kube-prometheus配置servicemonitor(二)

前言

定义servicemonitor对象,定义指标抓取相关配置,支持通过选择service对应的ep地址作为target(监控地址)

下面我们定义一个servicemonitor来监控etcd。

首先要确定etcd的metrics地址:
curl -k -XGET https://172.17.20.201:2379/metrics --cert /etc/kubernetes/pki/etcd/etcd.pem --key /etc/kubernetes/pki/etcd/etcd-key.pem

定义service

由于我们的etcd是在集群外部部署的,所以可以定义一个service和endpoint来表示etcd的地址

apiVersion: v1
kind: Service
metadata:
  name: etcd
  namespace: kube-system
  labels:
    app: etcd
spec:
  type: ClusterIP
  clusterIP: None
  ports:
  - name: rest
    targetPort: 2379
    port: 2379
---
apiVersion: v1
kind: Endpoints
metadata:
  name: etcd
  namespace: kube-system
  labels:
    app: etcd
subsets:
- addresses:
  - ip: 172.17.20.201
  - ip: 172.17.20.202
  - ip: 172.17.20.203
  ports:
  - name: rest
    port: 2379

配置etcd客户端证书

prometheus访问etcd metrics需要拥有客户端证书,这里创建一个secret,后续需要引用

k create -n monitoring secret tls etcd-client-cert --cert /etc/kubernetes/pki/etcd/etcd.pem --key /etc/kubernetes/pki/etcd/etcd-key.pem

定义ServiceMonitor

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: etcd
  namespace: monitoring
  labels:
    app: etcd
spec:
  namespaceSelector:
    matchNames: ["kube-system"]
  selector:
    matchLabels:
      app: etcd
  jobLabel: instance
  endpoints:
  - port: rest
    scheme: https
    tlsConfig:
      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
      cert:
        secret:
          name: etcd-client-cert
          key: tls.crt
      keySecret:
        name: etcd-client-cert
        key: tls.key

jobLabel指定的是Service的标签名称,这个标签的值将被作为prometheus指标中的job标签.
比如service的标签是instance=etcd,那么prometheus指标的job标签为etcd

查看结果

80833-kvwemcgj2s.png

相关文章

此处评论已关闭