十一、在k8s集群中安装prometheus
1.在master机器上创建sa账号并对sa做rbac授权#创建一个sa账号monitorkubectl create serviceaccount monitor -n monitor-sa#把sa账号monitor通过clusterrolebing 绑定到clusterrole 上kubectl create clusterrolebinding monitor-clusterrolebinding -n monitor-sa --clusterrolecluster-admin --serviceaccountmonitor-sa:monitor#注意有的同学执行上面授权也会报错那就需要下面的授权命令kubectl create clusterrolebinding monitor-clusterrolebinding-1 -n monitor-sa --clusterrolecluster-admin --usersystem:serviceaccount:monitor:monitor-sa2.在k8s集群的每一个node节点上创建数据目录mkdir datachmod 777 data3.在master节点创建一个configmap用来存放prometheus配置信息vim prometheus-cfg.yaml输入---kind: ConfigMapapiVersion: v1metadata:labels:app: prometheusname: prometheus-confignamespace: monitor-sadata:prometheus.yml: |global:scrape_interval: 15sscrape_timeout: 10sevaluation_interval: 1mscrape_configs:- job_name: kubernetes-nodekubernetes_sd_configs:- role: noderelabel_configs:- source_labels: [__address__]regex: (.*):10250replacement: ${1}:9100target_label: __address__action: replace- action: labelmapregex: __meta_kubernetes_node_label_(.)- job_name: kubernetes-node-cadvisorkubernetes_sd_configs:- role: nodescheme: httpstls_config:ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtbearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/tokenrelabel_configs:- action: labelmapregex: __meta_kubernetes_node_label_(.)- target_label: __address__replacement: kubernetes.default.svc:443- source_labels: [__meta_kubernetes_node_name]regex: (.)target_label: __metrics_path__replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor- job_name: kubernetes-apiserverkubernetes_sd_configs:- role: endpointsscheme: httpstls_config:ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crtbearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/tokenrelabel_configs:- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]action: keepregex: default;kubernetes;https- job_name: kubernetes-service-endpointskubernetes_sd_configs:- role: endpointsrelabel_configs:- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]action: keepregex: true- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]action: replacetarget_label: __scheme__regex: (https?)- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]action: replacetarget_label: __metrics_path__regex: (.)- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]action: replacetarget_label: __address__regex: ([^:])(?::\d)?;(\d)replacement: $1:$2- action: labelmapregex: __meta_kubernetes_service_label_(.)- source_labels: [__meta_kubernetes_namespace]action: replacetarget_label: kubernetes_namespace- source_labels: [__meta_kubernetes_service_name]action: replacetarget_label: kubernetes_name- job_name: kubernetes-podskubernetes_sd_configs:- role: podrelabel_configs:- action: keepregex: truesource_labels:- __meta_kubernetes_pod_annotation_prometheus_io_scrape- action: replaceregex: (.)source_labels:- __meta_kubernetes_pod_annotation_prometheus_io_pathtarget_label: __metrics_path__- action: replaceregex: ([^:])(?::\d)?;(\d)replacement: $1:$2source_labels:- __address__- __meta_kubernetes_pod_annotation_prometheus_io_porttarget_label: __address__- action: labelmapregex: __meta_kubernetes_pod_label_(.)- action: replacesource_labels:- __meta_kubernetes_namespacetarget_label: kubernetes_namespace- action: replacesource_labels:- __meta_kubernetes_pod_nametarget_label: kubernetes_pod_name保存退出kubectl apply -f prometheus-cfg.yaml查看是的创建成功kubectl get cm -n monitor-sa可以看见下面的内容就表示成功了3.在集群的每一个机器上导入prometheus镜像docker pull prom/prometheus:v2.45.0docker save -o prometheus.tar prom/prometheus:v2.45.0ctr -nk8s.io images import prometheus.tar创建一个vim prometheus-notcenter.yaml文件输入apiVersion: apps/v1kind: StatefulSetmetadata:name: prometheusnamespace: monitor-salabels:app: prometheusspec:replicas: 2serviceName: prometheus-serverselector:matchLabels:app: prometheuscomponent: servertemplate:metadata:labels:app: prometheuscomponent: serverannotations:prometheus.io/scrape: truespec:serviceAccountName: monitorcontainers:- name: prometheusimage: docker.io/prom/prometheus:v2.45.0imagePullPolicy: IfNotPresentcommand:- prometheus- --config.file/etc/prometheus/prometheus.yml- --storage.tsdb.path/prometheus- --storage.tsdb.retention720h- --web.enable-lifecycleports:- containerPort: 9090volumeMounts:- name: prometheus-configmountPath: /etc/prometheus- name: prometheus-storage-volumemountPath: /prometheusvolumes:- name: prometheus-configconfigMap:name: prometheus-config- name: prometheus-storage-volumehostPath:path: /root/prometheus/datatype: Directory保存退出kubectl apply -f prometheus-notcenter.yamlkubectl get pods -n monitor-sa -owide看到下面的内容说明启动成功4.、给prometheus pod创建一个servicevim prometheus-svc.yaml输入apiVersion: v1kind: Servicemetadata:name: prometheus-servicenamespace: monitor-salabels:app: prometheusspec:type: NodePortports:- port: 9090targetPort: 9090protocol: TCPselector:app: prometheuscomponent: server保存退出kubectl apply -f prometheus-svc.yamlkubectl get svc -n monitor-sa查看到端口 32363登录webUI这里就可以此时登录http://192.168.40.180:32363/targets可以看到下面的内容但是此时会有一个很惊人的发现就是http://192.168.40.180:32363/targetshttp://192.168.40.181:32363/targetshttp://192.168.40.182:32363/targets无论是180的master机器还是181或者182的node机器都是看到所有的数据所以其实在k8s机器数量较少的情况下可以不需要prometheus中心~