📦
Kubernetes版本1.18,使用容器部署Prometheus-operator版本为0.6🏆 Prometheus监控Etcd和Mariadb
❓ 云原生应用
为什么拿这两个做监控呢?之前说过云原生应用和非云原生应用,而
ETCD就数据云原生应用而Mariadb反之
Etcd会暴露一个/metrics接口,而mariadb这种非云原生应用就需要通过exporter来进行数据收集,且有exporter来暴露/metrics
Kubernetes本身的宿主机肯定不是,它是一个系统,肯定也没有暴露/metrics,所以就需要使用到exporter了,在安装好kube-prometheus之后就已经通过daemnoset的方式安装好node-exporter了[root@k8s-master mariadb]# kubectl get pod -n monitoring | grep node-exporter node-exporter-wkdmk 2/2 Running 2 45h node-exporter-xgrf2 2/2 Running 2 45h
Promethues就可以通过node-exporter暴露的9100端口来进行采集curl 127.0.0.1:9100/metrics | tail -n 1 promhttp_metric_handler_requests_total{code="503"} 0如果你是通过
Kube-Prometheus安装的,就需要通过一个ServiceMonitor来自动发现监控目标并动态的生成配置,这个是一个CRD由operator自动创建,只要创建了ServiceMonitor,Pormetheus operator就会自动的去解析并生成对应的配置⭐️ 监控
ETCD使用
Prometheus监控kubernetes集群的etcd1️⃣ 首先查看
prometheus和etcd服务是正常运行##Prometheus [root@k8s-master etcd]# kubectl get pod -n monitoring NAME READY STATUS RESTARTS AGE alertmanager-main-0 2/2 Running 2 26h alertmanager-main-1 2/2 Running 2 26h alertmanager-main-2 2/2 Running 2 26h kube-state-metrics-69d4c7c69d-wdqpj 3/3 Running 3 26h node-exporter-wkdmk 2/2 Running 2 26h node-exporter-xgrf2 2/2 Running 2 26h prometheus-adapter-66b855f564-j69k6 1/1 Running 1 26h prometheus-k8s-0 3/3 Running 1 24m prometheus-k8s-1 3/3 Running 1 24m prometheus-operator-75c98bcfd7-lglzj 2/2 Running 2 26h ##Etcd [root@k8s-master etcd]# kubectl get pod -n kube-system | grep etcd etcd-k8s-master 1/1 Running 16 22d2️⃣
Kubernetes的etcd是直接使用了hostIP,由于它是云原生应用所以它会提供一个metrics接口,使用如下命令访问注意
ip地址记得更换,如果修改过etcd端口的也需要更换[root@k8s-master etcd]# curl -s --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key https://10.96.38.117:2379/metrics -k | tail -n 1 promhttp_metric_handler_requests_total{code="503"} 03️⃣ 由于
ETCD是使用的hostIP,ServiceMonitor需要对接Service,先给etcd创建一个svc代理,yaml文件如下apiVersion: v1 kind: Service metadata: name: etcd-svc-prom labels: app: etcd namespace: kube-system ###请注意你的etcd的名称空间 spec: selector: component: etcd ports: - name: https-metrics port: 2379 protocol: TCP type: ClusterIP创建之后查看
[root@k8s-master etcd]# kubectl get svc -n kube-system -l app=etcd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE etcd-svc-prom ClusterIP 10.96.38.117 <none> 2379/TCP 39m4️⃣ 由于
etcd默认是tls,必须通过https访问所以需要添加证书这里请注意证书地址,不同的搭建k8s集群的证书生成地址可能不一致
[root@k8s-master etcd]# kubectl create secret generic etcd-ssl --from-file=/etc/kubernetes/pki/etcd/ca.crt --from-file=/etc/kubernetes/pki/etcd/server.key --from-file=/etc/kubernetes/pki/etcd/server.crt -n monitoring创建完成后需要挂载至
Prometheus容器之中##直接使用kebectl edit 命令 [root@k8s-master etcd]# kubectl edit prometheus k8s -n monitoring .... ruleSelector: matchLabels: prometheus: k8s role: alert-rules secrets: ##添加 - etcd-ssl ##添加 ....保存退出之后查看普罗米修斯是否正常运行
[root@k8s-master etcd]# kubectl get pod -n monitoring NAME READY STATUS RESTARTS AGE alertmanager-main-0 2/2 Running 2 26h alertmanager-main-1 2/2 Running 2 26h alertmanager-main-2 2/2 Running 2 26h kube-state-metrics-69d4c7c69d-wdqpj 3/3 Running 3 26h node-exporter-wkdmk 2/2 Running 2 26h node-exporter-xgrf2 2/2 Running 2 26h prometheus-adapter-66b855f564-j69k6 1/1 Running 1 26h prometheus-k8s-0 3/3 Running 1 37m prometheus-k8s-1 3/3 Running 1 37m prometheus-operator-75c98bcfd7-lglzj 2/2 Running 2 26h注意挂载位置为如下
[root@k8s-master etcd]# kubectl exec -n monitoring prometheus-k8s-0 -c prometheus -- ls /etc/prometheus/secrets/etcd-ssl/ ca.crt server.crt server.key6️⃣ 创建
ServiceMonitor对接etcd-svc,如下yaml文件apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: etcd-svc-monitor namespace: monitoring labels: app: etcd spec: jobLabel: k8s-etcd endpoints: - interval: 10s port: https-metrics scheme: https tlsConfig: caFile: /etc/prometheus/secrets/etcd-ssl/ca.crt certFile: /etc/prometheus/secrets/etcd-ssl/server.crt keyFile: /etc/prometheus/secrets/etcd-ssl/server.key insecureSkipVerify: true selector: matchLabels: app: etcd ##注意需要和service的标签一致 namespaceSelector: matchNames: - kube-system解释:
honorLabels: 如果目标标签和服务器标签冲突,是否保留目标标签interval: 监控数据抓取的时间间隔prot: 暴露的metrics端口selector: 监控的目标Service标签namespaceSelector: 被监控的Service所在的名称空间5️⃣ 创建完成之后进入
Prometheus Dashboard查看Status ---> Service Discovery
进入
Grafana导入3070模板
⭐️ 监控
Mariadb1️⃣ 首先需要你先安装一个
Mariadb,可以先查看前几条博客Kubernets搭建Mariadb主从[root@k8s-master ~]# kubectl get pod -n mall-app -l app=mariadb NAME READY STATUS RESTARTS AGE mariadb-0 2/2 Running 10 5d20h mariadb-1 2/2 Running 10 5d20h进入主节点容器,输入如下命令,注意数据库的用户和密码填写你自定义的
[root@k8s-master mariadb]# kubectl exec -it -n mall-app mariadb-0 -c mariadb -- mysql -u xxx -p xxxx Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 601 Server version: 10.6.4-MariaDB-1:10.6.4+maria~focal-log mariadb.org binary distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE USER 'exporter'@'%' IDENTIFIED BY 'exporter123' WITH MAX_USER_CONNECTIONS 3; MariaDB [(none)]> GRANT PROCESS, REPLICATION CLIENT, SELECT,SUPER ON *.* TO 'exporter'@'%';2️⃣ 安装
mysql-export使用如下yaml文档使用的镜像为https://github.com/prometheus/mysqld_exporter/tree/v0.14.0,详细操作可以查看文档
配置数据连接语法文档在https://github.com/go-sql-driver/mysql#dsn-data-source-name,其中
mariadb.mall-app.svc.cluster.local为你的maraidb主节点的内部域名apiVersion: apps/v1 kind: Deployment metadata: name: mysql-export er namespace: monitoring #注意 spec: selector: matchLabels: monitor: mysql replicas: 1 template: metadata: name: mysql-exporter labels: monitor: mysql spec: containers: - name: mysql-exporter image: prom/mysqld-exporter:v0.14.0 ##注意0.15之后貌似env不是DATA_SOURCE_NAME了 env: - name: DATA_SOURCE_NAME ##配置数据库的连接,注意语法 value: "exporter:exporter123@(mariadb.mall-app.svc.cluster.local:3306)/" imagePullPolicy: IfNotPresent ports: - containerPort: 9104 ##注意端口 --- apiVersion: v1 kind: Service metadata: name: mysql-exporter namespace: monitoring ##注意 labels: monitor: mysql ## 注意label spec: selector: monitor: mysql ports: - name: api port: 9104 protocol: TCP type: ClusterIP创建之后查看是否运行成功
[root@k8s-master mariadb]# kubectl get pod -n monitoring -l monitor=mysql NAME READY STATUS RESTARTS AGE mysql-exporter-6b4bbdb6d4-wslt6 1/1 Running 0 4h11m3️⃣ 创建
ServiceMonitor绑定exporter的svcapiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: mysql-exporter namespace: monitoring ##注意 labels: monitor: mysql spec: jobLabel: k8s-app endpoints: - port: api interval: 30s scheme: http selector: matchLabels: monitor: mysql ##注意label和svc的label一致 namespaceSelector: matchNames: - monitoring创建成功后查看
[root@k8s-master mariadb]# kubectl get servicemonitors.monitoring.coreos.com -n monitoring -l monitor=mysql NAME AGE mysql-exporter 4h12m4️⃣ 接下来进入
Prometheus的WebUI即可查看
进入
grafana,同样选择dashboard导入13106
