Prometheus自动发现K8s
Prometheus auto discovery K8s
谁能指导一下 K8s 自动发现的配置。 Prometheus 服务器在集群之外。我试过了 Service Discovery With Kubernetes and someone mentioned in this discussion
I'm not yet a K8s expert enough to explain all the details here, but
fundamentally it's perfectly possible to run Prometheus outside of the
cluster (and required for things like redundant cross-cluster
meta-monitoring). Cf. the in_cluster config option in
http://prometheus.io/docs/operating/configuration/#kubernetes-sd-configurations-kubernetes_sd_config
. You need to jump through certificate hoops if you run it outside.
所以,我做了一个简单的配置
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_servers:
- https://xxx.xx.xx.xx
# Run in cluster. This will use the automounted CA certificate and bearer
# token file at /var/run/secrets/kubernetes.io/serviceaccount/ in the pod.
in_cluster: false
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# Retry interval between watches if they disconnect.
retry_interval: 5s
出现 unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval" 或其他一些缩进错误
在sample configuration中,他们提到了ca_file:。如何从 K8s 获取证书文件或者有什么方法可以指定 K8s config file(~/.kube/config)
通过深入挖掘我发现的源代码,如果配置中没有提供 api_server (discovery/kubernetes/kubernetes.go#L90-L96),Prometheus 总是使用集群配置。
不知何故 docs don't say anything about the Kubernetes configuration parameters, but the source code does (config/config.go#L1026-L1037)。因此没有名为 api_servers 的列表,而是名为 api_server.
的单个参数
因此您的配置应如下所示(未经测试):
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_server: https://xxx.xx.xx.xx
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# specify the CA
tls_config:
ca_file: /path/to/ca.crt
## If the actual CA file isn't available you need to disable verification:
# insecure_skip_verify: true
我不知道 retry_interval 参数从何而来,但据我所知,这不是 Kubernetes 配置参数,也不是 Prometheus 配置的一部分。
在@svenwltr 回答的帮助下,我创建了 docker 图像,我们可以在 K8s 集群中启动它。检查我的 repo
How to retrieve that file depends on your cluster setup
How to get that certificate file from K8s
默认情况下,kubernetes 将客户端 CA 证书文件存储在 /etc/kubernetes/pki/ca.crt 以及 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 中 kubeconfig 使用的 ConfigMap 中。
谁能指导一下 K8s 自动发现的配置。 Prometheus 服务器在集群之外。我试过了 Service Discovery With Kubernetes and someone mentioned in this discussion
I'm not yet a K8s expert enough to explain all the details here, but fundamentally it's perfectly possible to run Prometheus outside of the cluster (and required for things like redundant cross-cluster meta-monitoring). Cf. the
in_clusterconfig option in http://prometheus.io/docs/operating/configuration/#kubernetes-sd-configurations-kubernetes_sd_config . You need to jump through certificate hoops if you run it outside.
所以,我做了一个简单的配置
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_servers:
- https://xxx.xx.xx.xx
# Run in cluster. This will use the automounted CA certificate and bearer
# token file at /var/run/secrets/kubernetes.io/serviceaccount/ in the pod.
in_cluster: false
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# Retry interval between watches if they disconnect.
retry_interval: 5s
出现 unknown fields in kubernetes_sd_config: api_servers, in_cluster, retry_interval" 或其他一些缩进错误
在sample configuration中,他们提到了ca_file:。如何从 K8s 获取证书文件或者有什么方法可以指定 K8s config file(~/.kube/config)
通过深入挖掘我发现的源代码,如果配置中没有提供 api_server (discovery/kubernetes/kubernetes.go#L90-L96),Prometheus 总是使用集群配置。
不知何故 docs don't say anything about the Kubernetes configuration parameters, but the source code does (config/config.go#L1026-L1037)。因此没有名为 api_servers 的列表,而是名为 api_server.
因此您的配置应如下所示(未经测试):
- job_name: 'kubernetes'
kubernetes_sd_configs:
-
# The API server addresses. In a cluster this will normally be
# `https://kubernetes.default.svc`. Supports multiple HA API servers.
api_server: https://xxx.xx.xx.xx
# Optional HTTP basic authentication information.
basic_auth:
username: prometheus
password: secret
# specify the CA
tls_config:
ca_file: /path/to/ca.crt
## If the actual CA file isn't available you need to disable verification:
# insecure_skip_verify: true
我不知道 retry_interval 参数从何而来,但据我所知,这不是 Kubernetes 配置参数,也不是 Prometheus 配置的一部分。
在@svenwltr 回答的帮助下,我创建了 docker 图像,我们可以在 K8s 集群中启动它。检查我的 repo
How to retrieve that file depends on your cluster setup
How to get that certificate file from K8s
默认情况下,kubernetes 将客户端 CA 证书文件存储在 /etc/kubernetes/pki/ca.crt 以及 /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 中 kubeconfig 使用的 ConfigMap 中。