使用 Prometheus Operator 监控 Traefik Ingress
文章目录
!版权声明:本博客内容均为原创,每篇博文作为知识积累,写博不易,转载请注明出处。
描述:
上次已经配置了 Prometheus Operator 监控 ETCD,这次来配置下,让 Prometheus 监控集群 Ingress。
系统环境:
Prometheus Operator版本: 0.29 Kubernetes 版本: 1.14.0
一、Traefik 配置文件设置 Prometheus
要监控 Traefik 控制器,首先要控制 Traeik 将 Metrics 数据暴露出来,这需要在配置文件中加入下面配置:
1[metrics]
2 [metrics.prometheus]
3 entryPoint = "traefik"
4 buckets = [0.1,0.3,1.2,5.0]
安装 Traefik 时候已经将配置文件外挂到 Kubernetes ConfigMap 中,详情可以参考 Kubernetes 部署 Traefik Ingress 一文。
例如,集群中将 Traefik 配置文件挂载到 Kubernetes ConfigMap 中,可以用 “kubectl etid” 命令编辑 Traefik 配置文件,加上 Prometheus 配置,这里提供本人完整配置如下:
1$ kubectl edit ConfigMap traefik-config -n kube-system
2
3apiVersion: v1
4data:
5 traefik.toml: |
6 # traefik.toml
7 debug = true
8 InsecureSkipVerify = true
9 defaultEntryPoints = ["http","https"]
10 [entryPoints]
11 [entryPoints.http]
12 address = ":80"
13 compress = true
14 [entryPoints.https]
15 address = ":443"
16 compress = true
17 [entryPoints.https.tls]
18 [[entryPoints.https.tls.certificates]]
19 CertFile = "/ssl/tls.crt"
20 KeyFile = "/ssl/tls.key"
21 [entryPoints.traefik]
22 address = ":8080"
23 [kubernetes]
24 [traefikLog]
25 format = "json"
26 #filePath = "/data/traefik.log"
27 [accessLog]
28 #filePath = "/data/access.log"
29 format = "json"
30 [accessLog.filters]
31 retryAttempts = true
32 minDuration = "10ms"
33 [accessLog.fields]
34 defaultMode = "keep"
35 [accessLog.fields.names]
36 "ClientUsername" = "drop"
37 [accessLog.fields.headers]
38 defaultMode = "keep"
39 [accessLog.fields.headers.names]
40 "User-Agent" = "redact"
41 "Authorization" = "drop"
42 "Content-Type" = "keep"
43 [api]
44 entryPoint = "traefik"
45 dashboard = true
46 [metrics]
47 [metrics.prometheus]
48 entryPoint = "traefik"
49 buckets = [0.1,0.3,1.2,5.0]
二、Traefik Service 设置标签
Prometheus Operator 是通过 Label 匹配的,需要提前设置 Service 贴上“k8s-app: traefik-ingress”标签
1、查看 Traefik Service
1$ kubectl get service -n kube-system
2
3kube-dns ClusterIP 10.10.0.10 <none> 53/UDP,53/TCP,9153/TCP 79d
4kubelet ClusterIP None <none> 10250/TCP 35d
5traefik-ingress-service ClusterIP 10.10.114.105 <none> 80/TCP,443/TCP,8080/TCP 56d
2、编辑该 Service 设置 Label
编辑 Traefik Service
1$ kubectl edit service traefik-ingress-service -n kube-system
设置 Label “k8s-app: traefik-ingress”
1apiVersion: v1
2kind: Service
3metadata:
4 creationTimestamp: "2019-04-15T05:06:41Z"
5 name: traefik-ingress-service
6 namespace: kube-system
7 resourceVersion: "85575"
8 selfLink: /api/v1/namespaces/kube-system/services/traefik-ingress-service
9 uid: 4172b4df-5f3c-11e9-9287-000c29d98697
10 labels:
11 k8s-app: traefik-ingress #---增加标签 “k8s-app: traefik-ingress”
12spec:
13 clusterIP: 10.10.114.105
14 ports:
15 - name: http
16 port: 80
17 protocol: TCP
18 targetPort: 80
19 - name: https
20 port: 443
21 protocol: TCP
22 targetPort: 443
23 - name: admin #---Prometheus metrics 数据是通过8080端口暴露的
24 port: 8080
25 protocol: TCP
26 targetPort: 8080
27 selector:
28 k8s-app: traefik-ingress-lb
29 sessionAffinity: None
30 type: ClusterIP
31status:
32 loadBalancer: {}
三、Prometheus Operator 配置监控规则
配置服务监控资源,用于监控 Traefik 控制器:
traefik-monitor.yaml
1apiVersion: monitoring.coreos.com/v1
2kind: ServiceMonitor
3metadata:
4 name: traefik-ingress
5 namespace: monitoring
6 labels:
7 k8s-app: traefik-ingress
8spec:
9 jobLabel: k8s-app
10 endpoints:
11 - port: admin #---设置为traefik 8080端口名称 admin
12 interval: 30s
13 selector:
14 matchLabels:
15 k8s-app: traefik-ingress
16 namespaceSelector:
17 matchNames:
18 - kube-system
创建该Service Monitor
1$ kubectl apply -f traefik-monitor.yaml
四、查看 Prometheus 规则
打开 Prometheus UI,查看 Prometheus 规则,可以看到 traefik 数据已经存在。
五、Grafana 引入仪表盘
打开 Grafana,在其中引入编号“4475”的仪表盘
然后就可以看到仪表盘
如果没有数据,请提前通过 Traefik Ingress 访问其配置的域名,刷新出一些数据,然后调整小时间范围。
!版权声明:本博客内容均为原创,每篇博文作为知识积累,写博不易,转载请注明出处。