写在前面
k8s是目前最流行的容器集群管理基础组件,是当下微服务盛行的互联网时代产物。关于k8s概念、部署、实战方面可以阅读本号前面发布的文章。下面是相关链接:
本章将继续介绍k8s的监控平台搭建,监控平台的作用相信对于每个经历过排查生产问题的程序员来说已经不需要多讲,搭建一套完善的k8s监控平台可以帮助我们任何时候通过监控平台来观察生产服务器的运行资源使用情况,例如:CPU、内存、磁盘、网络IO等,除了资源可视化之外,还可以设置监控预警功能,在生产服务资源使用超过预期的设置时,可以实时通过发送邮件等方式告知相关责任人,提前新增资源或排查代码问题,提高生产环境可用性和稳定性,提高用户对应用的信赖,减少加班排查问题的概率。
下面介绍基于prometheus + grafana 的方式搭建一套k8s监控平台。prometheus + grafana的方式中其中prometheus就类似ELK架构下的logstash(采集) + elasticsearch(数据存储), grafana 就是kabana的角色。
Prometheus简介
官方地址:https://prometheus.io/docs/
Prometheus是最初在SoundCloud上构建的开源系统监视和警报工具包 。自2012年成立以来,许多公司和组织都采用了Prometheus,该项目拥有非常活跃的开发人员和用户社区。现在,它是一个独立的开源项目,并且独立于任何公司进行维护。为了强调这一点并阐明项目的治理结构,Prometheus在2016年加入了 Cloud Native Computing Foundation,这是继Kubernetes之后的第二个托管项目。
Prometheus特点
一个多维数据模型,其中包含通过度量标准名称和键/值对标识的时间序列数据
PromQL,一种灵活的查询语言 ,可利用此维度
不依赖分布式存储;单服务器节点是自治的
时间序列收集通过HTTP上的拉模型进行
通过中间网关支持推送时间序列
通过服务发现或静态配置发现目标
多种图形和仪表板支持模式
Prometheus生态系统组件
prometheus(主服务组件)
clientlib(客户端组件)
pushgateway(推送网关组件)
exporters(对外暴露组件)
alertmanager(告警组件)
其它工具的支撑
Prometheus架构图
Prometheus直接或通过中间推送网关从已检测作业中删除指标,以用于短期作业。它在本地存储所有报废的样本,并对这些数据运行规则,以汇总和记录现有数据中的新时间序列,或生成警报。Grafana或其他API使用者可以用来可视化收集的数据。
Grafana简介
官方文档地址:https://grafana.com/docs/
简而言之,这里我们选择Grafana的作用就是从Prometheus中读取数据,生成报表的形式进行数据可视化的功能。搭建完成后的效果图如下:
开始部署Prometheus
这里不推荐你完整阅读官方文档,因为通常程序员的时间非常有限,所以本文不会具体介绍每个配置的具体作用,你只需要按照文档一步步去操作即可,等最后搭建出来体验过之后,等未来有时间再去细读官方文档也不迟。
第一步:在在k8s-master节点上创建一个目录,例如:/k8smonitor,后面所有的配置文件均统一放在这个目录进行管理。
第二步:进入/k8smonitor目录,创建node-exporter.yaml文件,文件内容如下:
-
---
-
apiVersion:
apps/v1
-
kind:
DaemonSet
-
metadata:
-
name:
node-exporter
-
namespace:
kube-system
-
labels:
-
k8s-app:
node-exporter
-
spec:
-
selector:
-
matchLabels:
-
k8s-app:
node-exporter
-
template:
-
metadata:
-
labels:
-
k8s-app:
node-exporter
-
spec:
-
containers:
-
-
image: prom/node-exporter
-
name:
node-exporter
-
ports:
-
-
containerPort: 9100
-
protocol:
TCP
-
name:
http
-
---
-
apiVersion:
v1
-
kind:
Service
-
metadata:
-
labels:
-
k8s-app:
node-exporter
-
name:
node-exporter
-
namespace:
kube-system
-
spec:
-
ports:
-
-
name: http
-
port:
9100
-
nodePort:
31672
-
protocol:
TCP
-
type:
NodePort
-
selector:
-
k8s-app:
node-exporter
第三步:创建rbac-setup.yaml文件,文件内容如下:
-
apiVersion:
rbac.authorization.k8s.io/v1
-
kind:
ClusterRole
-
metadata:
-
name:
prometheus
-
rules:
-
-
apiGroups: [""]
-
resources:
-
-
nodes
-
-
nodes/proxy
-
-
services
-
-
endpoints
-
-
pods
-
verbs:
["get", "list", "watch"]
-
-
apiGroups:
-
-
extensions
-
resources:
-
-
ingresses
-
verbs:
["get", "list", "watch"]
-
-
nonResourceURLs: ["/metrics"]
-
verbs:
["get"]
-
---
-
apiVersion:
v1
-
kind:
ServiceAccount
-
metadata:
-
name:
prometheus
-
namespace:
kube-system
-
---
-
apiVersion:
rbac.authorization.k8s.io/v1
-
kind:
ClusterRoleBinding
-
metadata:
-
name:
prometheus
-
roleRef:
-
apiGroup:
rbac.authorization.k8s.io
-
kind:
ClusterRole
-
name:
prometheus
-
subjects:
-
-
kind: ServiceAccount
-
name:
prometheus
-
namespace:
kube-system
-
-
第四步:创建configmap.yaml文件,文件内容如下:
-
apiVersion:
v1
-
kind:
ConfigMap
-
metadata:
-
name:
prometheus-config
-
namespace:
kube-system
-
data:
-
prometheus.yml:
|
-
global:
-
scrape_interval:
15s
-
evaluation_interval:
15s
-
scrape_configs:
-
-
-
-
job_name: 'kubernetes-apiservers'
-
kubernetes_sd_configs:
-
-
role: endpoints
-
scheme:
https
-
tls_config:
-
ca_file:
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-
bearer_token_file:
/var/run/secrets/kubernetes.io/serviceaccount/token
-
relabel_configs:
-
-
source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
-
action:
keep
-
regex:
default;kubernetes;https
-
-
-
-
job_name: 'kubernetes-nodes'
-
kubernetes_sd_configs:
-
-
role: node
-
scheme:
https
-
tls_config:
-
ca_file:
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-
bearer_token_file:
/var/run/secrets/kubernetes.io/serviceaccount/token
-
relabel_configs:
-
-
action: labelmap
-
regex:
__meta_kubernetes_node_label_(.+)
-
-
target_label: __address__
-
replacement:
kubernetes.default.svc:443
-
-
source_labels: [__meta_kubernetes_node_name]
-
regex:
(.+)
-
target_label:
__metrics_path__
-
replacement:
/api/v1/nodes/${1}/proxy/metrics
-
-
-
-
job_name: 'kubernetes-cadvisor'
-
kubernetes_sd_configs:
-
-
role: node
-
scheme:
https
-
tls_config:
-
ca_file:
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-
bearer_token_file:
/var/run/secrets/kubernetes.io/serviceaccount/token
-
relabel_configs:
-
-
action: labelmap
-
regex:
__meta_kubernetes_node_label_(.+)
-
-
target_label: __address__
-
replacement:
kubernetes.default.svc:443
-
-
source_labels: [__meta_kubernetes_node_name]
-
regex:
(.+)
-
target_label:
__metrics_path__
-
replacement:
/api/v1/nodes/${1}/proxy/metrics/cadvisor
-
-
-
-
job_name: 'kubernetes-service-endpoints'
-
kubernetes_sd_configs:
-
-
role: endpoints
-
relabel_configs:
-
-
source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
-
action:
keep
-
regex:
true
-
-
source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-
action:
replace
-
target_label:
__scheme__
-
regex:
(https?)
-
-
source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-
action:
replace
-
target_label:
__metrics_path__
-
regex:
(.+)
-
-
source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-
action:
replace
-
target_label:
__address__
-
regex:
([^:]+)(?::\d+)?;(\d+)
-
replacement:
$1:$2
-
-
action: labelmap
-
regex:
__meta_kubernetes_service_label_(.+)
-
-
source_labels: [__meta_kubernetes_namespace]
-
action:
replace
-
target_label:
kubernetes_namespace
-
-
source_labels: [__meta_kubernetes_service_name]
-
action:
replace
-
target_label:
kubernetes_name
-
-
-
-
job_name: 'kubernetes-services'
-
kubernetes_sd_configs:
-
-
role: service
-
metrics_path:
/probe
-
params:
-
module:
[http_2xx]
-
relabel_configs:
-
-
source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe]
-
action:
keep
-
regex:
true
-
-
source_labels: [__address__]
-
target_label:
__param_target
-
-
target_label: __address__
-
replacement:
blackbox-exporter.example.com:9115
-
-
source_labels: [__param_target]
-
target_label:
instance
-
-
action: labelmap
-
regex:
__meta_kubernetes_service_label_(.+)
-
-
source_labels: [__meta_kubernetes_namespace]
-
target_label:
kubernetes_namespace
-
-
source_labels: [__meta_kubernetes_service_name]
-
target_label:
kubernetes_name
-
-
-
-
job_name: 'kubernetes-ingresses'
-
kubernetes_sd_configs:
-
-
role: ingress
-
relabel_configs:
-
-
source_labels: [__meta_kubernetes_ingress_annotation_prometheus_io_probe]
-
action:
keep
-
regex:
true
-
-
source_labels: [__meta_kubernetes_ingress_scheme,__address__,__meta_kubernetes_ingress_path]
-
regex:
(.+);(.+);(.+)
-
replacement:
${1}://${2}${3}
-
target_label:
__param_target
-
-
target_label: __address__
-
replacement:
blackbox-exporter.example.com:9115
-
-
source_labels: [__param_target]
-
target_label:
instance
-
-
action: labelmap
-
regex:
__meta_kubernetes_ingress_label_(.+)
-
-
source_labels: [__meta_kubernetes_namespace]
-
target_label:
kubernetes_namespace
-
-
source_labels: [__meta_kubernetes_ingress_name]
-
target_label:
kubernetes_name
-
-
-
-
job_name: 'kubernetes-pods'
-
kubernetes_sd_configs:
-
-
role: pod
-
relabel_configs:
-
-
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
-
action:
keep
-
regex:
true
-
-
source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
-
action:
replace
-
target_label:
__metrics_path__
-
regex:
(.+)
-
-
source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
-
action:
replace
-
regex:
([^:]+)(?::\d+)?;(\d+)
-
replacement:
$1:$2
-
target_label:
__address__
-
-
action: labelmap
-
regex:
__meta_kubernetes_pod_label_(.+)
-
-
source_labels: [__meta_kubernetes_namespace]
-
action:
replace
-
target_label:
kubernetes_namespace
-
-
source_labels: [__meta_kubernetes_pod_name]
-
action:
replace
-
target_label:
kubernetes_pod_name
-
-
第五步:创建prometheus.deploy.yaml文件,文件内容如下:
-
---
-
apiVersion:
apps/v1
-
kind:
Deployment
-
metadata:
-
labels:
-
name:
prometheus-deployment
-
name:
prometheus
-
namespace:
kube-system
-
spec:
-
replicas:
1
-
selector:
-
matchLabels:
-
app:
prometheus
-
template:
-
metadata:
-
labels:
-
app:
prometheus
-
spec:
-
containers:
-
-
image: prom/prometheus:v2.0.0
-
name:
prometheus
-
command:
-
-
"/bin/prometheus"
-
args:
-
-
"--config.file=/etc/prometheus/prometheus.yml"
-
-
"--storage.tsdb.path=/prometheus"
-
-
"--storage.tsdb.retention=24h"
-
ports:
-
- containerPort:
9090
-
protocol:
TCP
-
volumeMounts:
-
-
mountPath: "/prometheus"
-
name:
data
-
-
mountPath: "/etc/prometheus"
-
name:
config-volume
-
resources:
-
requests:
-
cpu:
100m
-
memory:
100Mi
-
limits:
-
cpu:
500m
-
memory:
2500Mi
-
serviceAccountName:
prometheus
-
volumes:
-
-
name: data
-
emptyDir:
{}
-
-
name: config-volume
-
configMap:
-
name:
prometheus-config
-
-
第六步:创建prometheus.svc.yaml文件,文件内容如下:
-
---
-
kind:
Service
-
apiVersion:
v1
-
metadata:
-
labels:
-
app:
prometheus
-
name:
prometheus
-
namespace:
kube-system
-
spec:
-
type:
NodePort
-
ports:
-
- port:
9090
-
targetPort:
9090
-
nodePort:
30006
-
selector:
-
app:
prometheus
第七步:在k8s-master节点上进入/k8smonitor目录依次执行以下命令部署prometheus:
-
kubectl
apply
-f
node-exporter
.yaml
-
kubectl
apply
-f
rbac-setup
.yaml
-
kubectl
apply
-f
configmap
.yaml
-
kubectl
apply
-f
prometheus
.deploy
.yaml
-
kubectl
apply
-f
prometheus
.svc
.yaml
第八步:在k8s-master节点上通过执行以下命令查看启动情况:
-
kubectl get pods -n kube-
system |
grep prometheus
-
kubectl get deploy -n kube-
system |
grep prometheus
-
kubectl get svc -n kube-
system |
grep prometheu
-
kubectl get DaemonSet -n kube-
system |
grep node-exporter
开始部署Grafana
第一步:继续进入k8s-master节点的/k8smonitor目录,创建grafana-deploy.yaml文件,文件内容如下:
-
apiVersion:
apps/v1
-
kind:
Deployment
-
metadata:
-
name:
grafana-core
-
namespace:
kube-system
-
labels:
-
app:
grafana
-
component:
core
-
spec:
-
replicas:
1
-
selector:
-
matchLabels:
-
app:
grafana
-
template:
-
metadata:
-
labels:
-
app:
grafana
-
component:
core
-
spec:
-
containers:
-
-
image: grafana/grafana:4.2.0
-
name:
grafana-core
-
imagePullPolicy:
IfNotPresent
-
# env:
-
resources:
-
# keep request = limit to keep this container in guaranteed class
-
limits:
-
cpu:
100m
-
memory:
100Mi
-
requests:
-
cpu:
100m
-
memory:
100Mi
-
env:
-
# The following env variables set up basic auth twith the default admin user and admin password.
-
-
name: GF_AUTH_BASIC_ENABLED
-
value:
"true"
-
-
name: GF_AUTH_ANONYMOUS_ENABLED
-
value:
"false"
-
# - name: GF_AUTH_ANONYMOUS_ORG_ROLE
-
# value: Admin
-
# does not really work, because of template variables in exported dashboards:
-
# - name: GF_DASHBOARDS_JSON_ENABLED
-
# value: "true"
-
readinessProbe:
-
httpGet:
-
path:
/login
-
port:
3000
-
# initialDelaySeconds: 30
-
# timeoutSeconds: 1
-
volumeMounts:
-
-
name: grafana-persistent-storage
-
mountPath:
/var
-
volumes:
-
-
name: grafana-persistent-storage
-
emptyDir:
{}
-
-
第二步:创建grafana-svc.yaml文件,文件内容如下:
-
apiVersion:
v1
-
kind:
Service
-
metadata:
-
name:
grafana
-
namespace:
kube-system
-
labels:
-
app:
grafana
-
component:
core
-
spec:
-
type:
NodePort
-
ports:
-
- port:
3000
-
targetPort:
3000
-
nodePort:
30003
-
selector:
-
app:
grafana
-
component:
core
-
-
第三步:创建grafana-ing.yaml文件,文件内容如下:
-
apiVersion:
apps/v1
-
kind:
Ingress
-
metadata:
-
name:
grafana
-
namespace:
kube-system
-
spec:
-
rules:
-
-
host: k8s.grafana
-
http:
-
paths:
-
-
path: /
-
backend:
-
serviceName:
grafana
-
servicePort:
3000
-
-
第四步:在k8s-master节点上进入/k8smonitor目录依次执行以下命令部署grafana:
-
kubectl
apply
-f
grafana-deploy
.yaml
-
kubectl
apply
-f
grafana-deploy
.yaml
-
kubectl
apply
-f
grafana-ing
.yaml
第五步:在k8s-master节点上通过执行以下命令查看启动情况:
-
kubectl get pods -n kube-
system |
grep grafana
-
kubectl get deploy -n kube-
system |
grep grafana
-
kubectl get svc -n kube-
system |
grep grafana
-
kubectl get ing -n kube-
system |
grep grafana
至此,prometheus 和 grafana部署完毕!
浏览器访问Grafana
第一步:查看grafana-svc创建后生成的Service端口号:
kubectl get svc -n kube-system
第二步:浏览器访问Grafana:
http://10.68.212.104:30003/login
初始化默认用户和密码统一为:admin/admin。
第三步:添加数据源(Add datasource):
第四步:查到Prometheus的集群IP和端口,注意,这里一定要用ClusterIP,和代理转发到容器的端口(对应svc的port配置值):
如上图所示,CLUSTER-IP:10.98.71.71, 代理端口为:9090。
第五步:继续配置Prometheus数据源:
最后点击Add按钮添加数据源,并保证Testing通过。
第六步:导入内置报表模板:
第七步:输入Prometheus网络模板ID,这里选择ID为315的模板进行统计:
第八步:选择数据源并点击导入模板进行数据可视化:
第九步:大功告成,效果图如下:
-
---------- 正文结束 ----------
-
长按扫码关注微信公众号
-
-
Java软件编程之家
转载:https://blog.csdn.net/lzy_zhi_yuan/article/details/112001166
查看评论