Prometheus K8S deployed

Deployment: https: //github.com/kubernetes/kubernetes/tree/master/cluster/addons/prometheus

Source directory: kubernetes / cluster / addons / prometheus

Service Discovery: https: //prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config

Deployment Requirements

1, K8S deploy internal DNS service

2, can be used in existing dynamic PV

Profiles

The following is a good profile has been modified, self-trimming according to the conditions

# Api access authorization
prometheus-rbac.yaml

apiVersion: v1
# 创建 ServiceAccount 授予权限
kind: ServiceAccount
metadata:
  name: prometheus
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: prometheus
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile 
rules:
  - apiGroups:
      - ""
    # 授予的权限
    resources:
      - nodes
      - nodes/metrics
      - services
      - endpoints
      - pods
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
  - nonResourceURLs:
      - "/metrics"
    verbs:
      - get
---
# 角色绑定
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: prometheus
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: kube-system

Profiles

# Management prometheus profile
prometheus-configmap.yaml

# Prometheus the format https://prometheus.io/docs/prometheus/latest/configuration/configuration/ Configuration 
apiVersion: V1 
kind: The ConfigMap 
Metadata: 
  name: Prometheus - config 
  namespace: Kube - System 
  Labels: 
    kubernetes.io / Cluster-Service-: " to true " 
    addonmanager.kubernetes.io / the MODE: EnsureExists 
the Data: 
  # store prometheus profile 
  prometheus.yml: | # configure acquisition target     scrape_configs:
     - job_name: prometheus 
      static_configs: - targets:
        
    

      # Collection itself 
        - localhost: 9090 # collection: Apiserver survival Index # the Job name name created for apiservers-Kubernetes 
    - job_name: kubernetes- apiservers
       # discovery based k8s service       kubernetes_sd_configs:
       - Role: Endpoints
       # using communication markup tags       relabel_configs:
       # reserved. regular matching tags 
      - Action: the Keep
         # already contains         regex: default; Kubernetes; HTTPS 
        source_labels: - __meta_kubernetes_namespace 
        - __meta_kubernetes_service_name 
        -
    
    
    



        __meta_kubernetes_endpoint_port_name 
      # use as https, the default HTTP 
      scheme: https 
      tls_config: 
        # promethus access Apiserver use the certification 
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ ca.crt
         # skip https certification 
        insecure_skip_verify: to true
       # promethus access Apiserver use certification 
      bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/ token 
 
    # collection: kubelet survival index 
    - job_name: Kubernetes-nodes- kubelet 
      kubernetes_sd_configs: 
      # found a cluster of all the Node 
      - Role: the Node 
      relabel_configs: 
      #Access to key information REGEX 
      - Action: labelmap 
        REGEX: __meta_kubernetes_node_label_ (+. ) 
      Scheme: HTTPS 
      tls_config: 
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ in ca.crt 
        insecure_skip_verify: to true 
      bearer_token_file: / var / RUN / Secrets /kubernetes.io/serviceaccount/ token 

    # collection: nodes-cadvisor information 
    - job_name: Kubernetes-nodes- cadvisor 
      kubernetes_sd_configs:
       - Role: the Node 
      relabel_configs:
       - Action: labelmap 
        regex:__meta_kubernetes_node_label_ (. + )
       # rename tags 
      - target_label: __metrics_path__ 
        Replacement: / metrics / cadvisor 
      scheme: HTTPS 
      tls_config: 
        ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ in ca.crt 
        insecure_skip_verify: to true 
      bearer_token_file: / var / RUN / Secrets / kubernetes.io / serviceaccount / token 

    # collection: service-endpoints information 
    - job_name: Kubernetes-Service- Endpoints
       # selected indicators 
      kubernetes_sd_configs:
       -  Role: Endpoints
      relabel_configs:
      - action: keep
        regex: true
        # 指定源标签
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_scrape
      - action: replace
        regex: (https?)
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_scheme
        # 重命名标签采集
        target_label: __scheme__
      - action: replace
        regex: (.+)
        source_labels:
        - __meta_kubernetes_service_annotation_prometheus_io_path
        target_label: __metrics_path__
      - action: replace
        regex: ([^:]+)(?::\d+)?;(\d+)
        replacement: $1:$2
        source_labels:
        - __address__
        - __meta_kubernetes_service_annotation_prometheus_io_port
        target_label: __address__
      - action: labelmap
        regex: __meta_kubernetes_service_label_(.+)
      - action: replace
        source_labels:
        - __meta_kubernetes_namespace
        target_label: kubernetes_namespace
      - action: replace
        source_labels:
        -__meta_kubernetes_service_name 
        target_label: kubernetes_name 

    # collection: kubernetes-services service indicators 
    - job_name: kubernetes- Services 
      kubernetes_sd_configs:
       - Role: Service
       # black-box detection, detection IP and port is available 
      metrics_path: / the Probe 
      params: 
        Module:
         - http_2xx 
      relabel_configs:
       - Action: the Keep 
        regex: to true 
        source_labels:
         - __meta_kubernetes_service_annotation_prometheus_io_probe 
      - source_labels:
         - __address__ 
        target_label:__param_target
      # 使用 blackbox进行黑盒探测
      - replacement: blackbox
        target_label: __address__
      - source_labels:
        - __param_target
        target_label: instance
      - action: labelmap
        regex: __meta_kubernetes_service_label_(.+)
      - source_labels:
        - __meta_kubernetes_namespace
        target_label: kubernetes_namespace
      - source_labels:
        - __meta_kubernetes_service_name
        target_label: kubernetes_name

    #Acquisition: kubernetes-pods Information 
    - job_name: kubernetes- PODS 
      kubernetes_sd_configs:
       - Role: POD 
      relabel_configs:
       - Action: the Keep 
        regex: to true 
        source_labels: 
        # retain only information collected 
        - __meta_kubernetes_pod_annotation_prometheus_io_scrape 
      - Action: the replace 
        (.: Regex + ) 
        source_labels:
         - __meta_kubernetes_pod_annotation_prometheus_io_path 
        target_label: __metrics_path__ 
      - Action: the replace 
        regex: ([ ^:] +) (:: \ d +?); (\ d +? )
        replacement: $1:$2
        source_labels:
        # 采集地址
        - __address__
        # 采集端口 
        - __meta_kubernetes_pod_annotation_prometheus_io_port
        target_label: __address__
      - action: labelmap
        regex: __meta_kubernetes_pod_label_(.+)
      - action: replace
        source_labels:
        - __meta_kubernetes_namespace
        target_label: kubernetes_namespace
      - action: replace
        source_labels:
        - __meta_kubernetes_pod_name
        target_label: kubernetes_pod_name 
    Alerting: 
      # alert profile 
      alertmanagers:
       - kubernetes_sd_configs:
           # dynamic acquisition 
          - Role: POD 
        tls_config: 
          ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ in ca.crt 
        bearer_token_file: / var / RUN / Secrets /kubernetes.io/serviceaccount/ token 
        relabel_configs:
         - source_labels: [ __meta_kubernetes_namespace ] 
          REGEX: Kube - System 
          Action: Keep
         - source_labels: [ __meta_kubernetes_pod_label_k8s_app ]
          regex: alertmanager
          action: keep
        - source_labels: [__meta_kubernetes_pod_container_port_number]
          regex:
          action: drop

Profiles

# Expose the prometheus access
prometheus-service.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: prometheus
  # 部署命名空间 
  namespace: kube-system
  labels:
    k8s-app: prometheus
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    version: v2.2.1
spec:
  serviceName: "prometheus"
  replicas: 1
  podManagementPolicy: "Parallel"
  updateStrategy:
   type: "RollingUpdate"
  selector:
    matchLabels:
      k8s-app: prometheus
  template:
    metadata:
      labels:
        k8s-app: prometheus
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      priorityClassName: system-cluster-critical
      serviceAccountName: prometheus
      # 初始化容器
      initContainers:
      - name: "init-chown-data"
        image: "busybox:latest"
        imagePullPolicy: "IfNotPresent"
        command: ["chown", "-R", "65534:65534", "/data"]
        volumeMounts:
        - name: prometheus-data
          mountPath: /data
          subPath: ""
      containers:
        - name: prometheus-server-configmap-reload
          image: "jimmidyson/configmap-reload:v0.1"
          imagePullPolicy: "IfNotPresent"
          args:
            - --volume-dir=/etc/config
            - --webhook-url=http://localhost:9090/-/reload
          volumeMounts:
            - name: config-volume
              mountPath: /etc/config
              readOnly: true
          resources:
            limits:
              cpu: 10m
              memory: 10Mi
            requests:
              cpu: 10m
              memory: 10Mi

        - name: prometheus-server
          # 主要使用镜像
          image: "prom/prometheus:v2.2.1"
          imagePullPolicy: "IfNotPresent"
          args:
            - --config.file=/etc/config/prometheus.yml
            - --storage.tsdb.path=/data
            - --web.console.libraries=/etc/prometheus/console_libraries
            - --web.console.templates=/etc/prometheus/consoles
            - --web.enable-lifecycle
          ports:
            - containerPort: 9090
          readinessProbe:
            # 健康检查
            httpGet:
              path: /-/ready
              port: 9090
            initialDelaySeconds: 30
            timeoutSeconds: 30
          livenessProbe:
            httpGet:
              path: /-/healthy
              port: 9090
            initialDelaySeconds: 30
            timeoutSeconds: 30
          # based on 10 running nodes with 30 pods each
          resources:
            limits:
              cpu: 200m
              memory: 1000Mi
            requests:
              cpu: 200m
              memory: 1000Mi
          # 数据卷
          volumeMounts:
            - name: config-volume
              MountPath:/ etc / config
             - name: prometheus- the Data 
              MountPath: / the Data 
              subPath: "" 
      terminationGracePeriodSeconds: 300 
      Volumes:
         - name: config- Volume 
          configMap: 
            name: Prometheus - config 
  volumeClaimTemplates:
   - the Metadata: 
      name: Prometheus - the Data 
    spec: 
      # Use dynamic PV, PV dynamically modified to store the created 
      storageClassName: NFS-safe locking-Managed storage 
      accessModes:
         - ReadWriteOnce 
      Resources:
        requests:
          storage: "16Gi"

Profiles

# In the form of state will have to deploy prometheus
prometheus-statefulset.yaml

kind: Service 
apiVersion: v1 
the Metadata: 
  name: Prometheus 
  # Specify the namespace 
  namespace: kube- System 
  Labels: 
    kubernetes.io / name: " Prometheus " 
    kubernetes.io / Cluster-Service: " to true " 
    addonmanager.kubernetes.io / the MODE: Reconcile 
spec: 
  # add an external access 
  of the type: NodePort
   # specify the internal protocol access 
  the ports:
     - name: HTTP 
      Port: 9090 
      protocol: TCP 
      TARGETPORT: 9090  
  Selector:
    K8S-app: prometheus

Profiles

deploy

1, download the package github: https: //github.com/kubernetes/kubernetes/

2, copy files to a specified directory

mkdir ~/prometheus
cp ~/kubernetes/cluster/addons/prometheus/* ~/prometheus/

3, enter the directory

cd ~/prometheus/

4, k8s create a configuration file to run container

kubectl apply -f prometheus-rbac.yaml
kubectl apply -f prometheus-configmap.yaml
kubectl apply -f prometheus-statefulset.yaml
kubectl apply -f prometheus-service.yaml

5, create a resource view

kubectl get pod,svc -n kube-system
NAME                           READY   STATUS    RESTARTS   AGE
pod/coredns-64479cf49b-lsqqn   1/1     Running   0          75m
pod/prometheus-0               2/2     Running   0          2m12s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
service/kube-dns     ClusterIP   10.0.0.2     <none>        53/UDP,53/TCP,9153/TCP   75m
service/prometheus   NodePort    10.0.0.170   <none>        9090:42575/TCP           8s

6, test access port open through monitoring terminal port