1、在云主机编译安装nginx(添加模块nginx-module-vts),然后通过prometheus实现指标采集(nginx-vts-exporter)、自定义nginx容器镜像、并基于kubernetes运行nginx,然后通过prometheus实现指标采集
在云主机编译安装nginx,然后通过prometheus实现监控
配置流程:
编译安装nginx、添加nginx-module-vts模块
需要在编译安装nginx的时候添加nginx-module-vts模块,github地址:
https://github.com/vozlt/nginx-module-vts root@prometheus-node2:~# cd /usr/local/src/ root@prometheus-node2:/usr/local/src# git clone https://github.com/vozlt/nginx-module-vts.git root@prometheus-node2:/usr/local/src# wget https://nginx.org/download/nginx-1.24.0.tar.gz root@prometheus-node2:/usr/local/src# apt install iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev gcc openssh-server iotop unzip zip make root@prometheus-node2:/usr/local/src# tar xvf nginx-1.24.0.tar.gz && cd nginx-1.24.0/ root@prometheus-server2:/usr/local/src/nginx-1.24.0# ./configure --prefix=/apps/nginx \--with-http_ssl_module \--with-http_v2_module \--with-http_realip_module \--with-http_stub_status_module \--with-http_gzip_static_module \--with-pcre \--with-file-aio \--with-stream \--with-stream_ssl_module \--with-stream_realip_module \--add-module=/usr/local//src/nginx-module-vts/root@prometheus-node2:/usr/local/src/nginx-1.22.1# make && make install
编辑nginx配置并验证指标数据
编辑nginx配置文件:
vim /apps/nginx/conf/nginx.conf
http 范围配置:
#gzip on;
vhost_traffic_status_zone; #启用状态页server范围配置:
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
proxy_pass http://192.168.220.200:9090;
}
location /status {
vhost_traffic_status_display;
vhost_traffic_status_display_format html;
}
}
启动nginx并验证web状态页:
root@prometheus-node2:/usr/local/src/nginx-1.24.0# /apps/nginx/sbin/nginx -t root@prometheus-node2:/usr/local/src/nginx-1.24.0# /apps/nginx/sbin/nginx
验证nginx状态页:
安装nginx exporter并验证数据
部署nginx-vts-exporter:
root@prometheus-server2:/usr/local/src# wget https://github.com/hnlq715/nginx-vts-exporter/releases/download/v0.10.3/nginx-vts-exporter-0.10.3.linux-amd64.tar.gz root@prometheus-node2:/usr/local/src# tar xvf nginx-vts-exporter-0.10.3.linux-amd64.tar.gz root@prometheus-node2:/usr/local/src# cp nginx-vts-exporter-0.10.3.linux-amd64/nginx-vts-exporter /usr/local/bin/cat /etc/systemd/system/nginx-vts-exporter.service
[Unit]
Description=nginx-vts-exporter
After=network.target
[Service]
ExecStart=/usr/local/bin/nginx-vts-exporter -nginx.scrape_uri http://192.168.220.200/status/format/json
[Install]
WantedBy=multi-user.targetsystemctl start nginx-vts-exporter.service && systemctl enable nginx-vts-exporter.service
验证nginx-vts-exporter数据:
配置prometheus收集nginx指标数据
vim /apps/prometheus/prometheus.yml
- job_name: 'nginx-nodes'
static_configs:
- targets: ['192.168.220.102:9913']systemctl restart prometheus.service
验证prometheus数据采集状态
grafana导入模板验证数据,模板ID:
2949
自定义nginx容器镜像、并基于kubernetes运行nginx,然后通过prometheus实现监控
镜像构建:
进入
/root/1.prometheus-case-files/app-monitor-case/4.nginx-vts-exporter/1.nginx-image/
目录编写Dockerfile
目录编写Dockerfile
FROM ubuntu:22.04
LABEL maintainer="jack 2973707860@qq.com"
ADD nginx-1.22.1.tar.gz /usr/local/src/
ADD nginx-vts-exporter-0.10.3.linux-amd64/nginx-vts-exporter /usr/local/bin/
ADD nginx-module-vts/ /usr/local/src/nginx-module-vts
RUN apt update && apt install -y iproute2 gcc openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip make
RUN groupadd -r -g 2088 user1 && useradd -r -m -s /sbin/nologin -u 2088 -g 2088 user1
WORKDIR /usr/local/src/
RUN cd nginx-1.22.1/ && ./configure --prefix=/apps/nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-file-aio \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--add-module=/usr/local/src/nginx-module-vts/ && make && make install
WORKDIR /root
ADD docker-entrypoint.sh /usr/local/bin/
RUN ln -s /usr/local/bin/docker-entrypoint.sh /entrypoint.sh #
ADD nginx.conf /apps/nginx/conf/nginx.conf
EXPOSE 80 443
ENTRYPOINT ["docker-entrypoint.sh"]编写nginx和nginx-exporter启动脚本,在nginx-exporter启动时指定nginx的IP
vim docker-entrypoint.sh
#!/bin/bash
/apps/nginx/sbin/nginx
/usr/local/bin/nginx-vts-exporter -nginx.scrape_uri http://127.0.0.1/status/format/json在该目录准备好镜像构建所需文件开始镜像构建,编写镜像构建上传脚本,把镜像上传到私有仓库
root@k8s-master1:~/1.prometheus-case-files/app-monitor-case/4.nginx-vts-exporter/1.nginx-image# bash build-command.sh
kubernetes部署nginx:
root@k8s-master1:~/1.prometheus-case-files/app-monitor-case/4.nginx-vts-exporter/2.nginx-yaml# pwd/root/1.prometheus-case-files/app-monitor-case/4.nginx-vts-exporter/2.nginx-yamlroot@k8s-master1:~/1.prometheus-case-files/app-monitor-case/4.nginx-vts-exporter/2.nginx-yaml# kubectl apply -f 1.nginx-deployment.yaml -f 2.nginx-svc.yaml
验证nginx指标
prometheus配置数据采集:
vim prometheus.yml
- job_name: 'kubernetes-nginx-monitor'
static_configs:
- targets: ['192.168.220.111:39913']systemctl restart prometheus.service
验证prometheus数据采集状态
2、Prometheus监控案例—Kubernetes Ingress-Controller(多域名、多Location)
3、通过docker-compose部署kafak并通过kafka-exporter实现指标采集通过docker-compose部署kafka并通过kafka-exporter实现kafka指标采集:
root@ubuntu22-04-2:/opt#
git clone https://gitee.com/jiege-gitee/kafka.git
vim
docker-compose.yaml
version: '3'
services:
zookeeper-server:
container_name: zookeeper-container
image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/zookeeper:v3.7.0
restart: always
ports:
- "2181:2181"
volumes:
- /etc/localtime:/etc/localtime
- zookeeper_vol:/data
- zookeeper_vol:/datalog
- zookeeper_vol:/logs
kafka-server:
container_name: kafka-container
image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/kafka:2.13-2.8.1
ports:
- "9092:9092"
environment:
#KAFKA_ADVERTISED_HOST_NAME: "172.31.4.3"
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://172.31.4.3:9092 #宿主机ip
KAFKA_ADVERTISED_HOST_NAME: 0.0.0.0
KAFKA_ZOOKEEPER_CONNECT: "zookeeper-server:2181"
KAFKA_LOG_DIRS: "/kafka/logs"
volumes:
- /etc/localtime:/etc/localtime
- kafka_vol:/kafka
restart: always
links:
- zookeeper-server
depends_on:
- zookeeper-server
kafka_manager:
image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/kafka-manager
container_name: kafka-manager-container
ports:
- "9000:9000"
environment:
ZK_HOSTS: "zookeeper-server:2181"
restart: always
volumes:
- /etc/localtime:/etc/localtime
links:
- zookeeper-server
depends_on:
- zookeeper-server
- kafka-server
kafka-exporter:
image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/kafka-exporter:v1.7.0
container_name: kafka-exporter-container
volumes:
- /etc/localtime:/etc/localtime
ports:
- "9308:9308"
restart: always
links:
- kafka-server:kafka
depends_on:
- zookeeper-server
- kafka-server
volumes:
zookeeper_vol:
kafka_vol:docker-compose up -d
prometheus 收集指标(每个集群只收集任意一个节点的指标即可):
- job_name: 'kafka-monitor'
static_configs:
- targets: ['172.31.4.3:9308']
kafka 主要指标:
https://access.redhat.com/documentation/zh-cn/red_hat_amq/2021.q3/html/using_amq_streams_on_rhel/ref-metrics-kafka-exporter-str
grafana 导入模板:
https://grafana.com/grafana/dashboards/11285-strimzi-kafka-exporter/
进入容器创建主题并
产生
消息
root@ubuntu22-04-2:/opt/kafka# docker exec -it kafka-container bashbash-5.1# cd /opt/kafka/bash-5.1# ./bin/kafka-topics.sh --create --topic quickstart-events --bootstrap-server localhost:9092Created topic quickstart-events.bash-5.1# ./bin/kafka-console-producer.sh --topic quickstart-events --bootstrap-server localhost:9092>This is my first event>This is my second event
验证消费消息:
bash-5.1# ./bin/kafka-console-consumer.sh --topic quickstart-events --from-beginning --bootstrap-server localhost:9092This is my first eventThis is my second event
启动一个消费者并指定消费者group为myserver:
# docker exec -it kafka-container bashbash-5.1# ./bin/kafka-console-consumer.sh --topic mytopic --bootstrap-server localhost:9092 --group myserver --from-beginning
产生消息:
bash-5.1# ./bin/kafka-console-producer.sh --topic mytopic --bootstrap-server localhost:909
删除group:
bash-5.1# ./bin/kafka-consumer-groups.sh --bootstrap-server localhost:9092 --delete --group myserver
验证grafana 模板11285:
sum(kafka_brokers) by (instance)
#自定义集群节点数
4、基于Prometheus blackbox_exporter对域名可用性、SSL证书有效期、端口可用性进行监控并配置SSL证书有效期不足30天告警
blackbox_exporter通过各种功能模块对网络进行监控,使用时需要在Prometheus配置监控目标,功能模块等参数,Prometheus可以把这些参数传给blackbox_exporter,blackbox_exporter把监控数据返回给Prometheus
查看blackbox_exporter的功能模块配置文件:blackbox.yml
部署blackbox_exporter:
root@prometheus-node2:/apps# wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.23.0/blackbox_exporter-0.23.0.linux-amd64.tar.gzroot@prometheus-node2:/apps# tar xvf blackbox_exporter-0.23.0.linux-amd64.tar.gzroot@prometheus-node2:/apps# ln -sv /apps/blackbox_exporter-0.23.0.linux-amd64 /apps/blackbox_exporter
创建blackbox exporter启动文件:
vim /etc/systemd/system/blackbox-exporter.service
[Unit]
Description=Prometheus Blackbox Exporter
After=network.target
[Service]
Type=simple
User=root
Group=root
ExecStart=/apps/blackbox_exporter/blackbox_exporter \
--config.file=/apps/blackbox_exporter/blackbox.yml \
--web.listen-address=:9115
Restart=on-failure
[Install]
WantedBy=multi-user.targetsystemctl restart blackbox-exporter.service && systemctl enable blackbox-exporter.service
验证web界面:
实现URL监控:
vim /apps/prometheus/prometheus.yml
- job_name: 'http_status'
metrics_path: /probe
params:
module: [http_2xx]
static_configs:
- targets: ['http://www.xiaomi.com','http://www.magedu.com']
labels:
instance: http_status
group: web
relabel_configs:
- source_labels: [__address__] #将__address__(当前监控目标URL地址的标签)修改为__param_target,用于传递给blackbox_exporter
target_label: __param_target #标签key为__param_target、value为www.xiaomi.com。key为__param_target、value为www.magedu.com
- source_labels: [__param_target] #非必须,新添加一个标签,key为url,value来自于__param_target的值,用于绘图显示不同的http目标(url)
target_label: url #将监控目标的值与url创建一个label
- target_label: __address__ #新添加一个目标__address__,指向blackbox_exporter服务器地址,用于将监控请求发送给指定的blackbox_exporter服务器
replacement: 192.168.220.200:9115 #指定blackbox_exporter服务器地址 检查prometheus配置文件
/apps/prometheus/promtool check config /apps/prometheus/prometheus.yml
配置SSL证书有效期不足30天告警
blackbox exporter实现端口监控:
- job_name: 'port_status'
metrics_path: /probe
params:
module: [tcp_connect]
static_configs:
- targets: ['172.31.2.101:9100','172.31.2.102:9090','172.31.7.101:22']
labels:
instance: 'port_status'
group: 'port'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target] #用于grafana显示采集目标
target_label: ip
- target_label: __address__
replacement: 172.31.2.102:9115
实现ICMP监控
- job_name: 'ping_status'
metrics_path: /probe
params:
module: [icmp]
static_configs:
- targets: ['172.31.0.2',"223.6.6.6"]
labels:
instance: 'ping_status'
group: 'icmp'
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target] #用于grafana显示采集目标
target_label: ip
- target_label: __address__
replacement: 172.31.2.102:9115
Grafana导入模板: 9965
5、总结Prometheus告警流程、部署AlertManager、了解Prometheus 规则编写、配置邮件告警
prometheus
触发一条告警的过程:
prometheus--->
指标触发
rule
中的阈值
--->
超出持续时间
--->alertmanager--->
分组
|
抑制
|
静默
--->
媒体类型
---> 邮件|
钉钉
|
微信等。
分组
(group):
将类似性质的警报发送给指定的收件人,比如网络通知发给网络工程师、数据库通知发送给数据库工程师。
静默
/
沉默
(silences):
是一种简单的特定时间静音的机制,例如:服务器要升级维护可以先设置这个时间段告警静默。
抑制
(inhibition):
当警报发出后,停止重复发送由此警报引发的其他警报即合并一个故障引起的多个报警事件,可以消除冗余告警。
安装
alertermanager
alertermanager 配置文件解析:
global:
resolve_timeout: 1m
smtp_smarthost: 'smtp.qq.com:465'
smtp_from: 'qq邮箱地址'
smtp_auth_username: 'qq邮箱用户名'
smtp_auth_password: 'qq邮箱授权码'
smtp_hello: '@qq.com'
smtp_require_tls: false
route:
group_by: ['alertname']
group_wait: 10s
group_interval: 10s
repeat_interval: 2m
receiver: 'myalertname'
routes:
- receiver: 'myalertname' #critical 级别的通过邮件发送给 leader
group_wait: 10s
match_re:
severity: critical #匹配严重等级告警
- receiver: 'default-receiver' #宿主机告警通过企业微信发送给监控组
group_wait: 10s
match_re:
severity: warning
receivers:
- name: 'default-receiver'
email_configs:
- to: '通知邮箱地址'
send_resolved: true #通知已经恢复的告警
- name: 'myalertname'
webhook_configs:
- url: 'http://192.168.220.200:8060/dingtalk/alertname/send'
send_resolved: true #通知已经恢复的告警
inhibit_rules:
- source_match:
severity: 'critical'
target_match:
severity: 'warning'
equal: ['alertname', 'dev', 'instance']
配置并启动 alertermanager
配置 prometheus 报警规则
prometheus 配置alertermanager地址,加载报警规则
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
alerting:
alertmanagers:
- static_configs:
- targets:
- 192.168.220.200:9093
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
- "/apps/prometheus/rules/server_rules.yaml"
规则验证
/apps/prometheus/promtool check rules /apps/prometheusrules/server_rules.yaml
重启 prometheus,查看当前告警,邮箱验证邮件
6、配置钉钉构建告警和企业微信告警,并自定义告警信息模板;
配置钉钉告警
创建钉钉群组创建机器人-关键字认证
使用python和shell脚本测试发送消息
部署 webhook-dingtalk,启动时指定机器人的URL
测试启动
./prometheus-webhook-dingtalk --web.listen-address="0.0.0.0:8060" --ding.profile="alertname=https://oapi.dingtalk.com/robot/send?access_token=65cbfef3732b87f78a200973bbbed0d06f73ed38ae0ff04667fa1fec580faa41"
基于
service
文件启动:
root@dingding-server:/apps# cat /etc/systemd/system/prometheus-webhook-dingtalk.service
[Unit]
Description=Prometheus Server Documentation=https://prometheus.io/docs/introduction/overview/
After=network.target
[Service]
Restart=on-failure WorkingDirectory=/apps/prometheus-webhook-dingtalk/
ExecStart=/apps/prometheus-webhook-dingtalk/prometheus-webhook-dingtalk
--web.listen-address="0.0.0.0:8060"
--ding.profile="alertname=https://oapi.dingtalk.com/robot/send?access_token=ba76276cd923a4e5dcd653ffabe4
b71c4a23e8c4eb8e91446840d527c8d9cd4e"
[Install]
WantedBy=multi-user.target编辑 alertermanager 调用钉钉告警
receivers:
- name: 'myalertname'
webhook_configs:
- url: 'http://192.168.220.200:8060/dingtalk/alertname/send'
send_resolved: true #通知已经恢复的告警
prometheus 配置: 如已经配置告警规则和alertermanager地址则不需额外配置
验证消息发送
自定义钉钉告警信息模板
创建模板
root@dingding-server:/apps/prometheus-webhook-dingtalk# vim template1.yaml
{{ define "dingding.to.message1" }}
{{- if gt (len .Alerts.Firing) 0 -}}
{{- range $index, $alert := .Alerts -}}
========= **监控告警** =========
...
========= = **end** = =========
{{- end }}
{{- end }}
{{- end }}
配置 dingtalk 加载钉钉消息模板,通过模板的 define 定义目标模板名称区分不同的模板
root@dingding-server:/apps/prometheus-webhook-dingtalk# cp config.example.yml config.ymlroot@dingding-server:/apps/prometheus-webhook-dingtalk# vim config.yml
message: # Use legacy template
text: '{{ template "dingding.to.message1" . }}' #通过模板的 define 定义目标模板名称区分不同的模板,https://github.com/timonwong/prometheus-webhook-dingtalk/issues/16
root@dingding-server:/apps/prometheus-webhook-dingtalk# cp template1.yaml template2.yaml
{{ define "dingding.to.message2" }}**告警级别:** {{ $alert.Labels.severity }} 2 级
root@dingding-server:/apps/prometheus-webhook-dingtalk# cp template1.yaml template3.yaml
{{ define "dingding.to.message3" }}**告警级别:** '{{ $alert.Labels.severity }} 3 级
启用 web 界面并指定配置文件启动 dingtalk:
root@dingding-server:/apps/prometheus-webhook-dingtalk-1.4.0.linux-amd64# ./prometheus-webhook-dingtalk --web.listen-address="0.0.0.0:8060" --web.enable-ui --config.file="config.yml"
钉钉验证消息
7、配置Prometheus通过kube-state-metrics发现并监控Kubernetes上的常用服务指标
基于kube-state-metrics监控Service、Deployment、ingress等资源对象的指标状态:
Kube-state-metrics:通过监听API Server生成有关资源对象的状态指标,比如Service、Deployment、Node、Pod等,需要注意的是kube-state-metrics的使用场景不是用于监控对方是否存活,而是用于周期性获取目标对象的metrics指标数据并在web界面进行显示或被 prometheus抓取(如pod的状态是running还是Terminating、pod的创建时间等、Deployment、Pod、副本状态等,调度了多少个replicas? 现在可用的有几个?多少个Pod是running/stopped/terminated状态?Pod重启了多少次? 目前有多少job在运行中),目前的kube-state-metrics收集的指标数据可参见官方的文档,https://github.com/kubernetes/kube-state-metrics/tree/master/docs ,kube-state-metrics 并不会存储这些指标数据,所以需要使用Prometheus来抓取这些数据然后存储。
部署kube-state-metrics:
部署kube-state-metrics:
root@k8s-master1:~/prometheus-case-files# kubectl apply -f case5-kube-state-metrics-deploy.yamlroot@k8s-master1:~/prometheus-case-files# kubectl get pod -n kube-system | grep kube-state-metr
配置prometheus采集数据
scrape_configs:
- job_name: 'kube-state-metrics'
static_configs:
- targets: ['172.31.7.111:31666']
导入kube-state-metrics模板10856并验证数据
8、熟悉Kubernetes HPA控制器工作流程、Pod伸缩机制及实现pod副本自动伸缩
1,Pod伸缩简介
- 根据当前pod的负载,动态调整 pod副本 Pod1 Pod2 ... Pod N 数量,业务高峰期自动扩容pod的副本数以尽快响应pod的请求。
- 在业务低峰期对pod进行缩容,实现降本增效的目的。
- 公有云支持node级别的弹性伸缩
1.2,pod的伸缩机制
- 首先需要通过pod控制器(deployment/StatefuSet/replicas)运行一些pod,一般我们推荐用deployment控制器
- k8s通过pod控制器控制着pod的数量,一但控制器发生了变化,pod数量也随之变化
- 当需要修改pod的副本数量,可以通过scale修改pod控制器,从而实现pod的副本伸缩
1.3,手动调整pod副本数
----查看pod副本数以及deployment控制器----
root@deploy:~# kubectl get pod -n myserver
root@deploy:~# kubectl get deployment -n myserver
----查看命令帮助----
root@deploy:~# kubectl scale --help
----手动修改deployment控制器----
root@deploy:~# kubectl scale --replicas=2 deployment tomcat-deployment -n myserver root@deploy:~# kubectl get deployment -n myserver
----查看pod副本数----
root@deploy:~# kubectl get pod -n myserver
1.4,动态伸缩控制器类型
- 水平pod自动缩放器(HPA): 基于pod 资源利用率横向调 整pod副本数量
- 垂直pod自动缩放器(VPA): 基于pod资源利用率,调整 对单个pod的最大资源限制, 不能与HPA同时使用。
- 集群伸缩(Cluster Autoscaler,CA) 基于集群中node 资源使用 情况,动态伸缩node节点, 从而保证有CPU和内存资源 用于创建pod
2,HPA控制器
在k8s 1.1引入HPA控制器,早期使用Heapster组件采集pod指标数据,在k8s 1.11版本开始使用Metrices Server完成数据采集,然后将采集到的数据通过API(Aggregated API,汇总API),例如metrics.k8s.io、custom.metrics.k8s.io、external.metrics.k8s.io,然后再把数据提供给HPA控制器进行查询,以实现基于某个资源利用率对pod进行扩缩容的目的。
2.2,HPA控制器的工作流程
- 创建HPA资源对象,关联对应资源例如Deployment,设定目标CPU使用率阈值,最大,最小replica数量。(前提:pod一定要设置资源限制,参数request,HPA才会工作)
- HPA控制器每隔15秒钟(可以通过设置controller manager的–horizontal-pod-autoscaler-sync-period参数设定,默认15s)通过观测metrics值获取资源使用信息
- HPA控制器将获取资源使用信息与HPA设定值进行对比,计算出需要调整的副本数量
- 根据计算结果调整副本数量,使得单个pod的CPU使用率尽量逼近期望值,但不能超过设定的最大,最小值。
- 以上2,3,4周期循环
2.3,HPA的一些基本参数
--horizontal-pod-autoscaler-downscale-stabilization #缩容间隔周期,默认5分钟。
--horizontal-pod-autoscaler-sync-period #HPA控制器同步pod副本数的间隔周期,默认15秒
--horizontal-pod-autoscaler-cpu-initialization-period #初始化延迟时间,在此时间内 pod的CPU 资源指标将不会生效,默认为5分钟。
--horizontal-pod-autoscaler-initial-readiness-delay #用于设置 pod 准备时间, 在此时间内的 pod 统统被认为未就绪及不采集数据,默认为30秒。
--horizontal-pod-autoscaler-tolerance #HPA控制器能容忍的数据差异(浮点数,默认为0.1),即新的指标要与当前的阈值差异在0.1或以上,即要大于 1+0.1=1.1,或小于1-0.1=0.9,比如阈值为CPU利用率50%,当前为80%,那么80/50=1.6 > 1.1则会触发扩容,反之会缩容
即触发条件:avg(CurrentPodsConsumption) / Target >1.1 或 <0.9=把N个pod的数据相加后根据pod的数量计算出平均数除以阈值,大于1.1就扩容,小 于0.9就缩容。
计算公式:TargetNumOfPods = ceil(sum(CurrentPodsCPUUtilization) / Target) #ceil是一个向上取整的目的pod整数。
指标数据需要部署metrics-server,即HPA使用metrics-server作为数据源。Metrics Server 是 Kubernetes 内置的容器资源指标来源。 Metrics Server 从node节点上的 Kubelet 收集资源指标,并通过Metrics API在 Kubernetes apiserver 中公开指标数据,以供 Horizontal Pod Autoscaler和Vertical Pod Autoscaler使用,也可以通过访问kubectl top node/pod 查看指标数据
部署metrics-server
metrics-server# kubectl apply -f metrics-server-v0.6.1.yaml
验证pod指标数据
验证node指标数据
部署HPA
metrics-server#
kubectl apply -f hpa-autoscaling-v2.yaml
apiVersion: autoscaling/v2 #定义API版本
kind: HorizontalPodAutoscaler #定义资源对象类型为HorizontalPodAutoscaler
metadata: #定义元数据
namespace: magedu #创建到指定的namespace
name: magedu-podautoscaler #HPA控制器名称
labels: #自定义标签
app: magedu-nginx #标签1
version: v2 #标签2
spec: #定义对象具体信息
scaleTargetRef: #定义水平伸缩的目标对象,Deployment、ReplicationController/ReplicaSet
kind: Deployment #指定伸缩目标类型为Deployment控制器
apiVersion: apps/v1 #Deployment API版本
name: magedu-tomcat-app1-deployment #目标Deployment名称
minReplicas: 1 #最小pod副本数
maxReplicas: 3 #最大pod副本数
metrics: #基于指定的指标数据进行pod副本自动伸缩
- type: Resource #定义指标资源
resource: #定义指标资源具体信息
name: memory #资源名称为memory
target: #目标阈值
type: Utilization #触发类型为利用率
averageUtilization: 50 #平均利用率50%
- type: Resource #定义指标资源
resource: #定义指标资源具体信息
name: cpu #资源名称为cpu
target: ##目标阈值
type: Utilization #触发类型为利用率
averageUtilization: 40 #平均利用率50%
部署副本数为1的容器压测服务depolyment模拟扩容,
pod必须包含limits限制,否则HPA控制器无法计算资源利用率百分比
验证HPA控制器扩容
查看 depolyment详细信息
部署副本数为10的tomcat容器的depolyment,调大资源限制,模拟缩容
验证HPA控制器缩容
查看
depolyment详细信息
58
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
