K8S 部署Prometheus

1.为了能够方便的管理配置文件，这里将 prometheus.yml 文件用 ConfigMap的形式进行管理：创建configMap并将配置文件内容写在data字段中：# cat pro_cm.yamlapiVersion: v1kind: ConfigMapmetadata:name: prometheus-confignamespace: kube-mondata:prometheus.ym

lovely_nn

6255人浏览 · 2022-01-04 10:52:05

lovely_nn · 2022-01-04 10:52:05

1.配置文件ConfigMap

1）因为Prometheus的9090端口也是metrics 指标接口，所以自然它可以抓取并监控其自身的运行状况，下面就用收集自身的数据为例进行配置

2）为了能够方便管理，这里将配置文件 prometheus.yml 文件以 ConfigMap的形式注入到Prometheus Pod 中，先创建configMap并将配置文件内容写在data字段中：

# cat pro_cm.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: prometheus-config
  namespace: kube-mon
data:
  prometheus.yml: |
    global:
      scrape_interval: 15s
      scrape_timeout: 15s
    scrape_configs:
    - job_name: 'prometheus'
      static_configs:
      - targets: ['localhost:9090']

# kubectl apply -f pro_cm.yaml

2.数据持久化pv/pvc

通过 Localpv 来对Prometheus进行数据持久化，这里定义pv和node2 节点具有亲和性，将会使用node2本地存储的资源，所以在node2上必须有目录/data/k8s/prometheus ，创建pv与pvc：

# cat pro_pvc.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: prometheus-local
  labels:
    app: prometheus
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 10Gi
  storageClassName: local-storage
  local:
    path: /data/k8s/prometheus
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - node2 
  persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: prometheus-data
  namespace: kube-mon
spec:
  selector:
    matchLabels:
      app: prometheus
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: local-storage

# kubectl apply -f pro_pvc.yaml

3.配置 rbac 相关认证

Prometheus 需要访问 Kubernetes 的一些资源对象，所以需要配置 rbac 相关认证，内容如下：

1）创建一个用于Prometheus pod 中的ServiceAccount
2）创建ClusterRole，定义规则权限
3）创建ClusterRoleBinding 将ServiceAccount 与 ClusterRole进行绑定

# cat pro_rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prometheus
  namespace: kube-mon
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  - services
  - endpoints
  - pods
  - nodes/proxy
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - "extensions"
  resources:
    - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - nodes/metrics
  verbs:
  - get
- nonResourceURLs:
  - /metrics
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: kube-mon

# kubectl apply -f pro_rbac.yaml

4.Deployment部署应用

1）将前面创建的pvc和配置文件configMap 作为volume挂载到Prometheus 中
2）在Prometheus中使用前面创建的ServiceAccount

# cat pro_deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prometheus
  namespace: kube-mon
  labels:
    app: prometheus
spec:
  selector:
    matchLabels:
      app: prometheus
  template:
    metadata:
      labels:
        app: prometheus
    spec:
      securityContext:                                   #指定运行的用户为root
        runAsUser: 0
      serviceAccountName: prometheus
      containers:
      - image: prom/prometheus:v2.30.2
        name: prometheus
        args:
        - "--config.file=/etc/prometheus/prometheus.yml" #通过volume挂载prometheus.yml
        - "--storage.tsdb.path=/prometheus"              #通过vlolume挂载目录/prometheus
        - "--storage.tsdb.retention.time=24h"
        - "--web.enable-admin-api"                       #控制对admin HTTP API的访问，其中包括删除时间序列等功能
        - "--web.enable-lifecycle"                       #支持热更新，直接执行localhost:9090/-/reload立即生效
        ports:
        - containerPort: 9090
          name: http
        volumeMounts:
        - mountPath: "/etc/prometheus"
          name: config-volume
        - mountPath: "/prometheus"
          name: data
        resources:
          requests:
            cpu: 100m
            memory: 512Mi
          limits:
            cpu: 100m
            memory: 512Mi
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: prometheus-data  #本地存储
      - name: config-volume
        configMap:
          name: prometheus-config     #定义的prometeus.yaml

5.创建service对象

为了能够在外部访问到Prometheus 的 Web，为了方便测试，这里创建一个 NodePort 类型的，可以直接访问svc映射到node节点上的端口来访问Prometheus Web：

# cat  pro_svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: prometheus
  namespace: kube-mon
  labels:
    app: prometheus
spec:
  selector:
    app: prometheus
  type: NodePort
  ports:
    - name: web
      port: 9090
      targetPort: http

# kubectl get svc -n kube-mon -o wide
NAME         TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE   SELECTOR
prometheus   NodePort   172.21.239.21   <none>        9090:40132/TCP   60m   app=prometheus

访问Prometheus ：

如上可知，svc映射到node的端口为40132，访问http://node.ip:40132即访问Prometheus Web

可以查看当前监控系统中的一些监控目标（Status -> Targets）：

在Graph 菜单下面可以查看抓取的一些监控数据，例如输入指标prometheus_http_requests_total