一、概述
Prometheus 最開始是由 SoundCloud 開發的開源監控告警系統,是 Google BorgMon 監控系統的開源版本。在 2016 年,Prometheus 加入 CNCF,成為繼 Kubernetes 之後第二個被 CNCF 託管的專案。隨著 Kubernetes 在容器編排領頭羊地位的確立,Prometheus 也成為 Kubernetes 容器監控的標配。
關於Prometheus 的介紹可以參考我之前的文章:Prometheus原理詳解
二、使用 Helm 安裝 Prometheus
地址:https://artifacthub。io/packages/helm/prometheus-community/prometheus
1)配置源
# 新增repohelm repo add prometheus-community https://prometheus-community。github。io/helm-chartshelm repo update prometheus-communityhelm search repo prometheus-community/prometheus
2)下載 prometheus 包
# 拉包helm pull prometheus-community/prometheus# 解包tar -xf prometheus-15。12。2。tgz
3)修改映象
grep -A3 ‘image:’ prometheus/values。yaml
search-》pull-》tag-》push
### 1、alertmanagerdocker search alertmanagerdocker pull quay。io/prometheus/alertmanagerdocker tag quay。io/prometheus/alertmanager myharbor。com/monitoring/alertmanager:v0。24。0docker push myharbor。com/monitoring/alertmanager:v0。24。0### 2、configmap-reloaddocker search configmap-reloaddocker pull jimmidyson/configmap-reload:v0。5。0docker tag jimmidyson/configmap-reload:v0。5。0 myharbor。com/monitoring/configmap-reload:v0。5。0docker push myharbor。com/monitoring/configmap-reload:v0。5。0### 3、node-exporterdocker search node-exporterdocker pull quay。io/prometheus/node-exporter:v1。3。1docker tag quay。io/prometheus/node-exporter:v1。3。1 myharbor。com/monitoring/node-exporter:v1。3。1docker push myharbor。com/monitoring/node-exporter:v1。3。1### 4、prometheusdocker search prometheusdocker pull quay。io/prometheus/prometheus:v2。36。2docker tag quay。io/prometheus/prometheus:v2。36。2 myharbor。com/monitoring/prometheus:v2。36。2docker push myharbor。com/monitoring/prometheus:v2。36。2### 5、pushgatewaydocker search pushgatewaydocker pull prom/pushgateway:v1。4。3docker tag prom/pushgateway:v1。4。3 myharbor。com/monitoring/pushgateway:v1。4。3docker push myharbor。com/monitoring/pushgateway:v1。4。3### 6、kube-state-metrics# charts/kube-state-metrics/values。yamldocker pull bitnami/kube-state-metricsdocker tag bitnami/kube-state-metrics:latest myharbor。com/monitoring/kube-state-metrics:latestdocker push myharbor。com/monitoring/kube-state-metrics:latest
修改映象
values。yaml
,
charts/kube-state-metrics/values。yaml
4)安裝 prometheus
# ——dry-run ——debughelm install prometheus 。/ \ -n prometheus \ ——create-namespace \ ——set server。ingress。enabled=true \ ——set server。ingress。hosts=‘{prometheus。k8s。local}’ \ ——set server。ingress。paths=‘{/}’ \ ——set server。ingress。pathType=Prefix \ ——set alertmanager。ingress。enabled=true \ ——set alertmanager。ingress。hosts=‘{alertmanager。k8s。local}’ \ ——set alertmanager。ingress。paths=‘{/}’ \ ——set alertmanager。ingress。pathType=Prefix \ ——set grafana。ingress。enabled=true \ ——set grafana。ingress。hosts=‘{grafana。k8s。local}’ \ ——set grafana。ingress。paths=‘{/}’ \ ——set grafana。ingress。pathType=Prefix
NOTES
NAME: prometheusLAST DEPLOYED: Sat Sep 17 10:06:04 2022NAMESPACE: prometheusSTATUS: deployedREVISION: 1TEST SUITE: NoneNOTES:The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster:prometheus-server。prometheus。svc。cluster。localGet the Prometheus server URL by running these commands in the same shell: export POD_NAME=$(kubectl get pods ——namespace prometheus -l “app=prometheus,component=server” -o jsonpath=“{。items[0]。metadata。name}”) kubectl ——namespace prometheus port-forward $POD_NAME 9090The Prometheus alertmanager can be accessed via port 80 on the following DNS name from within your cluster:prometheus-alertmanager。prometheus。svc。cluster。localFrom outside the cluster, the alertmanager URL(s) are:http://alertmanager。k8s。local####################################################################################### WARNING: Pod Security Policy has been moved to a global property。 ########### use 。Values。podSecurityPolicy。enabled with pod-based ########### annotations ########### (e。g。 。Values。nodeExporter。podSecurityPolicy。annotations) ######################################################################################The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster:prometheus-pushgateway。prometheus。svc。cluster。localGet the PushGateway URL by running these commands in the same shell: export POD_NAME=$(kubectl get pods ——namespace prometheus -l “app=prometheus,component=pushgateway” -o jsonpath=“{。items[0]。metadata。name}”) kubectl ——namespace prometheus port-forward $POD_NAME 9091For more information on running Prometheus, visit:https://prometheus。io/
檢視
kubectl get pods,svc,ingress -n prometheus
5)訪問web
prometheus:http://prometheus。k8s。local/
alertmanager:http://alertmanager。k8s。local
6)配置https並更新
1、生成證書(有證書可忽略)
cd /opt/k8s/prometheus/artifacthub/prometheusmkdir tls ; cd tls# 生成 CA 證書私鑰openssl genrsa -out ca。key 4096# 生成 CA 證書openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj “/C=CN/ST=Guangdong/L=Shenzhen/O=k8s。local/OU=k8s。local/CN=k8s。local” \ -key ca。key \ -out ca。crt# 建立域名證書,生成私鑰openssl genrsa -out k8s。local。key 4096# 生成證書籤名請求 CSRopenssl req -sha512 -new \ -subj “/C=CN/ST=Guangdong/L=Shenzhen/O=k8s。local/OU=k8s。local/CN=k8s。local” \ -key k8s。local。key \ -out k8s。local。csr# 生成 x509 v3 擴充套件cat > v3。ext <<-EOFauthorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuthsubjectAltName = @alt_names[alt_names]DNS。1=k8s。localDNS。2=*。k8s。localDNS。3=k8s。localEOF#建立 k8s。local 訪問證書openssl x509 -req -sha512 -days 3650 \ -extfile v3。ext \ -CA ca。crt -CAkey ca。key -CAcreateserial \ -in k8s。local。csr \ -out k8s。local。crt
2、修改配置
alertmanager:。。。 ingress: 。。。 tls: - secretName: prometheus-alerts-tls hosts: - alertmanager。k8s。local 。。。server:。。。 ingress: 。。。 tls: - secretName: prometheus-alerts-tls hosts: - alertmanager。k8s。local。。。secrets: - name: prometheus-alerts-tls cert: tls/k8s。local。crt key: tls/k8s。local。key
新增一個
templates/tls-secret。yaml
檔案
{{ range 。Values。secrets }}apiVersion: v1kind: Secretmetadata: name: {{ 。name }}data: tls。crt: {{ $。Files。Get 。cert | b64enc }} tls。key: {{ $。Files。Get 。key | b64enc }}type: kubernetes。io/tls——-{{ end }}
3、upgrade 更新
helm upgrade prometheus 。/ -n prometheus
檢視
kubectl get pods,svc,ingress -n prometheus
web 訪問:
https://prometheus。k8s。local/
https://alertmanager。k8s。local/
7)解除安裝
helm uninstall prometheus -n prometheuskubectl delete pod -n prometheus `kubectl get pod -n prometheus |awk ‘NR>1{print $1}’` ——forcekubectl patch ns prometheus -p ‘{“metadata”:{“finalizers”:null}}’kubectl delete ns prometheus ——force
三、使用 Helm 安裝 Grafana
地址:https://artifacthub。io/packages/helm/grafana/grafana
1)配置源
helm repo add grafana https://grafana。github。io/helm-chartshelm repo update grafanahelm search repo grafana/grafana
2)下載grafana包
helm pull grafana/grafanatar -xf grafana-6。38。3。tgz
3)修改映象
grep -A3 ‘image:’ grafana/values。yaml
search-》pull-》tag-》push
### 1、grafanadocker search grafanadocker pull grafana/grafanadocker tag grafana/grafana:latest myharbor。com/monitoring/grafana:9。1。5docker push myharbor。com/monitoring/grafana:9。1。5### 2、batsdocker search batsdocker pull bats/bats:v1。4。1docker tag bats/bats:v1。4。1 myharbor。com/monitoring/bats:v1。4。1docker push myharbor。com/monitoring/bats:v1。4。1### 3、busyboxdocker search busyboxdocker pull busybox:1。31。1docker tag busybox:1。31。1 myharbor。com/monitoring/busybox:1。31。1docker push myharbor。com/monitoring/busybox:1。31。1### 4、k8s-sidecardocker search k8s-sidecardocker pull quay。io/kiwigrid/k8s-sidecar:1。19。2docker tag quay。io/kiwigrid/k8s-sidecar:1。19。2 myharbor。com/monitoring/k8s-sidecar:1。19。2docker push myharbor。com/monitoring/k8s-sidecar:1。19。2### 5、grafana-image-rendererdocker search grafana-image-rendererdocker pull grafana/grafana-image-renderer:latestdocker tag grafana/grafana-image-renderer:latest myharbor。com/monitoring/grafana-image-renderer:latestdocker push myharbor。com/monitoring/grafana-image-renderer:latest
修改映象values。yaml
4)安裝 grafana
helm install grafana 。/ \ -n grafana \ ——create-namespace \ ——set ingress。enabled=true \ ——set ingress。hosts=‘{grafana。k8s。local}’ \ ——set ingress。paths=‘{/}’ \ ——set ingress。pathType=Prefix
NOTES
NAME: grafanaLAST DEPLOYED: Sat Sep 17 11:41:14 2022NAMESPACE: grafanaSTATUS: deployedREVISION: 1NOTES:1。 Get your ‘admin’ user password by running: kubectl get secret ——namespace grafana grafana -o jsonpath=“{。data。admin-password}” | base64 ——decode ; echo2。 The Grafana server can be accessed via port 80 on the following DNS name from within your cluster: grafana。grafana。svc。cluster。local If you bind grafana to 80, please update values in values。yaml and reinstall: securityContext: runAsUser: 0 runAsGroup: 0 fsGroup: 0 command: - “setcap” - “‘cap_net_bind_service=+ep’” - “/usr/sbin/grafana-server &&” - “sh” - “/run。sh” Details refer to https://grafana。com/docs/installation/configuration/#http-port。 Or grafana would always crash。 From outside the cluster, the server URL(s) are: http://grafana。k8s。local3。 Login with the password from step 1 and the username: admin####################################################################################### WARNING: Persistence is disabled!!! You will lose your data when ########### the Grafana pod is terminated。 ######################################################################################
檢視
kubectl get pods,svc,ingress -n grafana
5)訪問web
http://grafana。k8s。local/
賬號:
admin
,密碼透過下面命令獲取
0D0NfEWWFx9qsBiKR8PuFVxf6PPa9o8YGhZZaNXY
kubectl get secret ——namespace grafana grafana -o jsonpath=“{。data。admin-password}” | base64 ——decode ; echo
6)配置https並更新
證書的就用上面的,注意記得把stl檔案copy到grafana部署目錄
1、修改配置
。。。ingress:。。。 tls: - secretName: prometheus-alerts-tls hosts: - grafana。k8s。local。。。secrets: - name: grafana-alerts-tls cert: tls/k8s。local。crt key: tls/k8s。local。key
新增一個
templates/tls-secret。yaml
檔案
{{ range 。Values。secrets }}apiVersion: v1kind: Secretmetadata: name: {{ 。name }}data: tls。crt: {{ $。Files。Get 。cert | b64enc }} tls。key: {{ $。Files。Get 。key | b64enc }}type: kubernetes。io/tls——-{{ end }}
2、upgrade 更新
helm upgrade grafana 。/ -n grafana
檢視
kubectl get pods,svc,ingress -n grafana
web 訪問:https://grafana。k8s。local/
賬號:
admin
,密碼透過下面命令獲取
0D0NfEWWFx9qsBiKR8PuFVxf6PPa9o8YGhZZaNXY
kubectl get secret ——namespace grafana grafana -o jsonpath=“{。data。admin-password}” | base64 ——decode ; echo
7)解除安裝
helm uninstall grafana -n grafanakubectl delete pod -n grafana `kubectl get pod -n grafana|awk ‘NR>1{print $1}’` ——forcekubectl patch ns grafana -p ‘{“metadata”:{“finalizers”:null}}’kubectl delete ns grafana ——force
Prometheus on K8s 環境部署就先到這裡了,下一篇文章講具體怎麼使用Prometheus+grafana監控k8s資源,請小夥伴耐心等待哦,有任何疑問歡迎給我留言哦~