Prometheus:监控 K8S 集群内部 ETCD
|
151
|
2
|
Prometheus,云原生

259 字
|
4 分钟

这里的环境为 Prometheus 是外部部署,而 etcd 是部署在 K8S 集群内部,从而实现对他监控

每个 etcd 服务器都/metrics在其客户端端口路径下导出指标。

11.1 ETCD 自带 metrics 验证

如果我们的 etcd 是部署在集群内部就需要通过证书认证的方式才能够拿到对应的监控指标

1.查看监控接口是否能够正常使用

[14:14:08 root@k8s-master ~]#curl -k --cert /etc/kubernetes/pki/apiserver-etcd-client.crt --key /etc/kubernetes/pki/apiserver-etcd-client.key https://10.0.0.131:2379/metrics

# 拿到监控指标
......
# HELP process_virtual_memory_max_bytes Maximum amount of virtual memory available in bytes.
# TYPE process_virtual_memory_max_bytes gauge
process_virtual_memory_max_bytes -1
# HELP promhttp_metric_handler_requests_in_flight Current number of scrapes being served.
# TYPE promhttp_metric_handler_requests_in_flight gauge
promhttp_metric_handler_requests_in_flight 1
......

11.2 查看 ETCD 引用的证书文件

# 查看 etcd pod 详细信息
[14:19:10 root@k8s-master ~]#kubectl describe pod -n kube-system etcd-k8s-master 
# 找到该字段
    Command:
      etcd
      --advertise-client-urls=https://10.0.0.131:2379
      --cert-file=/etc/kubernetes/pki/etcd/server.crt   # cert 文件
      --client-cert-auth=true
      --data-dir=/var/lib/etcd
      --initial-advertise-peer-urls=https://10.0.0.131:2380
      --initial-cluster=k8s-master=https://10.0.0.131:2380
      --key-file=/etc/kubernetes/pki/etcd/server.key    # key 文件
      --listen-client-urls=https://127.0.0.1:2379,https://10.0.0.131:2379
      --listen-metrics-urls=http://127.0.0.1:2381
      --listen-peer-urls=https://10.0.0.131:2380
      --name=k8s-master
      --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
      --peer-client-cert-auth=true
      --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
      --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt    # ca 文件
      --snapshot-count=10000
      --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt

11.3 配置 Prometheus

1.创建文件并且在 K8S 集群上将 akskck 等文件拷贝过来

root@server:~# mkdir /etc/ssl/etcd/pki

# 在 K8S master 节点操作
[14:38:12 root@k8s-master etcd]#scp /etc/kubernetes/pki/etcd/server.crt  10.0.0.139:/etc/ssl/etcd/pki

[14:40:22 root@k8s-master etcd]#scp /etc/kubernetes/pki/etcd/server.key   

[14:40:32 root@k8s-master etcd]#scp /etc/kubernetes/pki/etcd/ca.crt

2.配置 Prometheus

root@server:~# vim /apps/prometheus/prometheus.yml 
# etcd
  - job_name: 'etcd'
    scheme: 'https'
    tls_config:
      cert_file: '/etc/ssl/etcd/pki/server.crt'
      key_file: '/etc/ssl/etcd/pki/server.key'
      ca_file: '/etc/ssl/etcd/pki/ca.crt'
    static_configs:
    - targets: ['10.0.0.131:2379']      # etcd 所在节点ip:port

3.重新加载 Prometheus

root@server:/apps/prometheus# systemctl reload prometheus.service

11.4 浏览器访问验证

11.5 配置 Grafana

模板 ID:3070

评论

  1. Corki
    3年前
    2021-12-12 16:22:36

    看完元哥的博客受益匪浅奥,我去实操一波

    • zhangguiyuan
      博主
      Corki
      3年前
      2021-12-14 17:09:38

      谢谢刚哥的认可

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇