k8s集群监控指标及告警阀值大全【超级详细,全是干货,直接粘贴复制】

已于 2024-04-07 18:03:39 修改
阅读量1.7k 收藏 13
点赞数
分类专栏: kubernetes 文章标签: 1024程序员节 监控告警 kubernetes rules
于 2022-10-24 11:11:02 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_43798031/article/details/127488164
版权

目录

kube-apiserver

coredns

etcd

kube-controller-manager

kubelet

kube-scheduler

kube-state-metrics

node

deployment

ingress-nginx

pod

kube-apiserver

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  generation: 3
  labels:
    app: rancher-monitoring
    app.kubernetes.io/instance: rancher-monitoring
    app.kubernetes.io/part-of: rancher-monitoring
  name: kube-apiserver-rules
  namespace: uk8s-monitor
spec:
  groups:
  - name: kube-apiserver.rule
    rules:
    - alert: K8SAPIAerverDown
      expr: up{job="apiserver"} == 0
      for: 1m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: kube-apiserver {{ $labels.instance }} is down. {{ $labels.instance }} isn't reachable or have disappeared from service
          discovery.
        summary: kube-apiserver is down
    - alert: K8SApiserverDown
      expr: absent(up{job="apiserver"} == 1)
      for: 10m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        description: No API servers are reachable or all have disappeared from service
          discovery
        summary: No API servers are reachable
    - alert: K8SApiserverUserCPU
      expr: sum(rate(container_cpu_user_seconds_total{pod=~"kube-apiserver.*",container_name!="POD"}[5m]))by(pod) > 1 
      for: 5m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetes apserver {{ $labels.instance }} is user cpu time > 1s. {{ $labels.instance }} isn't reachable"
        summary: "kubernetes apserver 负载较高超过1s,当前值为{{$value}}"
    - alert: K8SApiserverUserCPU
      expr: sum(rate(container_cpu_user_seconds_total{pod=~"kube-apiserver.*",container_name!="POD"}[5m]))by(pod) > 5
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetes apserver {{ $labels.instance }} is user cpu time > 5s. {{ $labels.instance }} isn't reachable"
        summary: "kubernetes apserver 负载较高超过5s,当前值为{{$value}}"
    - alert: K8SApiserverUserCPU
      expr: sum(rate(container_cpu_user_seconds_total{pod=~"kube-apiserver.*",container_name!="POD"}[5m]))by(pod) > 10
      for: 5m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetes apserver {{ $labels.instance }} is user cpu time > 10s. {{ $labels.instance }} isn't reachable"
        summary: "kubernetes apserver 负载较高超过10s,当前值为{{$value}}"
    - alert: K8SApiserverUseMemory
      expr: sum(rate(container_memory_usage_bytes{pod=~"kube-apserver.*",container_name!="POD"}[5m])/1024/1024)by(pod) > 150
      for: 5m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess apserver {{ $labels.instance }} is use memory More than 150MB"
        summary: "kubernetes apserver 使用内存超过150MB,当前值为{{$value}}MB"
    - alert: K8SApiserverUseMemory
      expr: sum(rate(container_memory_usage_bytes{pod=~"kube-apserver.*",container_name!="POD"}[5m])/1024/1024)by(pod) > 300
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess apserver {{ $labels.instance }} is use memory More than 300MB"
        summary: "kubernetes apserver 使用内存超过300MB,当前值为{{$value}}MB"
    - alert: K8SApiserverUseMemory
      expr: sum(rate(container_memory_usage_bytes{pod=~"kube-apserver.*",container_name!="POD"}[5m])/1024/1024)by(pod) > 600
      for: 5m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess apserver {{ $labels.instance }} is use memory More than 600MB"
        summary: "kubernetes apserver 使用内存超过600MB,当前值为{{$value}}MB"
        #- alert: K8SApiserverApiError
        #  expr: sum(rate(apiserver_request_total{job="apiserver",code=~"[45].."}[5m]))by (resource,subresource,verb) /sum(rate(apiserver_request_total{job="apiserver"}[5m])) by (resource,subresource,verb) > 0.5
        #  for: 10m
        #  labels:
        #    severity: warning
        #    cluster: manage-prod
        #  annotations:
        #    current_value: '{{$value}}'
        #    description: "kubernetess apserver {{ $labels.instance }} API 4xx,5xx too many"
        #    summary: "kubernetes apserver 4xx,5xx错误很多,请检查"
    - alert: K8SApiserverWorkerQueue
      expr: sum(apiserver_current_inflight_requests{job="apiserver"}) > 200
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess apserver {{ $labels.instance }} worker queue accumulation"
        summary: "kubernetes apserver 待处理的请求数量 > {{$value}} "
    - alert: K8SApiserverWorkerQueue
      expr: sum(apiserver_current_inflight_requests{job="apiserver"}) > 400
      for: 5m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess apserver {{ $labels.instance }} worker queue accumulation"
        summary: "kubernetes apserver 待处理的请求数量 > {{$value}} "
    - alert: K8SApiserverQueueWite
      expr: histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{ job="apiserver"}[5m])) by (le)) > 1
      for: 5m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess apserver {{ $labels.instance }} worker queue wite"
        summary: "kubernetes apserver 工作队列中停留的时间延时较大 > {{$value}} "
    - alert: K8SApiserverWorkerAddCount
      expr: sum(rate(workqueue_adds_total{job="apiserver"}[5m])) > 100
      for: 5m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess apserver {{ $labels.instance }}"
        summary: "kubernetes apserver 工作队列处理的添加总数,可能有堆积请检查 > {{$value}} "

coredns

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  labels:
    app: rancher-monitoring
    app.kubernetes.io/instance: rancher-monitoring
    app.kubernetes.io/part-of: rancher-monitoring
  name: coredns-rules
  namespace: uk8s-monitor
spec:
  groups:
  - name: coredns.rule
    rules:
    - alert: coredns-responses-error
      expr:  histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job="kube-dns"}[5m])) by(server, zone, le)) > 3
      for: 1m 
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: "{{$value}}"
        description:  "{{ $labels.instance }}  Coredns has longer response time, response More than 3 seconds , please check !"
        summary: "{{ $labels.instance }} 警告! 响应时间较长 Coredns response delay 大于 3 秒 当前值为{{$value}}"
    - alert: coredns-responses-warning
      expr:  histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job="kube-dns"}[5m])) by(server, zone, le)) > 2.5
      for: 1m 
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: "{{$value}}"
        description:  "{{ $labels.instance }}  Coredns has longer response time, response More than 2.5 seconds , please check !"
        summary: "{{ $labels.instance }} 严重! 响应时间较长 Coredns response delay 大于 2.5 秒 当前值为{{$value}}"
    - alert: coredns-responses-info
      expr:  histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job="kube-dns"}[5m])) by(server, zone, le)) > 1.5
      for: 1m 
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: "{{$value}}"
        description:  "{{ $labels.instance }}  Coredns has longer response time, response More than 1.5 seconds , please check !"
        summary: "{{ $labels.instance }} 非常严重! 响应时间较长 Coredns response delay 大于 1.5 秒 当前值为{{$value}}"
    - alert: coredns abort
      expr:  coredns_panic_count_total > 0 
      for: 1m 
      labels:
        severity: critical
        cluster: manage-prod
      annotations:
        current_value: "{{$value}}"
        description: "{{ $labels.instance }} Error Coredns process abnormal interrupt!!"
        summary: "毁灭性错误!{{ $labels.instance }} Coredns 进程异常中断!请检查!"
    - alert: Coredns Query per minute info
      expr:  sum(irate(coredns_dns_request_count_total{zone !="dropped"}[1m]))  > 30000 #计算最近两个数据点每秒查询的次数
      for: 1m 
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: Counter of DNS requests made per zone, protocol and family.
        summary: "严重!{{ $labels.instance }} coredns 每分钟查询次数高于阀值25000.当前值为{{$value}}"
    - alert: Coredns Query per minute warning
      expr:  sum(irate(coredns_dns_request_count_total{zone !="dropped"}[1m]))  > 40000
      for: 1m 
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: Counter of DNS requests made per zone, protocol and family.
        summary: "严重!{{ $labels.instance }} coredns 每分钟查询次数高于阀值30000.当前值为{{$value}}"
    - alert: Coredns Query per minute error
      expr:  sum(irate(coredns_dns_request_count_total{zone !="dropped"}[1m]))  > 50000
      for: 1m 
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: Counter of DNS requests made per zone, protocol and family.
        summary: "非常严重!{{ $labels.instance }} coredns 每分钟查询次数高于阀值50000.当前值为{{$value}}"
    - alert: Coredns SERVFAIL Count
      expr: irate(coredns_dns_response_rcode_count_total{rcode!="NOERROR"} [1m]) and irate(coredns_dns_response_rcode_count_total{rcode!="NXDOMAIN"} [1m]) > 10
      for: 1m 
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: The server failed, the authority server for this domain name refused to respond or REFUSE,
        summary: "警告!coredns 服务器处理请求失败超过10次,当前失败的处理次数{{$value}} 原因服务器拒绝响应或响应拒绝."
    - alert: Coredns Cache misses info
      expr: irate(coredns_cache_misses_total  [1m]) > 10
      for: 1m 
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: DNS cache misses statistical
        summary: "警告!{{ $labels.instance }}  coredns 每分钟服务器缓存misses超过10.当前值为{{$value}}"
    - alert: Coredns Cache misses warning
      expr: irate(coredns_cache_misses_total  [1m]) > 30
      for: 1m 
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: DNS cache misses statistical
        summary: "严重!{{ $labels.instance }}  coredns 每分钟服务器缓存misses超过30.当前值为{{$value}}"
    - alert: Coredns Cache misses error
      expr: irate(coredns_cache_misses_total  [1m]) > 80
      for: 1m 
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: DNS cache misses statistical
        summary: "非常严重!{{ $labels.instance }}  coredns 每分钟服务器缓存misses超过50.当前值为{{$value}}"
    - alert: Coredns Request Time info
      expr: histogram_quantile(0.99,sum(rate(coredns_health_request_duration_seconds_bucket [1m]) ) by(server, zone, le)) > 0.05 #请求所用的时间
      for: 1m 
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        summary: "警告!实例 {{ $labels.instance }} 每一分钟请求dns 超过设置阀值0.05秒 当前值为{{$value}}"
    - alert: Coredns Request Time warning
      expr: histogram_quantile(0.99,sum(rate(coredns_health_request_duration_seconds_bucket [1m]) ) by(server, zone, le)) > 0.1
      for: 1m 
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        summary: "严重!实例 {{ $labels.instance }} 每一分钟请求dns 超过设置阀值0.1秒 当前值为{{$value}}"
    - alert: Coredns Request Time error
      expr: histogram_quantile(0.99,sum(rate(coredns_health_request_duration_seconds_bucket [1m]) ) by(server, zone, le)) > 1
      for: 1m 
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        summary: "非常严重!实例 {{ $labels.instance }} 每一分钟请求dns 超过设置阀值1秒 当前值为{{$value}}"
    - alert: Coredns  The maximum number  open file error
      expr: sum(rate(process_max_fds [1m]) ) > 2000000
      for: 1m 
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        summary: "非常严重!实例 {{ $labels.instance }} 每一分钟打开文件数超过设置阀值200000 当前值为{{$value}}"
    - alert: Coredns  The maximum number  open file warning
      expr: sum(rate(process_max_fds [1m]) ) > 1500000
      for: 1m 
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        summary: "严重!实例 {{ $labels.instance }} 每一分钟打开文件数超过设置阀值150000 当前值为{{$value}}"
    - alert: Coredns  The maximum number  open file info
      expr: sum(rate(process_max_fds [1m]) ) > 1000000
      for: 1m 
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        summary: "警告!实例 {{ $labels.instance }} 每一分钟打开文件数超过设置阀值100000 当前值为{{$value}}"

 etcd

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  labels:
    app: rancher-monitoring
    app.kubernetes.io/instance: rancher-monitoring
    app.kubernetes.io/part-of: rancher-monitoring
  name: etcd-rules
  namespace: uk8s-monitor
spec:
  groups:
  - name: etcd.rule
    rules:
    - alert: etcdDown
      expr: up{job="etcd"} == 0
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: etcd {{ $labels.instance }} is down. {{ $labels.instance }} isn't reachable and continueed 1 minute.
        summary: etcd is down
    - alert: NoLeader
      expr: etcd_server_has_leader{job="etcd"} == 0
      labels:
        severity: critical
        cluster: manage-prod
      annotations:
        description: etcd member {{ $labels.instance }} has no leader
        summary: etcd member has no leader
    - alert: HighNumberOfLeaderChanges
      expr: increase(etcd_server_leader_changes_seen_total{job="etcd"}[10m]) > 3
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        description: etcd instance {{ $labels.instance }} has seen {{ $value }} leader
          changes within the last hour
    - record: instance:fd_utilization
      expr: process_open_fds / process_max_fds
    - alert: FdExhaustionClose
      expr: predict_linear(instance:fd_utilization[1h], 3600 * 4) > 1
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: '{{ $labels.job }} instance {{ $labels.instance }} will exhaust
          its file descriptors soon'
        summary: file descriptors 预测4个小时内耗尽
    - alert: FdExhaustionClose
      expr: predict_linear(instance:fd_utilization[10m], 3600) > 1
      for: 5m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        description: '{{ $labels.job }} instance {{ $labels.instance }} will exhaust
          its file descriptors soon'
        summary: file descriptors 预测1个小时内耗尽
    - alert: EtcdMemberCommunicationSlow
      expr: histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket[5m]))
        > 0.15
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: etcd instance {{ $labels.instance }} member communication with
          {{ $labels.To }} is slow
        summary: etcd member communication is slow
    - alert: HighNumberOfFailedProposals
      expr: increase(etcd_server_proposals_failed_total{job="etcd"}[1h]) > 5
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: etcd instance {{ $labels.instance }} has seen {{ $value }} proposal
          failures within the last hour
        summary: etcd 集群大量的提案失败
    - alert: HighFsyncDurations
      expr: histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket[5m]))
        > 0.05
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: etcd instance {{ $labels.instance }} fync durations are high
        summary: etcd Wal(预写日志系统)调用的fsync提交的延迟高
    - alert: HighCommitDurations
      expr: histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket[5m]))
        > 0.25
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: etcd instance {{ $labels.instance }} commit durations are high
        summary: etcd 磁盘后端提交持续时间长
    - alert: EtcdDiskPressure
      expr: sum(etcd_mvcc_db_total_size_in_bytes{job="etcd"}/1024/1024/1024) by (instance) > 200
      for: 60m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "Etcd {{ $labels.instance }} Disk Pressuer"
        summary: "Etcd 数据占用系统盘200G,当前值:{{$value}} "

kube-controller-manager

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  name: kube-controller-manager
  namespace: uk8s-monitor
spec:
  groups:
  - name: kube-controller-manage-monitor.rule
    rules:
    - alert: K8SControllerManagerDown
      expr: absent(up{job="kube-controller-manage-monitor"} == 1)
      for: 1m
      labels:
        severity: critical
        cluster: manage-prod
      annotations:
        description: There is no running K8S controller manager. Deployments and replication controllers are not making progress.
        summary: No kubernetes controller manager are reachable
    - alert: K8SControllerManagerDown
      expr: up{job="kube-controller-manage-monitor"} == 0
      for: 1m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: kubernetes controller manager {{ $labels.instance }} is down. {{ $labels.instance }} isn't reachable
        summary: kubernetes controller manager is down
    - alert: K8SControllerManagerUserCPU
      expr: sum(rate(container_cpu_user_seconds_total{pod=~"kube-controller-manage-monitor.*",container_name!="POD"}[5m]))by(pod) > 5
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: kubernetes controller manager {{ $labels.instance }} is user cpu time > 5s. {{ $labels.instance }} isn't reachable
        summary: kubernetes controller 负载较高超过5s
   
    - alert: K8SControllerManagerUseMemory
      expr: sum(rate(container_memory_usage_bytes{pod=~"kube-controller-manage-monitor.*",container_name!="POD"}[5m])/1024/1024)by(pod) > 20
      for: 5m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        description: kubernetes controller manager {{ $labels.instance }} is use memory More than 20MB
        summary: kubernetes controller 使用内存超过20MB
   
    - alert: K8SControllerManagerQueueTimedelay
      expr: histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job="kubernetes-controller-manager"}[5m])) by(le)) > 10
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: kubernetes controller manager {{ $labels.instance }} is QueueTimedelay More than 10s
        summary: kubernetes controller 队列停留时间超过10秒,请检查ControllerManager

kubelet

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  generation: 3
  labels:
    app: rancher-monitoring
    app.kubernetes.io/instance: rancher-monitoring
    app.kubernetes.io/part-of: rancher-monitoring
  name: kube-kubelet-rules
  namespace: uk8s-monitor
spec:
  groups:
  - name: kubelet.rule
    rules:
    - alert: K8SNodeNotReady
      expr: kube_node_status_condition{condition="Ready",status="true"} == 0
      for: 2m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        summary: "Node status is NotReady"
        description: "The Kubelet on {{ $labels.node }} has not checked in with the API, or has set itself to NotReady, for more than an hour"
    - alert: K8SManyNodesNotReady
      expr: count(kube_node_status_condition{condition="Ready",status="true"} == 0)
        > 1 and (count(kube_node_status_condition{condition="Ready",status="true"} ==
        0) / count(kube_node_status_condition{condition="Ready",status="true"})) > 0.2
      for: 5m
      labels:
        severity: error
        cluster: manage-prod
      annotations:
        summary: "大量的node节点没有Ready"
        description: '{{ $value }}% of Kubernetes nodes are not ready'
    - alert: K8SKubeletDown
      expr: count(up{job="kubelet"} == 0) / count(up{job="kubelet"}) * 100 > 10
      for: 2m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        description: Prometheus failed to scrape {{ $value }}% of kubelets.
        summary: kubelet cannot be scraped
        #- alert: K8SManyKubeletDown
        #  expr: (absent(up{job="kubelet"} == 1) or count(up{job="kubelet"} == 0) / count(up{job="kubelet"}))
        #    * 100 > 30
        #  for: 10m
        #  labels:
        #    severity: warning
        #    cluster: manage-prod
        #  annotations:
        #    description: Prometheus failed to scrape {{ $value }}% of kubelets, or all Kubelets have disappeared from service discovery.
        #    summary: Many Kubelets cannot be scraped
    - alert: K8SKubeletTooManyPods
      expr: kubelet_running_pod_count > 50
      for: 10m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: Kubelet {{$labels.instance}} is running {{$value}} pods, close to the limit of 50
        summary: 单节点pod数大于50

kube-scheduler

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  generation: 3
  labels:
    app: rancher-monitoring
    app.kubernetes.io/instance: rancher-monitoring
    app.kubernetes.io/part-of: rancher-monitoring
  name: kube-scheduler
  namespace: uk8s-monitor
spec:
  groups:
  - name: kube-scheduler.rule
    rules:
    - alert: K8SSchedulerDown
      expr: absent(up{job="kube-scheduler"} == 1)
      for: 1m
      labels:
        severity: critical
        cluster: manage-prod
      annotations:
        description: "There is no running K8S scheduler. New pods are not being assigned to nodes."
        summary: "all k8s scheduler is down"
    - alert: K8SSchedulerDown
      expr: up{job="kube-scheduler"} == 0
      for: 1m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: "K8S scheduler {{ $labels.instance }} is no running. New pods are not being assigned to nodes."
        summary: "k8s scheduler {{ $labels.instance }} is down"
    - alert: K8SSchedulerUserCPU
      expr: sum(rate(container_cpu_user_seconds_total{pod=~"kube-scheduler.*",container_name!="POD"}[5m]))by(pod) > 1
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetes scheduler {{ $labels.instance }} is user cpu time > 1s. {{ $labels.instance }} isn't reachable"
        summary: "kubernetes scheduler 负载较高超过1s,当前值为{{$value}}"
   
    - alert: K8SSchedulerUseMemory
      expr: sum(rate(container_memory_usage_bytes{pod=~"kube-scheduler.*",container_name!="POD"}[5m])/1024/1024)by(pod) > 20
      for: 5m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess scheduler {{ $labels.instance }} is use memory More than 20MB"
        summary: "kubernetes scheduler 使用内存超过20MB,当前值为{{$value}}MB"
   
    - alert: K8SSchedulerPodPending
      expr: sum(scheduler_pending_pods{job="kubernetes-scheduler"})by(queue) > 5
      for: 5m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: "kubernetess scheduler {{ $labels.instance }} is Pending pod More than 5"
        summary: "kubernetes scheduler pod无法调度 > 5,当前值为{{$value}}"
   
    - alert: K8SSchedulerPodPending
      expr: sum(scheduler_pending_pods{job="kubernetes-scheduler"})by(queue) > 10
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: kubernetess scheduler {{ $labels.instance }} is Pending pod More than 10
        summary: "kubernetes scheduler pod无法调度 > 10,当前值为{{$value}}"
   
    - alert: K8SSchedulerPodPending
      expr: sum(rate(scheduler_binding_duration_seconds_count{job="kubernetes-scheduler"}[5m])) > 1
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: kubernetess scheduler {{ $labels.instance }}
        summary: "kubernetes scheduler pod 无法绑定调度有问题,当前值为{{$value}}"
   
    - alert: K8SSchedulerVolumeSpeed
      expr: sum(rate(scheduler_volume_scheduling_duration_seconds_count{job="kubernetes-scheduler"}[5m])) > 1
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: kubernetess scheduler {{ $labels.instance }}
        summary: "kubernetes scheduler pod Volume 速度延迟,当前值为{{$value}}"
   
    - alert: K8SSchedulerClientRequestSlow
      expr: histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{job="kubernetes-scheduler"}[5m])) by (verb, url, le)) > 1
      for: 5m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        description: kubernetess scheduler {{ $labels.instance }}
        summary: "kubernetes scheduler 客户端请求速度延迟,当前值为{{$value}}"

kube-state-metrics

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  generation: 3
  labels:
    app: rancher-monitoring
    app.kubernetes.io/instance: rancher-monitoring
    app.kubernetes.io/part-of: rancher-monitoring
  name: kube-state-metrics-rules
  namespace: uk8s-monitor
spec:
  groups:
  - name: kube-state-metrics.rules
    rules:
    - alert: DaemonSetNotReady
      expr: kube_daemonset_status_number_ready / kube_daemonset_status_desired_number_scheduled
        * 100 < 100
      for: 15m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: Only {{$value}}% of desired pods scheduled and ready for daemonset {{$labels.namespace}}/{{$labels.daemonset}}
        summary: DaemonSet pod status is not ready
    - alert: DaemonSetsNotScheduled
      expr: kube_daemonset_status_desired_number_scheduled - kube_daemonset_status_current_number_scheduled
        > 0
      for: 10m
      labels:
        severity: warning
        cluster: manage-prod
      annotations:
        description: daemonsets {{$labels.namespace}}/{{$labels.daemonset}} is not scheduled.
        summary: Daemonsets are not scheduled correctly

node

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  labels:
  name: node-rules
  namespace: uk8s-monitor
spec:
  groups:
  - name: Node.rules
    rules:
    - alert: NodeMemUseHigh
      expr: sum by (node)(node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / sum by (node)(node_memory_MemTotal_bytes) > 0.9
      for: 5m
      labels:
        severity: warning
        cluster: prodidc
      annotations:
        description: "Node memory usage 高于90%"
        summary: "Node memory usage 高于90%"
    - alert: NodeUnschedulable
      expr: sum(kube_node_spec_unschedulable) > 0
      for: 5m
      labels:
        severity: warning
        cluster: prodidc
      annotations:
        description: a node is unschedulable for 5 minutes
        summary: Node is unschedulable
    - alert: NodeExporterDown
      expr: absent(up{job="prometheus-node-exporter"} == 1)
      for: 2m
      labels:
        severity: warning
        cluster: prodidc
      annotations:
        description: Prometheus could not scrape a node-exporter/{{$labels.node}} for more than 2m, or node-exporters have disappeared from discovery
        summary: Prometheus could not scrape a node-exporter
  
    - alert: NodeCpuUseHigh
      expr: 1-avg(irate(node_cpu_seconds_total{mode="idle"}[5m])) by (node) > 0.9
      for: 5m
      labels:
        severity: critical
        cluster: prodidc
      annotations:
        description: "node/{{$labels.node}} CPU使用率高于90%"
        summary: "node/{{$labels.node}} CPU使用率高于90%"

deployment

groups:
- name: Deployment.rule
  rules:
  - alert: ReplicasUnavailable
    expr: kube_deployment_status_replicas_unavailable > 0
    for: 5m
    labels:
      severity: P2
      cluster: prodidc
    annotations:
      summary: "Deployment replicas status unavailable"
      description: "Deployment {{ $labels.namespace }}/{{ $labels.deployment }} status is unavailable, have {{ $value }} pod is unavailable more than 15 minutes."
  - alert: DeploymentReplicasNotUpdated
    expr: ((kube_deployment_status_replicas_updated != kube_deployment_spec_replicas)
      or (kube_deployment_status_replicas_available != kube_deployment_spec_replicas))
      unless (kube_deployment_spec_paused == 1)
    for: 15m
    labels:
      severity: P2
      cluster: prodidc
    annotations:
      description: Replicas are not updated and available for deployment {{$labels.namespace}}/{{$labels.deployment}}
      summary: pod个数小于replicas预期值

ingress-nginx

groups:
- name: ingress-nginx.rule
  rules:
  - alert: ingressDown
    expr: kube_pod_status_ready{condition="true",pod=~"ingress.*-controller.*"} < 1
    for: 1m
    labels:
      severity: P0
      cluster: prodidc
    annotations:
      summary: "ingress nginx namespace:{{$labels.namespace}} podname:{{$labels.pod}} is Down"
      description: "ingress nginx namespace:{{$labels.namespace}} podname:{{$labels.pod}}, for more than an minute"

  - alert: ingressControllerConn
    expr: sum by (instance)(avg_over_time(nginx_ingress_controller_nginx_process_connections{}[2m])) > 100000 
    for: 5m
    labels:
      severity: P1
      cluster: prodidc
    annotations:
      summary: "ingress nginx {{$labels.instance}} connection more than 100000"
      description: "ingress nginx {{$labels.instance}} connection more than 100000, for more than five minute"

  - alert: ingressMemUseage
    expr: sum(container_memory_working_set_bytes{pod=~"ingress-.*",container!~"|filebeat|POD"} ) by (namespace,pod,service) / sum(container_spec_memory_limit_bytes{pod=~"ingress-.*",container!~"|filebeat|POD",namespace!=""}) by (namespace,pod,service) * 100 > 90  and (sum(container_memory_working_set_bytes) by (namespace,pod,service)/sum(container_spec_memory_limit_bytes) by (namespace,pod,service)) != Inf
    for: 2m
    labels:
      severity: P1
      cluster: prodidc
    annotations:
      summary: "ingress controller {{$labels.instance}} memory useage moth than 90%"
      description: "ingress controller {{$labels.instance}} memory useage moth than 90%, for more than five minute"

  - alert: ingressCpuUseage
    expr: sum(rate(container_cpu_usage_seconds_total{pod=~"ingress-.*",image!=""}[1m])) by (pod, namespace,service) / (sum(container_spec_cpu_quota{pod=~"ingress-.*",image!=""}/100000) by (pod, namespace,service)) * 100  > 90 and  sum by (pod,namespace,service)( rate(container_cpu_usage_seconds_total{image!="", namespace!=""}[1m] ) ) * 100  != Inf
    for: 2m
    labels:
      severity: P1
      cluster: prodidc
    annotations:
      summary: "ingress controller {{$labels.instance}} memory useage moth than 90%"
      description: "ingress controller {{$labels.instance}} memory useage moth than 90%, for more than five minute"

  - alert: controllerSSLtime
    expr: nginx_ingress_controller_ssl_expire_time_seconds < (time() + (20 * 24 * 3600))
    labels:
      severity: P2
      cluster: prodidc
    annotations:
      summary: "ingress ssl证书有效期小于20天"
      description: "ingress controller ssl time less than 20 day"

pod

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  annotations:
    meta.helm.sh/release-namespace: uk8s-monitor
    prometheus-operator-validated: "true"
  labels:
  name: pod-rules
  namespace: uk8s-monitor
spec:
  groups:
  - name: Pods.rule
    rules:
    - alert: PodHighCPUUsage
      expr: sum(rate(container_cpu_usage_seconds_total{image!=""}[1m])) by (pod, namespace,service) / (sum(container_spec_cpu_quota{image!=""}/100000) by (pod, namespace,service)) * 100  > 95 and  sum by (pod,namespace,service)( rate(container_cpu_usage_seconds_total{image!="", namespace!=""}[1m] ) ) * 100  != Inf
      for: 5m
      labels:
        severity: info
        cluster: manage-prod
      annotations:
        current_value: '{{$value}}'
        summary:  "Pod cpu Usage 高于95%"
        description: "{{ $labels.namespace }}.{{ $labels.pod  }} cpu usage is high above 95%  for more than 5 minute."
   
    - alert: PodRssMemHigh
      expr: sum by(namespace, pod) (container_memory_rss{container!~"|filebeat|POD",namespace!="",pod!=""}) / sum by(namespace, pod) (container_spec_memory_limit_bytes{container!~"|filebeat|POD",namespace!="",pod!=""}) * 100 > 95 and (sum by(namespace, pod) (container_memory_rss) / sum by(namespace, pod) (container_spec_memory_limit_bytes)) != +Inf
      for: 10m
      labels:
        cluster: manage-prod
        severity: info
      annotations:
        description: "Pod ({{$labels.namespace}}/{{$labels.pod}}) Rss memory 高于95%,请检查合理性"
        summary: "Pod ({{$labels.namespace}}/{{$labels.pod}}) Rss memory 高于95%,请检查合理性"
   
    - alert: PodNotReady
      expr: sum by (namespace, pod) (kube_pod_status_ready{condition="true",pod!~".*-backup-.*"} != 1)
      for: 5m
      labels:
        severity: critical
        cluster: manage-prod
      annotations:
        summary: "Pod ({{$labels.namespace}}/{{$labels.pod}}) is NotReady"
        description: "服务({{$labels.namespace}}/{{$labels.pod}})异常,请尽快检查"

    - alert: PodDown
      annotations:
        container: '{{ $labels.container }}'
        k8scluster: '{{ $labels.k8scluster}}'
        namespace: '{{ $labels.namespace }}'
        pod: '{{ $labels.pod }}'
        summary: Pod Down
      expr: kube_pod_status_phase{phase="Unknown"} == 1 or kube_pod_status_phase{phase="Failed"}
        == 1
      for: 1m
      labels:
        cluster: manage-prod
        receiver_group: '{{ $labels.k8scluster}}_{{ $labels.namespace }}'
        service: prometheus_bot
        severity: critical
    - alert: PodRestart
      annotations:
        container: '{{ $labels.container }}'
        k8scluster: '{{ $labels.k8scluster}}'
        namespace: '{{ $labels.namespace }}'
        summary: Pod Restart
      expr: changes(kube_pod_container_status_restarts_total{pod !~ "analyzer.*"}[10m])
        > 0
      for: 1m
      labels:
        pod: '{{ $labels.pod }}'
        receiver_group: '{{ $labels.k8scluster}}_{{ $labels.namespace }}'
        service: prometheus_bot
        severity: critical
        cluster: manage-prod
    - alert: PodOOMKilled
      annotations:
        container: '{{ $labels.container }}'
        k8scluster: '{{ $labels.k8scluster}}'
        namespace: '{{ $labels.namespace }}'
        pod: '{{ $labels.pod }}'
        summary: Pod OOMKilled
      expr: changes(kube_pod_container_status_terminated_reason{reason="OOMKilled"}[1m])
        > 0
      for: 1m
      labels:
        receiver_group: '{{ $labels.k8scluster}}_{{ $labels.namespace }}'
        service: prometheus_bot
        severity: critical
        cluster: manage-prod

Cloud孙文波
关注
  • 0
    点赞
  • 13
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
【运维面试】k8s监控指标
互联网老辛
04-07 3768
一般在公司里我们都是使用prometheus进行监控,先说一下prometheus的工作核心: prometheus是使用 Pull (抓取)的方式去搜集被监控对象的 Metrics 数据(监控指标数据),然后,再把这些数据保存在一个 TSDB (时间序列数据库,比如 OpenTSDB、InfluxDB 等)当中,以便后续可以按照时间进行检索。 有了这套核心监控机制, Prometheus 剩下的组件就是用来配合这套机制的运行。比如 Pushgateway,可以允许被监控对象以 Push 的方式向 Prom
夜莺初探五·k8s指标监控
weixin_47028810的博客
05-27 288
夜莺监控k8s指标
【云原生】k8s集群的性能指标监控(CPU、内存、GPU、网络......)
点赞的都能无bug通过!
06-30 2958
K8s本身的监控,也可以理解为使用K8s的成本。或者需要将k8s部署到集群中,需要monitor其中的每个设备以及整个集群统筹的资源情况,来分配任务或者更好地管理集群。Node监控主要包括四个部分监控:Node资源利用率、Node数量、每个Node运行Pod数量以及资源对象状态。Pod监控主要包括三个部分: Pod总数量及每个控制器预期数量、 Pod状态和容器资源利用率(CPU、内存、网络)。K8s性能监控实现思路:Pod kubelet的节点使用cAdvisor提供的metrics接口获取该节点所有Pod
k8s学习 — (运维)第十章 k8s 集群监控_kubernetes 应用,服务验活监控
最新发布
2401_83740189的博客
05-15 267
升级 prometheus-deployment查看 pod查看 serviceaccount 认证证书。
k8s组件监控指标
不忘初心,方得始终
03-11 3701
Counter(计数器): Counter 类型代表一个累积的指标数据,其单调递增,只增不减。在应用场景中,像是请求次数、错误数量等等,就非常适合用 Counter 来做指标类型,另外 Counter 类型,只有在被采集端重新启动时才会归零。 Gauge(仪表盘): Gauge 类型代表一个可以任意变化的指标数据,其可增可减。在应用场景中,像是 Go 应用程序运行时的Goroutine 的数量就可以用该类型来表示,在系统中统计 CPU、Memory 等等时很常见,而在业务场景中,业务队列的数量.
k8s应该监控哪些指标及原因
wanger5354的博客
08-02 1292
微信公众号:运维开发故事,作者:夏老师 Kubernetes 每天可以生成数百万个新指标监控集群健康状况最具挑战性的方面之一是筛选哪些指标是重要的,需要收集和关注。 在本文中,我将定义应该监控和创建警报的 18 个关键 Kubernetes 指标。公司组织的列表可能略有不同,但在制定组织的 Kubernetes 监控策略时,这 18 个是了解k8s集群监控状态最好的指标。 1. Crash Loops crash loops是指 pod 启动、崩溃,然后不断尝试重新启动但不能(它在循环中不断崩溃和重新.
k8s学习-CKA真题-监控Pod度量指标
关注网络安全、云原生安全
08-28 496
找出具有name=cpu-user标签的Pod,并过滤出使用CPU最高的Pod,然后把它的名字写在已经存在的/opt/KUTR00401/KUTR00401.txt文件里。kubectl top po出错的话,可能是没有安装metrics-server,可使用下面的yaml内容创建(博主k8s版本v1.23.6)找到所有标签含name=cpu-user的pod。找一个存在的po加下标签即可。...
使用Prometheus全方位监控K8s集群
02-07
使用Prometheus全方位监控K8s集群 ...使用Prometheus可以对K8s集群进行全方位的监控,具有多维度数据模型、灵活的查询语言、不依赖分布式存储等特点,可以对K8s集群中的监控数据进行可视化展示和告警规则的配置和管理。
K8S集群证书监控ssl-exporter监控模板
01-14
原文链接:https://blog.csdn.net/m0_37814112/article/details/122349602
基于kube-prometheus-stack部署监控K8S告警系统资源合集
11-08
原文链接:https://blog.csdn.net/m0_37814112/article/details/134136493
K8S1.20.6集群监控资源镜像清单及镜像合集
01-11
说明:资源列表如下 drwxr-xr-x. 7 root root 83 12月 30 11:33 alertmanager drwxr-xr-x. 3 root root 99 1月 11 14:19 grafana drwxr-xr-x 2 root root 216 1月 14 11:06 grafana-dashborard ...
k8s核心指标API Metrics-Server部署指南!
10-14
Heapster是容器集群监控和性能分析工具,HPA、Dashborad、Kubectl top都依赖于heapster收集的数据。 但是Heapster从kubernetes 1.8以后已经被遗弃了...... 被metrics-server所替代......
kubernetes监控系统部署
01-10
kubernetes监控系统部署,监控架构:heapster + grafana + influxdb
K8S集群基础组件监控模板
01-11
原文链接:...组件包括:kubernetes-apiserverkubernetes-controller-manager、kubernetes-kubelet、kubernetes-kube-proxy、kubernetes-etcd、kubernetes-cadvisor
Kubernetes监控指标
武天旭的博客
03-20 574
监控指标与日志有所不同,日志提供的是显式数据,是对应用程序行为操作的一种记录,而指标是通过数据的聚合,对一个程序在特定时间内的行为进行衡量。指标数据是可累加的,它们具有原子性,每个都是一个逻辑计量单元。指标数据可以观察系统的状态和趋势,但对于问题定位缺乏细节展示。
k8s指标采集
weixin_42072280的博客
06-07 743
k8s指标采集
K8S指标样图解释说明
运维打怪晋级之路
08-19 237
K8S样图解释说明 K8S监控指标中标签name解释 K8S使用A记录域名
Prometheus+k8s告警通知
yanggd1987的专栏
11-02 6356
需求 集群外独立部署Prometheus+Grafana监控K8S全面解析一文剖析了k8s监控,但是无法在grafana dashboard中配置告警,因此我们需要额外在Prometheus单独配置告警规则,配合AlertManager实现告警
k8s-自动横向伸缩pod 根据CPU使用率,QPS访问数监控指标
sinat_28371057的博客
10-31 3138
k8s-自动横向伸缩pod 与节点 简述 我们可以通过调高ReplicationController、 ReplicaSet、 Deployment等可伸缩资源的rep让cas字段, 来手动实现pod中应用的横向扩容。 我们也可以通过增加pod容器的资源请求和限制来纵向扩容pod (尽管目前该操作只能在pod创建时, 而非运行时进行)。 虽然如果你能预先知道负载何时会飘升, 或者如果负载的变化是较长时间内逐渐发生的, 手动扩容也是可以接受的, 但指望靠人工干预来处理突发而不可预测的流量增长, 仍然不..
写一个k8s + Prometheus 企业监控告警系统的项目描述
05-30
本项目旨在利用Kubernetes和Prometheus来搭建一个企业监控告警系统。该系统将监控企业中所有部署在Kubernetes集群上的应用程序以及它们的基础设施,如节点、容器等。该系统将使用Prometheus来收集指标,并将这些指标存储在Prometheus服务器中。Prometheus服务器将提供灵活的查询语言来查询、过滤和聚合指标数据。 此外,该系统还将使用Grafana来构建仪表板,以展示企业的监控数据。Grafana将可视化Prometheus服务器中的指标,使用户能够更轻松地理解他们的应用程序运行状况以及基础设施健康状况。 最后,该系统还将使用Alertmanager来设置告警规则,并在出现问题时发送通知。Alertmanager将与Prometheus服务器集成,以便在指定的条件下发出警报,例如在CPU使用率高于某个阈值时或在应用程序出现故障时。 总之,该项目将提供一个完整的企业监控告警系统,可帮助企业监控其应用程序和基础设施的运行状况,并在出现问题时及时通知用户。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Cloud孙文波

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值