云原生PrometheusGrafanaonK8s环境部署
一、概述
Prometheus 最开始是由 SoundCloud 开发的开源监控告警系统,是 Google BorgMon 监控系统的开源版本。在 2016 年,Prometheus 加入 CNCF,成为继 Kubernetes 之后第二个被 CNCF 托管的项目。随着 Kubernetes 在容器编排领头羊地位的确立,Prometheus 也成为 Kubernetes 容器监控的标配。
关于Prometheus 的介绍可以参考我之前的文章:Prometheus原理详解
二、使用 Helm 安装 Prometheus
地址:https://artifacthub.io/packages/helm/prometheus-community/prometheus 1)配置源# 添加repo helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update prometheus-community helm search repo prometheus-community/prometheus
2)下载 prometheus 包# 拉包 helm pull prometheus-community/prometheus # 解包 tar -xf prometheus-15.12.2.tgz3)修改镜像grep -A3 "image:" prometheus/values.yaml
search-》pull-》tag-》push ### 1、alertmanager docker search alertmanager docker pull quay.io/prometheus/alertmanager docker tag quay.io/prometheus/alertmanager myharbor.com/monitoring/alertmanager:v0.24.0 docker push myharbor.com/monitoring/alertmanager:v0.24.0 ### 2、configmap-reload docker search configmap-reload docker pull jimmidyson/configmap-reload:v0.5.0 docker tag jimmidyson/configmap-reload:v0.5.0 myharbor.com/monitoring/configmap-reload:v0.5.0 docker push myharbor.com/monitoring/configmap-reload:v0.5.0 ### 3、node-exporter docker search node-exporter docker pull quay.io/prometheus/node-exporter:v1.3.1 docker tag quay.io/prometheus/node-exporter:v1.3.1 myharbor.com/monitoring/node-exporter:v1.3.1 docker push myharbor.com/monitoring/node-exporter:v1.3.1 ### 4、prometheus docker search prometheus docker pull quay.io/prometheus/prometheus:v2.36.2 docker tag quay.io/prometheus/prometheus:v2.36.2 myharbor.com/monitoring/prometheus:v2.36.2 docker push myharbor.com/monitoring/prometheus:v2.36.2 ### 5、pushgateway docker search pushgateway docker pull prom/pushgateway:v1.4.3 docker tag prom/pushgateway:v1.4.3 myharbor.com/monitoring/pushgateway:v1.4.3 docker push myharbor.com/monitoring/pushgateway:v1.4.3 ### 6、kube-state-metrics # charts/kube-state-metrics/values.yaml docker pull bitnami/kube-state-metrics docker tag bitnami/kube-state-metrics:latest myharbor.com/monitoring/kube-state-metrics:latest docker push myharbor.com/monitoring/kube-state-metrics:latest
修改镜像 values.yaml ,charts/kube-state-metrics/values.yaml 4)安装 prometheus# --dry-run --debug helm install prometheus ./ -n prometheus --create-namespace --set server.ingress.enabled=true --set server.ingress.hosts="{prometheus.k8s.local}" --set server.ingress.paths="{/}" --set server.ingress.pathType=Prefix --set alertmanager.ingress.enabled=true --set alertmanager.ingress.hosts="{alertmanager.k8s.local}" --set alertmanager.ingress.paths="{/}" --set alertmanager.ingress.pathType=Prefix --set grafana.ingress.enabled=true --set grafana.ingress.hosts="{grafana.k8s.local}" --set grafana.ingress.paths="{/}" --set grafana.ingress.pathType=Prefix
NOTES NAME: prometheus LAST DEPLOYED: Sat Sep 17 10:06:04 2022 NAMESPACE: prometheus STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: The Prometheus server can be accessed via port 80 on the following DNS name from within your cluster: prometheus-server.prometheus.svc.cluster.local Get the Prometheus server URL by running these commands in the same shell: export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus,component=server" -o jsonpath="{.items[0].metadata.name}") kubectl --namespace prometheus port-forward $POD_NAME 9090 The Prometheus alertmanager can be accessed via port 80 on the following DNS name from within your cluster: prometheus-alertmanager.prometheus.svc.cluster.local From outside the cluster, the alertmanager URL(s) are: http://alertmanager.k8s.local ################################################################################# ###### WARNING: Pod Security Policy has been moved to a global property. ##### ###### use .Values.podSecurityPolicy.enabled with pod-based ##### ###### annotations ##### ###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) ##### ################################################################################# The Prometheus PushGateway can be accessed via port 9091 on the following DNS name from within your cluster: prometheus-pushgateway.prometheus.svc.cluster.local Get the PushGateway URL by running these commands in the same shell: export POD_NAME=$(kubectl get pods --namespace prometheus -l "app=prometheus,component=pushgateway" -o jsonpath="{.items[0].metadata.name}") kubectl --namespace prometheus port-forward $POD_NAME 9091 For more information on running Prometheus, visit: https://prometheus.io/
查看 kubectl get pods,svc,ingress -n prometheus
5)访问web
prometheus:http://prometheus.k8s.local/
alertmanager:http://alertmanager.k8s.local
6)配置https并更新1、生成证书(有证书可忽略)cd /opt/k8s/prometheus/artifacthub/prometheus mkdir tls ; cd tls # 生成 CA 证书私钥 openssl genrsa -out ca.key 4096 # 生成 CA 证书 openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Guangdong/L=Shenzhen/O=k8s.local/OU=k8s.local/CN=k8s.local" -key ca.key -out ca.crt # 创建域名证书,生成私钥 openssl genrsa -out k8s.local.key 4096 # 生成证书签名请求 CSR openssl req -sha512 -new -subj "/C=CN/ST=Guangdong/L=Shenzhen/O=k8s.local/OU=k8s.local/CN=k8s.local" -key k8s.local.key -out k8s.local.csr # 生成 x509 v3 扩展 cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=k8s.local DNS.2=*.k8s.local DNS.3=k8s.local EOF #创建 k8s.local 访问证书 openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in k8s.local.csr -out k8s.local.crt
2、修改配置alertmanager: ... ingress: ... tls: - secretName: prometheus-alerts-tls hosts: - alertmanager.k8s.local ... server: ... ingress: ... tls: - secretName: prometheus-alerts-tls hosts: - alertmanager.k8s.local ... secrets: - name: prometheus-alerts-tls cert: tls/k8s.local.crt key: tls/k8s.local.key
新增一个 templates/tls-secret.yaml 文件{{ range .Values.secrets }} apiVersion: v1 kind: Secret metadata: name: {{ .name }} data: tls.crt: {{ $.Files.Get .cert | b64enc }} tls.key: {{ $.Files.Get .key | b64enc }} type: kubernetes.io/tls --- {{ end }}3、upgrade 更新helm upgrade prometheus ./ -n prometheus
查看 kubectl get pods,svc,ingress -n prometheus
web 访问:
https://prometheus.k8s.local/
https://alertmanager.k8s.local/ 7)卸载helm uninstall prometheus -n prometheus kubectl delete pod -n prometheus `kubectl get pod -n prometheus |awk "NR>1{print $1}"` --force kubectl patch ns prometheus -p "{"metadata":{"finalizers":null}}" kubectl delete ns prometheus --force三、使用 Helm 安装 Grafana
地址:https://artifacthub.io/packages/helm/grafana/grafana 1)配置源helm repo add grafana https://grafana.github.io/helm-charts helm repo update grafana helm search repo grafana/grafana2)下载grafana包helm pull grafana/grafana tar -xf grafana-6.38.3.tgz3)修改镜像grep -A3 "image:" grafana/values.yaml
search-》pull-》tag-》push ### 1、grafana docker search grafana docker pull grafana/grafana docker tag grafana/grafana:latest myharbor.com/monitoring/grafana:9.1.5 docker push myharbor.com/monitoring/grafana:9.1.5 ### 2、bats docker search bats docker pull bats/bats:v1.4.1 docker tag bats/bats:v1.4.1 myharbor.com/monitoring/bats:v1.4.1 docker push myharbor.com/monitoring/bats:v1.4.1 ### 3、busybox docker search busybox docker pull busybox:1.31.1 docker tag busybox:1.31.1 myharbor.com/monitoring/busybox:1.31.1 docker push myharbor.com/monitoring/busybox:1.31.1 ### 4、k8s-sidecar docker search k8s-sidecar docker pull quay.io/kiwigrid/k8s-sidecar:1.19.2 docker tag quay.io/kiwigrid/k8s-sidecar:1.19.2 myharbor.com/monitoring/k8s-sidecar:1.19.2 docker push myharbor.com/monitoring/k8s-sidecar:1.19.2 ### 5、grafana-image-renderer docker search grafana-image-renderer docker pull grafana/grafana-image-renderer:latest docker tag grafana/grafana-image-renderer:latest myharbor.com/monitoring/grafana-image-renderer:latest docker push myharbor.com/monitoring/grafana-image-renderer:latest
修改镜像values.yaml 4)安装 grafanahelm install grafana ./ -n grafana --create-namespace --set ingress.enabled=true --set ingress.hosts="{grafana.k8s.local}" --set ingress.paths="{/}" --set ingress.pathType=Prefix
NOTES NAME: grafana LAST DEPLOYED: Sat Sep 17 11:41:14 2022 NAMESPACE: grafana STATUS: deployed REVISION: 1 NOTES: 1. Get your "admin" user password by running: kubectl get secret --namespace grafana grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo 2. The Grafana server can be accessed via port 80 on the following DNS name from within your cluster: grafana.grafana.svc.cluster.local If you bind grafana to 80, please update values in values.yaml and reinstall: securityContext: runAsUser: 0 runAsGroup: 0 fsGroup: 0 command: - "setcap" - ""cap_net_bind_service=+ep"" - "/usr/sbin/grafana-server &&" - "sh" - "/run.sh" Details refer to https://grafana.com/docs/installation/configuration/#http-port. Or grafana would always crash. From outside the cluster, the server URL(s) are: http://grafana.k8s.local 3. Login with the password from step 1 and the username: admin ################################################################################# ###### WARNING: Persistence is disabled!!! You will lose your data when ##### ###### the Grafana pod is terminated. ##### #################################################################################
查看 kubectl get pods,svc,ingress -n grafana
5)访问web
http://grafana.k8s.local/
账号: admin ,密码通过下面命令获取0D0NfEWWFx9qsBiKR8PuFVxf6PPa9o8YGhZZaNXY kubectl get secret --namespace grafana grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
6)配置https并更新
证书的就用上面的,注意记得把stl文件copy到grafana部署目录 1、修改配置... ingress: ... tls: - secretName: prometheus-alerts-tls hosts: - grafana.k8s.local ... secrets: - name: grafana-alerts-tls cert: tls/k8s.local.crt key: tls/k8s.local.key
新增一个 templates/tls-secret.yaml 文件{{ range .Values.secrets }} apiVersion: v1 kind: Secret metadata: name: {{ .name }} data: tls.crt: {{ $.Files.Get .cert | b64enc }} tls.key: {{ $.Files.Get .key | b64enc }} type: kubernetes.io/tls --- {{ end }}2、upgrade 更新helm upgrade grafana ./ -n grafana
查看 kubectl get pods,svc,ingress -n grafana
web 访问:https://grafana.k8s.local/
账号: admin ,密码通过下面命令获取0D0NfEWWFx9qsBiKR8PuFVxf6PPa9o8YGhZZaNXY kubectl get secret --namespace grafana grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
7)卸载helm uninstall grafana -n grafana kubectl delete pod -n grafana `kubectl get pod -n grafana|awk "NR>1{print $1}"` --force kubectl patch ns grafana -p "{"metadata":{"finalizers":null}}" kubectl delete ns grafana --force
Prometheus on K8s 环境部署就先到这里了,下一篇文章讲具体怎么使用Prometheus+grafana监控k8s资源,请小伙伴耐心等待哦,有任何疑问欢迎给我留言哦~
10月7日各纸厂废纸收购价格信息华东地区山东潍坊汇胜纸业,废纸价格上调30元吨。山东烟台大展纸业,废纸价格上调30元吨。山东德州平原汇胜纸业,废纸价格上调30元吨。山东威海龙港纸业,废纸价格上调30元吨。浙江龙游
世界上最大虚假信息传播者是谁?美国斯坦福大学网络观察室和互联网研究公司格拉菲卡不久前共同发布了一份报告,披露美国利用社交媒体针对其他国家和地区散播虚假信息,从而影响国际舆论,操纵认知叙事。这份报告揭露了美国通过
世界上最大虚假信息传播者是谁?美国斯坦福大学网络观察室和互联网研究公司格拉菲卡不久前共同发布了一份报告,披露美国利用社交媒体针对其他国家和地区散播虚假信息,从而影响国际舆论,操纵认知叙事。这份报告揭露了美国通过
没钱的银行卡是销户还是留着?幸亏及时提醒虽然现在出门大都是移动支付,用手机扫一扫码就搞定,但个别的支付APP还是要绑定银行卡的。大家手里可能会有一两张闲置的银行卡,里面没钱也不去注销,还留着,事实上,这种卡就是所谓的双零
SWIFT布局央行数字货币,14家银行参与!我国数字人民币跨境支付也有好消息越来越多的国家正在研究布局央行数字货币。10月5日,环球银行金融电信协会(SWIFT)在官网公布了其央行数字货币(CBDC)用于跨境支付的试验结果。在针对不同技术和货币进行了为期8
江西九江银行服务器怎么选择硬件配置都是什么要求?银行用的服务器百分之99的都是IBM的机器,性能非常强大,安全性高。而且不是用一台服务器一般都是两台做双机热备。再大型的规模就是很多机器集群,而且为了防止地震或者灾难让数据丢失,所
银行卡长期不存钱不销户,有什么后果?会欠银行钱吗?涨知识了随着电子支付时代的到来,很多人都已经开始习惯使用移动支付了,像微信支付支付宝付款等等。而在此之前人们经常使用的银行卡也逐渐淡出了人们的视野。目前银行卡在我们市面上使用人数还不算特别
台学者今年第4季新台币将持续呈贬势中国台湾网10月8日讯据台湾中国时报报道,台湾中央大学台湾经济发展研究中心执行长吴大任警示,全球金融市场地缘政治瞬息万变,通货膨胀压力恐怕还没结束,油价上涨输入性通膨等多重影响,短
油价,10月10日成品油调价,油价或出现变数?油价或出现变数?油价最新消息今日2022年10月8日星期六,距离国内成品油调价窗口开启还剩下最后2天,也就是下周一晚上24时开启,美原油一周狂飙超16,布伦特原油更是涨至接近98美
鲁泰纺织衣被天下,布满全球各种色系上千个颜色的纱线面料衬衫排列开来,形成绚丽多彩的展示墙,一眼望去,色彩渐变的视觉效果让人为之震撼进入鲁泰纺织股份有限公司(以下简称鲁泰纺织)面料馆的人,无不被这样场面感十足
法定货币与加密货币有什么区别与具有有形价值的黄金不同,法定货币仅由政府权威支持。法定货币包括美元欧元英镑和日元。菲亚特是指权威或任意的秩序。因此,在法定货币的情况下,政府的授权赋予它们法定货币并赋予它们价值。