前言
在上一章节介绍了 8-5 在Prometheus实现Kubernetes-apiserver及Coredns服务发现 基于K8s集群内部安装的Prometheus,添加服务发现时更加方便。Prometheus的安装方式有多种,详情参考 8-1 基于Operator和二进制安装Prometheus系统。
对于二进制部署的Prometheus,即集群外部的监控系统。配置服务发现时涉及到创建用户,授权,添加job,重写标签等。
创建用户
创建用户prometheus和密码:
---
# 创建用户
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus
namespace: monitoring
---
# 创建密码
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: monitoring-token
namespace: monitoring
annotations:
kubernetes.io/service-account.name: "prometheus"
设置权限,并将用户与权限绑定:
---
# 设置权限
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
rules:
- apiGroups:
- ""
resources:
- nodes
- services
- endpoints
- pods
- nodes/proxy
# 对于基本资源可读可观察
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- nodes/metrics
# 配置资源只读
verbs:
- get
- nonResourceURLs:
- /metrics
verbs:
- get
---
# 绑定权限
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name