监控etcd

kubectl -n monitoring create secret generic etcd-certs --from-file=/etc/kubernetes/pki/etcd/peer.crt
--from-file=/etc/kubernetes/pki/etcd/peer.key
--from-file=/etc/kubernetes/pki/etcd/ca.crt

给etcd创建SVC

apiVersion: v1
kind: Service
metadata:
name: etcd-k8s
namespace: kube-system
labels:
k8s-app: etcd
spec:
type: ClusterIP
clusterIP: None
ports:

  • name: etcd-port
    port: 2379

apiVersion: v1
kind: Endpoints
metadata:
name: etcd-k8s
namespace: kube-system
labels:
k8s-app: etcd
subsets:

  • addresses:
    • ip: 10.72.40.16
      nodeName: etcd-master
      ports:
    • name: etcd-port
      port: 2379

创建 ServiceMonitor
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: etcd-k8s
namespace: monitoring
labels:
k8s-app: etcd-k8s
spec:
jobLabel: k8s-app
endpoints:

  • port: etcd-port
    interval: 30s
    scheme: https
    tlsConfig:
    caFile: /etc/prometheus/secrets/etcd-certs/ca.crt
    certFile: /etc/prometheus/secrets/etcd-certs/peer.crt
    keyFile: /etc/prometheus/secrets/etcd-certs/peer.key
    insecureSkipVerify: true
    selector:
    matchLabels:
    k8s-app: etcd
    namespaceSelector:
    matchNames:
    • kube-system

posted @ 2021-09-24 13:44  lavida2000  阅读(68)  评论(0)    收藏  举报