k8s部署prometheus+grafana
crictl pull registry.cn-hangzhou.aliyuncs.com/google_containers/prometheus:latest
crictl pull docker.io/library/busybox:stable-glibc
crictl pull docker.io/grafana/grafana:latest
cat /data/prometheus-grafana/prometheus/prometheus-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-config
namespace: monitor
data:
prometheus.yml: |
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'coredns'#coredns监控项
static_configs:
- targets: ['10.96.0.10:9153']
- job_name: 'kube-apiserver'#添加kube-apiserver监控项
scheme: https
tls_config:
insecure_skip_verify: true
ca_file: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token'
static_configs:
- targets: ['10.96.0.1:443']
- job_name: 'cadvisor'
kubernetes_sd_configs:
- role: node
scheme: https
tls_config:
insecure_skip_verify: true
ca_file: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token'
relabel_configs:
- target_label: __metrics_path__
replacement: /metrics/cadvisor
- job_name: "node_exporter"
static_configs:
- targets: ["service-8336.work.svc.cluster.local"]
labels:
instance: TradeWebTest
cat /data/prometheus-grafana/prometheus/prometheus.yaml
#创建SA
apiVersion: v1
kind: ServiceAccount
metadata:
name: prometheus
namespace: monitor
---
#创建clusterrole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
rules:
- apiGroups:
- ""
resources:
- nodes
- services
- endpoints
- pods
- nodes/proxy
- nodes/proxy
verbs:
- get
- list
- watch
- apiGroups:
- "extenstions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- nodes/metrics
verbs:
- get
- nonResourceURLs:
- /metrics
verbs:
- get
---
#创建clusterrolebinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: prometheus
namespace: monitor
---
#创建svc
apiVersion: v1
kind: Service
metadata:
name: prometheus-svc
namespace: monitor
labels:
app: prometheus
spec:
selector:
app: prometheus
type: NodePort
ports:
- name: web
nodePort: 32224
port: 9090
targetPort: http
---
#创建ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prometheus-ingress
namespace: monitor
spec:
ingressClassName: nginx
rules:
- host: www.myprometheus.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prometheus-svc
port:
number: 9090
---
#创建deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
namespace: monitor
labels:
app: prometheus
spec:
selector:
matchLabels:
app: prometheus
replicas: 1
template:
metadata:
labels:
app: prometheus
spec:
serviceAccountName: prometheus
initContainers:
- name: "change-permission-of-directory"
image: docker.io/library/busybox:stable-glibc
command: ["/bin/sh"]
args: ["-c","chown -R 65534:65534 /prometheus"]
securityContext:
privileged: true
volumeMounts:
- mountPath: "/etc/prometheus"
name: config-volume
- mountPath: "/prometheus"
name: data
containers:
- image: registry.cn-hangzhou.aliyuncs.com/google_containers/prometheus:latest
name: prometheus
args:
- "--config.file=/etc/prometheus/prometheus.yml"#指定prometheus配置文件路径
- "--storage.tsdb.path=/prometheus"#指定tsdb数据库存储路径
- "--web.enable-lifecycle"#允许热更新,curl localhost:9090/-/reload 进行热更新
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
- "--web.console.templates=/usr/share/prometheus/consoles"
ports:
- containerPort: 9090
name: http
volumeMounts:
- mountPath: "/etc/prometheus"
name: config-volume
- mountPath: "/prometheus"
name: data
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 100m
memory: 512Mi
volumes:
- name: data
hostPath:
path: /data/prometheus-grafana/prometheus
- configMap:
name: prometheus-config
name: config-volume
#---
##创建configmap
#apiVersion: v1
#kind: ConfigMap
#metadata:
# name: prometheus-config
# namespace: monitor
#data:
# prometheus.yml: |
# global:
# scrape_interval: 15s
# evaluation_interval: 15s
# scrape_configs:
# - job_name: 'prometheus'
# static_configs:
# - targets: ['localhost:9090']
cat /data/prometheus-grafana/grafana/grafana-configMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: grafana-config
namespace: monitor
data:
datasources.yaml: |-
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
#url: http://prometheus-server.default.svc:9090
url: http://prometheus-svc.monitor.svc.cluster.local:9090
access: proxy
isDefault: true
cat /data/prometheus-grafana/grafana/grafana-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana-deployment
namespace: monitor
spec:
replicas: 1
selector:
matchLabels:
app: grafana
template:
metadata:
labels:
app: grafana
spec:
containers:
- name: grafana
#image: grafana/grafana:latest
image: docker.io/grafana/grafana:latest
imagePullPolicy: Never
ports:
- containerPort: 3000
volumeMounts:
- name: grafana-config-volume
mountPath: /etc/grafana/provisioning/datasources
volumes:
- name: grafana-config-volume
configMap:
name: grafana-config
---
apiVersion: v1
kind: Service
metadata:
name: grafana-service
namespace: monitor
spec:
selector:
app: grafana
type: NodePort # 或者 LoadBalancer 如果你在云环境上运行,例如 GKE, EKS, AKS 等。
ports:
- port: 3000
targetPort: 3000
nodePort: 3000 # NodePort 的可选配置,只在 type 为 NodePort 时需要。
浙公网安备 33010602011771号