kubernetes 1.18交付prometheus、altermanager

@Jestin  September 02, 2020

kubernetes交付prometheus、altermanager

数据存储在NFS上

/etc/exports
/data/monitoring 10.100.0.0/16(rw,sync,no_root_squash)

namespace

apiVersion: v1
kind: Namespace
metadata:
  name: monitoring

rbac

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: prometheus
rules:
- apiGroups: [""]
  resources:
  - nodes
  - nodes/proxy
  - services
  - endpoints
  - pods
  verbs: ["get", "list", "watch"]
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: default
  namespace: monitoring

pv pvc

apiVersion: v1
kind: PersistentVolume
metadata:
  name: prometheus
  labels:
    name: prometheus
spec:
  persistentVolumeReclaimPolicy: Retain
  capacity:
    storage: 200Gi
  accessModes: ["ReadWriteOnce","ReadWriteMany"]
  nfs:
    path: /data/monitoring
    server: 10.100.2.119
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: prometheus
  namespace: monitoring
spec:
  selector:
    matchLabels:
      name: prometheus
  accessModes: ["ReadWriteOnce","ReadWriteMany"]
  resources:
    requests:
      storage: 200Gi

deployment(配置中加入了 etcd_secrets)

kubectl -n monitoring create secret generic etcd-certs --from-file=/opt/etcd/certs/ca.pem --from-file=/opt/etcd/certs/etcd-peer-key.pem --from-file=/opt/etcd/certs/etcd-peer.pem

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: prometheus
  name: prometheus
  namespace: monitoring
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: prometheus
  template:
    metadata:
      labels:
        k8s-app: prometheus
    spec:
      securityContext:
        runAsUser: 0
      nodeSelector:
        env: monitoring
      containers:
        - image: prom/prometheus:latest
          name: prometheus
          args:
            - "--config.file=/usr/share/prometheus/prometheus.yml"
            - "--storage.tsdb.path=/usr/share/prometheus/storage"
            - "--web.enable-lifecycle"
          ports:
            - containerPort: 9090
          volumeMounts:
            - name: monitoring-vol
              mountPath: /usr/share/
            - name: etcd-secrets
              mountPath: /etc/prometheus/secrets/etcd-certs
        - image: prom/alertmanager:latest
          name: alertmanager
          args:
            - "--config.file=/usr/share/alertmanager/config.yml"
            - "--storage.path=/usr/share/alertmanager/storage"
          ports:
            - containerPort: 9093
              protocol: TCP
              name: http
          volumeMounts:
            - name: monitoring-vol
              mountPath: /usr/share/
          resources:
            requests:
              cpu: 500m
              memory: 200Mi
            limits:
              cpu: 1000m
              memory: 800Mi
      volumes:
        - name: monitoring-vol
          persistentVolumeClaim:
            claimName: prometheus
        - name: etcd-secrets
          secret:
            secretName: etcd-certs

service

apiVersion: v1
kind: Service
metadata:
  labels:
    kubernetes.io/cluster-service: 'true'
    kubernetes.io/name: prometheus
  name: prometheus
  namespace: monitoring
spec:
  type: NodePort
  ports:
  - port: 9091
    name: pushgateway
  - port: 9090
    name: prometheus
  - port: 9093
    targetPort: 9093
    name: alertmanager
  selector:
    k8s-app: prometheus

ControllerManager-service

apiVersion: v1
kind: Service
metadata:
  namespace: kube-system
  name: kube-controller-manager
  labels:
    k8s-app: kube-controller-manager
spec:
  selector:
    component: kube-controller-manager
  ports:
  - name: http-metrics
    port: 10252
    targetPort: 10252
    protocol: TCP

Scheduler-service

apiVersion: v1
kind: Service
metadata:
  namespace: kube-system
  name: kube-scheduler
  labels:
    k8s-app: kube-scheduler
spec:
  selector:
    component: kube-scheduler
  ports:
  - name: http-metrics
    port: 10251
    targetPort: 10251
    protocol: TCP

添加新评论