8. Prometheus-配置

最新推荐文章于 2024-03-12 11:21:22 发布

firehive

最新推荐文章于 2024-03-12 11:21:22 发布

阅读量1.5k

点赞数

分类专栏： Prometheus

本文链接：https://blog.csdn.net/firehive/article/details/103580839

版权

Prometheus 专栏收录该内容

19 篇文章

订阅专栏

本文档详细介绍了Prometheus的配置文件，包括TLS配置、Azure、Consul、DNS、EC2、OpenStack、GCE、Marathon等多种服务发现配置，以及静态配置、重新标记规则、警报管理器配置等，旨在帮助用户理解如何配置Prometheus以动态或静态方式发现和管理监控目标。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Prometheus通过命令行标志和配置文件进行配置。尽管命令行标志配置了不可变的系统参数（例如存储位置，要保留在磁盘和内存中的数据量等），但配置文件定义了与抓取job及其实例相关的所有内容，以及加载规则文件。

要查看所有可用的命令行标志，请运行./prometheus -h。

Prometheus可以在运行时重新加载其配置。如果新配置格式不正确，则更改将不会应用。通过向Prometheus进程发送SIGHUP或向/-/reload端点发送HTTP POST请求（当启用了--web.enable-lifecycle标志时）来触发配置重载。这还将重新加载所有已配置的规则文件。

配置文件

要指定要加载的配置文件，请使用--config.file标志。

该文件以YAML格式写入，由以下描述的格式定义。方括号表示参数是可选的。对于非列表参数，该值设置为指定的默认值。

通用占位符定义如下：

<boolean>：布尔值，可以采用true或false值
<duration>：与正则表达式 [0-9]+(ms|[smhdwy])匹配的持续时间
<labelname>：与正则表达式 [a-zA-Z_][a-zA-Z0-9_]*匹配的字符串
<labelvalue>：一串unicode字符
<filename>：当前工作目录中的有效路径
<host>：由主机名或IP后跟可选端口号组成的有效字符串
<path>：有效的URL路径
<scheme>：一个字符串，可以使用值http或https
<string>：常规字符串
<secret>：作为机密的常规字符串，例如密码
<tmpl_string>：使用前已模板扩展的字符串

其他占位符分别指定。

在这里可以找到有效的示例文件。

全局配置指定在所有其他配置上下文中有效的参数。它们还用作其他配置部分的默认设置。

global:
  # How frequently to scrape targets by default.
  [ scrape_interval: <duration> | default = 1m ]

  # How long until a scrape request times out.
  [ scrape_timeout: <duration> | default = 10s ]

  # How frequently to evaluate rules.
  [ evaluation_interval: <duration> | default = 1m ]

  # The labels to add to any time series or alerts when communicating with
  # external systems (federation, remote storage, Alertmanager).
  external_labels:
    [ <labelname>: <labelvalue> ... ]

# Rule files specifies a list of globs. Rules and alerts are read from
# all matching files.
rule_files:
  [ - <filepath_glob> ... ]

# A list of scrape configurations.
scrape_configs:
  [ - <scrape_config> ... ]

# Alerting specifies settings related to the Alertmanager.
alerting:
  alert_relabel_configs:
    [ - <relabel_config> ... ]
  alertmanagers:
    [ - <alertmanager_config> ... ]

# Settings related to the remote write feature.
remote_write:
  [ - <remote_write> ... ]

# Settings related to the remote read feature.
remote_read:
  [ - <remote_read> ... ]

`<scrape_config>`

scrape_config部分指定了一组目标和参数，这些目标和参数描述了如何抓取它们。在一般情况下，一个抓取配置指定一个job。在高级配置中，这可能会改变。

可以通过static_configs参数静态配置目标，也可以使用受支持的服务发现机制之一动态发现目标。

此外，relabel_configs允许在抓取之前对任何目标及其标签进行高级修改。

# The job name assigned to scraped metrics by default.
job_name: <job_name>

# How frequently to scrape targets from this job.
[ scrape_interval: <duration> | default = <global_config.scrape_interval> ]

# Per-scrape timeout when scraping this job.
[ scrape_timeout: <duration> | default = <global_config.scrape_timeout> ]

# The HTTP resource path on which to fetch metrics from targets.
[ metrics_path: <path> | default = /metrics ]

# honor_labels controls how Prometheus handles conflicts between labels that are
# already present in scraped data and labels that Prometheus would attach
# server-side ("job" and "instance" labels, manually configured target
# labels, and labels generated by service discovery implementations).
#
# If honor_labels is set to "true", label conflicts are resolved by keeping label
# values from the scraped data and ignoring the conflicting server-side labels.
#
# If honor_labels is set to "false", label conflicts are resolved by renaming
# conflicting labels in the scraped data to "exported_<original-label>" (for
# example "exported_instance", "exported_job") and then attaching server-side
# labels.
#
# Setting honor_labels to "true" is useful for use cases such as federation and
# scraping the Pushgateway, where all labels specified in the target should be
# preserved.
#
# Note that any globally configured "external_labels" are unaffected by this
# setting. In communication with external systems, they are always applied only
# when a time series does not have a given label yet and are ignored otherwise.
[ honor_labels: <boolean> | default = false ]

# honor_timestamps controls whether Prometheus respects the timestamps present
# in scraped data.
#
# If honor_timestamps is set to "true", the timestamps of the metrics exposed
# by the target will be used.
#
# If honor_timestamps is set to "false", the timestamps of the metrics exposed
# by the target will be ignored.
[ honor_timestamps: <boolean> | default = true ]

# Configures the protocol scheme used for requests.
[ scheme: <scheme> | default = http ]

# Optional HTTP URL parameters.
params:
  [ <string>: [<string>, ...] ]

# Sets the `Authorization` header on every scrape request with the
# configured username and password.
# password and password_file are mutually exclusive.
basic_auth:
  [ username: <string> ]
  [ password: <secret> ]
  [ password_file: <string> ]

# Sets the `Authorization` header on every scrape request with
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <secret> ]

# Sets the `Authorization` header on every scrape request with the bearer token
# read from the configured file. It is mutually exclusive with `bearer_token`.
[ bearer_token_file: /path/to/bearer/token/file ]

# Configures the scrape request's TLS settings.
tls_config:
  [ <tls_config> ]

# Optional proxy URL.
[ proxy_url: <string> ]

# List of Azure service discovery configurations.
azure_sd_configs:
  [ - <azure_sd_config> ... ]

# List of Consul service discovery configurations.
consul_sd_configs:
  [ - <consul_sd_config> ... ]

# List of DNS service discovery configurations.
dns_sd_configs:
  [ - <dns_sd_config> ... ]

# List of EC2 service discovery configurations.
ec2_sd_configs:
  [ - <ec2_sd_config> ... ]

# List of OpenStack service discovery configurations.
openstack_sd_configs:
  [ - <openstack_sd_config> ... ]

# List of file service discovery configurations.
file_sd_configs:
  [ - <file_sd_config> ... ]

# List of GCE service discovery configurations.
gce_sd_configs:
  [ - <gce_sd_config> ... ]

# List of Kubernetes service discovery configurations.
kubernetes_sd_configs:
  [ - <kubernetes_sd_config> ... ]

# List of Marathon service discovery configurations.
marathon_sd_configs:
  [ - <marathon_sd_config> ... ]

# List of AirBnB's Nerve service discovery configurations.
nerve_sd_configs:
  [ - <nerve_sd_config> ... ]

# List of Zookeeper Serverset service discovery configurations.
serverset_sd_configs:
  [ - <serverset_sd_config> ... ]

# List of Triton service discovery configurations.
triton_sd_configs:
  [ - <triton_sd_config> ... ]

# List of labeled statically configured targets for this job.
static_configs:
  [ - <static_config> ... ]

# List of target relabel configurations.
relabel_configs:
  [ - <relabel_config> ... ]

# List of metric relabel configurations.
metric_relabel_configs:
  [ - <relabel_config> ... ]

# Per-scrape limit on number of scraped samples that will be accepted.
# If more than this number of samples are present after metric relabelling
# the entire scrape will be treated as failed. 0 means no limit.
[ sample_limit: <int> | default = 0 ]

其中，<job_name>在所有抓取配置中必须是唯一的。

<tls_config>

tls_config允许配置TLS连接。

# CA certificate to validate API server certificate with.
[ ca_file: <filename> ]

# Certificate and key files for client cert authentication to the server.
[ cert_file: <filename> ]
[ key_file: <filename> ]

# ServerName extension to indicate the name of the server.
# https://tools.ietf.org/html/rfc4366#section-3.1
[ server_name: <string> ]

# Disable validation of the server certificate.
[ insecure_skip_verify: <boolean> ]

<azure_sd_config>

Azure SD配置允许从Azure VM检索抓取目标。

重新标记期间，以下meta标签可用于目标：

__meta_azure_machine_id：机器ID
__meta_azure_machine_location：机器运行所在的位置
__meta_azure_machine_name：机器名称
__meta_azure_machine_os_type：机器操作系统
__meta_azure_machine_private_ip：计算机的专用IP
__meta_azure_machine_public_ip：计算机的公用IP（如果存在）
__meta_azure_machine_resource_group：计算机的资源组
__meta_azure_machine_tag_ <标签名>：计算机的每个标签值
__meta_azure_machine_scale_set：虚拟机所属的比例集的名称（仅当您使用比例集时才设置此值）
__meta_azure_subscription_id：订阅ID
__meta_azure_tenant_id：租户ID

请参阅以下有关Azure发现的配置选项：

# The information to access the Azure API.
# The Azure environment.
[ environment: <string> | default = AzurePublicCloud ]

# The authentication method, either OAuth or ManagedIdentity.
# See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
[ authentication_method: <string> | default = OAuth]
# The subscription ID. Always required.
subscription_id: <string>
# Optional tenant ID. Only required with authentication_method OAuth.
[ tenant_id: <string> ]
# Optional client ID. Only required with authentication_method OAuth.
[ client_id: <string> ]
# Optional client secret. Only required with authentication_method OAuth.
[ client_secret: <secret> ]

# Refresh interval to re-read the instance list.
[ refresh_interval: <duration> | default = 300s ]

# The port to scrape metrics from. If using the public IP address, this must
# instead be specified in the relabeling rule.
[ port: <int> | default = 80 ]

<consul_sd_config>

Consul SD配置允许从Consul的Catalog API检索抓取目标。

重新标记期间，以下meta标签可用于目标：

__meta_consul_address：目标地址
__meta_consul_dc：目标的数据中心名称
__meta_consul_tagged_address_ <key>：每个节点标记的目标地址的键值
__meta_consul_metadata_ <key>：目标的每个节点元数据键值
__meta_consul_node：为目标定义的节点名称
__meta_consul_service_address：目标服务器的服务地址
__meta_consul_service_id：目标的服务ID
__meta_consul_service_metadata_ <key>：目标的每个服务元数据键值
__meta_consul_service_port：目标服务器的服务端口

__meta_consul_service：目标所属的服务的名称
__meta_consul_tags：由标签分隔符连接的目标的标签列表

# The information to access the Consul API. It is to be defined
# as the Consul documentation requires.
[ server: <host> | default = "localhost:8500" ]
[ token: <secret> ]
[ datacenter: <string> ]
[ scheme: <string> | default = "http" ]
[ username: <string> ]
[ password: <secret> ]

tls_config:
  [ <tls_config> ]

# A list of services for which targets are retrieved. If omitted, all services
# are scraped.
services:
  [ - <string> ]

# See https://www.consul.io/api/catalog.html#list-nodes-for-service to know more
# about the possible filters that can be used.

# An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
tags:
  [ - <string> ]

# Node metadata used to filter nodes for a given service.
[ node_meta:
  [ <name>: <value> ... ] ]

# The string by which Consul tags are joined into the tag label.
[ tag_separator: <string> | default = , ]

# Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.
[ allow_stale: <bool> ]

# The time after which the provided names are refreshed.
# On large setup it might be a good idea to increase this value because the catalog will change all the time.
[ refresh_interval: <duration> | default = 30s ]

请注意，用于抓取目标的IP地址和端口被组装为 <__meta_consul_address>:<__meta_consul_service_port>>。但是，在某些Consul设置中，相关地址在 __meta_consul_service_address中。在这种情况下，您可以使用重新标记功能来替换特殊的 __address__ 标签。

重新标记阶段是基于任意标签为服务筛选服务或节点的首选且功能更强大的方法。对于拥有数千项服务的用户，直接使用Consul API可能会更高效，该API具有基本的过滤节点支持（当前通过节点元数据和单个标签）。

<dns_sd_config>

基于DNS的服务发现配置允许指定一组DNS域名，这些域名会定期查询以发现目标列表。从/etc/resolv.conf中读取要联系的DNS服务器。

此服务发现方法仅支持基本DNS A，AAAA和SRV记录查询，但不支持RFC6763中指定的高级DNS-SD方法。

在重新标记阶段，元标记 __meta_dns_name 在每个目标上均可用，并设置为产生发现的目标的记录名称。

# A list of DNS domain names to be queried.
names:
  [ - <domain_name> ]

# The type of DNS query to perform.
[ type: <query_type> | default = 'SRV' ]

# The port number used if the query type is not SRV.
[ port: <number>]

# The time after which the provided names are refreshed.
[ refresh_interval: <duration> | default = 30s ]

其中<domain_name>是有效的DNS域名。其中<query_type>是SRV，A或AAAA。

<ec2_sd_config>

EC2 SD配置允许从AWS EC2实例检索抓取目标。默认情况下使用私有IP地址，但可以通过重新标记将其更改为公共IP地址。

重新标记期间，以下meta标签可用于目标：

__meta_ec2_availability_zone：实例在其中运行的可用性区域
__meta_ec2_instance_id：EC2实例ID
__meta_ec2_instance_state：EC2实例的状态
__meta_ec2_instance_type：EC2实例的类型
__meta_ec2_owner_id：拥有EC2实例的AWS账户的ID
__meta_ec2_platform：操作系统平台，在Windows服务器上设置为“ windows”，否则不存在
__meta_ec2_primary_subnet_id：主网络接口的子网ID（如果有）
__meta_ec2_private_dns_name：实例的私有DNS名称（如果有）
__meta_ec2_private_ip：实例的私有IP地址（如果存在）

__meta_ec2_public_dns_name：实例的公共DNS名称（如果有）
__meta_ec2_public_ip：实例的公共IP地址（如果有）
__meta_ec2_subnet_id：用逗号分隔的实例在其中运行的子网ID列表（如果有）
__meta_ec2_tag_ <tagkey>：实例的每个标签值

__meta_ec2_vpc_id：实例在其中运行的VPC的ID（如果有）

请参阅以下有关EC2发现的配置选项：

# The information to access the EC2 API.

# The AWS region. If blank, the region from the instance metadata is used.
[ region: <string> ]

# Custom endpoint to be used.
[ endpoint: <string> ]

# The AWS API keys. If blank, the environment variables `AWS_ACCESS_KEY_ID`
# and `AWS_SECRET_ACCESS_KEY` are used.
[ access_key: <string> ]
[ secret_key: <secret> ]
# Named AWS profile used to connect to the API.
[ profile: <string> ]

# AWS Role ARN, an alternative to using AWS API keys.
[ role_arn: <string> ]

# Refresh interval to re-read the instance list.
[ refresh_interval: <duration> | default = 60s ]

# The port to scrape metrics from. If using the public IP address, this must
# instead be specified in the relabeling rule.
[ port: <int> | default = 80 ]

# Filters can be used optionally to filter the instance list by other criteria.
# Available filter criteria can be found here:
# https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
# Filter API documentation: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Filter.html
filters:
  [ - name: <string>
      values: <string>, [...] ]

重新标记阶段是基于任意标签过滤目标的首选且功能更强大的方法。对于具有数千个实例的用户，直接使用支持过滤实例的EC2 API可能会更有效。

<openstack_sd_config>
OpenStack SD配置允许从OpenStack Nova实例检索抓取目标。

可以配置以下<openstack_role>类型之一来发现目标：

管理程序
系统管理程序角色为每个Nova系统管理程序节点发现一个目标。目标地址默认为虚拟机管理程序的host_ip属性。

重新标记期间，以下meta标签可用于目标：

__meta_openstack_hypervisor_host_ip：虚拟机监控程序节点的IP地址。
__meta_openstack_hypervisor_name：虚拟机监控程序节点的名称。
__meta_openstack_hypervisor_state：虚拟机监控程序节点的状态。
__meta_openstack_hypervisor_status：虚拟机监控程序节点的状态。
__meta_openstack_hypervisor_type：虚拟机监控程序节点的类型。
实例
实例角色为Nova实例的每个网络接口发现一个目标。目标地址默认为网络接口的专用IP地址。

重新标记期间，以下meta标签可用于目标：

__meta_openstack_address_pool：专用IP的池。
__meta_openstack_instance_flavor：OpenStack实例的风格。
__meta_openstack_instance_id：OpenStack实例ID。
__meta_openstack_instance_name：OpenStack实例名称。
__meta_openstack_instance_status：OpenStack实例的状态。
__meta_openstack_private_ip：OpenStack实例的私有IP。
__meta_openstack_project_id：拥有该实例的项目（租户）。
__meta_openstack_public_ip：OpenStack实例的公共IP。
__meta_openstack_tag_ <标签键>：实例的每个标签值。
__meta_openstack_user_id：拥有租户的用户帐户。
请参阅以下有关OpenStack发现的配置选项：

# The information to access the OpenStack API.

# The OpenStack role of entities that should be discovered.
role: <openstack_role>

# The OpenStack Region.
region: <string>

# identity_endpoint specifies the HTTP endpoint that is required to work with
# the Identity API of the appropriate version. While it's ultimately needed by
# all of the identity services, it will often be populated by a provider-level
# function.
[ identity_endpoint: <string> ]

# username is required if using Identity V2 API. Consult with your provider's
# control panel to discover your account's username. In Identity V3, either
# userid or a combination of username and domain_id or domain_name are needed.
[ username: <string> ]
[ userid: <string> ]

# password for the Identity V2 and V3 APIs. Consult with your provider's
# control panel to discover your account's preferred method of authentication.
[ password: <secret> ]

# At most one of domain_id and domain_name must be provided if using username
# with Identity V3. Otherwise, either are optional.
[ domain_name: <string> ]
[ domain_id: <string> ]

# The project_id and project_name fields are optional for the Identity V2 API.
# Some providers allow you to specify a project_name instead of the project_id.
# Some require both. Your provider's authentication policies will determine
# how these fields influence authentication.
[ project_name: <string> ]
[ project_id: <string> ]

# The application_credential_id or application_credential_name fields are
# required if using an application credential to authenticate. Some providers
# allow you to create an application credential to authenticate rather than a
# password.
[ application_credential_name: <string> ]
[ application_credential_id: <string> ]

# The application_credential_secret field is required if using an application
# credential to authenticate.
[ application_credential_secret: <secret> ]

# Whether the service discovery should list all instances for all projects.
# It is only relevant for the 'instance' role and usually requires admin permissions.
[ all_tenants: <boolean> | default: false ]

# Refresh interval to re-read the instance list.
[ refresh_interval: <duration> | default = 60s ]

# The port to scrape metrics from. If using the public IP address, this must
# instead be specified in the relabeling rule.
[ port: <int> | default = 80 ]

# TLS configuration.
tls_config:
  [ <tls_config> ]

<file_sd_config>
基于文件的服务发现提供了一种配置静态目标的更通用的方法，并用作插入自定义服务发现机制的接口。

它读取一组包含零个或多个<static_config>的列表的文件。对所有已定义文件的更改将通过磁盘监视来检测并立即应用。文件可以以YAML或JSON格式提供。仅应用导致形成良好目标组的更改。

JSON文件必须包含使用以下格式的静态配置列表：

[
  {
    "targets": [ "<host>", ... ],
    "labels": {
      "<labelname>": "<labelvalue>", ...
    }
  },
  ...
]

作为备用，文件内容也将以指定的刷新间隔定期重新读取。

在重新标记阶段，每个目标都有一个元标记__meta_filepath。它的值设置为从中提取目标的文件路径。

有与此发现机制集成的列表。

# Patterns for files from which target groups are extracted.
files:
  [ - <filename_pattern> ... ]

# Refresh interval to re-read the files.
[ refresh_interval: <duration> | default = 5m ]

其中<filename_pattern>可能是以.json，.yml或.yaml结尾的路径。最后的路径段可能包含与任何字符序列匹配的单个*，例如 my/path/tg_*.json

<gce_sd_config>

GCE SD配置允许从GCP GCE实例中检索抓取目标。默认情况下使用私有IP地址，但可以通过重新标记将其更改为公共IP地址。

重新标记期间，以下meta标签可用于目标：

__meta_gce_instance_id：实例的数字ID
__meta_gce_instance_name：实例的名称
__meta_gce_label_ <name>：实例的每个GCE标签
__meta_gce_machine_type：实例机器类型的完整或部分URL
__meta_gce_metadata_ <名称>：实例的每个元数据项
__meta_gce_network：实例的网络URL
__meta_gce_private_ip：实例的私有IP地址
__meta_gce_project：实例在其中运行的GCP项目
__meta_gce_public_ip：实例的公共IP地址（如果存在）
__meta_gce_subnetwork：实例的子网URL
__meta_gce_tags：逗号分隔的实例标签列表
__meta_gce_zone：实例在其中运行的GCE区域URL
请参阅以下有关GCE发现的配置选项：

# The information to access the GCE API.

# The GCP Project
project: <string>

# The zone of the scrape targets. If you need multiple zones use multiple
# gce_sd_configs.
zone: <string>

# Filter can be used optionally to filter the instance list by other criteria
# Syntax of this filter string is described here in the filter query parameter section:
# https://cloud.google.com/compute/docs/reference/latest/instances/list
[ filter: <string> ]

# Refresh interval to re-read the instance list
[ refresh_interval: <duration> | default = 60s ]

# The port to scrape metrics from. If using the public IP address, this must
# instead be specified in the relabeling rule.
[ port: <int> | default = 80 ]

# The tag separator is used to separate the tags on concatenation
[ tag_separator: <string> | default = , ]

Google Cloud SDK默认客户端通过在以下位置查找（首选找到的第一个位置）来发现凭据：

GOOGLE_APPLICATION_CREDENTIALS 环境变量指定的JSON文件众所周知的路径$HOME/.config/gcloud/application_default_credentials.json中的JSON文件从GCE元数据服务器获取如果Prometheus在GCE中运行，则与其运行实例相关联的服务帐户应至少具有对计算资源的只读权限。如果在GCE之外运行，请确保创建适当的服务帐户，并将凭据文件放在预期的位置之一。

`<kubernetes_sd_config>`

Kubernetes SD配置允许从Kubernetes的REST API检索抓取目标，并始终与集群状态保持同步。

可以将以下角色类型之一配置为发现目标：

node 节点角色为每个群集节点发现一个目标，其地址默认为Kubelet的HTTP端口。目标地址默认为Kubernetes节点对象的第一个现有地址，按照NodeInternalIP，NodeExternalIP，NodeLegacyHostIP和NodeHostName的地址类型顺序。

可用的元标签：

__meta_kubernetes_node_name：节点对象的名称。 __meta_kubernetes_node_label_ <labelname>：节点对象中的每个标签。 __meta_kubernetes_node_labelpresent_ <labelname>：对于来自节点对象的每个标签，为true。 __meta_kubernetes_node_annotation_ <annotationname>：来自节点对象的每个注释。 __meta_kubernetes_node_annotationpresent_ <annotationname>：对于来自节点对象的每个注释为true。 __meta_kubernetes_node_address_ <地址类型>：每个节点地址类型的第一个地址（如果存在）。此外，该节点的实例标签将设置为从API服务器检索到的节点名称。

service 服务角色发现每个服务的每个服务端口的目标。这通常用于监视服务的黑盒。该地址将设置为服务的Kubernetes DNS名称以及相应的服务端口。

可用的元标签：

__meta_kubernetes_namespace：服务对象的名称空间。 __meta_kubernetes_service_annotation_ <annotationname>：服务对象中的每个注释。 __meta_kubernetes_service_annotationpresent_ <annotationname>：对于服务对象的每个注释为“ true”。 __meta_kubernetes_service_cluster_ip：服务的群集IP地址。（不适用于外部名称类型的服务） __meta_kubernetes_service_external_name：服务的DNS名称。（适用于外部名称类型的服务） __meta_kubernetes_service_label_ <labelname>：服务对象中的每个标签。 __meta_kubernetes_service_labelpresent_ <labelname>：对于服务对象的每个标签为true。 __meta_kubernetes_service_name：服务对象的名称。 __meta_kubernetes_service_port_name：目标的服务端口的名称。 __meta_kubernetes_service_port_protocol：目标服务端口的协议。

pod 容器角色发现所有容器并将其容器公开为目标。对于容器的每个声明的端口，将生成一个目标。如果容器没有指定的端口，则会为每个容器创建无端口目标，以通过重新标记手动添加端口。

可用的元标签：

__meta_kubernetes_namespace：容器对象的名称空间。 __meta_kubernetes_pod_name：pod对象的名称。 __meta_kubernetes_pod_ip：容器对象的容器IP。 __meta_kubernetes_pod_label_ <labelname>：pod对象中的每个标签。 __meta_kubernetes_pod_labelpresent_ <labelname>：对于来自pod对象的每个标签，为true。 __meta_kubernetes_pod_annotation_ <annotationname>：pod对象中的每个注释。 __meta_kubernetes_pod_annotationpresent_ <annotationname>：对于来自pod对象的每个注释为true。 __meta_kubernetes_pod_container_init：如果容器是InitContainer，则为true __meta_kubernetes_pod_container_name：目标地址指向的容器的名称。 __meta_kubernetes_pod_container_port_name：容器端口的名称。 __meta_kubernetes_pod_container_port_number：容器端口号。 __meta_kubernetes_pod_container_port_protocol：容器端口的协议。 __meta_kubernetes_pod_ready：设置Pod的就绪状态为true或false。 __meta_kubernetes_pod_phase：在生命周期中设置为“挂起”，“运行”，“成功”，“失败”或“未知”。 __meta_kubernetes_pod_node_name：pod计划在其上的节点的名称。 __meta_kubernetes_pod_host_ip：pod对象的当前主机IP。 __meta_kubernetes_pod_uid：容器对象的UID。 __meta_kubernetes_pod_controller_kind：pod控制器的对象类型。 __meta_kubernetes_pod_controller_name：Pod控制器的名称。

endpoints 端点角色从列出的服务端点中发现目标。对于每个端点地址，每个端口都发现一个目标。如果端点由Pod支持，则该Pod的所有其他未绑定到端点端口的容器端口也将被发现为目标。

可用的元标签：

__meta_kubernetes_namespace：端点对象的名称空间。 __meta_kubernetes_endpoints_name：端点对象的名称。对于直接从端点列表中发现的所有目标（未从基础容器额外推断出的所有目标），将附加以下标签： __meta_kubernetes_endpoint_hostname：端点的主机名。 __meta_kubernetes_endpoint_node_name：承载端点的节点的名称。 __meta_kubernetes_endpoint_ready：为端点的就绪状态设置为true或false。 __meta_kubernetes_endpoint_port_name：端点端口的名称。 __meta_kubernetes_endpoint_port_protocol：端点端口的协议。 __meta_kubernetes_endpoint_address_target_kind：端点地址目标的种类。 __meta_kubernetes_endpoint_address_target_name：端点地址目标的名称。如果端点属于服务，则会附加角色：服务发现的所有标签。对于由容器支持的所有目标，将附加角色的所有标签：容器发现。

ingress 入口角色发现每个入口的每个路径的目标。这通常对黑盒监视入口很有用。该地址将设置为入口规范中指定的主机。

可用的元标签：

__meta_kubernetes_namespace：入口对象的名称空间。 __meta_kubernetes_ingress_name：入口对象的名称。 __meta_kubernetes_ingress_label_ <labelname>：入口对象中的每个标签。 __meta_kubernetes_ingress_labelpresent_ <labelname>：对于来自入口对象的每个标签，为true。 __meta_kubernetes_ingress_annotation_ <annotationname>：来自入口对象的每个注释。 __meta_kubernetes_ingress_annotationpresent_ <annotationname>：对于来自入口对象的每个注释为true。 __meta_kubernetes_ingress_scheme：入口协议方案，如果设置了TLS配置，则为https。默认为http。 __meta_kubernetes_ingress_path：入口规范的路径。默认为/。请参阅以下有关Kubernetes发现的配置选项：

# The information to access the Kubernetes API.

# The API server addresses. If left empty, Prometheus is assumed to run inside
# of the cluster and will discover API servers automatically and use the pod's
# CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
[ api_server: <host> ]

# The Kubernetes role of entities that should be discovered.
role: <role>

# Optional authentication information used to authenticate to the API server.
# Note that `basic_auth`, `bearer_token` and `bearer_token_file` options are
# mutually exclusive.
# password and password_file are mutually exclusive.

# Optional HTTP basic authentication information.
basic_auth:
  [ username: <string> ]
  [ password: <secret> ]
  [ password_file: <string> ]

# Optional bearer token authentication information.
[ bearer_token: <secret> ]

# Optional bearer token file authentication information.
[ bearer_token_file: <filename> ]

# Optional proxy URL.
[ proxy_url: <string> ]

# TLS configuration.
tls_config:
  [ <tls_config> ]

# Optional namespace discovery. If omitted, all namespaces are used.
namespaces:
  names:
    [ - <string> ]

其中<role> 必须是 endpoints, service, pod, node, ingress.其中之一

有关为Kubernetes配置Prometheus的详细示例，请参见此示例Prometheus配置文件。

您可能希望查看第三方Prometheus Operator，它可以自动在Kubernetes上设置Prometheus。

<marathon_sd_config>

Marathon SD配置允许使用Marathon REST API检索抓取目标。 Prometheus将定期检查REST端点是否有当前正在运行的任务，并为每个至少具有一个正常任务的应用程序创建目标组。

重新标记期间，以下meta标签可用于目标：

__meta_marathon_app：应用程序的名称（用斜杠代替破折号）
__meta_marathon_image：使用的Docker映像的名称（如果可用）
__meta_marathon_task：Mesos任务的ID
__meta_marathon_app_label_ <labelname>：附加到应用程序的所有Marathon标签
__meta_marathon_port_definition_label_ <labelname>：端口定义标签
__meta_marathon_port_mapping_label_ <labelname>：端口映射标签
__meta_marathon_port_index：端口索引号（例如PORT1的1）
请参阅以下有关Marathon发现的配置选项：

# List of URLs to be used to contact Marathon servers.
# You need to provide at least one server URL.
servers:
  - <string>

# Polling interval
[ refresh_interval: <duration> | default = 30s ]

# Optional authentication information for token-based authentication
# https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token
# It is mutually exclusive with `auth_token_file` and other authentication mechanisms.
[ auth_token: <secret> ]

# Optional authentication information for token-based authentication
# https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token
# It is mutually exclusive with `auth_token` and other authentication mechanisms.
[ auth_token_file: <filename> ]

# Sets the `Authorization` header on every request with the
# configured username and password.
# This is mutually exclusive with other authentication mechanisms.
# password and password_file are mutually exclusive.
basic_auth:
  [ username: <string> ]
  [ password: <string> ]
  [ password_file: <string> ]

# Sets the `Authorization` header on every request with
# the configured bearer token. It is mutually exclusive with `bearer_token_file` and other authentication mechanisms.
# NOTE: The current version of DC/OS marathon (v1.11.0) does not support standard Bearer token authentication. Use `auth_token` instead.
[ bearer_token: <string> ]

# Sets the `Authorization` header on every request with the bearer token
# read from the configured file. It is mutually exclusive with `bearer_token` and other authentication mechanisms.
# NOTE: The current version of DC/OS marathon (v1.11.0) does not support standard Bearer token authentication. Use `auth_token_file` instead.
[ bearer_token_file: /path/to/bearer/token/file ]

# TLS configuration for connecting to marathon servers
tls_config:
  [ <tls_config> ]

# Optional proxy URL.
[ proxy_url: <string> ]

默认情况下，Prometheus将抓取Marathon中列出的每个应用。如果并非所有服务都提供Prometheus指标，则可以使用Marathon标签和Prometheus重新标签来控制实际上将被擦除的实例。有关如何设置Marathon应用程序和Prometheus配置的实际示例，请参阅Prometheus marathon-sd配置文件。

默认情况下，所有应用程序都将在Prometheus（配置文件中指定的一项）中显示为单个作业，也可以使用重新标记进行更改。

`<nerve_sd_config>`

神经SD配置允许从AirBnB的Nerve中检索刮刮目标，这些刮刮目标存储在Zookeeper中。

重新标记期间，以下meta标签可用于目标：

__meta_nerve_path：Zookeeper中端点节点的完整路径 __meta_nerve_endpoint_host：端点的主机 __meta_nerve_endpoint_port：端点的端口 __meta_nerve_endpoint_name：端点的名称

# The Zookeeper servers.
servers:
  - <host>
# Paths can point to a single service, or the root of a tree of services.
paths:
  - <string>
[ timeout: <duration> | default = 10s ]

`<serverset_sd_config>`

Serverset SD配置允许从存储在Zookeeper中的Serverset检索抓取目标。服务器集通常由Finagle和Aurora使用。

重新标记期间，以下meta标签可用于目标：

__meta_serverset_path：Zookeeper中服务器集成员节点的完整路径 __meta_serverset_endpoint_host：默认端点的主机 __meta_serverset_endpoint_port：默认端点的端口 __meta_serverset_endpoint_host_ <endpoint>：给定端点的主机 __meta_serverset_endpoint_port_ <endpoint>：给定端点的端口 __meta_serverset_shard：成员的分片号 __meta_serverset_status：成员的状态

# The Zookeeper servers.
servers:
  - <host>
# Paths can point to a single serverset, or the root of a tree of serversets.
paths:
  - <string>
[ timeout: <duration> | default = 10s ]

`<triton_sd_config>`

Triton SD配置允许从Container Monitor发现端点中检索抓取目标。

重新标记期间，以下meta标签可用于目标：

__meta_triton_groups：属于目标的组列表，由逗号分隔 __meta_triton_machine_alias：目标容器的别名 __meta_triton_machine_brand：目标容器的品牌 __meta_triton_machine_id：目标容器的UUID __meta_triton_machine_image：目标容器的图像类型 __meta_triton_server_id：目标容器的服务器UUID

# The information to access the Triton discovery API.

# The account to use for discovering new target containers.
account: <string>

# The DNS suffix which should be applied to target containers.
dns_suffix: <string>

# The Triton discovery endpoint (e.g. 'cmon.us-east-3b.triton.zone'). This is
# often the same value as dns_suffix.
endpoint: <string>

# A list of groups for which targets are retrieved. If omitted, all containers
# available to the requesting account are scraped.
groups:
  [ - <string> ... ]

# The port to use for discovery and metric scraping.
[ port: <int> | default = 9163 ]

# The interval which should be used for refreshing target containers.
[ refresh_interval: <duration> | default = 60s ]

# The Triton discovery API version.
[ version: <int> | default = 1 ]

# TLS configuration.
tls_config:
  [ <tls_config> ]

<static_config>

static_config允许指定目标列表和目标的通用标签集。这是在抓取配置中指定静态目标的规范方法。

# The targets specified by the static config.
targets:
  [ - '<host>' ]

# Labels assigned to all metrics scraped from the targets.
labels:
  [ <labelname>: <labelvalue> ... ]

<relabel_config>
重新标记是功能强大的工具，可在刮擦目标之前动态重写目标的标签集。每个刮擦配置可以配置多个重新标记步骤。它们按照在配置文件中出现的顺序应用于每个目标的标签集。

最初，除了配置的每个目标标签外，目标的作业标签还设置为相应的抓取配置的job_name 值。 __address__ 标签设置为目标的<host>:<port>地址。重新标记后，如果在重新标记期间未设置实例标签，则默认情况下将其设置为__address__ 的值。 __scheme__ 和__metrics_path__ 标签分别设置为目标的方案和指标路径。__param_<name>标签设置为第一个传递的URL参数称为<name>的值。

在重新标记阶段，可能会加上以__meta_开头的其他标签。它们由提供目标的服务发现机制设置，并且在机制之间有所不同。

目标重新标记完成后，将从__开头的标签将从标签集中删除。

如果重新标记步骤仅需要临时存储标签值（作为后续重新标记步骤的输入），请使用__tmp 标签名称前缀。保证该前缀不会被Prometheus自己使用。

# The source labels select values from existing labels. Their content is concatenated
# using the configured separator and matched against the configured regular expression
# for the replace, keep, and drop actions.
[ source_labels: '[' <labelname> [, ...] ']' ]

# Separator placed between concatenated source label values.
[ separator: <string> | default = ; ]

# Label to which the resulting value is written in a replace action.
# It is mandatory for replace actions. Regex capture groups are available.
[ target_label: <labelname> ]

# Regular expression against which the extracted value is matched.
[ regex: <regex> | default = (.*) ]

# Modulus to take of the hash of the source label values.
[ modulus: <uint64> ]

# Replacement value against which a regex replace is performed if the
# regular expression matches. Regex capture groups are available.
[ replacement: <string> | default = $1 ]

# Action to perform based on regex matching.
[ action: <relabel_action> | default = replace ]

<regex>是任何有效的RE2正则表达式。replace, keep, drop, labelmap,labeldrop和labelkeep操作是必需的。正则表达式固定在两端。要取消锚定正则表达式，请使用.*<regex>.*.

<relabel_action>确定要执行的重新标记操作：

replace：将正则表达式与串联的source_labels匹配。然后，将target_label设置为 replacement，用替换中的匹配组引用( ${1}, ${2}, ...)替换为其值。如果正则表达式不匹配，则不会进行替换。

keep：删除正则表达式与串联的source_labels不匹配的目标。

drop：删除与正则表达式匹配的source_labels相匹配的目标。

hashmod：将target_label设置为串联的source_labels的哈希的模数。

labelmap：将正则表达式与所有标签名称匹配。然后，将匹配标签的值复制到通过替换为它们的值替换的匹配组引用 ( ${1}, ${2}, ...)给出的标签名称。

labeldrop：将正则表达式与所有标签名称匹配。任何匹配的标签将从标签集中删除。

labelkeep：将正则表达式与所有标签名称匹配。任何不匹配的标签将从标签集中删除。

必须谨慎对待labeldrop和labelkeep，以确保一旦删除标签，度量标准仍会唯一地进行标签。

<metric_relabel_configs>

抓取前的最后一步是对样品进行公制重新标记。它具有与目标重新标记相同的配置格式和操作。指标重新标记不适用于自动生成的时间序列，例如up。

这样做的一种用途是将太昂贵而无法摄取的时间序列列入黑名单。

<alert_relabel_configs>

警报重新标记将应用于警报，然后再将其发送到Alertmanager。它具有与目标重新标记相同的配置格式和操作。警报重新贴标签在外部标签之后应用。

一种用途是确保具有不同外部标签的HA对Prometheus服务器对发送相同的警报。

<alertmanager_config>

alertmanager_config部分指定Prometheus服务器将警报发送到的Alertmanager实例。它还提供了用于配置如何与这些Alertmanager通信的参数。

警报管理器可以通过static_configs参数静态配置，也可以使用受支持的服务发现机制之一动态发现。

另外，relabel_configs允许从发现的实体中选择Alertmanagers，并提供对使用的API路径的高级修改，该路径通过__alerts_path__标签公开。

# Per-target Alertmanager timeout when pushing alerts.
[ timeout: <duration> | default = 10s ]

# The api version of Alertmanager.
[ api_version: <version> | default = v1 ]

# Prefix for the HTTP path alerts are pushed to.
[ path_prefix: <path> | default = / ]

# Configures the protocol scheme used for requests.
[ scheme: <scheme> | default = http ]

# Sets the `Authorization` header on every request with the
# configured username and password.
# password and password_file are mutually exclusive.
basic_auth:
  [ username: <string> ]
  [ password: <string> ]
  [ password_file: <string> ]

# Sets the `Authorization` header on every request with
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <string> ]

# Sets the `Authorization` header on every request with the bearer token
# read from the configured file. It is mutually exclusive with `bearer_token`.
[ bearer_token_file: /path/to/bearer/token/file ]

# Configures the scrape request's TLS settings.
tls_config:
  [ <tls_config> ]

# Optional proxy URL.
[ proxy_url: <string> ]

# List of Azure service discovery configurations.
azure_sd_configs:
  [ - <azure_sd_config> ... ]

# List of Consul service discovery configurations.
consul_sd_configs:
  [ - <consul_sd_config> ... ]

# List of DNS service discovery configurations.
dns_sd_configs:
  [ - <dns_sd_config> ... ]

# List of EC2 service discovery configurations.
ec2_sd_configs:
  [ - <ec2_sd_config> ... ]

# List of file service discovery configurations.
file_sd_configs:
  [ - <file_sd_config> ... ]

# List of GCE service discovery configurations.
gce_sd_configs:
  [ - <gce_sd_config> ... ]

# List of Kubernetes service discovery configurations.
kubernetes_sd_configs:
  [ - <kubernetes_sd_config> ... ]

# List of Marathon service discovery configurations.
marathon_sd_configs:
  [ - <marathon_sd_config> ... ]

# List of AirBnB's Nerve service discovery configurations.
nerve_sd_configs:
  [ - <nerve_sd_config> ... ]

# List of Zookeeper Serverset service discovery configurations.
serverset_sd_configs:
  [ - <serverset_sd_config> ... ]

# List of Triton service discovery configurations.
triton_sd_configs:
  [ - <triton_sd_config> ... ]

# List of labeled statically configured Alertmanagers.
static_configs:
  [ - <static_config> ... ]

# List of Alertmanager relabel configurations.
relabel_configs:
  [ - <relabel_config> ... ]

`<remote_write>`

将write_relabel_configs重新标记应用于样本，然后再将其发送到远程端点。在外部标签之后应用写重新标记。这可以用来限制发送哪些样本。

有一个小样演示如何使用此功能。

# The URL of the endpoint to send samples to.
url: <string>

# Timeout for requests to the remote write endpoint.
[ remote_timeout: <duration> | default = 30s ]

# List of remote write relabel configurations.
write_relabel_configs:
  [ - <relabel_config> ... ]

# Sets the `Authorization` header on every remote write request with the
# configured username and password.
# password and password_file are mutually exclusive.
basic_auth:
  [ username: <string> ]
  [ password: <string> ]
  [ password_file: <string> ]

# Sets the `Authorization` header on every remote write request with
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <string> ]

# Sets the `Authorization` header on every remote write request with the bearer token
# read from the configured file. It is mutually exclusive with `bearer_token`.
[ bearer_token_file: /path/to/bearer/token/file ]

# Configures the remote write request's TLS settings.
tls_config:
  [ <tls_config> ]

# Optional proxy URL.
[ proxy_url: <string> ]

# Configures the queue used to write to remote storage.
queue_config:
  # Number of samples to buffer per shard before we block reading of more
  # samples from the WAL. It is recommended to have enough capacity in each
  # shard to buffer several requests to keep throughput up while processing
  # occasional slow remote requests.
  [ capacity: <int> | default = 500 ]
  # Maximum number of shards, i.e. amount of concurrency.
  [ max_shards: <int> | default = 1000 ]
  # Minimum number of shards, i.e. amount of concurrency.
  [ min_shards: <int> | default = 1 ]
  # Maximum number of samples per send.
  [ max_samples_per_send: <int> | default = 100]
  # Maximum time a sample will wait in buffer.
  [ batch_send_deadline: <duration> | default = 5s ]
  # Initial retry delay. Gets doubled for every retry.
  [ min_backoff: <duration> | default = 30ms ]
  # Maximum retry delay.
  [ max_backoff: <duration> | default = 100ms ]

此功能的集成列表。

`<remote_read>`

# The URL of the endpoint to query from.
url: <string>

# An optional list of equality matchers which have to be
# present in a selector to query the remote read endpoint.
required_matchers:
  [ <labelname>: <labelvalue> ... ]

# Timeout for requests to the remote read endpoint.
[ remote_timeout: <duration> | default = 1m ]

# Whether reads should be made for queries for time ranges that
# the local storage should have complete data for.
[ read_recent: <boolean> | default = false ]

# Sets the `Authorization` header on every remote read request with the
# configured username and password.
# password and password_file are mutually exclusive.
basic_auth:
  [ username: <string> ]
  [ password: <string> ]
  [ password_file: <string> ]

# Sets the `Authorization` header on every remote read request with
# the configured bearer token. It is mutually exclusive with `bearer_token_file`.
[ bearer_token: <string> ]

# Sets the `Authorization` header on every remote read request with the bearer token
# read from the configured file. It is mutually exclusive with `bearer_token`.
[ bearer_token_file: /path/to/bearer/token/file ]

# Configures the remote read request's TLS settings.
tls_config:
  [ <tls_config> ]

# Optional proxy URL.
[ proxy_url: <string> ]