diff --git a/config/promethues/blackbox-exporter.yaml b/config/promethues/blackbox-exporter.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c357e92dabf339f4f5d32fa4bf294fb9d8cb8e05 --- /dev/null +++ b/config/promethues/blackbox-exporter.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: blackbox-exporter + name: blackbox-exporter +spec: + ports: + - name: blackbox + port: 9115 + protocol: TCP + selector: + app: blackbox-exporter + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: blackbox-exporter + name: blackbox-exporter +spec: + replicas: 1 + selector: + matchLabels: + app: blackbox-exporter + template: + metadata: + labels: + app: blackbox-exporter + spec: + containers: + - image: prom/blackbox-exporter + imagePullPolicy: IfNotPresent + name: blackbox-exporter diff --git a/config/promethues/grafana-pvc.yaml b/config/promethues/grafana-pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c77dca3320f4c24fb1f36195c4125992f8208ca4 --- /dev/null +++ b/config/promethues/grafana-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: grafana-data-pvc +spec: + storageClassName: longhorn + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/config/promethues/grafana-svc.yaml b/config/promethues/grafana-svc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..21b87ab612786162c8080217081a04635654ad6e --- /dev/null +++ b/config/promethues/grafana-svc.yaml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: grafana + name: grafana-service +spec: + ports: + - port: 3000 + targetPort: 3000 + selector: + app: grafana + type: NodePort diff --git a/config/promethues/grafana.yaml b/config/promethues/grafana.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6014dd8fcc692949c8cc582af679712cb2b14a56 --- /dev/null +++ b/config/promethues/grafana.yaml @@ -0,0 +1,42 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + app: grafana + name: grafana +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + securityContext: + runAsUser: 0 + containers: + - name: grafana + image: grafana/grafana:latest + imagePullPolicy: IfNotPresent + env: + - name: GF_AUTH_BASIC_ENABLED + value: "true" + - name: GF_AUTH_ANONYMOUS_ENABLED + value: "false" + readinessProbe: + httpGet: + path: /login + port: 3000 + volumeMounts: + - mountPath: /var/lib/grafana + name: grafana-data-volume + ports: + - containerPort: 3000 + protocol: TCP + volumes: + - name: grafana-data-volume + persistentVolumeClaim: + claimName: grafana-data-pvc diff --git a/config/promethues/node-exporter-daemonset.yml b/config/promethues/node-exporter-daemonset.yml new file mode 100644 index 0000000000000000000000000000000000000000..c8d8cdb75f663c7a87f4933e130b6a61808db27a --- /dev/null +++ b/config/promethues/node-exporter-daemonset.yml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: node-exporter +spec: + selector: + matchLabels: + app: node-exporter + template: + metadata: + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9100' + prometheus.io/path: 'metrics' + labels: + app: node-exporter + name: node-exporter + spec: + containers: + - image: prom/node-exporter + imagePullPolicy: IfNotPresent + name: node-exporter + ports: + - containerPort: 9100 + hostPort: 9100 + name: scrape + resources: + limits: + cpu: "100m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "512Mi" + hostNetwork: true + hostPID: true diff --git a/config/promethues/prometheus-config.yml b/config/promethues/prometheus-config.yml new file mode 100644 index 0000000000000000000000000000000000000000..0070fad21354ed754e94d007aab2933af6ec12e2 --- /dev/null +++ b/config/promethues/prometheus-config.yml @@ -0,0 +1,131 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-config +data: + prometheus.yml: | + global: + scrape_interval: 15s + evaluation_interval: 15s + scrape_configs: + - job_name: 'kubernetes-services' + metrics_path: /probe + params: + module: [http_2xx] + kubernetes_sd_configs: + - role: service + relabel_configs: + - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__address__] + target_label: __param_target + - target_label: __address__ + replacement: blackbox-exporter.default.svc.cluster.local:9115 + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_service_name] + target_label: kubernetes_name + - job_name: 'kubernetes-endpoints' + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: endpoints + - job_name: 'kubernetes-ingresses' + metrics_path: /probe + params: + module: [http_2xx] + kubernetes_sd_configs: + - role: ingress + relabel_configs: + - source_labels: [__meta_kubernetes_ingress_annotation_prometheus_io_probe] + action: keep + regex: true + - source_labels: [__meta_kubernetes_ingress_scheme,__address__,__meta_kubernetes_ingress_path] + regex: (.+);(.+);(.+) + replacement: ${1}://${2}${3} + target_label: __param_target + - target_label: __address__ + replacement: blackbox-exporter.default.svc.cluster.local:9115 + - source_labels: [__param_target] + target_label: instance + - action: labelmap + regex: __meta_kubernetes_ingress_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_ingress_name] + target_label: kubernetes_name + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name + - job_name: 'kubernetes-nodes' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics + - job_name: 'kubernetes-apiservers' + kubernetes_sd_configs: + - role: endpoints + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + relabel_configs: + - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] + action: keep + regex: default;kubernetes;https + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - job_name: 'kubernetes-cadvisor' + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + kubernetes_sd_configs: + - role: node + relabel_configs: + - target_label: __address__ + replacement: kubernetes.default.svc:443 + - source_labels: [__meta_kubernetes_node_name] + regex: (.+) + target_label: __metrics_path__ + replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) diff --git a/config/promethues/prometheus-deployment.yml b/config/promethues/prometheus-deployment.yml new file mode 100644 index 0000000000000000000000000000000000000000..5836279e8d105acdab0e90f72c0bcf590c22e920 --- /dev/null +++ b/config/promethues/prometheus-deployment.yml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: "Service" +metadata: + name: prometheus + labels: + name: prometheus +spec: + ports: + - name: prometheus + protocol: TCP + port: 9090 + targetPort: 9090 + selector: + app: prometheus + type: NodePort +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + name: prometheus + name: prometheus +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus + template: + metadata: + labels: + app: prometheus + spec: + serviceAccountName: prometheus + serviceAccount: prometheus + securityContext: + runAsUser: 0 + containers: + - name: prometheus + image: prom/prometheus:v2.32.0 + command: + - "/bin/prometheus" + args: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--storage.tsdb.path=/prometheus" + - "--storage.tsdb.retention=30d" + - "--web.enable-admin-api" # 控制对admin HTTP API的访问,其中包括删除时间序列等功能 + - "--web.enable-lifecycle" # 支持热更新,直接执行localhost:9090/-/reload立即生效 + ports: + - containerPort: 9090 + protocol: TCP + volumeMounts: + - mountPath: "/prometheus" + name: data + - mountPath: "/etc/prometheus" + name: prometheus-config + volumes: + - name: prometheus-config + configMap: + name: prometheus-config + - name: data + persistentVolumeClaim: + claimName: prome-pvc + readOnly: false diff --git a/config/promethues/prometheus-pvc.yml b/config/promethues/prometheus-pvc.yml new file mode 100644 index 0000000000000000000000000000000000000000..627445ad26a6f028cfc24ad638941ffceb2d79df --- /dev/null +++ b/config/promethues/prometheus-pvc.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: prome-pvc +spec: + storageClassName: longhorn + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/config/promethues/prometheus-rbac-setup.yml b/config/promethues/prometheus-rbac-setup.yml new file mode 100644 index 0000000000000000000000000000000000000000..766675c011f562103e7d898c6d1dd0a36ce43207 --- /dev/null +++ b/config/promethues/prometheus-rbac-setup.yml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prometheus +rules: +- apiGroups: [""] + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - extensions + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prometheus + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus +subjects: +- kind: ServiceAccount + name: prometheus + namespace: default diff --git a/install_k8s.sh b/install_k8s.sh index 081feac69fa5eabdf4a8f96625e561710ec1e44c..49bb486084d9562cf52491a6bb073dfaa4039229 100644 --- a/install_k8s.sh +++ b/install_k8s.sh @@ -1,15 +1,15 @@ -# install k8s with kubekey +#### install k8s with kubekey # TODO: add no_proxy to /etc/profile export KKZONE=cn curl -sfL https://get-kk.kubesphere.io | sh - # TODO: config-sample.yaml customize -# install helm3 +#### install helm3 curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh -# install longhorn +#### install longhorn # run test curl -sSfL https://raw.githubusercontent.com/longhorn/longhorn/v1.3.2/scripts/environment_check.sh | bash helm repo add longhorn https://charts.longhorn.io @@ -17,8 +17,21 @@ helm repo update helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace --version 1.3.2 kubectl -n longhorn-system get pod -# install p8s +#### install p8s +kubectl apply -f prometheus-config.yml +kubectl apply -f prometheus-rbac-setup.yml +# prerequisites: installed longhorn +kubectl apply -f prometheus-pvc.yml +kubectl apply -f prometheus-deployment.yml +kubectl apply -f node-exporter-daemonset.yml +kubectl apply -f blackbox-exporter.yaml + +#### install grafana +# prerequisites: installed longhorn +kubectl apply -f grafana-pvc.yaml +kubectl apply -f grafana.yaml +kubectl apply -f grafana-svc.yaml # clean rm get_helm.bash