K8S如何利用Prometheus監(jiān)控pod的實(shí)時(shí)數(shù)據(jù)指標(biāo)

更新時(shí)間：2024年01月05日 09:41:16 作者：聽說唐僧不吃肉

這篇文章主要給大家介紹了關(guān)于K8S如何利用Prometheus監(jiān)控pod的實(shí)時(shí)數(shù)據(jù)指標(biāo)的相關(guān)資料,Prometheus是一個(gè)開源的服務(wù)監(jiān)控系統(tǒng)和時(shí)序數(shù)據(jù)庫,其提供了通用的數(shù)據(jù)模型和快捷數(shù)據(jù)采集、存儲和查詢接口,需要的朋友可以參考下

一、監(jiān)控部署

1、將k8s集群中kube-state-metrics指標(biāo)進(jìn)行收集，服務(wù)進(jìn)行部署

1.1 pod性能指標(biāo)（k8s集群組件自動集成）

k8s組件本身提供組件自身運(yùn)行的監(jiān)控指標(biāo)以及容器相關(guān)的監(jiān)控指標(biāo)。通過cAdvisor 是一個(gè)開源的分析容器資源使用率和性能特性的代理工具，集成到 Kubelet中，當(dāng)Kubelet啟動時(shí)會同時(shí)啟動cAdvisor，且一個(gè)cAdvisor只監(jiān)控一個(gè)Node節(jié)點(diǎn)的信息。cAdvisor 自動查找所有在其所在節(jié)點(diǎn)上的容器，自動采集 CPU、內(nèi)存、文件系統(tǒng)和網(wǎng)絡(luò)使用的統(tǒng)計(jì)信息。cAdvisor 通過它所在節(jié)點(diǎn)機(jī)的 Root 容器，采集并分析該節(jié)點(diǎn)機(jī)的全面使用情況。

當(dāng)然kubelet也會輸出一些監(jiān)控指標(biāo)數(shù)據(jù)，因此pod的監(jiān)控?cái)?shù)據(jù)有kubelet和cadvisor，監(jiān)控url分別為

https://NodeIP:10250/metrics
https://NodeIP:10250/metrics/cadvisor

1.2 K8S資源監(jiān)控（k8s集群內(nèi)部署）

kube-state-metrics是一個(gè)簡單的服務(wù)，它監(jiān)聽Kubernetes API服務(wù)器并生成關(guān)聯(lián)對象的指標(biāo)。它不關(guān)注單個(gè)Kubernetes組件的運(yùn)行狀況，而是關(guān)注內(nèi)部各種對象（如deployment、node、pod等）的運(yùn)行狀況。

注：先手動檢查下集群，是否已經(jīng)安裝kube-state-metrics

如果集群沒有安裝，可參考如下步驟進(jìn)行部署：

docker pull gcr.io/google_containers/kube-state-metrics:v1.6.0
// 鏡像打標(biāo)簽，設(shè)置為當(dāng)前k8s配置的鏡像倉庫地址
docker tag quay.io/coreos/kube-state-metrics:v1.9.0 dockerhub.kubekey.local/library/kube-state-metrics:v1.9.0
// 推進(jìn)倉庫
docker push dockerhub.kubekey.local/library/kube-state-metrics:v1.9.0

1.3 編輯kube-state-metrics.yml文件

vim kube-state-metrics.yml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: kube-state-metrics
  name: kube-state-metrics
  namespace: prometheus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kube-state-metrics
rules:
- apiGroups: [""]
  resources:
  - configmaps
  - secrets
  - nodes
  - pods
  - services
  - resourcequotas
  - replicationcontrollers
  - limitranges
  - persistentvolumeclaims
  - persistentvolumes
  - namespaces
  - endpoints
  verbs: ["list", "watch"]
- apiGroups: ["extensions"]
  resources:
  - daemonsets
  - deployments
  - replicasets
  - ingresses
  verbs: ["list", "watch"]
- apiGroups: ["apps"]
  resources:
  - daemonsets
  - deployments
  - replicasets
  - statefulsets
  verbs: ["list", "watch"]
- apiGroups: ["batch"]
  resources:
  - cronjobs
  - jobs
  verbs: ["list", "watch"]
- apiGroups: ["autoscaling"]
  resources:
  - horizontalpodautoscalers
  verbs: ["list", "watch"]
- apiGroups: ["policy"]
  resources:
  - poddisruptionbudgets
  verbs: ["list", "watch"]
- apiGroups: ["certificates.k8s.io"]
  resources:
  - certificatesigningrequests
  verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
  resources:
  - storageclasses
  verbs: ["list", "watch"]
- apiGroups: ["autoscaling.k8s.io"]
  resources:
  - verticalpodautoscalers
  verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: kube-state-metrics
  name: kube-state-metrics
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kube-state-metrics
subjects:
- kind: ServiceAccount
  name: kube-state-metrics
  namespace: prometheus
---
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: kube-state-metrics
  name: kube-state-metrics
  namespace: prometheus
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kube-state-metrics
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: kube-state-metrics
    spec:
      containers:
      # 注意，這里image地址修改為你k8s配置的倉庫地址
      - image: dockerhub.kubekey.local/library/kube-state-metrics:v1.9.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 30
        name: kube-state-metrics
        ports:
        - containerPort: 8080
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          limits:
            cpu: 500m
            memory: 768Mi
          requests:
            cpu: 250m
            memory: 768Mi
      restartPolicy: Always
      serviceAccount: kube-state-metrics
      serviceAccountName: kube-state-metrics
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: kube-state-metrics
  name: kube-state-metrics
  namespace: prometheus
spec:
  ports:
  - name: kube-state-metrics
    port: 80
    protocol: TCP
    targetPort: 8080
  selector:
    app: kube-state-metrics
    ## 注意這里kube-state-metrics暴露類型修改為NodePort對外暴露
  type: NodePort

1.4 啟動yaml文件

kubectl apply -f kube-state-metrics.yaml

1.5 查看pod信息

kubectl get pod -n prometheus

1.6 查看service信息

kubectl get svc -n prometheus

這里可以看到k8s集群對外暴露的端口為 62177

1.7 查看集群信息

kubectl get po -n prometheus -owide

然后查看metrics信息

可以手動

curl k8s02:62177/metrics

正常，數(shù)據(jù)metrics就會出現(xiàn)

二、創(chuàng)建token供集群外部訪問

集群外部監(jiān)控K8s集群，通過訪問kube-apiserver來訪問集群資源。通過這種方式集群外部prometheus也能自動發(fā)現(xiàn)k8s集群服務(wù)

# 1.創(chuàng)建serviceaccounts
kubectl create sa prometheus -n default
# 2.創(chuàng)建prometheus角色并對其綁定cluster-admin
kubectl create clusterrolebinding prometheus --clusterrole cluster-admin --serviceaccount=default:prometheus
# 3. 創(chuàng)建secret; k8s1.24之后默認(rèn)不會為serveiceaccounts創(chuàng)建secret
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: prometheus-token
  namespace: default
  annotations:
    kubernetes.io/service-account.name: "prometheus"
EOF
# 4. 測試訪問kube-apiserver
APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
TOKEN=$(kubectl get secret  prometheus-token -n default -o jsonpath='{.data.token}' | base64 --decode)
curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
# 5. 保存token
echo $TOKEN > k8s_token
# 6. 測試訪問指標(biāo)
# 訪問pod性能資源指標(biāo)：（訪問kubelet）
# 注意：master1為當(dāng)前master節(jié)點(diǎn)的hostname，需要修改
curl $APISERVER/api/v1/nodes/master1:10250/proxy/metrics --header "Authorization: Bearer $TOKEN" --insecure

三、集成Prometheus配置

vim prometheus.yml

scrape_configs:
  - job_name: "k8s-cadvisor"
    honor_timestamps: true
    metrics_path: /metrics
    scheme: https
    kubernetes_sd_configs:
    - api_server: https://10.142.155.202:6443
      role: node
      bearer_token_file: /prometheus/data/k8s_token
      tls_config:
        insecure_skip_verify: true
    bearer_token_file: /prometheus/data/k8s_token
    tls_config:
      insecure_skip_verify: true
    relabel_configs:
    - action: labelmap
      regex: __meta_kubernetes_node_label_(.+)
    - separator: ;
      regex: (.*)
      target_label: __address__
      replacement: 10.142.155.202:6443
      action: replace
    - source_labels: [__meta_kubernetes_node_name]
      separator: ;
      regex: (.+)
      target_label: __metrics_path__
      replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
      action: replace
  - job_name: "kube-node-kubelet"
    scheme: https
    tls_config:
      insecure_skip_verify: true
    bearer_token_file: /prometheus/data/k8s_token
    kubernetes_sd_configs:
    - role: node
      api_server: "https://10.142.155.202:6443"   // 修改為對應(yīng)的k8s master的節(jié)點(diǎn)
      tls_config:
        insecure_skip_verify: true
      bearer_token_file: /prometheus/data/k8s_token
    relabel_configs:
    - target_label: __address__
      replacement: 10.142.155.202:6443
    - source_labels: [__meta_kubernetes_node_name]
      regex: (.+)
      target_label: __metrics_path__
      replacement: /api/v1/nodes/${1}:10250/proxy/metrics
    - action: labelmap
      regex: __meta_kubernetes_service_label_(.+)
    - source_labels: [__meta_kubernetes_namespace]
      action: replace
      target_label: kubernetes_namespace
    - source_labels: [__meta_kubernetes_service_name]
      action: replace
      target_label: service_name

注意：bearer_token_file: /prometheus/data/k8s_token

這里的token為上面生成的token信息，請根據(jù)目錄進(jìn)行配置即可

然后重啟prometheus

如果是容器部署的prometheus，需要考慮映射token，可docker cp到/prometheus/data/ 即可

即可

docker restart prometheus

3、進(jìn)入prometheus界面，查看相關(guān)指標(biāo)

默認(rèn)情況下 prometheus url： http://IP:9090

4、集成grafana

導(dǎo)入grafana JSON ID, 747

4.1、導(dǎo)入node信息指標(biāo)

load 即可

4.2、導(dǎo)入pod信息指標(biāo)

JSON ID：15760

大盤信息即可完全展示~

總結(jié)

到此這篇關(guān)于K8S如何利用Prometheus監(jiān)控pod的實(shí)時(shí)數(shù)據(jù)指標(biāo)的文章就介紹到這了,更多相關(guān)K8S Prometheus監(jiān)控pod實(shí)時(shí)數(shù)據(jù)內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: