一、监控方案说明
K8s中的域名解析的主流方案是CoreDNS,部署完成K8s集群之后,我们都会部署CoreDNS服务实现集群内部域名解析访问,而且CoreDNS有默认提供监控metrics的接口,这里我们prometheus的用的是kube-prometheus,通过serviceMontor来监控CoreDNS的Service。
二、创建监控接口SVC
默认部署的coredns,会自动创建一个kube-dns的Service,业务pod内就是通过访问这个Service来用coredns进行域名的解析。CoreDNS默认用9153端口提供了metrics接口,因此我们还需要新建一个Service,用来暴露CoreDNS的9153端口。
[root@k8s-master1 coredns]# vim coredns-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: coredns-metrics
namespace: kube-system
labels:
app: cordns
spec:
ports:
- name: croedns-metrics
port: 9153
protocol: TCP
targetPort: 9153
selector:
k8s-app: kube-dns
sessionAffinity: None
type: ClusterIP
[root@k8s-master1 coredns]# kubectl apply -f coredns-svc.yaml
[root@k8s-master1 coredns]# kubectl get svc -n kube-system
三、配置Prometheus采集监控数据
[root@k8s-master1 discovery]# vim prometheus-additional-configs.yaml
apiVersion: v1
kind: Secret
metadata:
name: additional-scrape-configs
namespace: monitoring
type: Opaque
stringData:
additional-scrape-configs.yaml: |
……
- job_name: coredns-metrics
honor_labels: true
honor_timestamps: true
scrape_interval: 15s
metrics_path: /metrics
scheme: http
kubernetes_sd_configs:
- role: endpoints
namespaces:
names:
- kube-system
relabel_configs:
- source_labels: [__config_type]
separator: ;
regex: service
target_label: __config_type
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_endpoint_port_name]
separator: ;
regex: 9153-9153-tcp
replacement: $1
action: keep
- source_labels: [__meta_kubernetes_service_name]
separator: ;
regex: coredns-metrics
replacement: $1
action: keep
- source_labels: [__meta_kubernetes_pod_node_name]
separator: ;
regex: (.*)
target_label: node
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_namespace]
separator: ;
regex: (.*)
target_label: namespace
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_service_name]
separator: ;
regex: (.*)
target_label: service
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_pod_name]
separator: ;
regex: (.*)
target_label: pod
replacement: $1
action: replace
- source_labels: [__meta_kubernetes_endpoint_port_name]
separator: ;
regex: (.*)
target_label: endpoint
replacement: $1
action: replace说明:Secret资源创建成功之后,我们要以Secret的方式挂载到Pormetheus服务中去,不然不生效!
四、检查Prometheus Targets
五、添加Grafan监控面板
