文章目录
前言
prometheus部署链接:https://blog.csdn.net/qq_44930876/article/details/138163947
二进制方式部署k8s集群链接:https://blog.csdn.net/qq_44930876/article/details/126686599
一、监控kube-apiserver
kube-apiserver 组件与etcd部署方式一样,但它已经创建了Service,因此直接使用endpoints类型的服务发现即可
ps:kubeadm方式和二进制方式部署的k8s集群都可以用此配置监控kube-apiserver
1.prometheus中添加apiserver的服务发现配置
# 采集kube-apiserver的指标
- job_name: kubernetes-apiservers
# 基于k8s服务自动发现
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
# 获取默认命名空间里名为kubernetes https的endpoint(kubectl get ep)
regex: default;kubernetes;https
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
scheme: https
# 授权(ca.crt为集群的根证书ca.crt kubeadm方式安装的默认在/etc/kubernetes/pki/ca.crt)
# token 为serviceaccount自动生成的token,会使用这个token访问kube-apiserver获取地址
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
上述添加了一个名为“kubernetes-apiserver”的配置,该配置会自动发现与Endpoints对象关联的Pod并将其添加为目标监控,仅保留"default"命名空间为"kubernetes"的services
2.grafana添加kube-apiserver的监控模版
grafana模版中心 kube-apiserver监控模版:https://grafana.com/grafana/dashboards/15761-kubernetes-system-api-server/
或者直接使用我下载好的:https://download.csdn.net/download/qq_44930876/89715765
或者直接导入 grafana模版中心的kube-apiserver监控模板ID:15761
二、监控kube-controller-manager
kube-controller-manager默认开启了两个端口来监听,一个是需要认证的https,一个是默认全部放行的http
https:
监听IP:127.0.0.1
监听端口:10257
对于开启tls的controller 需要指定客户端证书后,查看本机/metrics controller的指标数据方法如下:
[root@k8s-master1 k8s]# pwd
/hqtbj/hqtwww/TLS/k8s
[root@k8s-master1 k8s]# curl -Lk --cacert ./ca.pem --cert ./kube-controller-manager.pem --key ./kube-controller-manager-key.pem https://127.0.0.1:10257/metrics
http:
监听IP:0.0.0.0
监听端口:10252
对于未开启tls的controller 查看本机/metrics controller的指标数据方法如下:
curl http://127.0.0.1:10252/metrics
1.kubeadm部署方式
kubeadm方式部署的kube-controller-manager组件跟apiserver同样使用静态pod方式运行,默认监听"127.0.0.1",为了外部可以抓取数据,需要将监听地址修改为"0.0.0.0" 即在pod资源文件"/etc/kubernetes/manifests/kube-controller-manager.yaml"中,将"–bind-address"参数的值改为"0.0.0.0" 实现外部可抓取数据
1.1修改controller https指标接口监听地址
[root@k8s-master ~]# vim /etc/kubernetes/manifests/kube-controller-manager.yaml
containers:
- command:
...
- --bind-address=0.0.0.0
...
1.2prometheus中添加kube-controller-manager的服务发现配置
[root@k8s-master prometheus]# vim prometheus-configmap.yaml
- job_name: 'kubernetes-controller-manager'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: kube-system;kube-controller-manager
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1.3创建kube-controller-manager的service
k8s默认情况下不会创建kube-controller-manager。因此为它创建一个名为"kube-controller-manager"的service
apiVersion: v1
kind: Service
metadata:
name: kube-controller-manager
namespace: kube-system
spec:
ports:
- name: metrics
port: 10257
targetPort: 10257
selector:
#控制标签为component: kube-controller-manager的pod
component: kube-controller-manager
创建完成后,就能在prometheus Web UI中看到controller pod的监控目标了
1.4grafana添加kube-controller-manager监控模版
grafana模版中心 kube-controller-manager监控模版:
https://grafana.com/grafana/dashboards/12122-kubernetes-controller-manager/
或者直接下载我修改好的
https://download.csdn.net/download/qq_44930876/89734903
或者直接导入 grafana模版中心的kube-controller-manager监控模板ID:12122
2.二进制部署方式
二进制部署方式也是需要将controller https监听的地址修改为0.0.0.0的,然后手动重启kube-controller-manager服务(若是不想重启,直接监听非https端口,它默认监听地址0.0.0.0)
1.1修改kube-controller-manager https指标接口监听地址并重启
这里还需要添加如下两个参数:用于开启https端口10257/metrics的授权访问,否则curl/prometheus获取/metrics指标时会报403错误
–authentication-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-controller-manager.kubeconfig–authorization-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-controller-manager.kubeconfig
参考地址:prometheus监控kube-controller-manager失败(403)
[root@k8s-master1 ~]# vim /hqtbj/hqtwww/kubernetes/cfg/kube-controller-manager.conf
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/hqtbj/hqtwww/kubernetes/logs \
--leader-elect=true \
--kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-controller-manager.kubeconfig \
--authentication-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-controller-manager.kubeconfig \
--authorization-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-controller-manager.kubeconfig \
--bind-address=0.0.0.0 \
...
然后重启kube-controller-manager
[root@k8s-master1 ~]# systemctl restart kube-controller-manager.service
1.2prometheus中添加kube-controller-manager的服务发现配置
[root@k8s-master1 prometheus]# vim prometheus-configmap.yaml
- job_name: kubernetes-controller-manager
# 基于k8s服务自动发现
kubernetes_sd_configs:
# 指定 controller Service 所在的Namespace名称
- role: endpoints
namespaces:
names: ["ops"]
relabel_configs:
# 指定从 app.kubernetes.io/name 标签等于 controller 的 service 服务获取指标信息
- action: keep
source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name]
regex: kube-controller-manager
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1.3创建kube-controller-manager的service
apiVersion: v1
kind: Service
metadata:
name: kube-controller-manager
namespace: ops
labels:
#Kubernetes 会根据该标签和 Endpoints 资源关联
k8s-app: kube-controller-manager
#Prometheus 会根据该标签服务发现到该服务
app.kubernetes.io/name: kube-controller-manager
spec:
type: ClusterIP
#设置为 None,不分配 Service IP
clusterIP: None
ports:
- name: kube-controller-manager
port: 10257
protocol: TCP
targetPort: 10257
---
apiVersion: v1
kind: Endpoints
metadata:
name: kube-controller-manager
namespace: ops
labels:
k8s-app: kube-controller-manager
subsets:
#controller的节点IP地址列表
- addresses:
- ip: 172.32.0.11
#controller 端口
ports:
- port: 10257
创建完成后,就能在prometheus Web UI中看到controller pod的监控目标了
1.4grafana添加kube-controller-manager监控模版
grafana模版中心 kube-controller-manager监控模版:
https://grafana.com/grafana/dashboards/12122-kubernetes-controller-manager/
或者直接下载我修改好的
https://download.csdn.net/download/qq_44930876/89734903
或者直接导入 grafana模版中心的kube-controller-manager监控模板ID:12122
三、监控kube-scheduler
kube-scheduler默认开启了两个端口来监听,一个是需要认证的https,一个是默认全部放行的http
https:
监听IP:127.0.0.1
监听端口:10259
对于开启tls的controller 需要指定客户端证书后,查看本机/metrics controller的指标数据方法如下:
[root@k8s-master1 k8s]# pwd
/hqtbj/hqtwww/TLS/k8s
[root@k8s-master1 k8s]# curl -Lk --cacert ./ca.pem --cert ./kube-scheduler.pem --key ./kube-scheduler-key.pem https://127.0.0.1:10259/metrics
http:
监听IP:0.0.0.0
监听端口:10251
对于未开启tls的controller 查看本机/metrics controller的指标数据方法如下:
curl http://127.0.0.1:10251/metrics
1.kubeadm部署方式
kube-scheduler与kube-controller-manager组件操作类似,在pod资源文件"/etc/kubernetes/manifests/kube-scheduler.yaml"中,将"–bind-address"参数的值改为"0.0.0.0";
1.1修改kube-scheduler https指标接口监听地址
[root@k8s-master ~]# vim /etc/kubernetes/manifests/kube-scheduler.yaml
containers:
- command:
...
- --bind-address=0.0.0.0
...
1.2prometheus中添加kube-scheduler的服务发现配置
- job_name: 'kubernetes-scheduler'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: kube-system;kube-scheduler
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1.3创建kube-scheduler的service
apiVersion: v1
kind: Service
metadata:
name: kube-scheduler
namespace: kube-system
spec:
ports:
- name: metrics
port: 10259
targetPort: 10259
selector:
component: kube-scheduler
创建完成后,就能在prometheus Web UI中看到scheduler pod的监控目标了
1.4grafana添加kube-scheduler监控模版
grafana模版中心 kube-scheduler监控模版:
https://grafana.com/grafana/dashboards/12130-kubernetes-scheduler/
或者直接下载我修改好的
https://download.csdn.net/download/qq_44930876/89744122
或者直接导入 grafana模版中心的kube-scheduler监控模板ID:12130
2.二进制部署方式
二进制部署方式也是需要将scheduler https监听的地址修改为0.0.0.0的,然后手动重启kube-scheduler服务(若是不想重启,直接监听非https端口,它默认监听地址0.0.0.0)
1.1修改kube-scheduler https指标接口监听地址并重启
这里还需要添加如下两个参数:用于开启https端口10259/metrics的授权访问,否则curl/prometheus获取/metrics指标时会报403错误
–authentication-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-scheduler.kubeconfig
–authorization-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-scheduler.kubeconfig
参考地址:prometheus监控kube-scheduler失败(403)
[root@k8s-master1 ~]# vim /hqtbj/hqtwww/kubernetes/cfg/kube-scheduler.conf
KUBE_SCHEDULER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/hqtbj/hqtwww/kubernetes/logs \
--leader-elect \
--kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-scheduler.kubeconfig \
--authentication-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-scheduler.kubeconfig \
--authorization-kubeconfig=/hqtbj/hqtwww/kubernetes/cfg/kube-scheduler.kubeconfig \
--bind-address=0.0.0.0"
然后重启kube-scheduler
[root@k8s-master1 ~]# systemctl restart kube-scheduler.service
1.2prometheus中添加kube-scheduler的服务发现配置
[root@k8s-master1 prometheus]# vim prometheus-configmap.yaml
- job_name: kubernetes-scheduler
# 基于k8s服务自动发现
kubernetes_sd_configs:
# 指定 kube-scheduler Service 所在的Namespace名称
- role: endpoints
namespaces:
names: ["ops"]
relabel_configs:
# 指定从 app.kubernetes.io/name 标签等于 scheduler 的 service 服务获取指标信息
- action: keep
source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name]
regex: kube-scheduler
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
1.3创建kube-scheduler的service
apiVersion: v1
kind: Service
metadata:
name: kube-scheduler
namespace: ops
labels:
#Kubernetes 会根据该标签和 Endpoints 资源关联
k8s-app: kube-scheduler
#Prometheus 会根据该标签服务发现到该服务
app.kubernetes.io/name: kube-scheduler
spec:
type: ClusterIP
#设置为 None,不分配 Service IP
clusterIP: None
ports:
- name: kube-scheduler
port: 10259
protocol: TCP
targetPort: 10259
---
apiVersion: v1
kind: Endpoints
metadata:
name: kube-scheduler
namespace: ops
labels:
k8s-app: kube-scheduler
subsets:
#etcd的节点IP地址列表
- addresses:
- ip: 172.32.0.11
#etcd 端口
ports:
- port: 10259
创建完成后,就能在prometheus Web UI中看到scheduler pod的监控目标了
1.4grafana添加kube-scheduler监控模版
grafana模版中心 kube-scheduler监控模版:
https://grafana.com/grafana/dashboards/12130-kubernetes-scheduler/
或者直接下载我修改好的
https://download.csdn.net/download/qq_44930876/89744122
或者直接导入 grafana模版中心的kube-scheduler监控模板ID:12130
四、监控kube-proxy
kube-proxy默认开放端口
- 10249端口:这个端口用于暴露监控指标。具体来说,它通过在/metrics接口提供Prometheus协议的监控数据,使得监控工具可以从这个端口采集kube-proxy的监控数据。
- 10256端口:这个端口作为健康检查的端口,通过/healthz接口提供健康检查服务。请求该接口后,会返回两个时间信息,用于评估kube-proxy的健康状态。
1.kubeadm部署方式
kube-proxy 组件默认监听本地,配置存储在configmap对象中。用户可以通过执行"kubectl edit configmaps kube-proxy -n kube-system
" 命令编辑配置,从而将 metricsBindAddress: ""
修改为 metricsBindAddress: "0.0.0.0"
,然后执行"kubectl rollout restart ds/kube-proxy -n kube-system
" 命令重建pod生效;
1.1修改kube-proxy 指标接口监听地址
[root@k8s-master ~]# kubectl edit configmaps kube-proxy -n kube-system
...
metricsBindAddress: "0.0.0.0"
...
重建kube-proxy pod
[root@k8s-master ~]# kubectl rollout restart ds/kube-proxy -n kube-system
1.2prometheus中添加kube-proxy的服务发现配置
[root@k8s-master prometheus]# vim prometheus-configmap.yaml
- job_name: 'kubernetes-proxy'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: kube-system;kube-proxy
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
scheme: http
1.3创建kube-proxy的service
apiVersion: v1
kind: Service
metadata:
name: kube-proxy
namespace: kube-system # 根据实际情况调整命名空间
spec:
selector:
# 这里使用标签选择器来匹配你的 kube-proxy的pod
k8s-app: kube-proxy
ports:
- name: metrics
port: 10249
targetPort: 10249
创建完成后,就能在prometheus Web UI中看到kube-proxy pod的监控目标了
1.4grafana添加kube-proxy监控模版
grafana模版中心 kube-proxy监控模版:
https://grafana.com/grafana/dashboards/12129-kubernetes-proxy/
或者直接下载我修改好的
https://download.csdn.net/download/qq_44930876/89775332
或者直接导入 grafana模版中心的kube-scheduler监控模板ID:12129
2.二进制部署方式
二进制部署方式也是需要将kube-proxy 监听的地址metricsBindAddress: ""
修改metricsBindAddress: "0.0.0.0"
,然后手动重启kube-proxy
1.1修改kube-proxy 指标接口监听地址并重启
[root@k8s-master1 ~]# vim /hqtbj/hqtwww/kubernetes/cfg/kube-proxy-config.yml
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
kubeconfig: /hqtbj/hqtwww/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-master1
clusterCIDR: 10.244.0.0/16
然后重启kube-proxy (因每个节点都有proxy所以每个节点都需要修改并重启,这里最好是在使用二进制安装集群的时候直接写好的)
1.2prometheus中添加kube-proxy的服务发现配置
- job_name: kubernetes-proxy
# 基于k8s服务自动发现
kubernetes_sd_configs:
# 指定 kube-proxy Service 所在的Namespace名称
- role: endpoints
namespaces:
names: ["ops"]
relabel_configs:
# 指定从 app.kubernetes.io/name 标签等于 proxy 的 service 服务获取指标信息
- action: keep
source_labels: [__meta_kubernetes_service_label_app_kubernetes_io_name]
regex: kube-proxy
scheme: http
1.3创建kube-proxy的service
apiVersion: v1
kind: Service
metadata:
name: kube-proxy
namespace: ops
labels:
#Kubernetes 会根据该标签和 Endpoints 资源关联
k8s-app: kube-proxy
#Prometheus 会根据该标签服务发现到该服务
app.kubernetes.io/name: kube-proxy
spec:
type: ClusterIP
#设置为 None,不分配 Service IP
clusterIP: None
ports:
- name: port
port: 10249
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: kube-proxy
namespace: ops
labels:
k8s-app: kube-proxy
subsets:
#proxy的节点IP地址列表
- addresses:
- ip: 172.32.0.11
- ip: 172.32.0.12
- ip: 172.32.0.13
- ip: 172.32.0.14
- ip: 172.32.0.15
#etcd 端口
ports:
- port: 10249
创建完成后,就能在prometheus Web UI中看到scheduler pod的监控目标了
1.4grafana添加kube-proxy监控模版
grafana模版中心 kube-proxy监控模版:
https://grafana.com/grafana/dashboards/12129-kubernetes-proxy/
或者直接下载我修改好的
https://download.csdn.net/download/qq_44930876/89775332
或者直接导入 grafana模版中心的kube-scheduler监控模板ID:12129
五、监控kube-coredns
kube-dns默认开放9153端口,因kube-dns组件是以pod形式部署在k8s中的,所以在获取监控指标时,需要访问kube-dns这个pod的serviceIP:9153/metrics的方式来获取
kubectl get svc -n kube-system
curl 10.96.0.10:9153/metrics
ps:kubeadm方式和二进制方式部署的k8s集群都可以用此配置监控kube-dns
1.prometheus中添加kube-dns的服务发现配置
- job_name: 'kubernetes-coredns'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- action: keep
regex: kube-system;kube-dns;metrics
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_service_name
- __meta_kubernetes_endpoint_port_name
scheme: http
上述添加了一个名为“kubernetes-coredns”的配置,该配置会自动发现与Endpoints对象关联的Pod并将其添加为目标监控,仅保留"kube-system"命名空间为"kube-dns"的services
配置完生效后,就能在prometheus Web UI中看到coredns 的监控目标了
2.grafana添加kube-dns的监控模版
grafana模版中心 kube-dns监控模版:https://grafana.com/grafana/dashboards/15762-kubernetes-system-coredns/
或者直接使用我下载好的:
https://download.csdn.net/download/qq_44930876/89866092
或者直接导入 grafana模版中心的kube-apiserver监控模板ID:15762