds_bucket{le="0"} 0
apiserver_client_certificate_expiration_seconds_bucket{le="1800"} 0
apiserver_client_certificate_expiration_seconds_bucket{le="3600"} 0
apiserver_client_certificate_expiration_seconds_bucket{le="7200"} 0
...省略...

参考:https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/
–bind-address string Default: 0.0.0.0
The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. If blank or an unspecified address (0.0.0.0 or :😃, all interfaces will be used.

4.4 etcd

vim /etc/kubernetes/manifests/etcd.yaml
... 省略...
spec:
  containers:
  - command:
    - etcd
    - --advertise-client-urls=https://10.49.18.103:2379
    - --cert-file=/etc/kubernetes/pki/etcd/server.crt
    - --client-cert-auth=true
    - --data-dir=/var/lib/etcd
    - --experimental-initial-corrupt-check=true
    - --initial-advertise-peer-urls=https://10.49.18.103:2380
    - --initial-cluster=master01=https://10.49.18.103:2380
    - --key-file=/etc/kubernetes/pki/etcd/server.key
    - --listen-client-urls=https://127.0.0.1:2379,https://10.49.18.103:2379
    ### 修改
    # - --listen-metrics-urls=http://127.0.0.1:2381
    - --listen-metrics-urls=http://0.0.0.0:2381
...省略...
  • 验证
 lsof -i:2381
COMMAND   PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
etcd    40671 root   14u  IPv6 42749738      0t0  TCP *:compaq-https (LISTEN)
etcd    40671 root   87u  IPv6 42863814      0t0  TCP master01.pl.hpc:compaq-https->node1:35348 (ESTABLISHED)
curl 10.49.18.103:2381/metrics
# TYPE etcd_cluster_version gauge
etcd_cluster_version{cluster_version="3.5"} 1
# HELP etcd_debugging_auth_revision The current revision of auth store.
# TYPE etcd_debugging_auth_revision gauge
etcd_debugging_auth_revision 1
# HELP etcd_debugging_disk_backend_commit_rebalance_duration_seconds The latency distributions of commit.rebalance called by bboltdb backend.
# TYPE etcd_debugging_disk_backend_commit_rebalance_duration_seconds histogram
etcd_debugging_disk_backend_commit_rebalance_duration_seconds_bucket{le="0.001"} 4126
etcd_debugging_disk_backend_commit_rebalance_duration_seconds_bucket{le="0.002"} 4126
...省略...

续:配置 Alertmanager 发送告警到钉钉机器人

cl18707602767
关注
kube-prometheus-stack部署prometheus全栈监控k8s
weixin_40548182的博客
05-26 572
添加源更新源成功输出查看有哪些charts安装解压代码包修改values.yaml配置邮件告警修改alertmanager service类型为NodePort修改prometheus service类型为NodePort安装更新配置说明:如果后期修改了values.yaml的内容,执行如下命令更新配置。
实战指南:使用 kube-prometheus-stack 监控 K3s 集群
Rancher
10-12 841
随着容器化应用的普及,Kubernetes 成为了管理和编排这些容器的首选平台。对于资源受限的生产环境和边缘部署来说,K3s 是一个理想的轻量级 Kubernetes 发行版;为了确保 K3s 集群的稳定性和性能,监控是至关重要的。本文将介绍如何通过 kube-prometheus-stack 来监控 K3s 集群的运行状态。
Kubernetes监控篇:基于kube-prometheus-stack部署监控告警系统(方案一)》
东城绝神
10-31 671
Kubernetes监控篇:基于kube-prometheus-stack部署监控告警系统(方案一)》
kube-prometheus-stack
最新发布
qq_35573061的博客
09-14 272
kube-prometheus-stack,里面集成有Prometheus,Grafana,Alertmanager、告警中心、各类exporter等。
Kubernetes】使用kube-prometheus-stack快速在k8s内搭建Prometheus全家桶
浩瀚宇宙的一粒尘埃
06-14 2498
最近因为需要做一些redis-cluster-operator的故障演练,新搭建了一个k8s集群,新的k8s集群需要搭建一套监控告警系统,对于Prometheus,之前自己在虚拟机上练过手,比较麻烦,需要先后安装Prometheus、Grafana、AlertManager,还需要修改各种配置,今天一想,现在都2202年了,肯定有更简单的方法,于是在社区找到了kube-prometheus-stack......
基于helm部署kube-prometheus stack全家桶
半生痴狂半生颠的博客
09-20 1308
背景说明:在日常使用原生k8s一般采用Prometheus进行监控,具体框架图如下仓库收集 Kubernetes 清单、Grafana 仪表板和 Prometheus 规则,结合相关文档和脚本,基于 Prometheus Operator 提供易于操作的端到端 Kubernetes 集群监控。此项目基于 jsonnet 编写,既可以被描述为一个包,也可以被描述为一个库。这里的版本比较低,故我们这里选择对应的事release-0.4的版本。
Kube-Prometheus 部署
qq_43164571的博客
05-16 6292
一、概述 kube-prometheus 是一整套监控解决方案,它使用 Prometheus 采集集群指标,Grafana 做展示,包含如下组件: The Prometheus Operator Highly available Prometheus Highly available Alertmanager Prometheus node-exporter Prometheus Adapter for Kubernetes Metrics APIs (k8s-prometheus-adapter) ku
kube-prometheus部署
Student_xx的博客
05-21 1976
其中最重要的是上面 labels 和 selector 部分,labels 区域的配置必须和我们上面的 ServiceMonitor 对象中的 selector 保持一致,selector 下面配置的是。这两个标签,而前面这个标签具有更唯一的特性,所以使用前面这个标签较好,这样上面创建的 Service 就可以和这个 Pod 进行关联了。,更改后 kube-scheduler 会自动重启,重启完成后再去查看 Prometheus 上面的采集目标就正常了。2、对kube-Scheduler的监控。
基于kube-prometheus-stack部署监控K8S告警系统资源合集
11-08
本资源合集将详细介绍如何基于 `kube-prometheus-stack` 部署一套监控告警系统。 首先,`kube-prometheus-stack` 是一个由社区维护的 Helm 图表,用于快速搭建符合 Prometheus 社区最佳实践的 Kubernetes 监控堆栈...
kube-prometheus-v0.13.0镜像资源包
07-05
部署kube-prometheus-v0.13.0所需镜像资源包,使用以下方式导入 ctr -n k8s.io image import kube-prometheus-v0.13.0-images.tar
k3s-monitoring:快速入门指南,可通过Prometheus Operator和kube-prometheus-stack Helm Chart在k3s集群上获得完整的监视和警报堆栈并运行
02-04
总结来说,K3s-monitoring是一个实用的快速入门方案,它利用Prometheus Operator和kube-prometheus-stack简化了在K3s上的监控部署。通过这个系统,你可以对Kubernetes集群的健康状态、资源利用率以及应用性能有深入...
kube-prometheus部署(无坑版)
slc09的博客
08-29 2919
在我看来,部署kube-prometheus最大的问题就在于镜像的拉取,如果你们存在镜像拉取的问题,可以单独私信我或者在文章下留言,如果需要的人多,我可以将所需要的镜像文件打包分享出来,因为不知道需求,而且打包有些耗费时间,所以在此就没有做了。按照给出的镜像文件,在node节点将所有的镜像通过docker pull的形式导入,在master节点只需要拉取node-exporter的镜像即可,以上镜像经过本人测试,是都可以通过docker pull拉取成功的。
k8s入门:kube-prometheus-stack 全家桶搭建(Grafana + Prometheus
热门推荐
不懂一休
07-01 1万+
第一章:✨ k8s入门:裸机部署 k8s 集群 第二章:✨ k8s入门:部署应用到 k8s 集群 第三章:✨ k8s入门:service 简单使用 第四章:✨ k8s入门:StatefulSet 简单使用 第五章:✨ k8s入门:存储(storage) 第六章:✨ K8S 配置 storageclass 使用 nfs 动态申领本地磁盘空间 第七章:✨ k8s入门:配置 ConfigMap & Secret 第八章:✨ k8s入门:k8s入门:Helm 构建 MySQL 第九章:✨ k8s入门:kuberne
使用Kube-prometheus部署Prometheus (K8S)
Shyllin的博客
11-03 700
使用Kube-prometheus部署Prometheus (K8S)
运维开发实践 - Kubernetes - 部署Prometheus
Yuan_xii的博客
11-08 990
prometheus部署
kubernetes部署Prometheus
weixin_67405599的博客
11-03 842
k8s中运行Prometheus
kubernetes部署prometheus
认知 行动 坚持
06-22 2099
Prometheus是一款由SoundCloud开发的开源监控系统,它提供了实时监测和报警功能。使用kubernetes部署prometheus服务,prometheus数据持久化到NFS。亲测可用。
helm安装kube-Prometheus
06-05
helm是Kubernetes的包管理工具,而kube-Prometheus是一套开源的Prometheus Operator操作手册,用于在Kubernetes集群中管理和监控Prometheus实例。下面是helm安装kube-Prometheus的步骤: 1. 首先,您需要安装helm。可以在https://helm.sh/docs/intro/install/找到helm的安装指南。 2. 添加kube-Prometheus的helm chart存储库。在终端中运行以下命令: ``` $ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts $ helm repo update ``` 3. 创建一个名为"kube-prometheus"的新命名空间: ``` $ kubectl create namespace kube-prometheus ``` 4. 使用helm安装kube-Prometheus chart。以下是安装命令: ``` $ helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --namespace kube-prometheus --version 17.0.1 ``` 这将在"kube-prometheus"命名空间中安装kube-Prometheus
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值