在当今的云计算环境中,Kubernetes(简称K8s)已经成为容器编排的事实标准。随着Kubernetes集群规模的不断扩大,容器监控成为确保应用稳定运行的关键。本文将深入探讨Kubernetes容器监控的各个方面,帮助您轻松掌控集群状态。
一、Kubernetes容器监控的重要性
1.1 确保应用可用性
通过实时监控容器状态,可以及时发现并处理可能导致应用不可用的故障。
1.2 提高资源利用率
监控可以帮助优化资源分配,确保集群资源得到有效利用。
1.3 优化运维效率
通过自动化监控工具,可以减少人工巡检工作量,提高运维效率。
二、Kubernetes容器监控工具
2.1 Prometheus
Prometheus是一个开源监控和警报工具,它能够收集Kubernetes集群中的指标数据,并支持多种告警规则。
2.1.1 安装Prometheus
# 下载Prometheus官方YAML文件
curl https://raw.githubusercontent.com/prometheus/prometheus/master/contrib/k8s/alertmanager-adapter/recording_rules.yaml -o recording_rules.yaml
# 创建Prometheus配置文件
cat << EOF > prometheus.yml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
2.1.2 配置Prometheus
# 创建Prometheus配置文件
cat << EOF > prometheus.yml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
2.1.3 部署Prometheus
# 创建Prometheus部署文件
cat << EOF > prometheus-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus
spec:
replicas: 1
selector:
matchLabels:
app: prometheus
template:
metadata:
labels:
app: prometheus
spec:
containers:
- name: prometheus
image: prom/prometheus:v2.27.0
ports:
- containerPort: 9090
volumeMounts:
- name: prometheus-config
mountPath: /etc/prometheus
subPath: prometheus.yml
volumes:
- name: prometheus-config
configMap:
name: prometheus-config
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
# 创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __metrics_path_port__
regex: (.+)
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/tls/kube-apiserver/ca.crt
tls_client_cert: /var/run/secrets/tls/kube-apiserver/client.crt
tls_client_key: /var/run/secrets/tls/kube-apiserver/client.key
”`shell
创建Prometheus配置配置文件
cat << EOF > prometheus-config.yaml global: scrape_interval: 15s
scrape_configs:
- job_name: ‘kubernetes-pods’
kubernetes_sd_configs:
- role: