访问prometheus服务器的入口路由规则
Ingress routing rules to access prometheus server
我已经在 kubernetes(1.17.3) 上部署了 prometheus server(2.13.1),我可以在 http://my.prom.com:9090
上访问它
但是我想在 http://my.prom.com:9090/prometheus 上访问它所以我添加了以下入口规则但它不是
工作
第一次尝试:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /prometheus
name: approot
namespace: default
spec:
rules:
- host: my.prom.com
http:
paths:
- backend:
serviceName: prometheus-svc
servicePort: 9090
path: /
这会导致 404 错误
第二次尝试:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
name: rewrite
namespace: default
spec:
rules:
- host: my.prom.com
http:
paths:
- backend:
serviceName: prometheus-svc
servicePort: 9090
path: /prometheus(/|$)(.*)
现在,当我在浏览器中访问 URL http://my.prom.com:9090/prometheus 时,它会更改为 http://my.prom.com:9090/graph 并显示 404 错误
Prometheus 不知道您要实现的目标,这就是它重定向到未知目的地的原因。
您必须告诉 prometheus 接受新路径上的流量,可以看出 here and here。
突出显示第二个 link,您必须在 prometheus 部署中包含 - "--web.route-prefix=/" 和 - "--web.external-url=http://my.prom.com:9090/prometheus"。
Then I had to modify the prometheus deployment to accept traffic
on the new path (/prom). This was covered in the Securing
Prometheus API and UI Endpoints Using Basic
Auth
documentation:
在你的环境中它应该是这样的:
> grep web deploy.yaml
- "--web.enable-lifecycle"
- "--web.route-prefix=/"
- "--web.external-url=http://my.prom.com:9090/prometheus"
加入deploy-prometheus.yml
args:
- --web.enable-lifecycle
- --web.route-prefix=/
- --web.external-url=https://localhost:9090/prometheus/
VirtualService 中的普罗米修斯
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prometheus-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- prometheus-gateway
http:
- match:
- uri:
prefix: /prometheus/
rewrite:
uri: /
route:
- destination:
host: prometheus
port:
number: 9090
我在通过社区 Helm chart 部署 Prometheus 时遇到了这个问题,我认为在这里与其他人分享我的发现可能会有所帮助:https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus
我的覆盖 values.yaml 看起来像这样:
server:
prefixURL: /
baseURL: https://my-cluster-external-hostname/prometheus
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
path: "/prometheus(/|$)(.*)"
hosts:
- my-cluster-external-hostname
tls:
- secretName: cluster-tls-secret
hosts:
- my-cluster-external-hostname
service:
servicePort: 9090
现在 prometheus-server 的最终部署规范以这些参数结束(注意顺序,特别是 --web.route-prefix 在顶部):
--web.route-prefix=/
--storage.tsdb.retention.time=15d
--config.file=/etc/config/prometheus.yml
--storage.tsdb.path=/data
--web.console.libraries=/etc/prometheus/console_libraries
--web.console.templates=/etc/prometheus/consoles
--web.enable-lifecycle
--web.external-url=https://my-cluster-external-hostname/prometheus
这不起作用,因为 /-/healthy 端点导致 404(来自 kubectl describe pod prometheus-server):
Warning Unhealthy 9s (x9 over 49s) kubelet Readiness probe failed: HTTP probe failed with statuscode: 404
Warning Unhealthy 9s (x3 over 39s) kubelet Liveness probe failed: HTTP probe failed with statuscode: 404
经过反复试验,我意识到这些参数的顺序似乎很重要,所以我更改了我的 Helm 图表 values.yaml 如下:
server:
# prefixURL: / # <-- commented out
# baseURL: https://my-cluster-external-hostname/prometheus # <-- commented out
extraFlags: # <-- added this section to specify my args manually
- web.enable-lifecycle
- web.route-prefix=/
- web.external-url=https://my-cluster-external-hostname/prometheus
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
path: "/prometheus(/|$)(.*)"
hosts:
- my-cluster-external-hostname
tls:
- secretName: cluster-tls-secret
hosts:
- my-cluster-external-hostname
service:
servicePort: 9090
由此 values.yaml 生成的部署以明显正确的顺序放置参数,这使得健康检查端点可用(内部)并允许从集群外部访问 Prometheus。注意 --web.route-prefix 现在所在的位置。
--storage.tsdb.retention.time=15d
--config.file=/etc/config/prometheus.yml
--storage.tsdb.path=/data
--web.console.libraries=/etc/prometheus/console_libraries
--web.console.templates=/etc/prometheus/consoles
--web.enable-lifecycle
--web.route-prefix=/
--web.external-url=https://my-cluster-external-hostname/prometheus
我也向社区Prometheus图表提交了一个bug:
https://github.com/prometheus-community/helm-charts/issues/1594
我已经在 kubernetes(1.17.3) 上部署了 prometheus server(2.13.1),我可以在 http://my.prom.com:9090
但是我想在 http://my.prom.com:9090/prometheus 上访问它所以我添加了以下入口规则但它不是
工作
第一次尝试:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /prometheus
name: approot
namespace: default
spec:
rules:
- host: my.prom.com
http:
paths:
- backend:
serviceName: prometheus-svc
servicePort: 9090
path: /
这会导致 404 错误
第二次尝试:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
name: rewrite
namespace: default
spec:
rules:
- host: my.prom.com
http:
paths:
- backend:
serviceName: prometheus-svc
servicePort: 9090
path: /prometheus(/|$)(.*)
现在,当我在浏览器中访问 URL http://my.prom.com:9090/prometheus 时,它会更改为 http://my.prom.com:9090/graph 并显示 404 错误
Prometheus 不知道您要实现的目标,这就是它重定向到未知目的地的原因。
您必须告诉 prometheus 接受新路径上的流量,可以看出 here and here。
突出显示第二个 link,您必须在 prometheus 部署中包含 - "--web.route-prefix=/" 和 - "--web.external-url=http://my.prom.com:9090/prometheus"。
Then I had to modify the prometheus deployment to accept traffic on the new path (/prom). This was covered in the Securing Prometheus API and UI Endpoints Using Basic Auth documentation:
在你的环境中它应该是这样的:
> grep web deploy.yaml
- "--web.enable-lifecycle"
- "--web.route-prefix=/"
- "--web.external-url=http://my.prom.com:9090/prometheus"
加入deploy-prometheus.yml
args:
- --web.enable-lifecycle
- --web.route-prefix=/
- --web.external-url=https://localhost:9090/prometheus/
VirtualService 中的普罗米修斯
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: prometheus-vs
namespace: istio-system
spec:
hosts:
- "*"
gateways:
- prometheus-gateway
http:
- match:
- uri:
prefix: /prometheus/
rewrite:
uri: /
route:
- destination:
host: prometheus
port:
number: 9090
我在通过社区 Helm chart 部署 Prometheus 时遇到了这个问题,我认为在这里与其他人分享我的发现可能会有所帮助:https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus
我的覆盖 values.yaml 看起来像这样:
server:
prefixURL: /
baseURL: https://my-cluster-external-hostname/prometheus
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
path: "/prometheus(/|$)(.*)"
hosts:
- my-cluster-external-hostname
tls:
- secretName: cluster-tls-secret
hosts:
- my-cluster-external-hostname
service:
servicePort: 9090
现在 prometheus-server 的最终部署规范以这些参数结束(注意顺序,特别是 --web.route-prefix 在顶部):
--web.route-prefix=/
--storage.tsdb.retention.time=15d
--config.file=/etc/config/prometheus.yml
--storage.tsdb.path=/data
--web.console.libraries=/etc/prometheus/console_libraries
--web.console.templates=/etc/prometheus/consoles
--web.enable-lifecycle
--web.external-url=https://my-cluster-external-hostname/prometheus
这不起作用,因为 /-/healthy 端点导致 404(来自 kubectl describe pod prometheus-server):
Warning Unhealthy 9s (x9 over 49s) kubelet Readiness probe failed: HTTP probe failed with statuscode: 404
Warning Unhealthy 9s (x3 over 39s) kubelet Liveness probe failed: HTTP probe failed with statuscode: 404
经过反复试验,我意识到这些参数的顺序似乎很重要,所以我更改了我的 Helm 图表 values.yaml 如下:
server:
# prefixURL: / # <-- commented out
# baseURL: https://my-cluster-external-hostname/prometheus # <-- commented out
extraFlags: # <-- added this section to specify my args manually
- web.enable-lifecycle
- web.route-prefix=/
- web.external-url=https://my-cluster-external-hostname/prometheus
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: "/"
path: "/prometheus(/|$)(.*)"
hosts:
- my-cluster-external-hostname
tls:
- secretName: cluster-tls-secret
hosts:
- my-cluster-external-hostname
service:
servicePort: 9090
由此 values.yaml 生成的部署以明显正确的顺序放置参数,这使得健康检查端点可用(内部)并允许从集群外部访问 Prometheus。注意 --web.route-prefix 现在所在的位置。
--storage.tsdb.retention.time=15d
--config.file=/etc/config/prometheus.yml
--storage.tsdb.path=/data
--web.console.libraries=/etc/prometheus/console_libraries
--web.console.templates=/etc/prometheus/consoles
--web.enable-lifecycle
--web.route-prefix=/
--web.external-url=https://my-cluster-external-hostname/prometheus
我也向社区Prometheus图表提交了一个bug: https://github.com/prometheus-community/helm-charts/issues/1594