cat case4-prom-rbac.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: prometheus namespace: monitoring --- apiVersion: v1 kind: Secret type: kubernetes.io/service-account-token metadata: name: monitoring-token namespace: monitoring annotations: kubernetes.io/service-account.name: "prometheus" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: prometheus rules: - apiGroups: - "" resources: - nodes - services - endpoints - pods - nodes/proxy verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - configmaps - nodes/metrics verbs: - get - nonResourceURLs: - /metrics verbs: - get --- #apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: prometheus roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: prometheus subjects: - kind: ServiceAccount name: prometheus namespace: monitoring
[root@sealyun-k8s-master-01 20220911]# kubectl describe secrets -n monitoring monitoring-token Name: monitoring-token Namespace: monitoring Labels: <none> Annotations: kubernetes.io/service-account.name: prometheus kubernetes.io/service-account.uid: 4edd037d-bec0-4135-ba96-03d25c88a874 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1070 bytes namespace: 10 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjMtSTlpb2JuWWJ2ek1SYXY2eWRxMXhLRUQ0XzRSdkVyU1BsREc1aktRMW8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtb25pdG9yaW5nIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im1vbml0b3JpbmctdG9rZW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicHJvbWV0aGV1cyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjRlZGQwMzdkLWJlYzAtNDEzNS1iYTk2LTAzZDI1Yzg4YTg3NCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDptb25pdG9yaW5nOnByb21ldGhldXMifQ.Tq20uSWOaSrZPZiameXBBf6imozv7OnK_44CDA3zZD4O1yguMBb9Ei-kJ_b2Bd3k4bMsK__HLBFBHrQNq5PWJd4F6d_aL3HJYlu4SQ1mICRCVZnb9D3xzQZOZ6KtS105ALcJc_yWUlgnOQSa5YMQLU9uThKm7Q7viqBnJSWhxKnpS5NFEgTN7yAlRAfMIryPOBunvdLBlqNabPpIMu5su9KaT8iqSjUjup6DpIdn-9rjrzg2qa-vh0LY6EzwDo_wEBen6P02ruwoiWupEI5iftvEhaZ7tym5dgA9kei1oc8ByQ5KNeu6GiI6QodhUXDGQmXMfNkr5XGIL8HoU5Nubg [root@sealyun-k8s-master-01 20220911]#
[root@monitoring prometheus]# pwd /opt/prometheus [root@monitoring prometheus]# vim k8s.token [root@monitoring prometheus]# cat k8s.token eyJhbGciOiJSUzI1NiIsImtpZCI6IjMtSTlpb2JuWWJ2ek1SYXY2eWRxMXhLRUQ0XzRSdkVyU1BsREc1aktRMW8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtb25pdG9yaW5nIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im1vbml0b3JpbmctdG9rZW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoicHJvbWV0aGV1cyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjRlZGQwMzdkLWJlYzAtNDEzNS1iYTk2LTAzZDI1Yzg4YTg3NCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDptb25pdG9yaW5nOnByb21ldGhldXMifQ.Tq20uSWOaSrZPZiameXBBf6imozv7OnK_44CDA3zZD4O1yguMBb9Ei-kJ_b2Bd3k4bMsK__HLBFBHrQNq5PWJd4F6d_aL3HJYlu4SQ1mICRCVZnb9D3xzQZOZ6KtS105ALcJc_yWUlgnOQSa5YMQLU9uThKm7Q7viqBnJSWhxKnpS5NFEgTN7yAlRAfMIryPOBunvdLBlqNabPpIMu5su9KaT8iqSjUjup6DpIdn-9rjrzg2qa-vh0LY6EzwDo_wEBen6P02ruwoiWupEI5iftvEhaZ7tym5dgA9kei1oc8ByQ5KNeu6GiI6QodhUXDGQmXMfNkr5XGIL8HoU5Nubg [root@monitoring prometheus]#
cat prometheus.yaml
# my global config global: scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. # scrape_timeout is set to the global default (10s). # Alertmanager configuration alerting: alertmanagers: - static_configs: - targets: # - alertmanager:9093 # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. rule_files: # - "first_rules.yml" # - "second_rules.yml" # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config. - job_name: "prometheus" static_configs: - targets: ["localhost:9090"] - job_name: 'file_sd_node_export' file_sd_configs: - files: - /opt/prometheus/file_sd/sd_node-exporter.json refresh_interval: 10s - job_name: 'file_sd_process_export' file_sd_configs: - files: - /opt/prometheus/file_sd/sd_process-exporter.json refresh_interval: 10s #API Serevr节点发现 - job_name: 'kubernetes-apiservers-monitor' kubernetes_sd_configs: - role: endpoints api_server: tls_config: insecure_skip_verify: true bearer_token_file: /opt/prometheus/k8s.token scheme: https tls_config: insecure_skip_verify: true bearer_token_file: /opt/prometheus/k8s.token relabel_configs: - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] action: keep regex: default;kubernetes;https #课自定义替换发现的服务器端口、协议等 - source_labels: [__address__] regex: '(.*):6443' replacement: '${1}:9100' target_label: __address__ action: replace - source_labels: [__scheme__] regex: https replacement: http target_label: __scheme__ action: replace #node节点发现 - job_name: 'kubernetes-nodes-monitor' scheme: http tls_config: insecure_skip_verify: true bearer_token_file: /opt/prometheus/k8s.token kubernetes_sd_configs: - role: node api_server: tls_config: insecure_skip_verify: true bearer_token_file: /opt/prometheus/k8s.token relabel_configs: - source_labels: [__address__] regex: '(.*):10250' replacement: '${1}:9100' target_label: __address__ action: replace - source_labels: [__meta_kubernetes_node_label_failure_domain_beta_kubernetes_io_region] regex: '(.*)' replacement: '${1}' action: replace target_label: LOC - source_labels: [__meta_kubernetes_node_label_failure_domain_beta_kubernetes_io_region] regex: '(.*)' replacement: 'NODE' action: replace target_label: Type - source_labels: [__meta_kubernetes_node_label_failure_domain_beta_kubernetes_io_region] regex: '(.*)' replacement: 'K8S-test' action: replace target_label: Env - action: labelmap regex: __meta_kubernetes_node_label_(.+) #指定namespace 的pod - job_name: 'kubernetes-发现指定namespace的所有pod' kubernetes_sd_configs: - role: pod api_server: tls_config: insecure_skip_verify: true bearer_token_file: /opt/prometheus/k8s.token namespaces: names: - kube-system - openebs relabel_configs: - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: kubernetes_pod_name #指定Pod发现条件 - job_name: 'kubernetes-指定发现条件的pod' kubernetes_sd_configs: - role: pod api_server: tls_config: insecure_skip_verify: true bearer_token_file: /opt/prometheus/k8s.token relabel_configs: - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] action: keep regex: true - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ regex: (.+) - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: kubernetes_pod_name - source_labels: [__meta_kubernetes_pod_label_pod_template_hash] regex: '(.*)' replacement: 'K8S-test' action: replace target_label: Env
[root@sealyun-k8s-master-01 20220911]# ls case1-daemonset-deploy-cadvisor.yaml case3-1-prometheus-cfg.yaml case3-3-prometheus-svc.yaml case5-kube-state-metrics-deploy.yaml case2-daemonset-deploy-node-exporter.yaml case3-2-prometheus-deployment.yaml case4-prom-rbac.yaml grafana-enterprise.yaml [root@sealyun-k8s-master-01 20220911]# kubectl create -f case2-daemonset-deploy-node-exporter.yaml daemonset.apps/node-exporter created service/node-exporter created [root@sealyun-k8s-master-01 20220911]# [root@sealyun-k8s-master-01 20220911]# kubectl get pod -n monitoring NAME READY STATUS RESTARTS AGE node-exporter-59d5x 1/1 Running 0 101s node-exporter-9mb8b 1/1 Running 0 101s node-exporter-mr8vc 1/1 Running 0 101s node-exporter-nzwtf 1/1 Running 0 101s node-exporter-vwmst 1/1 Running 0 101s [root@sealyun-k8s-master-01 20220911]#
cat case5-kube-state-metrics-deploy.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: kube-state-metrics namespace: kube-system spec: replicas: 1 selector: matchLabels: app: kube-state-metrics template: metadata: labels: app: kube-state-metrics spec: serviceAccountName: kube-state-metrics containers: - name: kube-state-metrics image: registry.cn-hangzhou.aliyuncs.com/zhangshijie/kube-state-metrics:v2.6.0 ports: - containerPort: 8080 --- --- apiVersion: v1 kind: ServiceAccount metadata: name: kube-state-metrics namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kube-state-metrics rules: - apiGroups: [""] resources: ["nodes", "pods", "services", "resourcequotas", "replicationcontrollers", "limitranges", "persistentvolumeclaims", "persistentvolumes", "namespaces", "endpoints"] verbs: ["list", "watch"] - apiGroups: ["extensions"] resources: ["daemonsets", "deployments", "replicasets"] verbs: ["list", "watch"] - apiGroups: ["apps"] resources: ["statefulsets"] verbs: ["list", "watch"] - apiGroups: ["batch"] resources: ["cronjobs", "jobs"] verbs: ["list", "watch"] - apiGroups: ["autoscaling"] resources: ["horizontalpodautoscalers"] verbs: ["list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kube-state-metrics subjects: - kind: ServiceAccount name: kube-state-metrics namespace: kube-system --- apiVersion: v1 kind: Service metadata: annotations: prometheus.io/scrape: 'true' name: kube-state-metrics namespace: kube-system labels: app: kube-state-metrics spec: type: NodePort ports: - name: kube-state-metrics port: 8080 targetPort: 8080 nodePort: 31666 protocol: TCP selector: app: kube-state-metrics
vim prometheus.yml
#kube-state-metrics服务采集 - job_name: "kube-state-metrics" static_configs: - targets: [""]
3.2、编写tomcat 镜像构建脚本
FROM tomcat:8.5.73 ADD server.xml /usr/local/tomcat/conf/server.xml RUN mkdir /data/tomcat/webapps -p ADD myapp /data/tomcat/webapps/myapp ADD metrics.war /data/tomcat/webapps ADD simpleclient-0.8.0.jar /usr/local/tomcat/lib/ ADD simpleclient_common-0.8.0.jar /usr/local/tomcat/lib/ ADD simpleclient_hotspot-0.8.0.jar /usr/local/tomcat/lib/ ADD simpleclient_servlet-0.8.0.jar /usr/local/tomcat/lib/ ADD tomcat_exporter_client-0.0.12.jar /usr/local/tomcat/lib/ EXPOSE 8080 8443 8009
cat build-command.sh
#!/bin/bash nerdctl build -t harbor.magedu.net/magedu/tomcat-app1:v1 . nerdctl push harbor.magedu.net/magedu/tomcat-app1:v1
cat tomcat-deploy.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: tomcat-deployment namespace: default spec: selector: matchLabels: app: tomcat replicas: 1 # tells deployment to run 2 pods matching the template template: # create pods using pod definition in this template metadata: labels: app: tomcat annotations: prometheus.io/scrape: 'true' spec: containers: - name: tomcat image: harbor.magedu.net/magedu/tomcat-app1:v1 imagePullPolicy: Always ports: - containerPort: 8080 securityContext: privileged: true
cat tomcat-svc.yaml
kind: Service #service 类型 apiVersion: v1 metadata: annotations: prometheus.io/scrape: 'true' name: tomcat-service spec: selector: app: tomcat ports: - nodePort: 31080 port: 80 protocol: TCP targetPort: 8080 type: NodePort
vim prometheus.yml
#tomcat服务采集 - job_name: "tomcat-monitor-metrics" static_configs: - targets: [""]
3.6、导入tomcat 监控模板
cat redis-deployment.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: redis namespace: studylinux-net spec: replicas: 1 selector: matchLabels: app: redis template: metadata: labels: app: redis spec: containers: - name: redis image: redis:4.0.14 resources: requests: cpu: 100m memory: 100Mi ports: - containerPort: 6379 - name: redis-exporter image: oliver006/redis_exporter:latest resources: requests: cpu: 100m memory: 100Mi ports: - containerPort: 9121
cat redis-exporter-svc.yaml
kind: Service #service 类型 apiVersion: v1 metadata: annotations: prometheus.io/scrape: 'true' prometheus.io/port: "9121" name: redis-exporter-service namespace: studylinux-net spec: selector: app: redis ports: - nodePort: 31082 name: prom port: 9121 protocol: TCP targetPort: 9121 type: NodePort
cat redis-redis-svc.yaml
kind: Service #service 类型 apiVersion: v1 metadata: # annotations: # prometheus.io/scrape: 'false' name: redis-redis-service namespace: studylinux-net spec: selector: app: redis ports: - nodePort: 31081 name: redis port: 6379 protocol: TCP targetPort: 6379 type: NodePort
#tomcat服务采集 - job_name: "tomcat-monitor-metrics" static_configs: - targets: [""] #redis服务采集 - job_name: "redis-monitor-metrics" static_configs: - targets: [""]
cat redis_cli.py
#!/usr/bin/env python #coding:utf-8 import redis import time pool = redis.ConnectionPool(host="", port=31081,db=0,password="") r = redis.Redis(connection_pool=pool) for i in range(500): r.set("key%s" % i,"value-n70%s"% i) #time.sleep(0.1) data=r.get("key%s" % i) print(data)
安装python-redis模块并更新python版本 apt-get install python apt install python3-pip pip install redis 修改本地python环境 root@easzlab-deploy:/usr/bin# ll -h python lrwxrwxrwx 1 root root 16 Jul 26 11:33 python -> /usr/bin/python3* root@easzlab-deploy:/usr/bin# rm -fr python root@easzlab-deploy:/usr/bin# ln -s /usr/bin/python3.8 python root@easzlab-deploy:/usr/bin# ll -h python* lrwxrwxrwx 1 root root 18 Sep 25 00:31 python -> /usr/bin/python3.8* lrwxrwxrwx 1 root root 9 Mar 13 2020 python2 -> python2.7* -rwxr-xr-x 1 root root 3.5M Jul 1 20:27 python2.7* lrwxrwxrwx 1 root root 9 Mar 13 2020 python3 -> python3.8* -rwxr-xr-x 1 root root 5.3M Jun 23 04:18 python3.8* lrwxrwxrwx 1 root root 33 Jun 23 04:18 python3.8-config -> x86_64-linux-gnu-python3.8-config* lrwxrwxrwx 1 root root 16 Mar 13 2020 python3-config -> python3.8-config* -rwxr-xr-x 1 root root 2.5K Apr 14 2020 python-argcomplete-check-easy-install-script3* -rwxr-xr-x 1 root root 314 Apr 14 2020 python-argcomplete-tcsh3* root@easzlab-deploy:/usr/bin#
python redis_cli.py
wget https://github.com/prometheus/haproxy_exporter/releases/download/v0.13.0/haproxy_exporter-0.13.0.linux-amd64.tar.gz
tar -xf haproxy_exporter-0.13.0.linux-amd64.tar.gz -C /opt/
cd /opt/
mv haproxy_exporter-0.13.0.linux-amd64/ haproxy_exporter
cat /etc/systemd/system/haproxy_exporter.service
[Unit] Description=Prometheus haproxy_exporter daemon After=network.target [Service] Type=simple User=root Group=root ExecStart=/opt/haproxy_exporter/haproxy_exporter --haproxy.scrape-uri="http://admin:admin@;csv" Restart=on-failure [Install] WantedBy=multi-user.target
scp -r haproxy_exporter/ root@
scp -r haproxy_exporter/ root@
scp /etc/systemd/system/haproxy_exporter.service root@
scp /etc/systemd/system/haproxy_exporter.service root@
启动152、153 haproxy_exporter服务
#tomcat服务采集 - job_name: "tomcat-monitor-metrics" static_configs: - targets: [""] #redis服务采集 - job_name: "redis-monitor-metrics" static_configs: - targets: [""] #haproxy服务采集 - job_name: "haproxy-monitor-metrics" static_configs: - targets: ["","",""]